Categories for advanced output Procmon RRS feed

  • Question

  • I have just learnt to use Procmon. From all the tutorials they said user should "Enable Advanced Output" for filtering. I have been searching for the differences between advanced output and normal output but have no luck.

    - I have found out that in normal output (disable advance output), the operations is among this list: The categories are:

    FileSystem ProcessThread Registry Network Profiling

    - While with advanced output, the operations contains IRP_MJ_CLOSE, FASTIO_RELEASE_FOR_SYNCHRONIZATION, etc.

    What are the categories for the advanced output?

    Thank you!


    • Edited by maianjson Monday, February 11, 2019 9:23 PM
    Monday, February 11, 2019 9:14 PM