Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > Process Monitor
  New Posts New Posts RSS Feed - Detail Column
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Detail Column

 Post Reply Post Reply
justusiv View Drop Down

Joined: 24 October 2014
Location: United States
Status: Offline
Points: 2
Post Options Post Options   Thanks (0) Thanks(0)   Quote justusiv Quote  Post ReplyReply Direct Link To This Post Topic: Detail Column
    Posted: 09 April 2018 at 9:14pm
I am trying to monitor a file server that host a share. I am wondering if someone could give some insight into the detail column.

I find that the Operation "IRP_MJ_CREATE" has the data i am after but deciphering the detail column is a pain. Once i filter on that, all the filtering then needs to be done from the detail column. Lets say i want to monitor deletes. It appears in a few locations. I cant just filter on delete as i get a ton of hits. I have found two possible items from here. "Desired Access: Delete" and "Options: Delete On Close" Not sure what would be better to filter on as i am after 1 hit per deletion. In addition how do i know i wouldn't be missing some sort of other delete.

The next pain point is under these sub categories i never know what other results are going to be included so i have a hard time filtering properly. For example it could be "Desired Access: Read Attributes, Delete" or "Desired Access: Generic Read/Write, Delete". So any guidance on that would be helpful as well. It would make life easier if they were split out into there own column.

Edited by justusiv - 09 April 2018 at 9:16pm
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 11.06
Copyright ©2001-2016 Web Wiz Ltd.