Details Tab SettingsĮnter the name of the computer where the process that you're monitoring is located. Use the following information to configure the Monitor Process activity. Whether the runbook will be run when the process is started or stopped Which computer will run the process that you're monitoring Configuring the Monitor Process Activityīefore you configure the Monitor Process activity, you'll need to determine the following: For example, if an application that has a tendency to stop responding and remain resident in memory even though it has completed, it can be shut down automatically by using a Monitor Process activity in a runbook with a Get Process Status activity to retrieve the status of the process and an End Process activity to shut it down. The Monitor Process activity can be used to create runbooks that take corrective actions when a process has been started but hasn't stopped. You can use the Monitor Process activity to monitor processes on any remote computer. A process is any executable file that is running. The Monitor Process activity invokes runbooks when a process has been started or stopped. We recommend you to upgrade to Orchestrator 2019. This will track any newly created process on the system, meaning that if you launch an EXE installer and it installs an MSI, it will first need to create the MSI operation which will handle the Windows Installer execution.This version of Orchestrator has reached the end of support. Under the drop down menu, hover the Filter > Filter, go to Display entries matching this condition and select Operation is Process Create. We already covered this scenario in the MSI Packaging ebook - Helpful tools chapter, but let’s go quickly through the steps: You can filter anything from Architecture, Authentication ID, Category, Command Line, Company, Completion time, Date & Time to Version.Īnother example where filtering is important is when we want to find out if a particular EXE contains an MSI that is extracted and executed during the installation. By filtering operations, you can easily detect your issues on your system/application. Cool right?įiltering operations is one of the most important and powerful aspects of Procmon. This will ensure that only the Explorer.exe will appear in the capture, and with the registry operations filter, you will now see only what Explorer.exe operations are happening in the registry. Go to Include and click on the “Add” button.In this window, we can configure to display the entities as follows: In the main Process Monitor window, we see a list of all system operations along with their exact time, process name, ID, and the result of every operation: It is particularly helpful when you need to track which application or process accesses a file or a registry key. You can use Process Monitor to track system and application activity and troubleshoot some product issues. A long list of improvements are also added, including process monitoring, monitoring of files loaded into system memory, improved filters, process activity details, and more. Process Monitor is a Windows system monitoring tool that shows files, accessed registry keys, and active processes. We will discuss its prerequisites and share how you can get started with it. We mentioned Process Monitor in our MSI Packaging Training free e-book but this time around, we want to explore it further. Process Monitor is probably one of the most used tools by IT Pros to debug applications and check installations. Getting started with Procmon: The Beginner’s Guide to Monitoring Windows Systems
0 Comments
Leave a Reply. |