Running Process Monitor can negatively affect the performance of your computer. Now, if any process running on Windows tries to read or write to a tracking file or registry key, you will see this event in Process Monitor. In this way, exclude any other trusted processes that are accessing your file or registry key. It means that the ProcMon log won’t display any activity from this process. This process will be added to the ProcMon filter with the Exclude value. To exclude the events of this process from the ProcMon log, right-click on the process name msmpeng.exe and select Exclude “….”.
This is the core process of the antimalware detection engine in Windows Defender. The list of events contains the system process msmpeng.exe (Antimalware Service Executable). It also contains events of creation (Create File) and writing to a file (WriteFile) by the processes cmd.exe and powershell.exe. As you can see, it contains events for creating a registry key by the reg.exe process (Operation > RegCreateKey). Get-Process|out-file C:\ps\procmon_example.txt
0 kommentar(er)
