Druva

Procmon (Process Monitor) is a Windows Sysinternals tool that captures real-time file system, registry, and process/thread activity. It is widely used for troubleshooting performance issues or diagnosing complex problems in Windows environments.

This article explains how to collect and download Procmon logs from a Windows system.

Administrator access on the target Windows machine.

Internet access to download the Process Monitor utility.

Enough disk space to store the output logs (log files may become large).

- Administrator access on the target Windows machine.
- Internet access to download the Process Monitor utility.
- Enough disk space to store the output logs (log files may become large).

Navigate to the official <a href="https://learn.microsoft.com/en-us/sysinternals/downloads/procmon" rel="nofollow noopener noreferrer" target="_blank">Microsoft Sysinternals</a> page:

Extract the downloaded .zip file to a preferred location (e.g., C:\Tools\Procmon).

- Navigate to the official <a href="https://learn.microsoft.com/en-us/sysinternals/downloads/procmon" rel="nofollow noopener noreferrer" target="_blank">Microsoft Sysinternals</a> page:
- Click Download Process Monitor.
- Extract the downloaded .zip file to a preferred location (e.g., C:\Tools\Procmon).

Right-click Procmon.exe and select Run as Administrator.

On first launch, accept the EULA (End User License Agreement).

- Right-click Procmon.exe and select Run as Administrator.
- On first launch, accept the EULA (End User License Agreement).

Click File &gt; Capture Events or press Ctrl + E to start logging.

Reproduce the issue while Procmon is running

- Click File &gt; Capture Events or press Ctrl + E to start logging.
- Reproduce the issue while Procmon is running


Tip: To avoid large logs, capture only relevant activity by applying filters:

- Click Filter &gt; Filter...
- Add conditions such as:
- Process Name is your_app.exe
- Click Add and then OK.


- Tip: To avoid large logs, capture only relevant activity by applying filters:
  - Click Filter &gt; Filter...
  - Add conditions such as:
  - Process Name is your_app.exe
  - Click Add and then OK.


Once the issue is reproduced, click File &gt; Capture Events again or press Ctrl + E to stop logging.

- Events displayed using current filter or All events
- Format: Native Process Monitor Format (PML)

Save the file to a known location (e.g., Desktop or C:\Logs).

- Click File &gt; Save.
- Choose:
  - Events displayed using current filter or All events
  - Format: Native Process Monitor Format (PML)
- Save the file to a known location (e.g., Desktop or C:\Logs).


If, the log file is below 4.5 MB then you can directly send us by attaching it to the email or uploading via support portal on the case.

- Else, Go to<a href="https://upload.druva.com/" rel="nofollow noopener noreferrer" target="_blank"> https://upload.druva.com/</a>.

- Enter the case number in the Ticket Number field.
- Click Choose File and add the compressed files to upload.
- Click Upload.
- Notify the support engineer about the logs uploaded through Portal by responding to the ongoing support ticket.

- Once saved:
- Zip the .pml file if it's large.
- If, the log file is below 4.5 MB then you can directly send us by attaching it to the email or uploading via support portal on the case.
  - Else, Go to<a href="https://upload.druva.com/" rel="nofollow noopener noreferrer" target="_blank"> https://upload.druva.com/</a>.
  - Enter the case number in the Ticket Number field.
  - Click Choose File and add the compressed files to upload.
  - Click Upload.
  - Notify the support engineer about the logs uploaded through Portal by responding to the ongoing support ticket.

Use Command-line options for automated captures:

- Procmon.exe /Quiet /Minimized /Backingfile C:\Logs\trace.pml
- Use Procmon64.exe for 64-bit systems if available.

- Use Command-line options for automated captures:
  - Procmon.exe /Quiet /Minimized /Backingfile C:\Logs\trace.pml
  - Use Procmon64.exe for 64-bit systems if available.

<a href="https://learn.microsoft.com/en-us/sysinternals/downloads/procmon" rel="nofollow noopener noreferrer" target="_blank">Analyzing PML files using Procmon</a>

How to capture & Download Procmon Logs in Windows

Forum

Druva Academy

Druva.com

Privacy Policy

Knowledge Base

Cloud Status

Featured Resources

Druva Blog

Support

Contact Us

Support Community

Support Resources

Druva Privacy Policy

Product Tours

API Docs

Find answers and get help from Intercom Support and Community Experts

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

How to capture & Download Procmon Logs in Windows

Overview

Prerequisites

Steps to Collect Procmon Logs

1. Download Procmon

2. Run Procmon as Administrator

3. Start Capturing Logs

4. Stop Capturing

5. Save the Log

Sharing the Log File

Related Articles