Version 4.01 of Sysinternals’ Process Monitor (procmon) was released (just one day after the release of version 4.0).
These releases bring improvements to performance and the user interface.
And a new event for the Process start was added.
This can now be displayed as a column:
And it can also be used as a filter, for example to filter out all process that started before the new process you want to analyze:
Didier Stevens
Senior handler
blog.DidierStevens.com
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.