Microsoft releases Process Monitor tool Procmon for Linux

Martin Brinkmann
Jul 20, 2020
Companies, Linux, Microsoft

Microsoft revealed some time ago that it had plans to port some of the tools provided by Sysinternals to Linux. One of the tools mentioned was Process Monitor, or short ProcMon, and a preview of the application is now available for Linux.

Process Monitor is an advanced monitoring tool for Windows that displays real-time data such as Registry, process and thread activity. It is a powerful tool that supports logging the information to files for later analysis.

The program is highly configurable, supports non-destructive filters, the capturing of thread stacks, process details capturing, and boot time logging of operations.

The Linux version of Procmon is now available on GitHub. The open source tool has been released as a preview.

Since it is released as a preview, it is limited to systems running Ubuntu 18.04 with kernel 4.18 up to 5.3 at the time of writing. Several users tried to build or install the process monitor tool on Ubuntu 20.04 systems and failed.

Microsoft plans to add more configurations to the system requirements in the future to take these systems into account.

Installation instructions on Ubuntu 18.04 devices are straightforward. Run the following commands:

  1. wget -q$(lsb_release -rs)/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
    sudo dpkg -i packages-microsoft-prod.deb
  2. sudo apt-get update
  3. sudo apt-get install procmon

Build instructions are provided as well on the project's GitHub website, and Linux users may download a .deb file from the releases section on the project's GitHub page.

You may run procmon -h after installation to display the help screen. Here are a few example commands that you may run:

  • sudo procmon // runs the process monitor tool to trace all processes and syscalls.
  • sudo procmon -p 1337 -c procmon.db // traces the process 1337 in headless mode and saves the data to the file procmon.db
  • sudo procmon -p 1337 -e read,write,openat // traces syscalls read, write, and opennat of process 1337
  • sudo procmon -f procmon.db // opens the trace file procmon.db within the interface.

Closing Words

Procmon is a powerful system monitoring tool for advanced uses. The Linux version comes without the help file that the Windows version of Procmon includes. Since it is offered as a preview, it is possible that a help file will be provided once the program is offered as a stable release.

Microsoft releases Process Monitor tool Procmon for Linux
Article Name
Microsoft releases Process Monitor tool Procmon for Linux
Microsoft released the advanced monitoring tool Process Monitor, short ProcMon, for Linux on GitHub as a preview.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Sloth said on July 24, 2020 at 8:57 pm

    Bit pointless as Linux already has powerful tracing commands, such as strace.

  2. Anonymous said on July 21, 2020 at 1:55 am

    They should put more effort into Windows. Settings is still trash after 7 years. It was brought over from Windows 8, yet in Windows 10 its still awful as it was in Windows 8.

  3. i dare you said on July 20, 2020 at 11:55 pm

    Next up, DirectX. Do it you chicken shits.

  4. ULBoom said on July 20, 2020 at 4:04 pm

    Why? Distros already come with useful versions of the same thing, Linux versions of Task Manager, for the unfamiliar.

    MS’s consumer Linux stuff has been going on for years in a half hearted fashion; can’t help wonder when The Linux Division will be disbanded. Remember the Linux computers MS sold for a while? They did, not any more.

    Azure uses Win Server 2008/Hyper V; users can interact using almost any OS(good move!), makes the overall Linux project kind of “Hey, we do some Linux stuff too…” vs. cloud development.

    Beside Wine, experienced Linux users seem to mostly ignore MS, some rather vociferously. Snaps are causing a minor uprising (after decades of Windows B.S., they’re ok with me), MS would have to do a complete 180 and stay there for years to gain trust in the Linux community.

    1. another freeloader said on July 20, 2020 at 5:14 pm

      > MS would have to do a complete 180 and stay there for years to gain trust in the Linux community.

      Also, I think everything MS would likewise need to be free, as the Linux community loves those freebies, although they can’t always agree with what “free” means.

  5. Gerard said on July 20, 2020 at 10:27 am

    There is not a shortage of good process and system monitoring tools for Linux. So what exactly would MS’s Procmon add, except being tool No. N+1?

  6. Alby said on July 20, 2020 at 10:24 am

    I don’t understand why MS is devoting their time and money on making software made for Windows OS to operate on Linux OS.

    1. daft pickle said on July 20, 2020 at 5:25 pm


      Process Monitor for Linux was requested by “our” community, who use both Windows and Linux, involving advanced monitoring of real-time data that needs to be logged to files for later analysis.

      Note that “our” community in likely not your community, thus I reckon that is why you don’t understand.

      TIP: Some simple searches can reveal all you don’t understand with such tech.

    2. Yuliya said on July 20, 2020 at 1:30 pm

      Azure afaik is running on Linux, they need these tools for internal use mostly.

      1. Corky said on July 20, 2020 at 7:56 pm

        It doesn’t, it’s running on a modified Windows server OS but as so many of their customers run Linux virtual machines on it i guess they want to provide those customers with ‘better’ tools, probably in the hope that they’ll consider switching some of the tasks they do on Linux to Windows.

  7. pd said on July 20, 2020 at 9:01 am


  8. NA said on July 20, 2020 at 9:01 am

    Since the Edge Browser changed to Chromium base, and Microsoft is on the Linux Foundation board, it may be Windows will go to Linux kernel?

    1. Iron Heart said on July 20, 2020 at 9:29 am

      Doubt it for application compatibility reasons. What they will be doing though is expanding on their Linux Bash Shell implementation within Windows.

  9. Addy T. said on July 20, 2020 at 8:04 am

    Very nice that Microsoft publishes tools for Linux. Maybe, one day, their paying customers will be allowed to do crazy things like deciding how long they want to keep system restore points, how the default view mode templates for libraries look like, and other silly techy stuff like that.

    1. Anonymous said on July 20, 2020 at 4:33 pm

      “Very nice that Microsoft publishes tools for Linux.”

      Never forget the sordid history of this malevolent institution. They aren’t doing this out of the goodness of their heart.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.