Catch the process that loads the disk in windows
When the screen is turned off (simple) windows, some process begins to load the disks heavily. How can I catch what this process is? Resource Manager, Process Monitor are not suitable, because the disk is loaded when the system is idle. If the screen is turned on, the download stops immediately. I checked CureIt from Dr. web for viruses.
1 answers
I think my answer is not complete, but as a hint, I think it will be suitable for the Russian version of Windows.
- Open the Windows System Monitor.
- Open "Performance". Select the "Data Collector Groups" section, then the "Event Tracking Sessions" subsection.
3.1. Manually create a data collector group with an arbitrary name "123".
3.2. In vendors add: Microsoft-Kernel-Disk, Microsoft-Kernel-File
3.3. Specify the directory where the log will be saved.
3.4. Start the data collector group"123".
3.5. All of the above described in points 3. can be done using the console utility logman.exe
3.6. After the time is sufficient to save information about the disk subsystem activity to the log, you need to stop the created group of collectors: either from the system monitor snap-in, or with the command: logman stop 123 -ets
- Next, you need to open the saved log in the format . etl, and then analyze the activity.