Process Monitor “Unable to write PROCMON23.SYS” Enabling Boot Logging

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It can also trace the entire boot process and save to a PML log file. When enabling the setting “Enable Boot Logging” from the Options menu in Process Monitor, the following error may pop up:

Unable to write PROCMON23.SYS.

Make sure that you have permission to
write to the %%SystemRoot%%\System32\Drivers directory.

This error is seen especially on Windows 10 computers, and there is a simple workaround for this problem without requiring any reboot.

Note that you’ll be unable to delete PROCMON23.SYS as it’s in use by the Operating System.

Unable to write PROCMON23.SYS
PROCMON23.SYS file in use


To fix the error, all you need to do is rename the file PROCMON23.SYS (to PROCMON23-OLD.SYS or something) in the C:\Windows\System32\Drivers folder.

Unable to write PROCMON23.SYS

Unable to write PROCMON23.SYS
Error “Unable to write PROCMON23.SYS” when enable boot logging in ProcMon

You should be able to enable boot logging now. Process Monitor again creates a new PROCMON23.SYS in the drivers directory.

Note that this is not a permanent solution, as you’ll need to repeat the steps every time (at least in Windows 10 systems) when you enable boot logging in Process Monitor.

About the author

Ramesh Srinivasan founded back in 2005. He is passionate about Microsoft technologies and has a vast experience in the ITeS industry — delivering support for Microsoft's consumer products. He has been a Microsoft MVP [2003 to 2012] who contributes to various Windows support forums.

Leave a Comment