The ProcmonLowAlt.zip attached to which is attached to the bottom of this article does not require the configuration steps and reboot needed if procmon is downloaded directly from Microsoft; however, the procmon included in ProcmonLowAlt.zip has not been signed
Procmon23 is the version installed in this example. The value will vary depending on the Procmon version installed
The Altitude allows the sensor information to be captured as it is too low for the default setting
Permissions change has to be made as Procmon will automatically revert the change
Reboot is required as the Procmon filter driver is hooked into the kernel driver and unable to unload unless rebooted.
For EDR Sensors 7.2.0 and higher, Tamper Protection will need to be disabled