Capture Windows Logs Using Process Monitor

When troubleshooting issues on Windows devices, JumpCloud Support may need additional data that resides outside of the JumpCloud agent and Event logs. To determine if an external process is interfering with JumpCloud Agent functionality, a Support Engineer may ask you for a Process Monitor capture.

What is Process Monitor?

Process Monitor (Procmon) is a powerful monitoring tool for Windows operating systems. It lets you closely observe the activities occurring in real time on your device. Process Monitor captures and displays detailed information about processes, threads, file system activity, registry changes, network activity, and more. This comprehensive visibility helps when troubleshooting software issues by providing insights into background program activity.

Downloading Process Monitor

Process Monitor can be found on Microsoft’s SysInternals website. See ProcMon Download.

Capturing a Process Monitor Log

To capture a log in Process Monitor:

  1. Log in to the Windows device using an account with administrative privileges.
  2. Run Procmon.exe as administrator.
  3. Process Monitor begins logging the moment it starts running, but a clean capture is recommended. To stop capturing, click Capture.
  4. Clear all previously recorded events by clicking Clear.
  5. When you’re ready to recreate the issue or scenario, click Capture to begin logging.
  6. Once you’ve recreated the issue or scenario, click Capture to stop logging.
  7. Save the Process Monitor by going to File > Save.
  8. Compress and archive (zip) the PML file.
  9. Send the log to your JumpCloud Support Engineer for further review.

Capturing a Boot Process Monitor Log

You may need to troubleshoot an issue related to your boot process which requires additional configuration in Process Monitor.

To enable boot logging in Process Monitor:

  1. Follow steps 1-4 in the previous section to launch Procmon, stop the default capture, and clear any previously recorded events.
  2. Go to Options > Enable Boot Logging.
  3. The Boot Logging Options window appears. Choose the following options:
    • Select Generate profiling events.
    • Select Every second.
  4. Reboot the device and recreate the issue.
  5. Log in to the the Windows device. When at the desktop, run Procmon.exe.
  6. The Process Monitor dialogue box appears. Click Yes and save the log file.
  7. Close Process Monitor.
  8. Compress and archive (zip) the PML file.
  9. Send the log to your JumpCloud Support Engineer for further review.
Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case