If there is still a performance issue on an endpoint after following the KB article Identifying and resolving performance-related issues caused by the Behavior Monitoring and Device Control and applying known applicable exclusions, further data collection may be necessary to determine the issue.
Please first perform the steps in the KB article General Problem Isolation Testing to help determine what component is causing the performance issue. Provide the notes of the isolation testing, as well as the output of the Case Diagnostic Tool while reproducing the issue.
Once you have isolated the issue, you will want to collect additional relevant information while reproducing the issue.
Microsoft provides a tool called the Windows Performance Recorder, which collects detailed performance-related data from Windows.
To use this tool:
- Download and install the Windows Performance Toolkit from the Windows MSDN.
- Windows 8 and later: Use Win10 WPT
- Windows 7/2008R2: Use Win8 WPT
- Once installed, open an elevated command prompt and type the following:
This is the Windows Performance Recorder.
- Select the following items and change the logging mode to "[File]":
- CPU usage
- Disk I/O activity
- File I/O activity
- Registry I/O activity
If this is a performance-related issue, also select:
- Heap usage
- Pool usage
- Minifilter I/O activity (under Scenario Analysis section)
- Click the Start button to begin data collection.
- Reproduce the performance issue.
- After the issue has been reproduced for at least 5 minutes, click the Save button to stop recording.
- Save the resulting .etl file.
- Open in WPA and see if the WPR recording captured the resource outage issue.
Below is a bad example i.e. the left side is blank and it cannot be used for trouble shooting:
An ideal recording shall look like the following i.e. it has enough length and the resource outage issue is captured several times for comparison:
- Compress the .etl file as a ZIP and upload it to your support case.
Process Monitor can also be useful for performance issues, although care needs to be taken as Process Monitor can also have a performance impact on the machine.
To use the tool:
- Download the Process Monitor Utility from Microsoft and place it in the machine.
- Extract the files.
- Run ProcMon.exe and accept the EULA.
It will automatically begin collecting data.
- Reproduce the performance issue on the machine.
- After the issue has been reproduced, stop the collection by clicking the magnifying glass icon in Process Monitor so that there is a red line through it.
- Choose File > Save and then All events and Native Process Monitor Format (PML).
- Zip the PML file, then upload it for review.