Overview
When software does not function as expected, Process Monitor (a.k.a ProcMon) can be a valuable tool to investigate the root cause of the problem. ProcMon is a tool that is named after what it literally does; it monitors processes on a computer and saves those events in real-time to a log file for examination.
ProcMon is a free tool by Microsoft and you can download it here: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
Some of the most common usage scenarios are:
- Check if antivirus software is scanning M-Files (see example here, more details on the requirements here and more examples here).
- Review issues with file operations (such as files being locked that you cannot delete, or something deleting files that you cannot read).
- Whether (and which) registry keys are read to see if settings are taken into use.
- Some installation/upgrade issues (more here).
Details
If providing a procmon log to M-Files Support, include information such as the following (where applicable):
- The name of the file being processed (e.g., "my email.msg").
- The ID of the vault object involved.
- Names and IDs of views involved.
- The user name of the user who performed the operation. Their ID from the M-Files Admin Users list is also helpful.
- Any other relevant information such as antivirus in use, paths (especially if non-default), other relevant software that works with the file, etc.
Steps to Use ProcMon
- Close all unrelated applications.
- Launch Procmon with the "Run as administrator" option at the user's computer.
- Test quickly if it generates events, in some systems it will not, so then try launching it normally.
- If needed, clear the initial filter options by clicking on Reset or unchecking the unnecessary items
There should be only 2-3 entries checked:- Process Name is Procmon64.exe, Action = Exclude (this is only on 64-bit systems)
- Process Name is Procmon.exe, Action = Exclude
- Event Class is Profiling, Action = Exclude
- Click OK.
- The program starts with logging enabled so stop it for now with CTRL + E and then clear the log with CTRL + X.
- Prepare the problem scenario so that it can be reproduced as quickly as possible.
- Make sure that the log gathering is started (You can start and stop it with CTRL + E key combination).
- Reproduce the error and stop the logging immediately to prevent the file size from growing very large.
- Save the procmon log as .pml file (at save dialog, select "all events" and "Native process monitor format (.PML).
- Optional: If you intend to send the log to someone for investigating, we recommend compressing the pml file to zip file (right-click on it, Send to -> Compressed folder (zip).
Notes
- These logs will contain sensitive information, make sure to send them securely (e.g., via our Cryptshare portal when sending to M-Files).
- When logging for a prolonged period of time, use Disk as the backing option (File > Backing Files > choose file on a disk with plenty of free space, instead of the default "virtual memory").
- You have to change this between logging sessions to ensure it will not get overwritten.
- If you are given a certain filter, you can drop the other events to reduce the log size (Filter > Drop Filtered Events, and then in the "Save to File" dialog, select "Events displayed using current filter").
