Support queries shared: Using Process Monitor to see when files are being deleted

I’ve been working on a support query recently where a specific MDaemon user’s email was vanishing, and seemingly for no reason.

To help diagnose this issue I recommended they use the popular ‘Process Monitor’ tool to watch for any files being deleted in a specific folder and report which process is deleting them.

Process Monitor’s a great tool and can easily be used to monitor all kinds of file access in more detail but for now I’ll just be talking about it’s use in this scenario.

To get started with Process Monitor you must first download a copy from:-

http://technet.microsoft.com/en-gb/sysinternals/bb896645.aspx

After extracting and running the executable you must configure your filters to only view the required information. You can find the filters under  ‘Filter > Filter’.

You will need to add two ‘include’ filters…

First add….

This only shows processes that are deleting files

Then add…

This filter only includes files in a specified folder. (change this to the path you wish to monitor)

If you have added both filters  correctly your filter list should now look like this…

Click OK to apply the filters

In the main process monitor window you should now see any processes that delete any files in that specific folder…

Hope you found that one useful – let us know in the comments!

Subscribe to blog highlights mail



Share via
Copy link
Powered by Social Snap