Process Monitor “Unable to write PROCMON23.SYS” Enabling Boot Logging

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It can also trace the entire boot process and save to a PML log file. When enabling the setting “Enable Boot Logging” from the Options menu in Process Monitor, the following error may pop up:

Unable to write PROCMON23.SYS.

Make sure that you have permission to
write to the %%SystemRoot%%\System32\Drivers directory.

This error is seen especially on Windows 10 computers, and there is a simple workaround for this problem without requiring any reboot.

Note that you’ll be unable to delete PROCMON23.SYS as it’s in use by the Operating System.



Unable to write PROCMON23.SYS
PROCMON23.SYS file in use

Solution

To fix the error, all you need to do is rename the file PROCMON23.SYS (to PROCMON23-OLD.SYS or something) in the C:\Windows\System32\Drivers folder.

Unable to write PROCMON23.SYS

Unable to write PROCMON23.SYS
Error “Unable to write PROCMON23.SYS” when enable boot logging in ProcMon

You should be able to enable boot logging now. Process Monitor again creates a new PROCMON23.SYS in the drivers directory.

Note that this is not a permanent solution, as you’ll need to repeat the steps every time (at least in Windows 10 systems) when you enable boot logging in Process Monitor.


One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
  • Pin it!
  • Share it to your favorite blog + Facebook, Reddit
  • Tweet it!
So thank you so much for your support, my reader. It won't take more than 10 seconds of your time. The share buttons are right below. :)

About the author

Ramesh Srinivasan founded Winhelponline.com back in 2005. He is passionate about Microsoft technologies and he has been a Microsoft Most Valuable Professional (MVP) for 10 consecutive years from 2003 to 2012.

Leave a Comment