Site icon Winhelponline

Process Monitor “Unable to write PROCMON23.SYS” Enabling Boot Logging

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It can also trace the entire boot process and save to a PML log file. When enabling the setting “Enable Boot Logging” from the Options menu in Process Monitor, the following error may pop up:

Unable to write PROCMON23.SYS.

Make sure that you have permission to
write to the %%SystemRoot%%\System32\Drivers directory.

This error is seen especially on Windows 10 computers, and there is a simple workaround for this problem without requiring any reboot.

Note that you’ll be unable to delete PROCMON23.SYS as it’s in use by the Operating System.

PROCMON23.SYS file in use


To fix the error, all you need to do is rename the file PROCMON23.SYS (to PROCMON23-OLD.SYS or something) in the C:\Windows\System32\Drivers folder.

Error “Unable to write PROCMON23.SYS” when enable boot logging in ProcMon

You should be able to enable boot logging now. Process Monitor again creates a new PROCMON23.SYS in the drivers directory.

Note that this is not a permanent solution, as you’ll need to repeat the steps every time (at least in Windows 10 systems) when you enable boot logging in Process Monitor.

Exit mobile version