[KB6308] Using Process Monitor to create log files

Issue

When are Process Monitor log files needed?

Process Monitor log files are typically required to diagnose issues that recede when ESET real-time protection is disabled.

Solution

Download and install Process Monitor

  1. Download Process Monitor from Microsoft Technet and save it to your Desktop.

  2. Extract ProcessMonitor.zip, double-click Procmon.exe and then click Yes at the prompt. Click Agree if you agree to the conditions in the End-User License Agreement.

  3. In the main window, click Filter → Enable Advanced Output.

    Figure 1-1
    Click the image to view larger in new window
  4. See the appropriate instructions below to gather the specific logs requested by Technical Support:


Gather process log files

  1. Process Monitor begins recording logs as soon as you open it. Click the capture icon to stop recording logs.

     Figure 2-1
    Click the image to view larger in new window 
  2. Click the bin icon to clear the current log files list.

    Figure 2-2
    Click the image to view larger in new window
  3. Click the capture icon to start capturing new log files and then reproduce your issue. After you reproduce your issue, click the capture icon again to stop recording logs.

  4. Click the save icon to save your new log files. In the pop-up window, select All events Native Procesess Monitor Format (.PML) option and click OK.

    Figure 2-3
    Click the image to view larger in new window
  5. Navigate to the ProcessMonitor folder where you saved the files, you may need to make hidden files visible to see this folder.

  6. Select the log files, right-click them and then select Send to → Compressed (zipped) folder from the context menu to create a .zip file.

  7. If you have not already done so, open a case with ESET Technical Support before you submit your .zip file.

  8. Attach the .zip file to an email reply to ESET Technical Support. A Technical Support representative will examine the log and respond as soon as possible with the recommended action based on their findings. If you are unable to attach a zipped log file, change the file extension to .file (for example, SysInspector.file).


Gather boot log files

  1. Click Options → Enable Boot Logging.

    Figure 3-1
    Click the image to view larger in new window
  2. Select the check box next to Generate profiling events to enable it, set the frequency to Every second and then click OK.

    Figure 3-2
    Click the image to view larger in new window
  3. Restart your computer, reproduce your issue and then run Process Monitor. Click Yes at the prompt to save the boot log.

    Figure 3-3
    Click the image to view larger in new window
  4. Save the boot log as a Procmon Log (.PML) file and make a note of where it is saved.

  5. Navigate to the folder where you saved .PML file, you may need to make hidden files visible to see this folder.

  6. Select the log files, right-click them and then select Send to → Compressed (zipped) folder from the context menu to create a .zip file.

  7. If you have not already done so, open a case with ESET Technical Support before you submit your .zip file.

  8. Attach the .zip file to an email reply to ESET Technical Support. A Technical Support representative will examine the log and respond as soon as possible with the recommended action based on their findings. If you are unable to attach a zipped log file, change the file extension to .file (for example, SysInspector.file).