Sysmon.exe May Hang with 8-Character Entry in the Registry (307547)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
This article was previously published under Q307547

SYMPTOMS

When you attempt to add a counter, System Monitor may stop responding (hang), and CPU utilization may increase to 100 percent. This problem can occur only if a disk upper-filter driver is installed, where the driver name is 8 characters long, and is not equal to "diskperf".

CAUSE

This behavior is caused by a problem in Diskperf.dll that causes the program to enter an infinite loop.

In order for this problem to occur, an 8-characters long filter driver must be listed in the following registry REG_MULTI_SZ value, and it must be listed before diskperf, if diskperf is listed:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}\UpperFilters

WORKAROUND

Use a different number of characters for the name of the filter driver, and note that any number other than 8 works.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

For additional information about a related problem, click the article number below to view the article in the Microsoft Knowledge Base:

278662 Diskperf.exe May Hang with 8-Character Entry in the Registry

Modification Type:MajorLast Reviewed:12/5/2003
Keywords:kbenv kbprb KB307547
©2003 Microsoft Corporation. All rights reserved.