![]() ![]() You only need to do this the first time you use it.Ĥ. Start ProcMon from the shortcut and accept the EULA. ![]() (The latter is so ProcMon doesn’t start capturing events automatically when it’s run.)ģ. Create a new shortcut to procmon.exe and amend the shortcut’s properties so it uses Run as administrator ( a) and uses a /NoConnect switch ( b), as per the following screenshot: (I save/unzip it to a C:\Support folder I’ve created to store portable utilities/tools.)Ģ. Sysinternals/TechNet‘s small, free, portable Process Monitor ( ProcMon) can be set to filter for cmd.exe firing and should show what triggered it.ġ. What you are seeing is the result of a process firing (from a scheduled task or registry Run key?) and, as a result, triggering cmd.exe… so why not use a tool that monitors processes?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |