The new column, Process Start, can be used to filter processes by their start times – for example to hide all processes that were running when this Process Monitor session started, or to only show those processes. In the Process Monitor Filter dialog, this column will have the timestamp of the current time as a pre-filled value in the drop-down. Copying and pasting a value from any of the timestamp columns in the main event list also works.

The user interface improvements in this version include a more native look to the dark theme, new interface icons, more consistent behaviors for the summary dialogs accessible through the Tools menu, better mouse and keyboard navigation, and template values autofilled to some of the filter columns. The summary dialogs now have the “Edit Filter” option, and the main event list supports a per-column “Count Occurrences” action.

We have fixed two Boot Logging bugs: one that incorrectly stopped the log after 428 seconds with profiling events enabled and one that incompletely initialized module symbol information with the /ConvertBootLog command line option.

Copying items to the clipboard from the main event list is faster and also displays the interruptible progress dialog visible with other time consuming operations throughout Procmon.

There are also a series of UI element alignment fixes, we updated the online search from the event properties dialog, the dialogs’ geometry, we enabled runtime checks, and made a series of security improvements.