"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
The article below gives detailed steps on how to capture a Process Monitor log including how to capture system event while the computer is starting up. For a higher level overview of Process Monitor see article 111549.
If you have been asked by Sophos Technical Support to gather a Process Monitor log, follow the instructions below. Unless specified, gather a normal Process Monitor log.
Process Monitor is a free tool from Windows Sysinternals, part of the Microsoft TechNet website. The tool monitors and displays in real-time all file system activity on a Microsoft Windows operating system. Process Monitor is useful for troubleshooting issues when we need to identify the files or registry keys an application is accessing.
We may need to troubleshoot an issue that is related to your boot process. If this is required, a Sophos Technical Support agent will explicitly specify that we require boot logging. To enable boot logging, follow the following steps.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.