Windows Performance Audit: Resource & Stability Check
WINDOWS
The Challenge
System instability and slow performance are top generators of IT support tickets. Diagnosing "slowness" usually requires an analyst to remote in, check Task Manager, crawl through Event Viewer logs, and inspect services manually. This reactive approach is time-consuming and inefficient, especially when dealing with intermittent issues or a large fleet of devices.
The goal was to instantly retrieve a diagnostic snapshot to:
- Identify processes consuming the most CPU and Memory
- Verify the status of critical management services (Update, RDP, Spooler)
- Check for "silent" failures like system crashes or disk warnings
- Assess overall system health without interrupting the user
The Prompt Sent to Myrmex
Using the Myrmex Agent (Perseus) installed on the target device, we sent:
Retrieve a performance snapshot of the Windows system, focusing on CPU and memory
consumption by the top 5 active processes. Check the status of critical system services
(Print Spooler, Remote Desktop, and Windows Update) and report any recent system crashes
or disk space warnings found in the Event Viewer.
Report only the current operational status.
Note: Myrmex acts as a level 2 support technician, aggregating data from
Get-Process,Get-Service, andGet-WinEventto provide a holistic view of system performance.
What Myrmex Did
Myrmex performed a diagnostic health check on the host DEMO-WIN11.
📊 Resource Performance Snapshot
The system is currently operating with high resource availability and no signs of hardware-level bottlenecks.
- Global CPU Usage: 16.61%
- Memory Utilization: 5.08 GB Used / 16.89 GB Total (~70% Available)
- Storage Capacity (C:): 281.44 GB Free / 474.72 GB Total (59.29% Free)
Top 5 Active Processes
| Process Name | CPU Usage (Cycles) | Memory (Working Set) |
|---|---|---|
| MsMpEng (Defender) | 233.20 | 260.70 MB |
| System | 190.34 | < 50 MB |
| MsSense (EDR) | 124.54 | 157.43 MB |
| svchost | 111.76 | < 80 MB |
| LogonUI | - | 109.90 MB |
Analysis and Findings
1. Resource Bottlenecks
The analysis shows a healthy system. The top consumer is Windows Defender (MsMpEng), which is expected and healthy behavior for an active endpoint protection system. Memory usage is low (~30%), indicating plenty of headroom for user applications.
2. Critical Service Audit
A functional gap was identified in the service layer:
- Print Spooler: ✅ Running (Printing is available).
- Remote Desktop: ⚠️ Stopped (Remote access is disabled).
- Windows Update: ⚠️ Stopped.
Impact: The stopped Windows Update service combined with DCOM errors (Event ID 10005) suggests a patching issue that needs remediation to ensure future security updates are applied.
3. Stability & Reliability
Myrmex scanned the Event Viewer for the last 48 hours:
- ✅ No BSODs: No critical system crashes (BugCheck) were found.
- ✅ Disk Space: No warnings about low storage.
- ⚠️ Operational Errors: Validated that Windows Update is failing to initialize (Error 1115), confirming the service status finding.
Benefits of the Approach
⚡ Instant Diagnostics
Instead of spending 15 minutes navigating remote desktop sessions, the analyst gets a complete "Health Card" in seconds.
🔍 Root Cause Analysis
The correlation between "Service Stopped" and "DCOM Failure events" helps pinpoint exactly why updates might be failing, rather than just knowing that they are failing.
📉 Proactive Maintenance
Identifying that the VirtualBox network driver (VBoxNetLwf) is throwing internal errors allows IT to update the driver before it causes a network outage for the user.
Result
With Myrmex analysis:
- ✅ Performance Validated: Confirmed hardware resources are abundant.
- ✅ Issue Isolated: Identified Windows Update service failure as the primary action item.
- ✅ Stability Confirmed: Ruled out hardware crashes or disk space as causes for any potential issues.
Prompt Variations
The same pattern can be used for other performance checks:
For network troubleshooting:
Check current network adapter throughput and list all active TCP connections
established by the 'chrome' process.
For boot analysis:
Get the last BIOS boot time and list the startup impact of all
applications configured to launch on sign-in.