How To: Collect Process Monitor Logs

Under certain circumstances, Kaseya Support Technicians will require that you collect Process Monitor Logs so that they can further troubleshoot an issue you may be experiencing with Kaspersky Endpoint Security. The following guide outlines how to gather these logs:

 First: download and unpack procmon.exe. Process Monitor is a Sysinternals program provided by Microsoft with the express purpose of monitoring the windows environment. Before unpacking, make sure that the current user account has administrator privileges.

1. Collect A System Event Log

  1. Close all unused applications.

  2. Run Procmon.exe. Logging will start automatically.

  3. Minimize Process Monitor and reproduce the issue.

  4. Maximize Process Monitor and uncheck the option File -> Capture Events. Event logging will stop.


  5. Select the menu item File -> Save.
  6. Select All Events in the Events to save section. Specify the path for the logs to be saved, then click OK.


2. Collect A Boot Log

  1. Run Procmon.exe.

  2. Select Options -> Enable Boot Logging.

  3. Click OK.
  4. Restart the operating system.

  5. Wait until the system starts (it may take up to 15 minutes) and run Procmon.exe again.

  6. Click Yes and save the log file.

After you have finished collecting the required log files, please provide them to your Kaseya Support Technician for further evaluation.

Have more questions?

Contact us

Was this article helpful?
1 out of 1 found this helpful

Provide feedback for the Documentation team!

Browse this section