Useful tools while troubleshooting Outlook issues (2) Process Monitor


Another tool that can be useful while trying to solve an Outlook issue is Process Monitor.


Download link:


Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more


How to use Process Monitor while troubleshooting Outlook issues


I would say that Process Monitor can be used in various situations (OST gets corrupted, you cannot access one of your PST files in Outlook, you are not sure if a policy have been applied , you want to filter the data for a particular Outlook session that is used in a terminal server, etc). In order to describe the usage of Process Monitor I will focus on one situation. Let’s assume that your OST file gets corrupted very often and you have error messages in Outlook or you cannot access one of your PST files (access denied).


In these particular cases I would use Process Monitor in order to check if my files aren’t scanned by another program that could block Outlook access to the file.


How to start a trace or open an existing log:




You receive this error message when the log you want to open was taken on a x86 operating system and you are currently running Process Monitor on a x64 operating system. If you get this error message, you need to use /run32 command line as indicated in the error message.


In order to start a trace using Process Monitor you need to double-click on the Process Monitor .exe file and the following Filter will appear. Click next on “OK”.



In the main window you will see that the trace started. In this trace you will have by default: Registry Activity, File System Activity, Network Activity, Process and Threads Activity. You can have also Profiling Events, option that is not selected by default. More details on these in Process Monitor Help -> Using Process Monitor.


In order to stop the trace you can use the File menu and click on the “Capture Events” option.


When to start and stop a trace:


I would say that Process Monitor should be started before you reproduce the problem in Outlook and you should stop capturing events right after the problem appeared. Like this you are sure that you captured the necessary data.

How to filter your trace:


In order to describe the filter option of Process Monitor I will go further with our example, PST that cannot be opened.  In this case I will try to see in the log I have if I can retrieve records for my .PST file. To find this the easiest way is to use the Process Monitor Filter (Filter menu -> Filter or just press CTRL+L).


In the Process Monitor Filter window you have the section “Display entries matching these conditions”. The drop-down list gives you different options to select in order to create your filtering condition. More details on filtering you will find in the Help menu -> Filtering and Highlighting.



In our case we would like to identify first the .PST file. If you don’t know which .PST file is causing the problem we will to identify all PST files that we are access in this session. One sample filter is listed below:


In this filter I am checking in the PATH field all entries that contain files with .PST extension. Once you applied the filter the results will be displayed. As we might have a conflict in accessing the PST file, we will need to check next which processes are accessing my PST besides Outlook. In the “Process Name” column we have the processes that are “working” with my file.  For example if you identify an antivirus that is scanning your PST one option in order to narrow down the possible cause would be to exclude the PST scan or to disable temporarily the antivirus in order to see if the problem persists. (as in my case were the antivirus was scanning the PST and Outlook.exe access was blocked).




Again, this is a simple example explained in order to describe some features of Process Monitor. You will need to test the tool and to apply it to different scenarios in order to see the benefits of using it.


Comments (0)

Skip to main content