Record everything launched on a PC with Process Logger Service
Process Logger Service is a Windows service which logs every process launched on your PC. It’s a useful tool that can help answer a range of questions. Like, did the email you open launched something? What did that installer do? When was a particular program last run? And more.
The service must be set up manually. It’s not a difficult process, but does involve a little more work than we expected.
You must a) unpack the download, b) browse to the 32 or 64-bit ProcLoggerSvc folder, c) copy that to C:\, d) browse to C:\ProcLoggerSvc, and e) run install.bat as an administrator (there’s an uninstall.bat to remove it later).
Once setup is complete, everything else is straightforward. There’s no extra system tray icon, no interface to browse, the program just runs in the background and logs every process launch in the C:\ProcLoggerSvc\Logs folder.
Open that file in Notepad and you’ll see entries like this.
[Process Creation]
11/04/2016 09:46:44
Process: [8496] C:\Windows\System32\notepad.exe
Username/Domain: user/domain
CommandLine: "C:\WINDOWS\system32\NOTEPAD.EXE" C:\ProcLoggerSvc\Logs\MSI\11-04-2016.log
MD5 Hash: 60336413E419C2EA5E215F1A32061E40
Bitness: 64-bit
File Publisher: Microsoft Corporation
File Description: Notepad
File Version: 6.2.10586.0
Integrity Level: Medium
System Process: False
Protected Process: False
Metro Process: False
Parent: [5844] C:\Windows\explorer.exe
Parent CommandLine: C:\WINDOWS\Explorer.EXE
This amount of detail makes for a lengthy log, but fortunately Process Logger Service starts a new log at the beginning of every day, so it remains manageable.
If you still have too much data -- or you don’t have much spare drive space -- then you can just pause logging when you don’t need it by disabling ProcLoggerSvc in the Services applet.
On balance, if you only need to detect process launches briefly then we’d prefer to use Sysinternals’ Process Monitor. It’s more convenient, and records plenty of other process actions, too.
Process Logger Service could be a better choice for longer-term monitoring, though, especially if you’re logging actions on someone else’s PC.
You could even use it to record another user’s actions without their knowledge, although it’s worth remembering that the program doesn’t try to hide itself. If someone notices the extra C:\ folder, or the new Windows service, then your cover will be blown.
Process Logger Service is a free-for-personal-use application for Windows XP and later.