Error getting details for process

I am seeing quite a few log entries like this. The Endpoint agent is running as the local system account.

  "@timestamp": "2020-10-22T17:46:14.800Z",
  "message": "Error getting details for process services.exe with pid=792: error getting process mem for pid=792: OpenProcess failed for pid=792: Access is denied.",
  "log": {
    "logger": "processes",
    "level": "debug",
    "offset": 2495650,
    "file": {
      "path": "C:\\Temp\\elastic-agent-7.9.2-windows-x86_64\\data\\logs\\default\\metricbeat-json.log"
    "origin": {
      "file": {
        "name": "process/process.go",
        "line": 486
  "input": {
    "type": "log"
  "data_stream": {
    "type": "logs",
    "dataset": "elastic.agent.metricbeat",
    "namespace": "default"
  "host": {
    "architecture": "x86_64",
    "name": "pc-xxxxx",
    "os": {
      "platform": "windows",
      "version": "10.0",
      "family": "windows",
      "name": "Windows 10 Pro",
      "kernel": "10.0.18362.1082 (WinBuild.160101.0800)",
      "build": "18363.1082"
    "id": "d6b7e18d-bda8-4bab-9de2-a6583f8ca867",
    "ip": [
    "mac": [
    "hostname": "pc-xxxxx"
  "agent": {
    "ephemeral_id": "d229b56b-cf18-4e9b-9e9d-373e74671c41",
    "id": "a260d063-8c1b-4ee7-846b-af720510c026",
    "name": "pc-xxxxx",
    "type": "filebeat",
    "version": "7.9.2",
    "hostname": "pc-xxxxx"
  "ecs": {
    "version": "1.5.0"
  "event": {
    "dataset": "elastic.agent.metricbeat"
  "_index": ".ds-logs-elastic.agent.metricbeat-default-000001",
  "_type": "_doc",
  "_id": "KqZrUXUB5sRTZ5HGHdYK",
  "_score": 1



Hi ya' there Geoff,

I think this is out of my realm of knowledge but I did some searching around and found this ticket here which looks close to what you're seeing currently:

thanks @Frank_Hassanabad

When I look through those bugs, it doesn't appear to actually have a fix.

Maybe I am missing something.

I'm not familiar in this area (so I might say something totally wrong) but it's looking like you're using metric beat and not having sufficient privileges to access some details of a particular process.

If so, the remedy would be to give your agent the correct privileges to allow it to access the details you want?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.