What process is using my drive?

0

Environment : Windows 10 Pro x64, Desktop PC, fresh install. System installed on C: (SSD). Secondary SSD on D:.

I have a third E: HDD in my PC (Actually a RAID-1 of WD drives). I want it (them) to spin down when not used. I used HDD Guardian to set a sleep timeout to 20 minutes on both physical drives.

I got them to spin down once or twice, but most of the time they won't.

So I wanted to know what is preventing them to spin down.

What I have tried so far :

Searching Process Explorer for any process or handle with "E:\" : 0 matching items.

enter image description here

Listening to events with Process Monitor, filtering with "Path" beginsWith "E:".

What I have found is periodical access from both System, Explorer.exe and wmiprvse.exe processes on the drive root :

E: accesses

Here is event properties for one of the system events :

event properties

event process

event stack

Here is another example from Explorer process :

Event

Process

Stack

I saw that FLTMGR.sys refers to "Microsoft Filesystem Filter Manager" but I don't really know where to dig next ...

Any suggestion ?

Jalil

Posted 2016-04-27T07:23:16.873

Reputation: 123

Install the WPT (part of the Win10 SDK: https://dev.windows.com/en-us/downloads/windows-10-sdk), run WPRUI.exe, select First Level, CPU usage, DiskIO, FileIO and click to start. Now capture 1 minute of the Disk activity of drive E:. After 1 minute click on Save. Zip the large ETL file into zip/RAR file, upload the zip (OneDrive, dropbox, google drive) and post the share link here. I'll try to look if I can see some details.

– magicandre1981 – 2016-04-27T15:46:03.677

Thank you @magicandre1981. I'm not sure what kind of information is contained in this very large ETL file ... Could you send me an e-mail to jalil [at] arfaoui [dot] net so that I can send you the link ? – Jalil – 2016-05-01T18:49:16.823

mail is out. send me the link there and I'll take a look at the file and reply this evening. – magicandre1981 – 2016-05-02T04:05:36.400

the file is too large. I try to open it now for 1hr, but WPA never finish. Don't run the trace too long (max 2 minutes) – magicandre1981 – 2016-05-02T15:45:13.913

I'll try ... but if I only wait 2 minutes I may have no access to E .... It's more like every 5 to 10 minutes ... – Jalil – 2016-05-02T19:30:27.640

use this command instead: "C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\xperf.exe" -on PROC_THREAD+LOADER+Profile+DISK_IO+DISK_IO_INIT+FILENAME+FILE_IO+FILE_IO_INIT -stackwalk Profile+FileCreate+FileCleanup+FileClose+FileRead+FileWrite+FileSetInformation+FileDelete+FileRename+DiskReadInit+DiskWriteInit+DiskFlushInit -buffersize 2048 -MaxFile 2048 -FileMode Circular && timeout -1 && xperf -d C:\diagDISKFILEIO.etl (this must be one line and executed via cmd which was started as admin!!) Here I limit the filesize to 2GB – magicandre1981 – 2016-05-03T04:30:52.500

have you captured the new trace? – magicandre1981 – 2016-05-07T04:03:45.757

No answers

Asked: 2016-04-27T07:23:16.873

Viewed: 662 times

Active: 2016-04-27T07:23:16.873