This message was deleted.
# _generals
Slackbot
09/09/2022, 2:11 PMThis message was deleted.
t
Touseef Rehman
09/09/2022, 2:11 PMtry sysinternals.com maybe RAM MAP or possibly procmon capture
j
James Rankin
09/09/2022, 2:12 PMProcmon seconded
James Rankin
09/09/2022, 2:13 PMJust be careful of filter drivers, I found this out when trying to work out how much data Teams was writing to an FSLogix disk
s
stormlight
09/09/2022, 2:13 PMThanks, ProcMon shows me every single writet but I cant figure out how to quantify them in kb.mb.ect
j
James Rankin
09/09/2022, 2:13 PMWrite it to a VHD and see how much it grows
🙌 1
d
Dennis van Dam
09/09/2022, 3:05 PMI'd use Procmon > stop collection and set a filter for executable e.g. Notepad, goto the dropdown menu called Filter and enable "Drop Filtered Events". Don't show Network and Registry activity. Now Start your Procmon and then start the program you have configured to track, let it run for the amount of time that you think is needed. let all run and go to the Tools dropdown menu. Use File summary for file and folder data like in the picture below where I used a filter on Notepad and dropped data in %desktop%\1.txt and saved it. If you need IOPS information then use Tools > Process Activity Information and then double click on the process to get another form to popup, that will show numbers when you hover over the graph
s
stormlight
09/09/2022, 3:20 PM@Dennis van Dam That is impressive. That would be perfect but I think James is on to something with the filter driver. When I do the above instructions you provided I get 0 reads and writes for anywhere where FSlogix captures the data. (all of users %apdata%
stormlight
09/09/2022, 3:21 PMAnyone know how to tell procmon to capture reads and writes that the fslogix filter driver takes?
j
James Rankin
09/09/2022, 3:22 PMI think you have to adjust the filter driver of FSLogix so that procmon is running above it, or vice versa
s
stormlight
09/09/2022, 3:25 PMIs that something trivial to do? I have not learned about adjusting the filter driver or setting apps to be above or below. Have you seen any docs ? LOL, i go to your site for this kind off stuff
j
James Rankin
09/09/2022, 3:30 PMEvery filter driver has an altitude set in the Registry. Look up how to adjust the app layering filter driver, the FSLogix or procmon process should be the same
t
Touseef Rehman
09/12/2022, 11:47 AMhttps://social.msdn.microsoft.com/Forums/en-US/8a495cb9-d025-4b34-a122-e1c387d35a0b/faq-fslogix-troubleshooting-guide?forum=FSLogix not sure if you can narrow down your search for the specific filter driver from the SC cmd's listed here on the cmdline image?
j
James Rankin
09/12/2022, 11:47 AMThe FSLogix filter driver altitude is here - HKLM\System\CurrentControlSet\Services\frxdrvvt\Instances\frxdrvvt\Altitude
✔️ 1