Why is System writing to disk and MsMpEng.exe reading?

2

1

Just a curiosity question. I just told Spotify to move its cache from one drive to another. When I now look at the Resource Monitor spotify.exe doesn't seem to be doing anything at all basically. There is, however, a great number of reads by something called MsMpEng.exe and a great number of writes by System. I can tell it's the Spotify cache being moved because of the file paths.

I've noticed this with other applications too, like when stuff is going really slow and I wonder whats going on. I check to see what is using my drives like crazy, but all I can see is System.

What's going on here? Why can I often not see exactly what application is causing the read/write activity?

Svish

Posted 2012-09-15T11:03:08.020

Reputation: 27 731

As for why System is doing the writing, see my answer here: http://superuser.com/questions/966755/why-is-my-system-process-doing-disk-io/968135#968135

– Jamie Hanrahan – 2015-09-04T05:12:07.407

Sounds like the Microsoft antimalware engine (MsMpEng) scanning the files you are moving, it may be copying them to a temporary location as is scans and then to your specified location when it is done. – Moab – 2012-09-15T13:48:13.770

Answers

0

I think you can try a clean boot. It was recommended on this blog.

http://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/msmpengexe-continuously-readingwriting-hard-disk/8f63751a-8f53-e011-8dfc-68b599b31bf5

I was having the same issue multiple writes of the MsMpEng that keep constantly the hard drive busy.

Try to keep a track of what is really happening in the system using the Resource monitor and external program such as process explorer.

Also, if you are running Windows 10. The culprit can be the CompatTelRunner.exe, that is the Microsoft Compatibility Appraiser.

You can follow this guide to disable it.

http://answers.microsoft.com/en-us/windows/forum/windows8_1-performance/disabling-windows-compatability-telemetry/f1437548-84ae-4421-9a07-45feb17cab86

In my case. Initially, I blame the MsMp program. However, the problem was the compatibility appraiser. You can check easily if it's the that stopping the service:

To do so, open PowerShell and run these commands:

stop-service diagtrack

If the high readings stop. Store the changes:

set-service diagtrack -startuptype disabled

Let me know, if those tips help you.

Juan Acosta

Posted 2012-09-15T11:03:08.020

Reputation: 111

Asked: 2012-09-15T11:03:08.020

Viewed: 1 971 times

Active: 2016-11-18T00:16:25.703