I felt that Kaspersky antivirus was taking a lot or resources, generating lots of HDD requests.
So I tried to monitor what was going on, and used SysInternals Procmon. BTW, hi and congrats Mark :)
I set up a filter targeting avp.exe (one of the main exefiles of KAV).
After a few hours, the computer became very very slow. Pretty close to a DoS, with applications yelling they needed to be closed in order to prevent from data loss... So I had a look at the "computer panel":
Apart of the data drive (D:), there appears to be a real problem with the disk space remaining on C:...
There should be 10 GB of free disk space... where did they go? I was about to launch WinDirStat, and analyse the whole partition in depth. But, just double-clicking on the C: revealed something that drove my attention:
Wow... 12.580 GB of pagefile.sys! I understand the only 54MB remaining of the disk drive...
And what does Procmon say?
See? at the bottom: 24 millions of events, "backed in page file"...
BTW, avp.exe did generate 1.2 millions of events itself! Around 1 out of 20, that's something. It proves once again Kaspersky AV takes oa lot of system resources. Yes, K Labs did find a trick to use less of CPU cycles (they use GPU... still system resources), but what about the disk? It can't be replaced by something else!
Back to business: Procmon gives up!
In a nutshell, here is what I would say to sysadmins:
- be very careful while monitoring system issues with Procmon: you may just crash the system with a pagefile.sys taking all the disk space!
- do not let less than 10GB of free disk space on the System partition...
