Clash Meta on Windows: PROCESS-NAME Rules for Per-App Routing (2026)
You do not have to turn every Windows application into a “full VPN client.” When you run Clash Meta (Mihomo-class core) on Windows, PROCESS-NAME rules let you bind specific executables—games, launchers, browsers, downloaders—to a chosen proxy-groups target or to DIRECT, while everything else follows your normal domain lists and final MATCH. This guide is written for people who search “per-app routing,” “route by exe,” or “PROCESS-NAME clash yaml”: exact YAML shapes, where to paste them, how capture mode affects whether the rule fires, and how to avoid the usual foot-guns around child processes and rule order.
How this differs from “custom rules” in general
Our custom rules tutorial already explains rule order, DOMAIN lines, and RULE-SET scaling. That article treats PROCESS-NAME as one matcher among many. Here we zoom in on Windows desktop binaries: the moment you want “only ExampleGame.exe uses my low-latency Tokyo pool” without enumerating fifty CDN hostnames that the same vendor might change overnight.
This page also complements OS-specific guides that solve different problems: UWP loopback fixes packaged apps that cannot reach a localhost proxy listener; Linux resolver tuning is irrelevant on NT kernels. Stay focused: process rules apply to traffic your core can attribute to a process name, which depends on OS hooks and capture mode—not on wishful YAML alone.
What PROCESS-NAME actually matches
In Mihomo / Clash Meta policy syntax, a line such as PROCESS-NAME,chrome.exe,Browser means: when the core associates an outbound connection with the originating process image name chrome.exe, policy Browser wins if this line is reached before a broader rule. The matcher typically uses the executable file name (for example Discord.exe, steam.exe), not the full path—always confirm behavior against your exact core version’s documentation because forks occasionally tighten semantics.
Names are case-sensitive on some builds and forgiving on others; the safest habit on Windows is to copy the exact spelling shown in Task Manager → Details → Name or Resource Monitor. Mixed-case executables shipped by vendors (SomeLauncher.exe) must match byte-for-byte what the OS reports.
Important limitation: one process is not one TCP session. Games spawn updaters, anti-cheat modules, and helper services that may run under different .exe names. A single PROCESS-NAME line routes what that binary owns—not magically every subprocess with a shared publisher. When logs show unexpected misses, look for secondary executables instead of assuming one rule covers the whole ecosystem.
Prerequisites: proxy groups must exist before rules reference them
PROCESS-NAME lines point at a string target that must already exist—usually a proxy-groups entry such as Game-JP, DIRECT, or REJECT. If you reference Game-JP but never declared that group, the profile fails validation or behaves inconsistently. New users should skim the proxy-groups guide once so names stay consistent across proxies, proxy-groups, and rules.
A minimal mental model for split routing: proxies are concrete servers; proxy-groups decide how you pick among them (select, url-test, etc.); rules decide which group each connection uses. Process rules are just another branch in that decision tree—they do not replace groups.
YAML placement and the first-match rule
Clash evaluates rules from top to bottom; the first matching line wins. That invariant matters more than any single keyword. If your subscription ends with MATCH,Auto and you append PROCESS-NAME lines after it, they will never execute. Put user overrides above the catch-all.
A practical template for desktop experimentation keeps LAN and domestic shortcuts first, then narrowly scoped process lines, then domain rule-sets, then broader GEOIP or provider blocks, then MATCH. Exact ordering depends on your threat model—there is no universal “best” stack—but never bury specific intentions below a premature MATCH.
# Illustrative fragment — group names must exist in your profile
rules:
# ... LAN DIRECT lines ...
- PROCESS-NAME,EpicGamesLauncher.exe,Game
- PROCESS-NAME,ExampleGame.exe,Game-JP
- PROCESS-NAME,CompanyVPNHelper.exe,DIRECT
# ... DOMAIN / RULE-SET lines from upstream ...
- MATCH,Autorules override section or edit the merged view, verify the final exported config places your process lines before final MATCH. Some editors silently append overrides at the bottom—exactly where they become dead code.
Windows capture modes: why your PROCESS-NAME line might never fire
PROCESS-NAME requires the core to know which process initiated traffic. On Windows, applications interact with the network stack in multiple ways. Classic Win32 programs may honor system proxy settings; others implement their own stacks; some services never touch user-level proxy tables; anti-cheat and kernel drivers may bypass conventional hooks entirely.
When you enable only system proxy in a GUI such as Clash Verge Rev, traffic that explicitly flows through the configured localhost port is visible to the core along the expected path—but applications that ignore WinHTTP/WinINET may never present process metadata the way you hope. By contrast, TUN (transparent) mode pulls eligible packets through the virtual adapter path described in our TUN deep dive, which often makes thick clients and games easier to reason about at the cost of driver-level surface area and coexistence with other VPN products.
If you see domain rules hitting in logs while parallel process rules stay silent, suspect capture—not YAML syntax. Toggle experiments carefully: confirm DNS mode, fake-ip behavior, and helper service state after each change. First-install vocabulary for Verge on Windows—including when to prefer system proxy versus TUN—is covered in Clash Verge Rev on Windows 11: first install.
Finding the executable name you should match
Start with Task Manager: Ctrl+Shift+Esc → Details, sort by name, locate the running game or launcher. Copy the executable exactly—watch for multiple similarly named binaries (game.exe versus game_launcher.exe). Some platforms ship both a thin UI shell and a background worker; each may need its own line during debugging.
For noisy ecosystems like Steam or Epic, open your client, reproduce the failing action once, then correlate spikes in Task Manager with connections shown in your Clash log pane. If only steamwebhelper.exe appears during storefront loads while downloads hammer another binary, your earlier rule aimed at the wrong image.
Developers often run elevated shells or IDEs that spawn child git/credential helpers—those children carry their own executable names. Expect to add multiple PROCESS-NAME lines temporarily while you learn which binary owns which sockets, then consolidate once logs stabilize.
Worked examples: proxy-only games versus DIRECT banking
Scenario A — overseas game: You want SomeLiveService.exe on a dedicated Game-US group while ordinary browsing stays on your domestic-friendly defaults. After defining Game-US under proxy-groups, prepend - PROCESS-NAME,SomeLiveService.exe,Game-US ahead of broad GEOIP catches. Validate by opening the log viewer, filtering for that process tag if your UI exposes it, and confirming handshake attempts hit the intended outbound.
Scenario B — force DIRECT for a sensitive binary: Corporate VPN clients or banking shells sometimes misbehave when overlapped with generic proxy chains. A defensive pattern is PROCESS-NAME,BankPortal.exe,DIRECT placed above provider blocks that would otherwise capture its domains. Pair it with narrow DOMAIN-SUFFIX lines if the vendor publishes stable hostnames—process rules alone are coarse.
Scenario C — launcher versus payload: Download managers sometimes separate metadata calls from bulk CDN fetches across processes. You might route the launcher to Auto while pinning the heavy downloader executable to a throughput-oriented pool—only if logs prove split ownership. Do not invent subprocess fictions without evidence.
Sniffing, DNS, and fake-ip interactions
Meta-class cores offer sniffing and DNS features that interact with how connections appear in logs. When troubleshooting “wrong region” symptoms, read your core documentation before flipping toggles at random. Related pitfall patterns—sites breaking after aggressive sniff—are covered in Clash Meta sniffing exceptions. Keep DNS consistent between browser experiments and game tests; mixed resolver setups masquerade as routing bugs.
Pairing PROCESS-NAME with RULE-SET and staged verification
In production profiles you rarely want bare process rules floating alone above an outdated MATCH blob. The resilient pattern is to anchor publisher-owned endpoints with maintained RULE-SET or DOMAIN-SUFFIX coverage—still ordered carefully—and reserve PROCESS-NAME for executable-attributed sockets where hostname churn otherwise defeats lists (thick launchers, anti-debug wrappers, or tools that bounce randomly across CDNs). After editing YAML, reload or restart according to your GUI semantics, reproduce one controlled workflow—say launching only the launcher first—and confirm matching lines appear before escalating to full-game replication.
Staging reduces grief when multiplayer stacks dozens of simultaneous transports (voice mesh plus telemetry plus storefront pings): iterate first from menus toward gameplay while logging continuously so you can see exactly when additional binaries spin up and deserve their own narrowly scoped rules alongside—not underneath—the originals.
Security and maintenance hygiene
Process rules are powerful because they ignore hostname nuance—exactly why a typo drags unrelated traffic if you accidentally reuse a generic filename match present on multiple unrelated apps. Review overrides quarterly, especially after major game patches that rename binaries or migrate services into separate executables.
Never paste opaque rule-provider URLs into production profiles without understanding trust boundaries. Process matchers do not sanitize upstream YAML mistakes; they execute policy literally.
Troubleshooting checklist
No log lines when the app fails: capture path issue—revisit system proxy versus TUN, loopback for packaged apps, corporate policies blocking hooks.
Domain rule hits instead of process hits: an earlier rule matched—reorder or narrow competing lines.
Works once after reboot then stops: race with helper services or stale DNS cache—restart core cleanly and compare logs cold versus warm.
Anti-cheat complaints: some titles forbid tunnel tampering entirely; technical feasibility does not imply license compliance—respect publisher terms.
Closing
PROCESS-NAME on Windows with Clash Meta / Mihomo is the YAML-native answer to “send only this executable through my proxy group,” provided you respect capture realities and rule order. Combine narrow process overrides with domain lists where hostnames are stable, keep experiments log-first, and revisit overrides whenever binaries split across helpers.
When you want a maintained installer path rather than hunting release artifacts across portals, use this site’s download page as the primary entry—Download Clash for free and experience the difference.