0

I want to use Process Monitor to find which process is deleting my temp folder. I ran Process Monitor for the first time, and there's lot of options and new concepts (it's probably very powerful).

Could you please tell me in a few simple steps, how can I monitor which process is deleting particular folder? With as least CPU overhead as possible (I see it is monitoring hundreds different events per second!)

Improve this question
2
  • 2
    Have you tried adding delete events into the event log?
    – Smock
    Commented Jan 8, 2020 at 12:12
  • Reminder: you may also try to use Windows Resource Monitor disk activity subwindow for this if this happens in some relatively expected moment.
    – halt9k
    Commented Feb 8 at 20:01

2 Answers 2

Reset to default
1

You should add a filter on that folder. Press Ctrl+L to open the Filter dialog (or use the toolbar button). Select Path is [Your directory] then Include, and click on the Add button.

enter image description here

To specifically monitor deletes only, see here.

Improve this answer
4
  • Thanks Berend, but what does it mean, "path is"? Path of what?
    – Tomas
    Commented Jan 8, 2020 at 10:07
  • The path of whatever file or directory the event took place on. In your case, the directory that was deleted. See also the path column in the main Procmon window.
    – Berend
    Commented Jan 8, 2020 at 11:20
  • OK, but this shows also my program writing into that directory.... can I filter just the deletion of the dir?
    – Tomas
    Commented Jan 8, 2020 at 12:52
  • @Tomas Yes, I added a link to a different question
    – Berend
    Commented Jan 8, 2020 at 13:27
0

To show all File Activity you also can 'unselect' everything but the
"Show File System Activity" in the selection boxes as shown here.

enter image description here

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .