Fix: Can’t Enable Boot Logging in Process Monitor on Windows 10

Kevin ArrowsUpdated on February 19, 2024
Kevin is a certified Network Engineer

Process Monitor is an advanced monitoring tool for Windows users that is capable of monitoring file system, Registry and process/thread activity, all in real-time. Process Monitor is a lightweight yet brilliant little program that has some extremely handy features, including Boot Logging – enabling which allows Process Monitor to generate thread profiling events that capture the state of all running applications at a regular interval. Unfortunately, many Windows 10 users have reported being unable to enable Process Monitor’s Boot Logging feature even though it worked perfectly for them on older versions of the Windows Operating System. When a Windows 10 user affected by this issue tries to enable Boot Logging, they see an error message that states:

Unable to write PROCMON23.SYSMake sure that you have permission to write to the %%SystemRoot%%\System32\Drivers directory.

The error message doesn’t provide affected users with a lot of information, only that Process Monitor was unable to create or write to a file named PROCMON23.sys and that the cause may be the user not having permission to write to the directory in which this file is located or is supposed to be located. In actuality, Windows 10 already has a file titled PROCMON23.sys in the same directory, so when Process Monitor tries to create the file in that very directory, it fails and consequently displays the error message described above. This issue has been confirmed to affect all currently available builds of Windows 10, which makes it all the more significant. Thankfully, though, this problem can be fixed pretty easily – all you need to do is:

  1. Press the Windows Logo key + R to open a Run
  2. Type the following into the Run dialog and press Enter:

%SystemRoot%\System32\Drivers\

  1. In the File Explorer window that opens up next, locate a file named sys, right-click on it and click on Rename.
  2. Rename the file to PROCMON23_old.sys and press Enter to save the name.
  3. If you are asked to confirm the action or provide your password to give the administrative action the go-ahead, do whatever is asked of you. If you are not asked to confirm the action or provide authentication, simply skip this step.
  4. Restart your computer.
  5. When the computer boots up, launch Process Monitor, click on Options > Enable Boot Logging and click on OK in the resulting popup, and Process Monitor should be able to successfully enable Boot Logging this time.
Kevin ArrowsUpdated on February 19, 2024
Kevin is a certified Network Engineer
ABOUT THE AUTHOR
Photo of Kevin Arrows

Kevin Arrows


Kevin Arrows is a highly experienced and knowledgeable technology specialist with over a decade of industry experience. He holds a Microsoft Certified Technology Specialist (MCTS) certification and has a deep passion for staying up-to-date on the latest tech developments. Kevin has written extensively on a wide range of tech-related topics, showcasing his expertise and knowledge in areas such as software development, cybersecurity, and cloud computing. His contributions to the tech field have been widely recognized and respected by his peers, and he is highly regarded for his ability to explain complex technical concepts in a clear and concise manner.