none
Unattended and filtered backing file RRS feed

  • Question

  • Hello,

    I run the following command:
    Procmon.exe /backingfile "C:\temp\backingfile.pml" /loadconfig "C:\temp\ProcmonConfiguration.pmc"

    The config file contains my desired filter and "Drop Filtered Events" i set to true.
    Is it possible for the backing file to be already filtered when being saved somehow?
    The execution above saves all events which flood the hard drive.

    Unfortunatelly i see no way how to run the procmon on the background lets say after trigger from task scheduler.

    many thanks!
    Jan

    Wednesday, August 28, 2019 2:55 PM

All replies

  • I generally use these cmd:

    REM *****startpmon.cmd*****
    set PMExe="C:\Program Files\SysInternals\Procmon.exe"
    set PMHide=/Quiet /Minimized /AcceptEula
    set PMCfg=/LoadConfig C:\TEMP\test\notepad.pmc
    set PMFile=/BackingFile C:\temp\test\notepad.pml
    start "" %PMExe% %PMFile% %PMCfg% %PMHide%
    %PMExe% /WaitForIdle


    REM *****Stop.cmd*****
    set PMExe="C:\Program Files\Sysinternals\Procmon.exe"
    %PMExe% /Terminate

    REM *****Reset Using Paging File for next usage…
    start "" %PMExe% /PagingFile /NoConnect /minimized /quiet
    %PMExe% /waitforidle
    %PMExe% /Terminate


    Loading the config file before setting the backing file.. don't think it will make any difference, but try that way,,

    HTH
    -mario

    Wednesday, August 28, 2019 3:10 PM