none
Categories for advanced output Procmon

    Question

  • I have just learnt to use Procmon. From all the tutorials they said user should "Enable Advanced Output" for filtering. I have been searching for the differences between advanced output and normal output but have no luck.

    - I have found out that in normal output (disable advance output), the operations is among this list: https://gist.github.com/mgeeky/f0d13172d557e5860c0301dbf847de60. The categories are:

    FileSystem ProcessThread Registry Network Profiling

    - While with advanced output, the operations contains IRP_MJ_CLOSE, FASTIO_RELEASE_FOR_SYNCHRONIZATION, etc.

    What are the categories for the advanced output?

    Thank you!

    Mai



    • Edited by maianjson Monday, February 11, 2019 9:23 PM
    Monday, February 11, 2019 9:14 PM