How to analyze PML file Defender AV

Hi, everyone in my previous blog I explained how to collect procmon for defender AV performance issues, in this blog I will explain how you can analyze the PML file and create an exclusion for AV performance.

If you haven't read my previous blog please find the link Use Procmon for Defender AV Performance Issues

Step 1: Open procmon and from file select open and navigate to the folder where you saved the PML or use Ctrl+O as a short key

Step 2:Navigate to the location where the file is saved in my case I have saved it in the same folder where procmon is saved now select the file and click on Open to open the file in Procmon

Step 3: You can add the below operators as additional which will reduce the noise in the logs and click OK.

Step 4: Navigate to tools and select File summary, this will create a file summary

Step 5: Tap on save to export the file summary as a CSV file

Step 6: provide a file name and save the file as CSV

Step 7: Open the CSV file and sort the read file bytes column from Highest to Lowest and you can see the process path as well you can use the values to identify the exclusion.