Jump to content

Reduce system WriteFile processes

Dogway

By Dogway
in Windows XP

 Share

Recommended Posts

Dogway

Dogway

Posted
Posted

Yes, I use a SSD, and I know many will say, it doesn't harm, you shouldn't worry, but my intention is to go beyond (thinking optimization), for example I disabled the helpsvc service because it was causing unnecessary writes, I realised I didn't need it for anything so that's what I did.

Using procmon I monitored my system and grabbed some other processes which I don't know if are necessary or can be avoided in some way, I copied one entry for each file:

C:\WINDOWS\wiaservc.logC:\WINDOWS\wiadebug.logC:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAPC:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATAC:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAPC:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VERC:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTRC:\WINDOWS\system32\wbem\Logs\wmiprov.logC:\WINDOWS\system32\config\system.LOGC:\WINDOWS\system32\config\systemC:\WINDOWS\system32\config\SysEvent.EvtC:\WINDOWS\system32\config\software.LOGC:\WINDOWS\system32\config\softwareC:\WINDOWS\system32\config\SECURITY.LOGC:\WINDOWS\system32\config\SECURITYC:\WINDOWS\system32\config\AppEvent.EvtC:\WINDOWS\system32\configC:\WINDOWS\system32\CatRoot2\edb.logC:\WINDOWS\system32\CatRoot2\edb.chkC:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdbC:\WINDOWS\system32C:\WINDOWS\system.ini
Link to comment
Share on other sites

jaclaz

jaclaz

Posted
Posted

Using procmon I monitored my system and grabbed some other processes which I don't know if are necessary or can be avoided in some way, I copied one entry for each file:

But that is the list of files (and not that of the processes that write to them).

I mean, several tens (or hundreds) of processes will write to the Registry, like C:\WINDOWS\system32\config\software and consequently C:\WINDOWS\system32\config\software.LOG, the point here is whether those processes are actually NEEDed and if they actually NEED to write to that specific file (rest assured that SOME processes DO NEED to write to the Registry), on the other hand only the WIA service will write on wiadebug.log and wiaservc.log :

http://www.hsc.fr/ressources/articles/win_log_files/index.html.en#stisvc

so you can probably set it to not write debug info :unsure::

http://support.microsoft.com/kb/307001/en-us

As well you can also disable/remove WMI/WBEM subsytem, but a large numbers of tools won't work anymore :ph34r:.

You should use the BlackViper lists as a base to see which services can (or may) be disabled and/or which effects you will have:

http://www.blackviper.com/

jaclaz

Link to comment
Share on other sites
Dogway

Dogway

Posted
  • Author
Posted (edited)

Thank you, I was searching and found that I shouldn't disable WMI (wmiprov.log), I may disable WIA (wiaservc.log and wiadebug.log) if I'm not to use scanners or other image importing devices (?).

What I'm left is with the wbem, config and CatRoot2 folders I wonder if there's some way to disable any of their logs, and/or they are not necessary.

edit: I never said that what I posted were processes, semantics again lol, either way these are the processes if they tell you something:

svchost.exe
services.exe
lsass.exe
explorer.exe

Edited by Dogway
Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted

... semantics again lol, either way these are the processes if they tell you something:

svchost.exe

services.exe

lsass.exe

explorer.exe

Yep ;), but semantics (or even reading a bit on them) may tell you that svchost.exe is actually a service host :

http://en.wikipedia.org/wiki/Svchost

i.e. a number of different processes can appear under the "generic" svchost.exe name, and - if I were you - I wouldn't disable lsass.exe :whistle::

http://en.wikipedia.org/wiki/Local_Security_Authority_Subsystem_Service

jaclaz

Link to comment
Share on other sites
HarryTri

HarryTri

Posted
Posted

"WBEM" is the WMI folder and "config" is the registry and event system folder, you may be able to disable writing in the .evt files by setting their size to 0 KB from the Computer Managment console but you won't have the possible errors logged in case that something goes wrong. As for the processes I wouldn't mess with these ones if I were you, try disabling services from the Computer Managment console instead.

Link to comment
Share on other sites
Dogway

Dogway

Posted
  • Author
Posted

I got WMI through wmimgmt.msc->properties->registry disabled.
So what it is monitored here is something else.
I never missed the option so I'm not too worried about that.

Probably this is the most a system can be stressed before compromising serious aspects.

Link to comment
Share on other sites
Dogway

Dogway

Posted
  • Author
Posted

new SSD can handle so many writes, that you should not try to damage it by disabling functions which break your Windows.

That's the answer I was fearing.

My question is more towards disabling unnecessary writing processes from the perspective of overall system optimization. Thinking on a global scope. I think that what is above is pretty much the minimum necessary so it's ok, unless someone wants to add more details.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...