PROCMON23.SYS is a component of the SysInternals Process Monitor which is a monitoring tool for Windows which can track Registry changes, DLL changes, and thread activity in real-time. It can also track the complete boot process. The details of that are saved into a PML log file which helps in troubleshooting when needed.
However, if it is misconfigured, you may get an error when setting “Enable Boot Logging”.
The message may say:
PROCMON23.SYS is missing
or
Unable to write PROCMON23.SYS, Make sure that you have permission to write to the %%SystemRoot%%\System32\Drivers directory.
Let us see how you can fix this problem.
Unable to write PROCMON23.SYS
Before we go ahead, make sure that you have permission to write to the %%SystemRoot%%\System32\Drivers directory.
- Open the folder, and take ownership of that folder.
- Also, if you can’t see the file, enable Hidden Files from the Folder Options.
Having done that, follow these steps:
Delete %%SystemRoot%%\System32\Drivers\PROCMON23.sys. You may not delete this file from the current running OS, but you can do this in WinPE.
Next, open the command prompt with admin privileges, type the following and hit Enter:
C:\procmon\Procmon /BackingFile C:\procmon\log.pml /AcceptEula /Quiet /noconnect
This should resolve your issue, and you should be able to enable boot logging now.
Let us know if this helped!
