Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Detecting source of external drive activity

Posted on 2009-04-24
4
Medium Priority
?
520 Views
Last Modified: 2012-05-06
Hi Guys,

How do I determine which process / application is accessing an external hard drive?

I attach my external hard drive via USB to my laptop (XP SP2).
My laptop was recently re-installed after the internal hard drive crashed.
(Currently no problems with any software).

Often it is idle for hours, but all of a sudden there's activity on the external drive.

I have nothing open or mounted from the external hard drive (I only use it to make backups at the end of the day - all files on the drive are ZIPed).

My AntiVirus application is also idle (no scans).

When I try to "Safely Remove Hardware" from the System Tray, it fails with this message:
"The device 'Generic volume' cannot be stopped right now..."  (I've tried this several times in succession)
At this stage I haven't accessed the drive at all.

Even when I kill the "Explorer" process in Task Manager, and then restart the "Explorer" process, the external drive still shows activity and I'm not able to un-mount it.

I've run virus scans on the drive, and no virus was found.
0
Comment
Question by:m0nk3yza
  • 2
4 Comments
 
LVL 3

Accepted Solution

by:
MMierzwa earned 1400 total points
ID: 24222784
Hi

You could use file monitor http://technet.microsoft.com/en-us/sysinternals/bb896642.aspx to determine processes and then ask google " xxx process info".
0
 
LVL 23

Assisted Solution

by:phototropic
phototropic earned 600 total points
ID: 24222934
Maybe a software application is causing this activity.

Go into msconfig (start - run - msconfig) and click on the startup tab. Click on "disable all". Go into services. Check the "Hide All Microsoft Services" box, and then click on "disable all". Reboot.  Any change?
If the problem goes away, you will need to go back into msconfig and re-enable startups and services individually until you find the culprit.  Start by re-enabling your av/firewall software...

0
 
LVL 1

Author Comment

by:m0nk3yza
ID: 24223608
Hi Guys,

Thank you for the response.

FileMon doesn't seem to pick up "USB" devices.
I filter out C:* and then access an application on the external harddrive (H:).
FileMon doesn't seem to pick it up. I'll test it some more after reading the manual.

I've cleared the startup of all entries and rebooted.
As this issue happens sporadically, I'll only be able to say if that was the issue in a few days time.
0
 
LVL 1

Author Comment

by:m0nk3yza
ID: 24223656
update:
Reading the manual helps...
I've managed to filter only for the removable drive.
It seems the explorer process send a "QUERY INFORMATION" request to the drive, even when it's not in use.
I'll keep on monitoring it with FileMon until it starts acting up again.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

this article is a guided solution for most of the common server issues in server hardware tasks we are facing in our routine job works. the topics in the following article covered are, 1) dell hardware raidlevel (Perc) 2) adding HDD 3) how t…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question