Imagine that you’d like to have a record of all the activity that is going on your Windows 10 as you use the system. You might want to know the processes involved in executing certain commands like read-and-write instructions or registry activity. Not to worry, there is a tool for that — Process Monitor.

The Microsoft website describes Process Monitor as an “advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity….” If that sounds like French to you, you’re not alone. In layman terms, Process Monitor shows you what is going on within the Windows filesystem, Windows Registry, as well as CPU activity. It tells you all you need to know about the actions your Windows operating system has taken in response to user input of any kind.

Mostly, the software keeps tabs on Windows Explorer, File Explorer and the Microsoft Windows Registry. It takes logs of whatever those three components of your operating system are up to at any point in time. With Process Monitor, you can:

  1. See what and who triggered an activity on your computer and why and when that happened.
  2. Filter logs to get at records of the specific app activity you’re after.
  3. Find out what triggered an operation on your computer.
  4. Clearly see the relationship between different operations, how one led to another.
  5. Record activities up to millions of events.
  6. Log all activities straight from when you boot up your computer.

With all these uses, little wonder Process Monitor is a must-have for app developers who use log records to know what’s wrong with their applications and therefore what bugs to fix. It is also a great tool for system administrators as it helps them fish out errors that can affect company-wide servers. And the best part is that the tool is completely free, meaning you don’t have to pay a dime to use its awesome features.

Can’t enable boot logging in Process Monitor on Windows 10?

A boot log is a record of every process that is loaded when your computer starts up. In other words, boot logging is a method of listing all the files, drivers and other items that are processed by the operating system during the boot process. Not only that, a boot log lists whether those processes load successfully or fail to load. This is very useful as it can show at a glance which items on the computer are causing problems.

Process Monitor, being, among other things, a logging tool, naturally has the ability to create boot logs which it saves to a special PML file. You just have to navigate to the Options menu and choose the Enable Boot Logging option, and you’ll be able to use the software to assess which programs fail to load (properly) at startup and/or cause problems on your computer.

However, some users have reported being unable to enable the boot logging option in Process Monitor. Attempts to activate the setting instead bring up the Unable to Write PROCMON23.SYS error with the following message on the pop-up error bar:

Unable to write PROCMON23.SYS.

Make sure that you have permission to
write to the %%SystemRoot%%\System32\Drivers directory.

Of course, without the ability to make logs of startup processes, it becomes harder to figure out what driver or file is a source of potential danger for your computer. Little wonder many users of Windows 10, where the error most commonly occurs, get frustrated when they see the error message.

Actually, of the sundry bugs that beset the Windows 10 operating system, the PROCMON23.SYS error is among the easiest to handle. We will show you how to eliminate the Unable to Write PROCMON23.SYS bug from your PC for good.

How to Fix Unable to Write PROCMON23.SYS?

  1. Open File Explorer on your PC.
  2. Go to Local Disc.
  3. Go to Windows folders
  4. Open the System32 folder.
  5. Open the Drivers folder.
  6. Find PROCMON23.SYS and rename it to whatever you want, ensuring to keep the .SYS file extension.
  7. Restart your computer.

Process Monitor will create a new PROCMON23.SYS file, one hopefully devoid of errors. With this, you should be able to activate boot logging in the application. There’s one pesky fact to keep in mind, though: you have to repeat the steps above each time you want to enable boot logging in Process Monitor.

As noted earlier, Process Monitor is a fine tool for troubleshooting your Windows 10 computer. It enables you to isolate malware that might be harming your PC by interfering with certain Windows operations. To be on the safe side at all times, we recommend installing Auslogics Anti-Malware for real-time, 24/7 protection. It is the complete malware prevention and rectification program that turns your Windows 10 PC into a fortress through whose fortified gates viruses of any kind shall not pass. With Auslogics Anti-Malware, you don’t need to engage in the tedious task of perusing logs for malicious items; it will easily find and eradicate them for you with a single click.

That’s all for how to get rid of the Unable to Write PROCMON23.SYS error message in Process Monitor. If you know of other methods, you can tell us about them in the comments.