Could Process Monitor get the ability to remove duplicates? RRS feed

  • Question

  • Is Process Lasso open to possible new features? If so, one ability that would be fantastic is a de-duplication function. For example, if there are thousands of file read entries for "c:\test.dll", you could right click one of those entries and select "Remove|Hide duplicates", which would then remove all the duplicates, leaving just one entry shown.

    This could be tweaked so that the de-duplication happens only on continuous stretches of any particular displayed entry (e.g., if there are 20 file reads of "test.dll", then five registry writes, then 50 more file reads of" test.dll", right-clicking on an entry in the latter set of "test.dll" reads and de-duping would compress only that continuous block of entries).

    This could also be useful as an overall bird's-eye menu/toolbar function, too, which could "collapse" all duplicated continuous-stretch entries.

    This could also be a display-only ability that pulls the "puppet-strings" of the already existing filters functionality, thereby not having to drop data, hiding it instead, and also adding some ease by using already existing functionality. Of course, the ability to de-dupe only continuous blocks of a particular entry attribute would necessitate some additional logic + processing, but it shouldn't be very difficult to do.

    Friday, January 31, 2020 10:59 PM

All replies

  • You can filter out most of the duplicated entry using just normal filtering..

    By example if you apply a fiter of type "Category" is "write", you will filter out almost all the noise, leaving you with only the write to the rgistry and to the disk..

    Then you can right click on each line and choose "exclude" based on the process pid, name, thread ID, function call etc..


    Monday, February 3, 2020 7:50 AM