Ask the Community
Groups
How To: Collect Process Monitor Logs - Connect IT Community | Kaseya
<main> <article class="userContent"> <p>Under certain circumstances, Kaseya Support Technicians will require that you collect Process Monitor Logs so that they can further troubleshoot an issue you may be experiencing with Kaspersky Endpoint Security. The following guide outlines how to gather these logs:</p> <p> <strong>First:</strong> <a rel="nofollow" href="/home/leaving?allowTrusted=1&target=http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Fsysinternals%2Fbb896645.aspx">download</a> and unpack procmon.exe. Process Monitor is a Sysinternals program provided by Microsoft with the express purpose of monitoring the windows environment. Before unpacking, make sure that the current user account has administrator privileges.</p> <p>1. <strong>Collect A System Event Log</strong></p> <ol><li> <p>Close all unused applications.</p> </li> <li> <p>Run <strong>Procmon.exe</strong>. Logging will start automatically.</p> </li> <li> <p>Minimize <strong>Process Monitor</strong> and reproduce the issue.</p> </li> <li> <p>Maximize <strong>Process Monitor</strong> and uncheck the option <strong>File </strong>-> <strong>Capture Events</strong>. Event logging will stop.</p> <p> <img src="/attachments/token/PBx7y7jLujVgXsvVV2C2UCFfs/?name=procmon_10935_0113-229707.png" alt="procmon_10935_0113-229707.png" class="embedImage-img importedEmbed-img"></img></p> </li> <li>Select the menu item File -> Save.<br><img src="/attachments/token/PB1pJkos42yfzLSU0X1WahW03/?name=procmon_10935_0213-229708.png" alt="procmon_10935_0213-229708.png" class="embedImage-img importedEmbed-img"></img></li> <li>Select All Events in the Events to save section. Specify the path for the logs to be saved, then click OK.<br><img src="/attachments/token/30H6h4ywPuDYRNOOGaZYUZjRv/?name=procmon_10935_0313-229709.png" alt="procmon_10935_0313-229709.png" class="embedImage-img importedEmbed-img"></img></li> </ol><p> </p> <p>2. <strong>Collect A Boot Log</strong></p> <ol><li> <p>Run <strong>Procmon.exe</strong>.</p> </li> <li> <p>Select <strong>Options</strong> -> <strong>Enable Boot Logging</strong>.<br><img src="/attachments/token/wYbqk1ApaXqFC5p1PMIYE7nwV/?name=procmon_10935_0413-229714.png" alt="procmon_10935_0413-229714.png" class="embedImage-img importedEmbed-img"></img></p> </li> <li>Click OK.<br><img src="/attachments/token/Vz7PeEXCt2WnAb9wSjc0GdII9/?name=procmon_10935_0513-229715.png" alt="procmon_10935_0513-229715.png" class="embedImage-img importedEmbed-img"></img></li> <li> <p>Restart the operating system.</p> </li> <li> <p>Wait until the system starts (it may take up to 15 minutes) and run Procmon.exe again.</p> </li> <li> <p>Click Yes and save the log file.<br><img src="/attachments/token/BMqEFmGAqz7GmMbRzFZBzZKmA/?name=procmon_10935_0613-229716+%281%29.png" alt="procmon_10935_0613-229716__1_.png" class="embedImage-img importedEmbed-img"></img></p> </li> </ol><p>After you have finished collecting the required log files, please provide them to your Kaseya Support Technician for further evaluation.</p> </article> </main>