The screenshot below is from a Windows Server machine that is acting very strange lately. Every few minutes the HDD's go spinning like crazy without any reason I can explain.
- RAM Checked, OK
- HDD surface check, OK
- HDD SMART Monitor, No Errors
- Disk defragmented on schedule, no errors
No new hardware or software has been installed except Sophos AV which I actually suspect being the cause of everything.
I have also checked for hidden Bitcoin-Mining processes that are usually fired when the PC is idle but I found none.
What might be the cause of this problem?
Answer
The hard drive activity shown in your Resource Monitor screen shot doesn't inherently indicate anything out of the ordinary. Your hard drive is operating at nearly 100% capacity as indicated by the blue line in the Disk graph. That could be perfectly normal for your computer, especially if you're running a mechanical hard drive as they are frequently the first of the four primary system resources (CPU, RAM, I/O, Network) to become bottle-necked.
But without knowing your system, that's just a guess.
The best way to know if you're experiencing unusual system activity (and troubleshoot it) is to have a performance baseline. This is simply a record of system resource use created during known-"normal" system operation. This can be as simple as keeping Resource Monitor open while using your system normally to get a "feel" for the graphs and other data during normal activities. Or you can take a more professional approach and use something like Windows Performance Monitor to make a detailed record of exact counter values (The excellent TechNet blog How to create a “black box” performance counter data collector is a good place to start).
With a good idea in hand what is normal for your system you can more effectively troubleshoot suspected "unusual" behavior. In your case you suspect your antivirus, so you might record some system activity with the software installed, then remove it and have a look at the reported activity again. If the antivirus software is to blame it should be clear from a comparison of the monitored activity.
No comments:
Post a Comment