none
Process Monitor fails to terminate when there is a large backing file RRS feed

  • Question

  • I've been using process monitor as part of a scheduled service which gathers information and then terminates at a predetermined time. Process Monitor closes correctly most of the time, but if it has a very large backing file, the services simply doesn't end. We use task list to check if it is still running after calling procmon /Terminate.

    When this happens, it becomes impossible to retrieve data from the backing file since procmon keeps it open. As far as I can tell there is also no way to cleanly kill procmon if it does not respond to being terminated.

    We start procmon as a scheduled service using this command:
    Start procmon.exe /AcceptEula /Minimized /Quiet /LoadConfig ProcmonConfiguration.pmc /BackingFile fullprocessmonitor.pml
    Then we attempt to stop procmon using another scheduled service which runs the following command:
    procmon.exe /Terminate /AcceptEula

    Is there any reason this would only fail on large files and is there anything we can do to prevent this, or file a bug report?
    Tuesday, October 16, 2018 1:57 PM

All replies

  • Hello

    Would it be possible to obtain a process memory dump of the stalled process? I'm currently making some changes in this area and would like to ensure that this case is covered. Feel free to contact me offline at syssite@microsoft.com if you would like to progress this.

    MarkC (MSFT)

    Wednesday, October 17, 2018 1:38 AM
  • Unfortunately it is not possible for me to provide a process memory dump of the stalled process.
    Thursday, October 18, 2018 4:44 PM
  • Mark, do you have any rough estimate of when we could expect a new release of ProcessMonitor which may resolve this issue?
    Friday, October 19, 2018 1:32 PM
  • Hello,

    i have the same problem here, but the .pml file is only 34MB.Procmon is started in system context via a tasksequence of sccm. After a procmon /terminate one process is stopped, but there is still one process running, so the cmd os that tasksequenz also is still running.

    the .pml file is not growing, so i have no idea, why there is still one process running.

    also logging in and starting another cmd in system context and execute procmon /terminate will not stopp the process.

    hav send an email to the above mail adress.

    Wednesday, June 5, 2019 6:22 AM