How to Setup Windows Process Monitoring

Windows Process Monitoring

The Process Monitor in ELM Enterprise Manager Core and System Licenses monitors a Windows process or processes when assigned to an Agent. The Process Monitor is multi-functional; it can write an event to notify you when a process has exceeded the threshold of CPU usage you specify and it can track when processes are started or terminated. In addition, it can generate a Warning or Error when the number of instances of a process exceeds your specified value.

Processes
Each Process Monitor item supports multiple match criteria. Use the Add button to add a match criterion. Use the Delete button to remove a listed match criterion. You can also double-click any listed item to edit it. You may use the asterisk (*) as a wildcard character, a pipe (|) as an OR operator, the ampersand (&) as an AND operator, and the exclamation point (!) as a NOT operator.

CPU Usage Thresholds
High CPU is the most typical use for the Process Monitor. This next screen shows where you can modify the thresholds according to your needs.

• Warning when % Processor Time is greater than – Executes the enabled CPU Warning Actions when the CPU utilization of a monitored process exceeds the value.
• Error when % Processor Time is greater than – Executes the enabled CPU Error Actions when the CPU utilization of a monitored process exceeds the value.

Often times the CPU Usage monitor is used in conjunction with the Run Command action to kill a process out of control, then even restart it.

As old as they are, sometimes a simple batch file is all that’s needed. They’re typically setup with a Windows Schedule Task, and run each day. If there’s a problem, then after several days you have several orphan cmd.exe processes, and in no time these processes pile-up, taking system resources. The ‘Process Count’ Warning and Error will let you know when many duplicate processes are found.

Additional Process Monitoring Benefit
Finally, one of the somewhat “hidden” benefits of the Process Monitor is ‘Process Created‘ and ‘Process Ended‘ monitoring. A new process could be a rogue process, and a missing process could mean users without a resource. The appearance of a new process with an unrecognized name, or the disappearance of an anti-virus process may not tax the CPU, but could indicate a serious condition that needs your attention.

Any of these situations allow you to write events to the ELM Database, filter those into an Event View or Views, and assign Notifications accordingly.

We hope that you found this article on How to Setup Windows Process Monitoring informative and useful and wish you continued success with ELM.

Reviewed/Updated: 4/7/22