How to Open Process monitor with logging on all logging components STOPPED.
By default, it starts capturing all the logs giving no time to do CTRL + E which stops Capture Events and apply my filter.
It fills virtual memory quick enough to become 'not responding'.
I am interested in File I/O logging to a specific path using Filters, but process monitor hangs due to the log that grows with components that am not interested.
I am not finding any answers related to startup of process monitor.
Use the /noconnect command-line switch, i.e. run procmon.exe /noconnect.