Re: lsass.exe How much I/O should it be doing?
- From: grok <grok@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 30 Jul 2007 08:26:04 -0700
Thanks for your interest Harry. I've been adjusting Process Monitor to try
to get a small enough output to post here. Let's see if this works:
QueryOpen C:\WINDOWS\Temp SUCCESS 8:04:06.2297603 AM
QueryOpen C:\WINDOWS\Temp SUCCESS 8:04:06.2299930 AM
QueryOpen C:\AUTOEXEC.BAT SUCCESS 8:04:06.2320563 AM
CreateFile C:\AUTOEXEC.BAT SUCCESS 8:04:06.2322141 AM
QueryNameInformationFile C:\AUTOEXEC.BAT SUCCESS 8:04:06.2323871 AM
QueryNameInformationFile C:\AUTOEXEC.BAT SUCCESS 8:04:06.2324701 AM
QueryStandardInformationFile C:\AUTOEXEC.BAT SUCCESS 8:04:06.2325530 AM
ReadFile C:\AUTOEXEC.BAT SUCCESS 8:04:06.2326251 AM
CloseFile C:\AUTOEXEC.BAT SUCCESS 8:04:06.2327027 AM
QueryOpen C:\Documents and Settings\Jim Slager\Local
Settings\Temp SUCCESS 8:04:06.2330052 AM
CreateFile C:\ SUCCESS 8:04:06.2330609 AM
QueryDirectory C:\Documents and Settings SUCCESS 8:04:06.2330942 AM
CloseFile C:\ SUCCESS 8:04:06.2331320 AM
CreateFile C:\Documents and Settings SUCCESS 8:04:06.2332447 AM
QueryDirectory C:\Documents and Settings\Jim Slager SUCCESS 8:04:06.2332809 AM
CloseFile C:\Documents and Settings SUCCESS 8:04:06.2333293 AM
CreateFile C:\Documents and Settings\Jim Slager SUCCESS 8:04:06.2334423 AM
QueryDirectory C:\Documents and Settings\Jim Slager\Local
Settings SUCCESS 8:04:06.2334802 AM
CloseFile C:\Documents and Settings\Jim Slager SUCCESS 8:04:06.2335185 AM
QueryOpen C:\Documents and Settings\Jim Slager\Local
Settings\Temp SUCCESS 8:04:06.2337106 AM
CreateFile C:\ SUCCESS 8:04:06.2337617 AM
QueryDirectory C:\Documents and Settings SUCCESS 8:04:06.2337937 AM
CloseFile C:\ SUCCESS 8:04:06.2338285 AM
CreateFile C:\Documents and Settings SUCCESS 8:04:06.2339383 AM
QueryDirectory C:\Documents and Settings\Jim Slager SUCCESS 8:04:06.2339725 AM
CloseFile C:\Documents and Settings SUCCESS 8:04:06.2340075 AM
CreateFile C:\Documents and Settings\Jim Slager SUCCESS 8:04:06.2341195 AM
QueryDirectory C:\Documents and Settings\Jim Slager\Local
Settings SUCCESS 8:04:06.2341547 AM
CloseFile C:\Documents and Settings\Jim Slager SUCCESS 8:04:06.2341910 AM
This is the file system activity for 1 minute except there are 4 more
activities that are much wider and I'll hack them up like this:
CreateFile * SUCCESS 8:04:06.2349316 AM
QueryNameInformationFile * BUFFER OVERFLOW 8:04:06.2351441 AM
QueryNameInformationFile * SUCCESS 8:04:06.2352507 AM
CloseFile * SUCCESS 8:04:06.2353459 AM
and the * stands for:
C:\Documents and Settings\Jim Slager\Application
Data\Microsoft\Protect\S-1-5-21-4127160252-1390122426-107871480-1006\Preferred
I hope that you can make some sense of this.
"Harry Johnston" wrote:
grok wrote:.
I also have lsass continuously doing I/O at the rate of about 3 of each per
second. I downloaded File Monitor and then Process Monitor but neither of
them have led me to any smoking gun. (I don't use gmail.)
Process Monitor shows about 30 File System operations each minute but I
don't see anything that leads me to any conclusion. Can anyone help.
What files are being modified or accessed?
Harry.
- Follow-Ups:
- Re: lsass.exe How much I/O should it be doing?
- From: Harry Johnston
- Re: lsass.exe How much I/O should it be doing?
- References:
- Re: lsass.exe How much I/O should it be doing?
- From: Harry Johnston
- Re: lsass.exe How much I/O should it be doing?
- Prev by Date: Re: Copy XP User Profiles - Permission Denied
- Next by Date: Remote Desktop Users and Least User Rights
- Previous by thread: Re: lsass.exe How much I/O should it be doing?
- Next by thread: Re: lsass.exe How much I/O should it be doing?
- Index(es):
