Does anyone know what logmon.exe is?

[yossarian]

Hi folks

I have an IBM Thinkpad T43 with the vanilla factory install of winxp pro sp2 + lenovo software updates. While browsing through the task manager one day I noticed an application logmon.exe which took up 2MB in memory, and uses between 5% - 30% cpu time in the background.

Further investigation showed this tool is resident at:
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe (32kB application)

It is also resident in the windows registry at:
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache
with the value name:
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
and value data:
logmon

Does anybody know what this does? Whether it's even necessary/serves any practical use?

Neither Spybot nor Ad-aware show it up in their databases as an issue, but I am a bit concerned that IBM/Lenovo may be running a data mining/activity logging application on my computer due to privacy concerns, if that is indeed what it is. Also the fact that it uses 30% cpu at times is annoying too.

Googling for 'logmon.exe' shows up a spyware program called eblaster, which logs all activity on a system including keystrokes. Now even though IBM's logmon.exe does not seem to fit some of the descriptions about eblaster, it does raise a point of concern for me. ESPECIALLY if logmon.exe is sending the data somewhere(unconfirmed).

If anyone can shed some light on logmon.exe perhaps it may put my mind to rest.

Cheers

[Kenn]

I don't know what it is, but the vast majority of the stuff that ships with thinkpads can (and should be) disabled.

The only things I keep are the HDD shock detector, power manager, software installer, and and OCD for volume/mute.

[Navck]

Non existant program on my T43

[Ground Loop]

I don't have it either.

It's rare that one of these programs is actually critical, so try renaming it to something else "was-longmon.not-exe"

See what breaks.

Worst case, you have to boot safe mode and rename it back.

[GomJabbar]

I have an IBM Thinkpad T43 with the vanilla factory install of winxp pro sp2 + lenovo software updates. While browsing through the task manager one day I noticed an application logmon.exe which took up 2MB in memory, and uses between 5% - 30% cpu time in the background.

Further investigation showed this tool is resident at:
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe (32kB application)

Does anybody know what this does? Whether it's even necessary/serves any practical use?

I do not have this on my T42 (which also has nearly all the IBM/Lenovo software installed). Try right-clicking on the file logmon.exe, choose Properties > Version > (1) Company and (2) Product Name. This should tell you if you have a legitimate IBM/Lenovo file, and what the program does that uses this file.

[yossarian]

Thanks for the tips guys.

The only other entry for logmon on this forum seems to be at http://forum.thinkpads.com/viewtopic.ph ... n&start=30 on 'jd2020' 's post.

I killed it using taskmanager, and nothing seemed to noticeably break, so I'll take the advice given and just disable as many pre-installed programs as I can which are not of noticeable value to me.

Cheers

Now to figure out how to use windows to disable these things*laugh*. I've been using linux and win98 for way too long(k6/2 300 was my last machine) so have lost touch of how xp pro does things.

[RobMaule]

Try using the Run command 'msconfig.' It should be in the list of process on the Startup tab.

[lignicolos]

I believe logmon.exe is part of the newest Rescue&Recovery software that was just released. I installed it and noticed the program running on my machine. I uninstalled the R&R and logmon went away.

[Ground Loop]

I wish there was some hard requirement (WHQL?) that required every background program to come with a full explanation of who wrote it, what it does, what installed it, and what resources it consumes. It should be required to present this information in the task manager.

Services too! No text description? Forbidden to install.
Enough with these anonymous background tasks. If I have to take inventory of what's running, it's not helpful to see that "ExecCmd" is running.

It's up to users to try to stomp out this nonsense. When I can't tell what half the running programs are for, something is wrong.

I'm finding that a remarkable amount of these programs simply don't need to run.. Quicktime, Acrobat, Quicken, Sound Manager -- I disable them all and never noticed a bit of difference except quicker boots and more free memory. When in doubt, delete.

[pipspeak]

Agreed. Utilities like Process Explorer will shed a little more light on a lot of the processes (at least giving a company name for most) but there are still some that remain anonymous. Take acs.exe, for example. No name, company, description, nothing... and it's apparently a pretty important atheros-related process.

Unfortunately more and more software is coming with cr*pware installers that dump so many useless, proprietary processes on a machine in a vain attempt to get users to buy into a company's useless, proprietary services.

I just installed iTunes 5, and then spent a half hour disabling all the unwanted, uneeded, parasitic crap that came with it. I'm also quickly getting tired of Adobe's increasingly bloated software. Start up Acrobat Pro and BOOM... five new processes appear, including three related to the license manager garbage.

[yossarian]

Hah yep.

I found it hiding in the R&R tvt scheduler. Had to boot up linux and grep my entire hdd to find it.

I disabled the tvtscheduler in windows services and it went away.

Thanks for the msconfig suggestion too, I will keep that in mind next time I'm messing with windows.

What I think IBM/Lenovo should do is digitally sign every piece of software they install(they do that for most big things, but apparently logmon.exe slipped the net.. conspiracy? perhaps.)

It would be nice to be able to use the TPM chip to allow/disallow programs that don't meet requirements. Oh and to give the owner full control of it, just so Lenovo/TCPA group don't screw us if they decide one day that it trusts everyone in TCPA and nobody else including the owner of the computer heh.

I will ring IBM in the weekend when I have time, and pose a "logmon.exe:please explain" question to see what they say. Let you guys know what their official response is, if they even have one.

[tihab]

Actually, the whole Rescue and Recovery is too bad.

Acronis True Image or Nortom Ghost are much better , easier and faster options.

[yossarian]

I rang IBM last weekend to ask about logmon.exe They said that they only handled hardware support and that the software stuff is done in the US. The operator said he would call me back within 1 business day if they knew any answer. It's now been a week. I'm guessing that either means that nobody knows what it does, or they don't want to tell me what exactly it does.

Go figure.

[Kyocera]

Removed

[GomJabbar]

logmon.exe is an executable file that is responsible for launching parasites, loading main components of malicious programs and running a destructive payload

Perhaps, but it is also part of ThinkVantage Rescue & Recovery version 3. When I had R & R version 1 installed there was no logmon.exe. It appeared as soon as I installed R & R version 3. It is located in C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe.

[Flatdog]

logmon.exe is actually a microsoft program introduced as far back as NT4.0. its a service that runs in the background and used for tracking system information for event viewer.

control panel>administration tools>event viewer

totally harmless and can be shut down.

[mrdeucie]

Glad I was able to find this thread. Logmon.exe sometimes uses up 40-50% of my systems resources and honestly I'd rather not have it running in the background. What are the repercussions if this program is turned off. Will it be harder to recover information with it turned off?

[Nolonemo]

I wonder if logmon.exe is required for XP's System Restore function to be effective? Anyone know?

[mrdeucie]

I wonder if logmon.exe is required for XP's System Restore function to be effective? Anyone know?

Assuming that it is only installed with Rescue and Recovery it should not be vital for XP's system restore.

[yossarian]

I'm glad people are still getting mileage out of this thread.

logmon.exe is not used by windows xp as it comes with the thinkvantage r&r. Heck, r&r seems to run with it disabled. The tricky thing is removing and still have r&r go, cause it's called by the tvt scheduler. I resorted to killing it by hand for a while, but now I've kinda just got rid of r&r. So gone is logmon.exe too

[DaveRW]

I have logmon.exe on my T42 and when I turn it off I notice no diffence except more resources available without it. Doesn't seem to do anything important when it is running.

[mrdeucie]

How exactly is everyone "turning it off?" I would rather not not rename the file. I have looked in the startup by using msconfig, but I don't see the file there. I have also looked under:

administrative tools -> event logger

I do not see anything to turn off in the event logger though or do not know how to turn the event logger off.

[mephie]

Logmon.exe copies the Windows logs to the /IBMSHARE directory so they're available from the WinPE enviornment. Nothing more.

Having those files available in the WinPE environ is a convenience, not a requirement, so removing it from the HKLM...\Run key isn't going to hurt anything.

As for Ghost being superior to RnR, as someone said, I'd say that depends on what you're doing. Backups or drive imaging. But then, it wouldn't be very bright to use either of those programs for the other's purpose.

[yossarian]

logmon is launched by tvtscheduler, so disable that being run, or uninstall r&r, or rename logmon or just write your own script to kill it after it launches at startup.

Unless anyone has better ideas.

[mrdeucie]

logmon is launched by tvtscheduler, so disable that being run, or uninstall r&r, or rename logmon or just write your own script to kill it after it launches at startup.

Unless anyone has better ideas.

Do you know if disabling tvtscheduler disables any other functions or is that just the name of logmon.exe in the startup?

[yossarian]

It probably performs scheudling for the R&R software. [Just a guess]

[rep]

...logmon.exe monitors the Windows Event Logs so they can be viewed from the "rescue environment" if your windows XP/2K will not function.

If you are running into problems with logmon.exe, the easiest/cleanest way to keep logmon.exe from running is to remove the "Task3=logmon" line from the top of the tvt.txt file located in the C:\Program Files\IBM ThinkVantage folder... end of excerpt.

[spurkza]

[quote="mrdeucie"]How exactly is everyone "turning it off?" I would rather not not rename the file. I have looked in the startup by using msconfig, but I don't see the file there. I have also looked under:

administrative tools -> event logger

I do not see anything to turn off in the event logger though or do not know how to turn the event logger off.[/quote]

Download Process Explorer at the Microsoft website http://www.microsoft.com/technet/sysint ... lorer.mspx Once installed and launch it, you can kill the process there in a second. (Of course, this has to be done every time you boot your machine).

[barrywohl]

I'm running Vista Ultimate 32 on a T61p I received about two weeks ago. For a week, unless I disable logmon.exe, I get a error message on booting that logmon is shutting down.

I have renamed C:\Program Files\Common Files\Lenovo\Logger\logmon.exe to logmon_deactivated.com.

I don't use R&R (but haven't removed it).

I wish I could find a more elegant fix.

[triangwesley]

Hello from a new member running XP Pro SP3 on a Z60M!

I followed the suggestions in this thread for renaming Logmon and it seemed to work fine, in that the program no longer appears in the Task Manager list. However, on boot up Windows asks for Logmon.exe, saying it can't find it and to check the Thinkpad file location where it should be found. Clicking OK makes the message disappear and then everything is normal afterward. Does anyone know what is the best way to tell Windows to stop asking? I can't find logmon when I run MSCONFIG. Thanks!

John Whitney
Atlanta, Ga