Answer the question
In order to leave comments, you need to log in
How to find hidden processes eating CPU resources (Windows Server (RDP))?
The picture was taken in the task manager running on behalf of SYSTEM:
Colleagues!
I'm in pain, I just can't.
Terminal server (Windows Server 2008r2), sometimes the processor is 100% high, I tear off processes and do not see a single process that eats resources and rots the processor.
The same applies to virtually any server before Windows Server 2019, the essence is always the same - there are processes that eat resources, but they are not visible anywhere in the task manager or resource monitor. How to find the guilty processes and strangle them in this case? How can you see such processes and explore?
Utilities like ProcessHacker / ProcessExplorer and others also show nothing. Or I did not find where to look ....
PS: It has been noticed for a long time that if you cut down the rundll.exe process that has appeared in a circle, then the load drops to normal.
@echo off
@:loop
@taskkill /f /im rundll*
@ping 127.0.0.1 -n 15 2>nul>nul
@goto loop
Answer the question
In order to leave comments, you need to log in
the graph shows that the CPU consumes code running in kernel mode, and if so, then this code may not correspond to any of the running processes (i.e. it is a driver or the kernel itself). that is why you do not see a single process loading the system.
answering the question: in your case, there is no way to find processes that eat processor resources, because there are none.
Start collecting the necessary logs through Performance Monitor, then analyze the collected ones.
Here is a good article https://windowsnotes.ru/windows-server-2008/schetc...
Ohh! 2008 server, I suppose and iron of the same time? by chance there is no ide running in pio mode (software mode, working with the disk wildly loaded the processor, it looked exactly like that).
Are the drivers installed on the server? Because such a load is usually given by nuclear processes, they are not displayed in the task manager. I also observed such a picture on win, when I heavily loaded win32 gdi, actively drawing something with system calls (few people do this now, all gui frameworks draw into memory themselves)
The video in the post shows that there is a svchost.exe process 60% load show the command line for it , it will be seen what kind of service launched it ... or it's a virus that mimics a service
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question