Microsoft Sysinternals Revamps Process Monitor: New Tools, Sleek UI
Microsoft’s Mark Russinovich announced on X that there is an updated version of its Process Monitor tool. Here’s what’s new.
Microsoft’s Sysinternals team announced a new version of its Process Monitor tool. In addition to improvements to the user interface, the update offers an enhanced search experience, performance tuning, and a new event column. Check out what’s new in version 4.0 of Microsoft’s Process Monitor.
Process Monitor is a free advanced monitoring tool for Windows. It displays real-time file system, registry, and process/thread activity. Microsoft’s Sysinternals team maintains the utility to help users with system troubleshooting and malware detection. You can get more detailed information using this tool than you can with the built-in Resource Monitor or Task Manager.
The main event list in Process Manager (Image credit: Microsoft)
New Columns and Features
The highlight of the updated version is a new column, Process Start. You can use this to filter processes by their start times, like to hide any processes running before beginning a Process Monitor session. You can also copy and paste a timestamp from the main event list to set up your filter.
Sysinternals has also made UI improvements to the tool. You’ll see a more native look to the dark theme now, as well as new interface icons. Microsoft also made the summary dialog behaviors available through the Tools menu more consistent.
Next, mouse and keyboard navigation should be improved, and the team added some autofill template values to other filter columns. You can use a new “Edit Filter” option to refine your view through the summary dialogs. Finally, the main event list now supports a per-column “Count Occurrences” action.
Security and Other Bug Fixes
The Microsoft Sysinternals team also squished some bugs for this version of Procmon. There were two Boot Logging bugs to fix, including one that incorrectly stopped the log after 428 seconds if you enabled profiling events. The other one incompletely initialed the module symbol information if you invoked Process Monitor with the /ConvertBootLog command line option.
Microsoft says it should be faster now to copy items from the main event list to the clipboard. You’ll also see an interruptible progress dialog during this and other time-consuming operations.
Other changes include UI element alignment fixes, updating the online search from the event properties dialog, and adjusting various dialogs’ geometry. Microsoft also enabled runtime checks in Procmon and made several security improvements.
You can download the latest version of Sysinternals Process Monitor from Microsoft now.
Leave a Reply
Leave a Reply
