Wallaby 1 Posted July 17, 2013 Share Posted July 17, 2013 Just watched this interesting video on a Microsoft channel hxxp://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-47-WPT-MiniFilter-Analysis Those guys use Windows Performance Analyzer to see a "mini-filter" trace generated by xperf while a Windows antivirus scans some files. I tried with a scan with NOD32 4.2.71 but at the end I don't get any data to view, so I was wondering if NOD32 uses this "mini-filters" approach or not. Any idea? Thanks in advance Link to comment Share on other sites More sharing options...
Administrators Marcos 5,286 Posted July 17, 2013 Administrators Share Posted July 17, 2013 You should have eamonm.sys loaded on Windows Vista and newer. Link to comment Share on other sites More sharing options...
Wallaby 1 Posted July 17, 2013 Author Share Posted July 17, 2013 I have Windows 7 SP1 x64 Home Premium When I right-click on eamonm.sys in the drivers Tab I see (in Sysinternals Autoruns) that "eamonm.sys is not currently running" What is wrong? What do I have to do to see some mini-filter activity? Link to comment Share on other sites More sharing options...
Wallaby 1 Posted July 19, 2013 Author Share Posted July 19, 2013 No idea at all? What's the way to make eamonm.sys run? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,286 Posted July 19, 2013 Administrators Share Posted July 19, 2013 Run "sc query eamonm" with elevated admin rights. You should get a response that it's running. Link to comment Share on other sites More sharing options...
Wallaby 1 Posted July 19, 2013 Author Share Posted July 19, 2013 It is running TYPE : 2 FILE_SYSTEM_DRIVER STATUS : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) ........... but mini-filter is not recording anything OK... let's forget about it... I'll investigate Thanks anyway Link to comment Share on other sites More sharing options...
Recommended Posts