Process Monitor “Unable to write PROCMON23.SYS” Enabling Boot Logging

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It can also trace the entire boot process and save to a PML log file. When enabling the setting “Enable Boot Logging” from the Options menu in Process Monitor, the following error may pop up:

Unable to write PROCMON23.SYS.

Make sure that you have permission to
write to the %%SystemRoot%%\System32\Drivers directory.

This error is seen especially on Windows 10 computers, and there is a simple workaround for this problem without requiring any reboot.

Note that you’ll be unable to delete PROCMON23.SYS as it’s in use by the Operating System.

Unable to write PROCMON23.SYS
PROCMON23.SYS file in use


To fix the error, all you need to do is rename the file PROCMON23.SYS (to PROCMON23-OLD.SYS or something) in the C:\Windows\System32\Drivers folder.

Unable to write PROCMON23.SYS

Unable to write PROCMON23.SYS
Error “Unable to write PROCMON23.SYS” when enable boot logging in ProcMon

You should be able to enable boot logging now. Process Monitor again creates a new PROCMON23.SYS in the drivers directory.

Note that this is not a permanent solution, as you’ll need to repeat the steps every time (at least in Windows 10 systems) when you enable boot logging in Process Monitor.

One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
  • Pin it!
  • Share it to your favorite blog + Facebook, Reddit
  • Tweet it!
So thank you so much for your support. It won't take more than 10 seconds of your time. The share buttons are right below. :)

Ramesh Srinivasan is passionate about Microsoft technologies and he has been a consecutive ten-time recipient of the Microsoft Most Valuable Professional award in the Windows Shell/Desktop Experience category, from 2003 to 2012. He loves to troubleshoot and write about Windows. Ramesh founded in 2005.

Leave a Comment