[LOG] Collecting Process Monitor Logs (PML)
A Process Monitor is an advanced monitoring tool for Windows powered by Microsoft, enabling real-time monitoring of file systems, registries, and process/thread tasks.
When to Collect the PML
If the information that is not recorded in the product logs is needed during technical support, you may receive a request to collect PML.
For example, you can receive the request in the following cases:
- If the issue with AhnLab product process execution is suspected to be related to a third-party module.
- If periodic collection of malware information is required.
- If it is necessary to collect file I/O information that occurs at the time of error symptom reproduction
To Collect the PML Log
1. Download Process Monitor from the link below.
2. Unzip the file and run the ‘procmon.exe’ file.
3. After reproducing the symptoms, record the time of symptom reproduction.
Since a large volume of logs will be saved, it is difficult to proceed with the analysis if the time of symptom reproduction is not specified.
4. Once enough logs have been recorded, click ‘Save’ at the top to save the file.
Select the following save options.
- Events to save: All events
- Format: Native Process Monitor Format (PML)
- Path: Specify a path that is easy to collect the file (e.g. Desktop).
- Default: A path where ‘procmon.exe’ file is saved.
5. Once the log is saved, collect the generated PML file and deliver it to the Technical Support Center.
Please provide the time of symptom reproduction as well when you deliver the file.