Skip to main content

How to capture & Download Procmon Logs in Windows

How to capture & Download Procmon Logs in Windows

Updated yesterday

Overview

Procmon (Process Monitor) is a Windows Sysinternals tool that captures real-time file system, registry, and process/thread activity. It is widely used for troubleshooting performance issues or diagnosing complex problems in Windows environments.

This article explains how to collect and download Procmon logs from a Windows system.

Prerequisites

  • Administrator access on the target Windows machine.

  • Internet access to download the Process Monitor utility.

  • Enough disk space to store the output logs (log files may become large).

Steps to Collect Procmon Logs

1. Download Procmon

  • Navigate to the official Microsoft Sysinternals page:

  • Click Download Process Monitor.

  • Extract the downloaded .zip file to a preferred location (e.g., C:\Tools\Procmon).

2. Run Procmon as Administrator

  • Right-click Procmon.exe and select Run as Administrator.

  • On first launch, accept the EULA (End User License Agreement).

3. Start Capturing Logs

  • Click File > Capture Events or press Ctrl + E to start logging.

  • Reproduce the issue while Procmon is running

  • Tip: To avoid large logs, capture only relevant activity by applying filters:

    • Click Filter > Filter...

    • Add conditions such as:

    • Process Name is your_app.exe

    • Click Add and then OK.

4. Stop Capturing

Once the issue is reproduced, click File > Capture Events again or press Ctrl + E to stop logging.

5. Save the Log

  • Click File > Save.

  • Choose:

    • Events displayed using current filter or All events

    • Format: Native Process Monitor Format (PML)

  • Save the file to a known location (e.g., Desktop or C:\Logs).

Sharing the Log File

  • Once saved:

  • Zip the .pml file if it's large.

  • If, the log file is below 4.5 MB then you can directly send us by attaching it to the email or uploading via support portal on the case.

    • Enter the case number in the Ticket Number field.

    • Click Choose File and add the compressed files to upload.

    • Click Upload.

    • Notify the support engineer about the logs uploaded through Portal by responding to the ongoing support ticket.

Additional Tips

  • Use Command-line options for automated captures:

    • Procmon.exe /Quiet /Minimized /Backingfile C:\Logs\trace.pml

    • Use Procmon64.exe for 64-bit systems if available.

Related Articles

Analyzing PML files using Procmon

Related Articles
Download inSync user log file
How to collect network information when scheduled backups fail
How to collect Circular and Chain network captures on Windows
How to export event viewer in Windows Client OS for debugging Insync Client-related Issues
How to download logs without WinSCP
Did this answer your question?