icedevml
commented
4 years ago Note: On Windows 7, Process Monitor may say:
Unable to load process monitor device driver
This is due to missing KB3033929 update that enables code signing with SHA-2 (used by Process Monitor driver).
Source: https://rspydir.wordpress.com/2017/05/24/solved-unable-to-load-process-monitor-device-driver/
We do need some material to compare how far we are currently with the ProcDOT integration. This could be basically achieved by dropping a few samples into a VM monitored by procmon, generating graphs and finally comparing these graphs against ones that are generated by our integration.