Process Monitor versus Process Explorer

by Chris Sanders [Published on 4 July 2011 / Last Updated on 30 June 2010]

Process Monitor and Process Explorer both have a lot in common. This tip gives a brief outline of how they are different and what tasks each on does.

Process Monitor and Process Explorer both have a lot in common as they are both Microsoft Sysinternals tools designed to help you troubleshoot and debug processes on a Windows host. I’ve written tips on both of these and frequently see people confuse them or even ask about the differences between the two.

Process Monitor is a real-time troubleshooting tool. This tool will display information regarding the file system, registry, and the processes running on the system as they are occurring. You can think of this as a combination of the old FileMon and RegMon tools with some basic diagnostic features.

Process Explorer is considered to be a more advanced form of the Windows Task Manager. Using it you can find out what files, DLLs, and registry keys particular processes have open and the CPU and memory usage of each.

In daily use I often start with Process Explorer to find processes which are consuming a lot of system resources and then move to process monitor to dig deeper into these processes. If it’s worth the time to use one of these tools then it’s probably worth the time to use both, and you will commonly find yourself doing this.

See Also

The Author — Chris Sanders

Chris Sanders is a network security analyst for EWA Government Systems Inc. Chris is the author of the book Practical Packet Analysis as well as several technical articles. His personal website at contains a great deal of information, articles, and guides related to network administration, network security, packet analysis, and general information technology.

Featured Links