Issue with procmon

PaulSp

Member
I recently downloaded the procmon tool. I've noticed that after stopping it a subsequent attempt to run a privileged program gets an error dialog saying that a system monitor is running and to remove it. This prevents the privileged program execution. Rebooting cures the problem. The two times that I've run procmon, this has happened. Has anyone else seen this behavior?
 

PaulSp

Member
I will experiment a little further. It has occurred to me that perhaps I clicked the "X" to close it rather than using its "exit" function. This could possibly result in procmon not cleaning up as it should. I will post results after I try this.
 

Neemobeer

Windows Forum Team
Staff member
Exit and clicking the x have the same result. Procmon consists of a single process and a driver both unload when procmon is closed.
 

PaulSp

Member
Ok. Another data point. I tried running a different program requesting privilege and didn't get the error dialog. So there must be something about the program itself (PokerTracker) that is generating this error. So unless you play poker, you're not likely to encounter this, I suspect. I will report this to the PokerTracker developers and see what they say.
 

PaulSp

Member
Searching the internet has provided other users with similar problems. According to some reports, these tools load a "kernel mode driver" which remains after the program (in this case procmon) exits. WinLicense is apparently a tool used by some developers to manage their software distributions. It apparently detects this driver somehow. I'm not sure who should fix this.
 

PaulSp

Member
Yes. The PokerTracker folks say that it was done on purpose for "security" reasons. I fail to see what I could obtain from PokerTracker using procmon that would be a security problem.
 
Top