How to analyze PML file Defender AV
Updated: Jul 8, 2022
Hi, everyone in my previous blog I explained how to collect procmon for defender AV performance issues, in this blog I will explain how you can analyze the PML file and create an exclusion for AV performance.
If you haven't read my previous blog please find the link Use Procmon for Defender AV Performance Issues
Step 1: Open procmon and from file select open and navigate to the folder where you saved the PML or use Ctrl+O as a short key
Step 2:Navigate to the location where the file is saved in my case I have saved it in the same folder where procmon is saved now select the file and click on Open to open the file in Procmon
Step 3: You can add the below operators as additional which will reduce the noise in the logs and click OK.
Step 4: Navigate to tools and select File summary, this will create a file summary
Step 5: Tap on save to export the file summary as a CSV file
Step 6: provide a file name and save the file as CSV
Step 7: Open the CSV file and sort the read file bytes column from Highest to Lowest and you can see the process path as well you can use the values to identify the exclusion.