I get the following error when trying to run Process Monitor (from Sysinternals Suite) application on a Parallels Virtuozzo Containers for Windows (PVC) container:
Unable to load Process Monitor device driver
Process Monitor cannot be run inside the container on Parallels Virtuozzo Containers (PVC) due to architectural limitation.
Since containers' processes actually run on the hardware node (HW), you can monitor them from the PVC HW Node on which the container is located.
If you want to filter paths that belong to container, it is neede to include events where path contains:
- container ID (for registry paths)
container GUID (for physical paths), it can be obtained with the following command:
vzcfgt get CTID guid
Important note: when using Process Monitor please use the latest available version. Also it is recommended to configure filters and enable
'Drop Filtered Events' option.