vurcrown.blogg.se - Procmon logs

Open Procmon and Press Ctrl+E to stop the capture.Unzip and place Procmon in an easy to find location.Download the latest Process Monitor (Procmon) from sysinternals.Resolution for a Procmon for Sensor Performance Once downloaded copy wpr.exe to C:\Windows\System32\ WPR.exe will download to C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit by default. NOTE: If C:\Windows\System32\wpr.exe does not exist, download Debugging Tools for Windows and at the "Select the features you want to download" install prompt deselect all other options except "Windows Performance Toolkit". Ensure wpr.exe exists in C:\Windows\System32\.

For the purposes of this document, this location will be referenced as c:\temp although the c:\temp file location can be replaced with whatever location you have specified for saving the log files.

Create a folder where all logs will be saved.

If RepCLI Authentication was not enabled during the initial sensor install then RepCLI Authentication can be enabled on existing sensor installations

RepCLI Authentication must be enabled.

If collecting a Procmon for the VMware Carbon Black Cloud sensor: Microsoft Windows: All supported versions User suspects that there are interoperability issues between the VMware Carbon Black Cloud sensor and another program installed on an endpoint.