1.What does PMLogAnalyzer’s Automation of ProcMon actually mean
a)No more time spent starting/stopping ProcMon or saving the Event Logs:. The process is totally automated in PMLogAnalyzer. The PC’s Start Menu is replicated so that the User effectively selects the Application from a Start Menu and when the Application ends an Event Log is automatically produced.
b)No more batch editing of a Filter file. Selecting the Applications/Processes to report on, is now based on an Automatically Generated list of Applications/Processes which were running when ProcMon was monitoring.
c)Standard Reports produce lists of
a.All the File/Registry entries read/written by an Application/Process, and if any have failed due to Access Rights.
b.The Access rights of users, who have different Access Rights to the Original User, can be checked to see where there are potential problems with the New User having insufficient rights to perform the required operation.
c.A Cross Reference with the full log (for a Process) so that it is easy to see the environment of each reference. (other file/registry reads/writes)
d)The ability to compare logs from different PCs (using a Text File comparison program) where one works and the other does not to see where/why the problem (differences) start (Date Times\Process Ids and other run specific details are removed)
e)The ability to identify the Log Records belonging to individual functions within an Application. Uses a technique called “BookMarks†which allow the User to generate a named record on the ProcMon log when he enters/leaves a Function within a Application. Without Bookmarks it is often difficult to tie individual Event Records to individual Functions with a Application.
2. Adding details from MSI Installer files to DLLs etc Reports provides a complete list of the Files etc required for an Application and these are compared with what is installed on the PC.
3. Scan MSIs installed on PC to locate individual Files/registry Keys
Comments