Helping people with computers... one answer at a time.
Constant disk activity is not always a sign of a problem; it depends on the cause. We'll use Process Monitor to identify the source of disk activity.
Win7, new system and new load with all available patches. Processor I5-750, Intel Desktop Board DH55HC, 4gig mem. The disk is constantly being accessed. How do I stop it and let it rest? I see several people are having that issue, but no fixes so far as to what to stop. My XP didn't seem to do that all the time.
•
Well, first we need to know what's accessing the disk.
Then we'll worry about how to stop it, or if we even need to. Windows 7 does do a few things differently than XP; for example one might be background defragmentation, so it's important to know just what's happening before we decide it's a problem that needs to be fixed.
And I've got just the tool to figure it out.
•
Process Monitor
Process Monitor (not to be confused with Process Explorer, a completely different program) is a utility that as its name implies monitors processes - but it does a lot more than just monitor processes.
Much, much more.
I've just recently begun exploring some of its features, and for this situation it's an almost perfect diagnostic tool.
Download Process Monitor - it's a free download from Microsoft - and place it somewhere on your computer so that you can run it at will.
Process Monitor works by collecting information - events - and then allowing you to analyze those events for the information you're looking for. Even better, Process Monitor includes a couple of summary tools that do some of that analysis for you.
Run Process Monitor and after accepting the license agreement (first run only) you should see something similar to this:
What you're seeing is the Process Monitor main window, and in front of that, the Filter dialog.
We're going to ignore the filter, so just click "OK" and Process Monitor will begin collecting data; you'll see the screen quickly fill with geeky gibberish, and the count of events in the status bar will begin increasing.
Let it run for "a while". How long is difficult to say, but long enough for you to experience the problem that lead you here: your constant disk activity.
Press CTRL+E to stop the data collection.
File Activity
Click on the Tools menu, and click on File Summary...:
That's a summary of the file activity that occurred on the system during data collection, listed with the most active files first. Here's the interesting part:
Here you can see that when I took this snapshot the most active file was "OBJECTS.DATA", a file used by Windows itself, followed by a World of Warcraft download that was happening in the background, followed by the Process Monitor executable itself.
Sometimes this information alone will be enough for you to determine just what's happening.
But not always. In particular, while this might tell you what file is being accessed, it's not telling you what program is accessing it.
Process Activity
In Process Monitor, click on the Tools menu, and then Process Activity Summary..., and in the resulting screen click on the File Events column header to sort the data:
Here we can see that in my case "wmiprvse.exe" - the Windows Manage Interface (WMI) executable which is responsible for all the "OBJECTS.DATA" activity is top of the list, with "prl_disp_service.exe" (a component of Parallels Workstation, the virtual machine technology I use), our friend "svchost.exe", the Blizzard background downloader (working on that World of Warcraft download), and other executables following.
A few random notes about what you're looking at:
-
Note the File Events and File I/O Bytes graphs - these summarize when during the time the data collection was happening that the File Events occurred. wmiprvse.exe had a burst at the beginning, where as the Blizzard downloader was plugging away periodically throughout.
-
Note that not all File Events have "I/O Bytes" associated with them. Frequently programs test for the existence of a file or a registry key, or for access permissions, without actually transferring any data. From what I've seen there's a lot of registry activity that consists of nothing more than "does this registry key exist" requests.
-
That being said, if you're tracking down disk activity File I/O Bytes are probably more important than simple File Events since they involve actual data transfer.
-
Quite often non-disk activity is also treated as File I/O - for example network activity is often treated as if it were File I/O.
-
As you can see, many programs you might not have thought about could be accessing the disk: MsMpEng.exe is Windows Security Essentials performing anti-malware work in the background (probably scanning the download for malware); SearchIndexer.exe is the content indexer for the Windows search feature; svchost.exe hosts several different system services that may need to perform File I/O.
My conclusion from looking at the data above is that my disk was active mostly due to the ongoing download, coupled with a spurt of activity from Security Essentials. Other things contributed, but those were most likely to be the most noticeable.
My Activity versus Your Activity
Naturally, I used my machine to generate the examples above and yours will probably be quite different.
In my case, "File Activity" was less helpful at identifying what was happening than "Process Activity", but that too will vary based on exactly what's causing the activity in the first place.
As you might guess, we've barely scratched the surface of what Process Monitor can do, but I'd be willing to bet that one or the other of these two summaries that it generates will be enough to tell you exactly why your disk might be active when you don't expect it.
And from that you can determine what action to take, if indeed you need to take any action at all.
Article C4454 - September 18, 2010 « »
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
September 21, 2010 1:09 PM
It is normal for Windows to access the hard drive regularly, even if you have no programs open. As long as your CPU usage is low when idle, it shouldn't be an issue.
But if it still bothers you, you might want to check a couple things.
First, as suggested above, turn off your indexing service. You can do this in Windows Explorer by right-clicking on a drive letter and clicking on "Properties". Then, uncheck the box for "Index this drive for faster searching". This will take quite a while.
The next simple thing to check is to eject your cd/dvd drives and leave them open and empty. If your hard drive activity stops after doing this, then it is probably Autoplay that is causing the hard drive access. You can turn this off by right clicking on the drive letter in Windows Explorer and turn off autoplay for that drive.
Before doing the sleuthing above, make sure your internet connection is disabled and all background processes are turned off (like your antivirus).
If the above doesn't work, then Leo's excellent advice is a great way to suss out the issue.
Keith
ATL Computer Repair
September 21, 2010 4:21 PM
And if you run XP or Vista or WIN 7 then START > RUN type in MSCONFIG > OK it and select START UP tab and click disable all and do a reboot and your machine will start up faster.
September 24, 2010 7:53 PM
I can't remember where I read it, but on XP PRO, at least, the Disk Defrag is configured by default to do defrags during no user activity on the computer. It can be turned off.
25-Sep-2010
February 12, 2011 8:19 PM
IN USE but inactive external HDD? I discovered that when running AVG with Vista, this is a common problem. Resident Shield (RS) is monitoring the drive and thus shows as "in-use" when you try to disconect. This just a glitch resolved many ways (i.e. temporary turn off RS,disconnect HD,turn on RS). Check their forum for specific info for XP/Vista/Win7. Yes, Process Explorer will verify this - but check first
February 16, 2011 4:35 AM
Many thanks. For some reason an old version of Java in a backup file area was constantly running. Deleted it totally.. activity stopped. Well, nearly stopped. Still a few activities but only one per 5 seconds or so... I was getting in excess of 55,000 in a 5 minute timeframe!