Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
This test with Notepad works for me (version 3.60) =>
Process Monitor - how to capture process creation/termination?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 9%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
empleat
131
Reputation points
I have enabled show "process and thread activity" pressed "Ctrl+L" and added "Operation" "contains" "Process" "Include". In File -> Capture Events is enabled. Yet no process creation, or termination is logged!!! Why it doesn't work? I was able to google only 1 article, in which it said: the way to do it is this and yet it doesn't work... Tried launch as admin, doesn't work also!
Sysinternals
6 answers
Sort by: Most helpful
-
-
empleat 131 Reputation points
2021-03-25T17:55:20.777+00:00 Yeah but I didn't say notepad, I want to monitor every process creation. I just downloaded it from MS, it says version 3.61. Also tried 32 bit version - didn't work.
-
Castorix31 91,281 Reputation points2021-03-25T18:27:32.453+00:00 Notepad was just a test to avoid all processes.
With Operation is :
Process Create
Process Start
Process Exit
,I get all processes =>
Sign in to comment -
-
empleat 131 Reputation points
2021-03-26T17:00:15.203+00:00 LOL I still get nothing! Everything is bugged for me. Doing that literally same as you and nothing! LOL wat, you 2nd answer just disappeared!
**EDIT:**Today tried again and now it works, maybe I needed to enter all 3 entries, but it does not make sense that all 3 would be needed. It happens to me in other programs too. First 2 times I launch them it doesn't work and trird times something works. Everything is so bugged... Dude so bugged. Your answer from -3 days showed when I opened browser and after I edited my post I wanted to select your answer as solution, now it is missing again... And it is not addons! I disable them and still... On other MS forums when I click to write text - nothing happens and text already written flashes LOL... SO BUGGED SO STUPID...
THANKS FOR HELP BTW!
-
empleat 131 Reputation points
2021-04-19T22:29:26.393+00:00 Again it doesn't work, this time I Am trying to monitor changes done by programs in a folder. Using Path contains {path} and again nothing is showing... It is pretty simple, I don't know why it doesn't work. And no idea why it started to work all of the sudden previously. Show filesystem activity is enabled, as well capture. I tried to restart program 2 times, or launch as admin, didn't help!
EDIT: I did it same as in some video and it worked for him. It doesn't work for me - similarly like before! No idea why!
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 76%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Steven Whiting 101 Reputation points2021-04-28T08:57:23.027+00:00 Have you clicked reset on your filter then tried again? I've had it at times where I've forgotten to reset the filter and its trying to look for an app that is no longer running.