It's not possible to unload the procmon/Process Monitor driver without a reboot RRS feed

  • Question

  • Creating this one on behalf of ganego on GitHub at MicrosoftDocs/sysinternals, for issue #302:

    When starting Process Monitor, the program loads a driver C:\Windows\system32\Drivers\PROCMON24.SYS. Even after closing the program, the driver is still active.
    This will be a problem when running software that requires the BattleEye anti-cheat software, as BattleEye cannot check this driver or unload it.


    When using Windows 10, even a "normal" (quick) reboot won't help and you have to manually enforce a "real" reboot.

    Monday, August 24, 2020 5:40 PM