• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 795
  • Last Modified:

How to identify which application/driver/process is causing the non paged pool leak

Hi Experts,

One of my  servers is having a non paged memory leak (in the event viewer I can find errors source:srv eventid 2019  The server was unable to allocate from the system non paged pool because the pool was empty).
The server is running windows server 2003 SP1 (IBM hardware  Xseries366) I have already used the poolmon utility to capture the poolsnap and I identify that there is a leak in the following tags :  AFDC,AFDE and FILE

Anyone have more knowledge about those tags (whats the application/etc..)? And I will appreciate if you can guide me on how to solve the leaking in those tags (installing the latest firmware?)

I appreciate any help,

Regards,
Boaz Galil:
0
dpatel_team
Asked:
dpatel_team
  • 3
  • 2
2 Solutions
 
dpatel_teamAuthor Commented:
any idea on this issue?
0
 
ChiefITCommented:
0
 
dpatel_teamAuthor Commented:
Yes ofcourse I used Poolmon - with Poolmon I identify that I have a leak at the following pools - AFDC/AFDE/FILE , but what is the next step ?
0
 
ChiefITCommented:
According to this article the AFDC and AFDE files might be a Heuristic virus. Heuristic, by definition, is a loose practice to a solution. So, this may be a viru in its infantcy, (a trial and error method to create a virus if you will). If your AV software is set to scan for Heuristic viruses, your AV software may be chewing on those files that and causing a memory leak.

http://gordano.biz/kb.htm?q=3161

How is this important?
http://www.claymania.com/virus-specific.html
I love this article that is real and to the point. No AV package is 100%. Scanning for Heuristic viruses can warn you, but most likely a AV product will not delete the suspected file until it becomes a full blown virus. What I like about this article is that it points out best met computing practices is the best tool to prevent viruses while a AV/AS package is still important.

In your case, I would look at a cleaning tool for w32\downloader and its variants. This might be a good start.
http://www.spywareguide.com/product_show.php?id=3510

It is not uncommon that a Heuristic scan causes a memory leak because the AV package doesn't know what to do with it.
0
 
dpatel_teamAuthor Commented:
The problem was solved by updating the IBM drivers,

I guess thats the first thing you need (updating drivers) to do whenver you bump into a non-page pool leak...

Thanks guys for your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now