Not what you were looking for? Ask our experts!
Reply
Regular Contributor
Calls
Posts: 1,986
Registered: ‎10-07-2009

Re: "High Disk Write Usage by: Host Process for Windows Services"

actually the amount of data indicated is 715mb. I put the incorrect amount in one of my posts.
what is most concerning to is that I cannot find out what service wrote that amount.
That is what scares me. Event log of windows shows nothing around the same time as the Norton log entery
SendOfJive
Posts: 10,584
Kudos: 4,685
Solutions: 759
Registered: ‎02-07-2009

Re: "High Disk Write Usage by: Host Process for Windows Services"

[ Edited ]

Hi Calls,

 

Please realize that Performance Monitoring is designed as an aid to help users understand which current system activity might be contributing to a given system behavior.  For example you might get a high CPU usage alert for Flash Player or your browser when a sudden slowdown occurs while watching a video.  Perfomance Monitoring is not a malware detection component like Auto-Protect, even though it might spot some system issues secondary to a malware infection (and those would be major anomalies, not a single write to disk).  Given that there seem to be no indications of malware on your system coming from any of the protection components of NIS, it seems unlikely that the Svchost process in this case is a malicious imposter.  It was almost certainly a legitimate process that happened to be active enough to be noticed by Performance Monitoring.  Svchost is a Windows process that runs in the background - you are unlikely to know about most of the things it is doing or, actually, they are doing, since there are several of them.

Regular Contributor
Calls
Posts: 1,986
Registered: ‎10-07-2009

Re: "High Disk Write Usage by: Host Process for Windows Services"

Thanks all

As I say the only thing that is really stumping me is that there was not any recorded event in the Windows event log. I know that was some advice given to check that log. But as I say nothing noted around that same time.

 

Not sure if this makes any difference, but Looking through my NORTON history log, I see similar entries of

High Disk Write Usage by Host Process for Windows Services

 

October 1 2011 Saturday  for  169MB

December 6 Tuesday for 188mb

Feburary 14  Tuesday  for 2MB

March 14 Wednesday for 63 MB

and then April 10 Tuesday for 715mb

 

so not a real clear pattern, thought it might be windows update Tuesday but not

 so again kinda stumped  : (

 

Not a rootkit right?

Super Spam Squasher
Bombastus
Posts: 1,786
Registered: ‎11-16-2009

Re: "High Disk Write Usage by: Host Process for Windows Services"

[ Edited ]

No, it just needed to do something, but it was certainly something legitimate. Forget this thing; you are making an issue out of a non-issue. Turn the Norton performance monitoring off if needed; at the moment, it's the Norton performance monitoring that is causing you issues, not the disk writes svchost.exe did that day.

 

Besides, there doesn't have to be any entries in the event viewer, if it's a service that is constantly running that is causing the disk writes. Only starts and stops are logged there, but if it's an automatic service that is on 24/7 that increases its activity, it won't be logged. Could be Superfetch maybe.

Regular Contributor
Calls
Posts: 1,986
Registered: ‎10-07-2009

Re: "High Disk Write Usage by: Host Process for Windows Services"

Thanks, so superfetch would write that large amount to the disk?
I think when I check with services were assocaited with that particular?svchost.exe, ther was something about superfetch
Super Spam Squasher
Bombastus
Posts: 1,786
Registered: ‎11-16-2009

Re: "High Disk Write Usage by: Host Process for Windows Services"

[ Edited ]

Yeah, Superfetch runs under a svchost.exe, and it has been known to do a lot of disk trashing. On Vista especially. It has been much improved on Windows 7, but if you Google vista superfetch disk thrashing you get something like 50000 results

 

It also runs constantly by default -  it's set to Automatic, so you won't see start- and stop messages about it in the event viewer.

Regular Contributor
Calls
Posts: 1,986
Registered: ‎10-07-2009

Re: "High Disk Write Usage by: Host Process for Windows Services"

so I think thats soubds like the source, eh?
I think its the service in Vista that shows as sysmain
Super Spam Squasher
Bombastus
Posts: 1,786
Registered: ‎11-16-2009

Re: "High Disk Write Usage by: Host Process for Windows Services"

[ Edited ]

Calls wrote:
so I think thats soubds like the source, eh?



Quite possible. In any case, there is no indication of malicious activity from that Norton high disk activity report. Chances are overwhelming that it is a Vista issue - or even more likely, no issue at all, just Windows processes doing their job.