The 'ProcmonLowAlt.zip' file attached to the bottom of this article does not require configuration steps, nor reboot. Reboot is required if Procmon is downloaded directly from Microsoft; however, the Procmon included in 'ProcmonLowAlt.zip' file has not been signed
Procmon23 is the version installed in this example, the value will vary depending on the Procmon version installed
The Altitude value allows the Sensor/Agent information to be captured, as default Sensor/Agent values are too low for capturing.
Permissions change has to be made as Procmon will automatically revert the change
Reboot is required as the Procmon filter driver is hooked into the kernel driver and unable to unload unless rebooted.
For EDR Sensors 7.2.0 and higher, Tamper Protection will need to be disabled