Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How to Setup Circular Logging on Procmon

Carbon Black Cloud: How to Setup Circular Logging on Procmon

Environment

  • Microsoft Windows: All Supported Versions

Objective

How to limit the size of procmon files by setting up circular logging

Resolution

  1. Download and install Process Monitor ( Process Monitor - Sysinternals )
  2. Open ProcMon
  3. Select Options > History Depth...
  4. Select "Limit to:" and specify a file size between 200 and 500 MB as desired e.g. Limit to 300 MB
  5. Select File > Backing Files...
  6. Select Limit "Use file named:" and enter desired file path and file name for procmon files e.g. C:\Temp\LogFile.PML
  7. Close Procmon and reopen when ready to begin replicating issue
  8. Once Procmon is reopened, observe that procmon files will automatically be generated in the specified file location with the specified name prefix e.g. C:\Temp\LogFile.PML, LogFile-1.PML, LogFile-2.PML, etc...

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎10-05-2023
Views:
299
Contributors