If there is still a performance issue on an endpoint after following the KB article Identifying and resolving performance-related issues caused by the Behavior Monitoring and Device Control and applying known applicable exclusions, further data collection may be necessary to determine the issue.
Please first perform the steps in the KB article General Problem Isolation Testing to help determine what component is causing the performance issue. Provide the notes of the isolation testing, as well as the output of the Case Diagnostic Tool while reproducing the issue.
Once you have isolated the issue, you will want to collect additional relevant information while reproducing the issue.
Microsoft provides a tool called the Windows Performance Recorder, which collects detailed performance-related data from Windows.
To use this tool:
- Download and install the Windows Performance Toolkit from the Windows MSDN.
- Windows 8 and later: Use Win10 WPT
- Windows 7/2008R2: Use Win8 WPT
- Once installed, launch Windows Performance Recorder from the Start Menu.
- Select the following items and change the logging mode to "[File]":
- CPU usage
- Disk I/O activity
- File I/O activity
- Registry I/O activity
If this is a performance-related issue, also select:
- Heap usage
- Pool usage
- Click the Start button to begin data collection.
- Reproduce the performance issue.
- After the issue has been reproduced for at least 5 minutes, click the Save button to stop recording.
- Save the resulting .etl file.
- Compress the .etl file as a ZIP and upload it to your support case.
Process Monitor can also be useful for performance issues, although care needs to be taken as Process Monitor can also have a performance impact on the machine.
To use the tool:
- Download the Process Monitor Utility from Microsoft and place it in the machine.
- Extract the files.
- Run ProcMon.exe and accept the EULA.
It will automatically begin collecting data.
- Reproduce the performance issue on the machine.
- After the issue has been reproduced, stop the collection by clicking the magnifying glass icon in Process Monitor so that there is a red line through it.
- Choose File > Save and then All events and Native Process Monitor Format (PML).
- Zip the PML file, then upload it for review.