none
use Promon through the network RRS feed

  • Question

  • For some reason, I need to use Promon through the network. For example, I have BOOT LOGGING enabled. After the A machine is powered on, I can use Promon to link to the A machine through the network on the B machine. Check the BOOT LOGGING log. This is for analyzing malware. Very helpful, because we don't have to open Promon on the A machine.

    I have checked through IDA to see if Promon has network-related function codes. Can it be used normally? How to use it?

    Tuesday, May 7, 2019 6:32 AM

All replies

  • Can I just clarify my understanding of the problem you are trying to solve: Am I correct in thinking that you want to run Procmon on Machine A but view the logs remotely from machine B ??

    MarkC (MSFT)

    Friday, May 10, 2019 12:02 PM
  • Yes, that's what it means. The best case is to use Procmon's bootlogging on machine a to view its log remotely from machine b.
    
    This is quite useful, because Procmon's R3 application is easily detected by malicious software and is not suitable for background capture. if the above functions are implemented, then there will be no such problems. thank you!
    
    From a loyal Procmon fan.
    Thursday, May 16, 2019 5:51 AM
  • Thanks for the clarification.This is not currently supported. I'll speak with Mark to see if he wants to add this to our backlog.

    Regards

    MarkC (MSFT)

    Tuesday, May 21, 2019 7:44 AM