I've had Sage suggest this to one of my customers with a very sophisticated IT department. The IT department had no problem using it but they were somewhat skeptical they would be able to find anything because of how much data the process monitor captured. 

As they say " Trust but verify " ....

Jane - It was used by a consultant here on 90M fairly recently to in fact detect and prove to a client's IT that AV was scanning Sage files. I believe this Sage Community post is a KB entry too and she sent them the KB article and IT followed the steps, not she herself. 

For myself, I've used ProcMon a lot but to everyone's point is most effective when you're looking for something very specific, otherwise it's a big morass of wading thru traced process data. A good example of where to use it is when you're suspecting permissions errors. The ProcMon result column will show ACCESS DENIED on usually a pvxwin32.exe process and now there is irrefutable proof. I usually save the trace file to CSV, open it in Excel, re-sort the columns so the ACCESS DENIED  entries appear at the top. Hope that helps.

When I was wearing an "IT" hat, I used Process Monitor all the time, and even recently recommended it to find out which reg keys Sage was using for Product Updates.

I wanted to note that you do not need to install it, and can grab it (and may other cool utilities, such as autoruns, process explorer, autologin, ZoomIt, etc) directly from the https://live.sysinternals.com site (or even typing \\live.sysinternals.com in Windows Explorer). 

Jane - It was used by a consultant here on 90M fairly recently to in fact detect and prove to a client's IT that AV was scanning Sage files. I believe this Sage Community post is a KB entry too and she sent them the KB article and IT followed the steps, not she herself. 

For myself, I've used ProcMon a lot but to everyone's point is most effective when you're looking for something very specific, otherwise it's a big morass of wading thru traced process data. A good example of where to use it is when you're suspecting permissions errors. The ProcMon result column will show ACCESS DENIED on usually a pvxwin32.exe process and now there is irrefutable proof. I usually save the trace file to CSV, open it in Excel, re-sort the columns so the ACCESS DENIED  entries appear at the top. Hope that helps.

Steve - Right on! Better to download the whole SysInternals suite of utilities. This might be a good topic to add to the MotM 2025 Tips & Tricks session too.

When I was wearing an "IT" hat, I used Process Monitor all the time, and even recently recommended it to find out which reg keys Sage was using for Product Updates.

I wanted to note that you do not need to install it, and can grab it (and may other cool utilities, such as autoruns, process explorer, autologin, ZoomIt, etc) directly from the https://live.sysinternals.com site (or even typing \\live.sysinternals.com in Windows Explorer). 

Jane - It was used by a consultant here on 90M fairly recently to in fact detect and prove to a client's IT that AV was scanning Sage files. I believe this Sage Community post is a KB entry too and she sent them the KB article and IT followed the steps, not she herself. 

For myself, I've used ProcMon a lot but to everyone's point is most effective when you're looking for something very specific, otherwise it's a big morass of wading thru traced process data. A good example of where to use it is when you're suspecting permissions errors. The ProcMon result column will show ACCESS DENIED on usually a pvxwin32.exe process and now there is irrefutable proof. I usually save the trace file to CSV, open it in Excel, re-sort the columns so the ACCESS DENIED  entries appear at the top. Hope that helps.

Great info to post in a survey coming to gather tips and tricks!

Steve - Right on! Better to download the whole SysInternals suite of utilities. This might be a good topic to add to the MotM 2025 Tips & Tricks session too.

When I was wearing an "IT" hat, I used Process Monitor all the time, and even recently recommended it to find out which reg keys Sage was using for Product Updates.

I wanted to note that you do not need to install it, and can grab it (and may other cool utilities, such as autoruns, process explorer, autologin, ZoomIt, etc) directly from the https://live.sysinternals.com site (or even typing \\live.sysinternals.com in Windows Explorer). 

Jane - It was used by a consultant here on 90M fairly recently to in fact detect and prove to a client's IT that AV was scanning Sage files. I believe this Sage Community post is a KB entry too and she sent them the KB article and IT followed the steps, not she herself. 

For myself, I've used ProcMon a lot but to everyone's point is most effective when you're looking for something very specific, otherwise it's a big morass of wading thru traced process data. A good example of where to use it is when you're suspecting permissions errors. The ProcMon result column will show ACCESS DENIED on usually a pvxwin32.exe process and now there is irrefutable proof. I usually save the trace file to CSV, open it in Excel, re-sort the columns so the ACCESS DENIED  entries appear at the top. Hope that helps.

I had to download a zip file of executables to get this process monitor, and yeah, @Kevin Moyes it is hunting for a needle in a big haystack.  But, at least I have something to look through on my hunt for this customer's random issues.  I'm going to start another post with another subject.  

Great info to post in a survey coming to gather tips and tricks!

Steve - Right on! Better to download the whole SysInternals suite of utilities. This might be a good topic to add to the MotM 2025 Tips & Tricks session too.

When I was wearing an "IT" hat, I used Process Monitor all the time, and even recently recommended it to find out which reg keys Sage was using for Product Updates.

I wanted to note that you do not need to install it, and can grab it (and may other cool utilities, such as autoruns, process explorer, autologin, ZoomIt, etc) directly from the https://live.sysinternals.com site (or even typing \\live.sysinternals.com in Windows Explorer). 

Jane - It was used by a consultant here on 90M fairly recently to in fact detect and prove to a client's IT that AV was scanning Sage files. I believe this Sage Community post is a KB entry too and she sent them the KB article and IT followed the steps, not she herself. 

For myself, I've used ProcMon a lot but to everyone's point is most effective when you're looking for something very specific, otherwise it's a big morass of wading thru traced process data. A good example of where to use it is when you're suspecting permissions errors. The ProcMon result column will show ACCESS DENIED on usually a pvxwin32.exe process and now there is irrefutable proof. I usually save the trace file to CSV, open it in Excel, re-sort the columns so the ACCESS DENIED  entries appear at the top. Hope that helps.