How to remove or unload PROCMON24.SYS, because it blocks games from running

Question

Hello folks,

this is a really frustrating problem. I'll take FIFA 23 as an example. The game has a new anticheat software implemented that apparently checks the C:\Windows\system32\drivers content for PROCMON23.SYS and PROCMON24.SYS.
The game won't launch if these files exist, anticheat will return an error that it can't run with the software ProcMon (while that software isn't even running, that's how I found out about PROCMON24.SYS).
Obviously I know how I can fix the problem, mainly by booting a Linux live OS from a flash drive, then I can get rid of the file.
But seriously, that can't be the only solution. It's outrageous why "fltmc unload" doesn't work from an elevated command prompt, it's not like I'm trying to unload a driver of which I'm currently using the matching application of. I don't run ProcMon, I ran it once and I had that problem ever since.

Can someone please tell me where I can report that bug - cause it's a bug from my point of view - or how I can get rid of the problem permanently without having to do a boot stick workaround?
Thanks.

Answer 1

For whatever reason, the developer of Process Monitor (Procmon) did not implement a straightforward method to unload/uninstall the program completely. Even after deleting the Procmon.exe file, the associated driver continues to run in the background, causing persistent issues for users when they try to open games that have anti-cheats where it falsely detects Procmon as a threat.
(Games that falsely detect Procmon as anti-cheats eg; Roblox, FIFA23)

Here is a STEP-BY-STEP guide on how to completely unload/remove Procmon from your computer:

1. Check if Procmon is Running:

• Open Command Prompt as Administrator.
• Type fltmc and press Enter. If you see PROCMON24 or 23 on the list, it means it is still running on your computer.

2. Access the Registry Editor:

• Press Win + R to open the Run dialog.
• Type regedit and press Enter.

3. Navigate to the Procmon Key:

• Inside Registry Editor, go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PROCMON24

4. Delete the Procmon Key (Folder):

• Right-click on the "PROCMON24" folder.
• Select "Delete" from the context menu.

5. Delete Procmon Driver File:

• Open Command Prompt as Administrator.
• Type del /ah C:\Windows\System32\drivers\PROCMON24.SYS and press Enter.

6. Restart Your Computer:

• After deleting the key and file, restart your computer to apply the changes.

7. Confirm Removal:

• Open Command Prompt as Administrator again.
• Type fltmc to confirm that Procmon is no longer listed.
• Procmon24 should now be completely removed from your system!

Answer 2

Unless you're running Process Monitor, just delete the file. It isn't locked or anything. ProcMon will extract the driver file from its binary and drop it back into the Drivers folder if you run it next time (as administrator). No harm done.

Answer 3

Run this in an admin command prompt.

del /ah C:\Windows\System32\drivers\PROCMON24.SYS