{"id":76091,"date":"2024-07-25T14:59:39","date_gmt":"2024-07-25T09:29:39","guid":{"rendered":"http:\/\/198.58.113.91\/blog\/?p=76091"},"modified":"2026-02-27T21:09:11","modified_gmt":"2026-02-27T15:39:11","slug":"boot-trace-process-monitor","status":"publish","type":"post","link":"https:\/\/www.winhelponline.com\/blog\/boot-trace-process-monitor\/","title":{"rendered":"How to Run a Boot Trace Using Process Monitor"},"content":{"rendered":"<p>Process Monitor is an excellent diagnostic tool from Microsoft Sysinternals. It can run a trace during the current Windows session or trace the boot process. Let&#8217;s see how to enable boot tracing using Process Monitor.<\/p>\n<h2>Enable Boot Logging using Process Monitor<\/h2>\n<ol>\n<li>Download <a href=\"https:\/\/learn.microsoft.com\/en-us\/sysinternals\/downloads\/procmon\" target=\"_blank\" rel=\"noopener\">Process Monitor<\/a> and run it.<\/li>\n<li>Read and accept the license agreement.<\/li>\n<li>If the &#8220;Filtering Options&#8221; dialog appears, dismiss the dialog by pressing Cancel.<\/li>\n<li>From the Options menu, click &#8220;Enable Boot Logging&#8221; to enable it.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-76092\" src=\"https:\/\/www.winhelponline.com\/blog\/wp-content\/uploads\/2024\/07\/procmon-boot-log-1.png\" alt=\"Process monitor boot logging\" width=\"700\" height=\"380\" \/><\/li>\n<li>Enable &#8220;Generate threat profiling events&#8221;, choose &#8220;Every second&#8221;, and click OK.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-76093\" src=\"https:\/\/www.winhelponline.com\/blog\/wp-content\/uploads\/2024\/07\/procmon-boot-log-2.png\" alt=\"\" width=\"700\" height=\"429\" \/><\/li>\n<li>Close Process Monitor by clicking File, and clicking Exit.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-76094\" src=\"https:\/\/www.winhelponline.com\/blog\/wp-content\/uploads\/2024\/07\/procmon-boot-log-3.png\" alt=\"\" width=\"701\" height=\"261\" \/><\/li>\n<li>Save your work and close all programs that are currently running.<\/li>\n<li>Right-click Start, click &#8220;Shut down or sign out&#8221;, and click &#8220;Restart&#8221;.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-76095\" src=\"https:\/\/www.winhelponline.com\/blog\/wp-content\/uploads\/2024\/07\/procmon-boot-log-4.png\" alt=\"\" width=\"701\" height=\"667\" \/><\/li>\n<li>Process Monitor will trace the next boot and write the events to a log file. After entering Windows, reopen Process Monitor.\n<div class=\"newline\"><em><strong>Note:<\/strong> If you need to reproduce and record a problem after logging in, do so <strong>before<\/strong> opening Process Monitor.<\/em><\/div>\n<\/li>\n<li>Click &#8220;Yes&#8221; when you see the following message:\n<div class=\"qt\"><em>&#8220;A log of boot-time activity was created by a previous instance of Process Monitor. Do you wish to save the collected data now?&#8221;<\/em><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-76096\" src=\"https:\/\/www.winhelponline.com\/blog\/wp-content\/uploads\/2024\/07\/procmon-boot-log-5.png\" alt=\"Process monitor boot logging\" width=\"700\" height=\"401\" \/><\/li>\n<li>Save the PML boot log in a folder. The default file name is Bootlog.PML.<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-76097\" src=\"https:\/\/www.winhelponline.com\/blog\/wp-content\/uploads\/2024\/07\/procmon-boot-log-6.png\" alt=\"Process monitor boot logging\" width=\"700\" height=\"621\" \/>\n<p><strong>Note:<\/strong> If the trace size is enormous, Process Monitor saves the trace information into multiple logs, such as Bootlog-1.PML, Bootlog-2.PML, etc.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-76098\" src=\"https:\/\/www.winhelponline.com\/blog\/wp-content\/uploads\/2024\/07\/procmon-boot-log-7.png\" alt=\"Process monitor boot logging\" width=\"699\" height=\"382\" \/><\/li>\n<li>The PML trace log will be huge, usually in gigabytes. If you&#8217;re going to send the file to someone or share it on the cloud, be sure to <strong>zip<\/strong> it. To zip the log(s), select the file(s), right-click, select Send to, and select &#8220;Compressed (zipped) folder&#8221; from the Send To menu.<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-76099\" src=\"https:\/\/www.winhelponline.com\/blog\/wp-content\/uploads\/2024\/07\/procmon-boot-log-8.png\" alt=\"Process monitor boot logging\" width=\"701\" height=\"250\" \/><\/li>\n<li>Zipping the log(s) reduces the file size by a whopping <strong>90%<\/strong>.<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-76100\" src=\"https:\/\/www.winhelponline.com\/blog\/wp-content\/uploads\/2024\/07\/procmon-boot-log-9.png\" alt=\"Process monitor boot logging\" width=\"700\" height=\"293\" \/><\/li>\n<\/ol>\n<p>That&#8217;s it.<\/p>\n<hr \/>\n<h3>Related article<\/h3>\n<p><a href=\"https:\/\/www.winhelponline.com\/blog\/process-monitor-track-events-generate-log-file\/\">Using Process Monitor to Track Registry and File System Changes<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Process Monitor is an excellent diagnostic tool from Microsoft Sysinternals. It can run a trace during the current Windows session or trace the boot process. Let&#8217;s see how to enable boot tracing using Process Monitor. Enable Boot Logging using Process Monitor Download Process Monitor and run it. Read and accept the license agreement. If the &#8230; <a title=\"How to Run a Boot Trace Using Process Monitor\" class=\"read-more\" href=\"https:\/\/www.winhelponline.com\/blog\/boot-trace-process-monitor\/\" aria-label=\"Read more about How to Run a Boot Trace Using Process Monitor\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[6,7],"tags":[414],"class_list":["post-76091","post","type-post","status-publish","format-standard","hentry","category-utilities","category-windows","tag-process-monitor"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":5637,"url":"https:\/\/www.winhelponline.com\/blog\/process-monitor-unable-to-write-procmon23-boot-logging\/","url_meta":{"origin":76091,"position":0},"title":"Process Monitor &#8220;Unable to write PROCMON23.SYS&#8221; Enabling Boot Logging","author":"Ramesh","date":"October 25, 2017","format":false,"excerpt":"Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process\/thread activity. It can also trace the entire boot process and save to a PML log file. When enabling the setting \"Enable Boot Logging\" from the Options menu in Process Monitor, the following error\u2026","rel":"","context":"In &quot;Utilities&quot;","block_context":{"text":"Utilities","link":"https:\/\/www.winhelponline.com\/blog\/category\/utilities\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2017\/10\/procmon-boot-logging-error.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":3346,"url":"https:\/\/www.winhelponline.com\/blog\/procmon-track-process-creation-exit-time\/","url_meta":{"origin":76091,"position":1},"title":"Track Process Creation and Exit Time Using Process Monitor","author":"Ramesh","date":"June 21, 2016","format":false,"excerpt":"Summary: This post tells you how to track process creation and exit events using the Process Monitor utility. My previous post, List Running Processes, helps you track down currently running processes. And the article Command Prompt Opens and Closes immediately\u00a0tells you if a last run program window was a scheduled\u2026","rel":"","context":"In &quot;Utilities&quot;","block_context":{"text":"Utilities","link":"https:\/\/www.winhelponline.com\/blog\/category\/utilities\/"},"img":{"alt_text":"process creation and exit time","src":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/06\/proclist-0.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/06\/proclist-0.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/06\/proclist-0.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":988,"url":"https:\/\/www.winhelponline.com\/blog\/process-monitor-track-events-generate-log-file\/","url_meta":{"origin":76091,"position":2},"title":"Using Process Monitor to Track Registry and File System Changes","author":"Ramesh","date":"February 1, 2009","format":false,"excerpt":"Process Monitor is an excellent troubleshooting tool from Windows Sysinternals that displays the files and registry keys that applications access in real-time. The results can be saved to a log file, which you can send to an expert for analyzing a problem and troubleshooting it. This article tells you how\u2026","rel":"","context":"In &quot;Windows&quot;","block_context":{"text":"Windows","link":"https:\/\/www.winhelponline.com\/blog\/category\/microsoft\/windows\/"},"img":{"alt_text":"ProcMon PML log","src":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2009\/02\/procmon-save-log.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":2149,"url":"https:\/\/www.winhelponline.com\/blog\/process-monitor-track-access-denied-registry-file-events\/","url_meta":{"origin":76091,"position":3},"title":"How to Track &#8220;Access Denied&#8221; Registry and File Events Using Process Monitor","author":"Ramesh","date":"March 17, 2016","format":false,"excerpt":"A well-written application does proper error handling, notifying the user in detail about the error it countered and how to go about fixing it, rather than failing silently or throwing up an obscure error code and quitting. This post tells you how to trace \"Access Denied\" events for file and\u2026","rel":"","context":"In &quot;Windows&quot;","block_context":{"text":"Windows","link":"https:\/\/www.winhelponline.com\/blog\/category\/microsoft\/windows\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/w10\/p-mon-1.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":7918,"url":"https:\/\/www.winhelponline.com\/blog\/enable-built-in-administrator-windows-10-recovery-options-advanced\/","url_meta":{"origin":76091,"position":4},"title":"How to Enable the Built-in Administrator via Windows RE","author":"Ramesh","date":"February 15, 2019","format":false,"excerpt":"There are situations where you'll need to activate and use the built-in Administrator account in Windows 10 or 11. The built-in Administrator account is disabled by default. If your existing admin user account profile gets corrupted (and you have no alternate user account with admin privileges), you'll need to enable\u2026","rel":"","context":"In &quot;Windows 10&quot;","block_context":{"text":"Windows 10","link":"https:\/\/www.winhelponline.com\/blog\/category\/microsoft\/windows\/windows-10\/"},"img":{"alt_text":"windows recovery options","src":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/05\/winre-1.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/05\/winre-1.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/05\/winre-1.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":2379,"url":"https:\/\/www.winhelponline.com\/blog\/clean-boot-windows-autoruns\/","url_meta":{"origin":76091,"position":5},"title":"How to Clean Boot Windows Using Autoruns?","author":"Ramesh","date":"March 26, 2016","format":false,"excerpt":"This post explains how to clean boot Windows using the Autoruns utility from Microsoft. Clean boot is nothing but starting Windows without 3rd party services and startup programs. This procedure is done to find out the which program, service or a module is causing a specific problem in Windows. Once\u2026","rel":"","context":"In &quot;Windows&quot;","block_context":{"text":"Windows","link":"https:\/\/www.winhelponline.com\/blog\/category\/microsoft\/windows\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/w10\/cleanboot\/cleanboot2.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/posts\/76091","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/comments?post=76091"}],"version-history":[{"count":0,"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/posts\/76091\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/media?parent=76091"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/categories?post=76091"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/tags?post=76091"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}