ColumnSelection

Process Monitor

previous page next page

Column Selection

You can drag columns to rearrange their order and customized the columns displayed by choosing Select Columns from the Options menu to open the column selection dialog. Columns that are available for selection include:

Application Details

  • Process Name The name of the process in which an event occurred.

  • Image Path The full path of the image running in a process.

  • Command Line The command line used to launch a process.

  • Company Name The text of the company name version string embedded in a process image file. This text is optionally defined by the application developer.

  • Description The text of the product description string embedded in a process image file. This text is optionally defined by the application developer.

  • Version The product version number embedded in a process image file. This information is optionally specified by the application developer.

Event Details

  • Sequence Number The relative position of the operation with respect to all events included in the current filter.

  • Event Class The class (File, Registry, Process) of the event.

  • Operation The specific event operation (e.g. Read, RegQueryValue, etc.).

  • Date & Time Both the date and the time of an operation.

  • Time of Day Only the time of an operation.

  • Path The path of the resource that an event references.

  • Detail Additional information specific to an event.

  • Result The status code of a completed operation.

  • Relative Time The time of the operation relative to Process Monitor's start time or the last time that the Process Monitor display was cleared.

  • Duration The duration of an operation that has completed.

Process Management

  • User Name The name of the user account in which the process that performed an operation is executing.

  • Session ID The Windows session in which the process that executed an operation is executing.

  • Authentication ID The logon session in which the process that executed an operation is executing.

  • Process ID The Process ID (PID) of the process that executed an operation.

  • Thread ID The Thread ID (TID) of the thread that executed an operation.

  • Integrity Level The integrity level at which the process that executed an operation is running (Windows Vista only).

  • Virtualized The virtualization status of the process that executed an operation (Windows Vista only).

 

previous page start next page