1 2 Previous Next 10 Replies Latest reply on Jan 2, 2015 9:40 AM by londonsec

    mcafee access protection filter driver file mfeapfk causing memory leaks

    deepak85

      Hello,

       

      mcafee access protection filter driver file mfeapfk causing memory leaks.

       

      mfeapfkMemory:16774708K Avail: 6698900K  PageFlts:23483280   InRam Krnl: 2652K P:101584K

      Commit:10064760K       Pool N: 72,344K  P:104,804K     SystemUpTime(hours)=3.77

       

      Tag  Type     Allocs         Frees    Diff   Bytes    Per Alloc    Mapped_Driver

       

      MmCm Nonp     283731    283620       111 7152912      64440        [nt!mm - Calls made to MmAllocateContiguousMemory]

      MFEm Nonp       1537      1504        33 6293832     190722        [mfeavfk]

      NDpp Nonp       1236         0      1236 4910048       3972        [ndis.sys - packet pool]

      File Nonp    3459901   3430354     29547 4754936        160        [<unknown> - File objects]

      ElxA Nonp          5         0         5 4109200     821840        [elxplus]

      TPLA Nonp        768         0       768 3145728       4096        [ndis]

      Ntfr Nonp      60973     17855     43118 2760520         64        [ntfs][ntfs.sys - ERESOURCE]

      LSwi Nonp          1         0         1 2658304     2658304        [<unknown> - initial work context]

      MmCa Nonp     265916    242687     23229 2583280        111        [nt!mm - Mm control areas for mapped files]

      MFE0 Nonp   46834902  46808317     26585 2580928         97        [mfeapfk][mfeavfk][mfebopk][mfehidk][mferkdet][mfetdi2k]

      TCPt Nonp      61447     61402        45 2480264      55116        [tcpip]

      BCM0 Nonp         36         0        36 2342560      65071        [bxnd52x]

      Io   Nonp   11032727  11032501       226 2247168       9943        [nt!io - general IO allocations]

      elxs Nonp         15         1        14 2170944     155067        Unknown Driver

      Mm   Nonp    1048904   1048889        15 1365480      91032        [nt!mm - general Mm Allocations]

      VoSm Nonp         40        20        20 1122480      56124        [volsnap][volsnap.sys - Bitmap allocations]

      Thre Nonp      21428     19719      1709 1080088        632        [nt!ps - Thread objects]

      RcpI Nonp          1         0         1 1048576     1048576        [sacdrv][sacdrv.sys - Internal memory mgr initial heap block]

      Devi Nonp       2248      1721       527 1035112       1964        [<unknown> - Device objects]

      NtFs Nonp     748638    724569     24069  977992         40        [ntfs][ntfs.sys - StrucSup.c]

      Ntfn Nonp     287495    263422     24073  972984         40        [ntfs][ntfs.sys - SCB_NONPAGED]

      Mdl  Nonp     835910    830298      5612  918392        163        [<unknown> - Io, Mdls]

      Irp  Nonp    2418592   2416957      1635  699720        427        [<unknown> - Io, IRP packets]

      RaME Nonp          3         0         3  630784     210261        [storport]

       

       

      === Thu 12/18/2014 12:31:51 AM  ComputerName=BP1XILDB047  FreePTEs=146,526 ===

        ProcessTotalHandleCount=39,506;  SystemThreads=1,645;  SystemProcesses=133

       

      Memory:16774708K Avail: 6714320K  PageFlts:26350239   InRam Krnl: 2652K P:101968K

      Commit:10044492K       Pool N: 72,404K  P:105,204K     SystemUpTime(hours)=4.28

       

      Tag  Type     Allocs         Frees    Diff   Bytes    Per Alloc    Mapped_Driver

       

      MmCm Nonp     284878    284767       111 7152912      64440        [nt!mm - Calls made to MmAllocateContiguousMemory]

      MFEm Nonp       1537      1504        33 6293832     190722        [mfeavfk]

      NDpp Nonp       1236         0      1236 4910048       3972        [ndis.sys - packet pool]

      File Nonp    3889120   3859527     29593 4762472        160        [<unknown> - File objects]

      ElxA Nonp          5         0         5 4109200     821840        [elxplus]

      TPLA Nonp        768         0       768 3145728       4096        [ndis]

      Ntfr Nonp      63905     20593     43312 2772936         64        [ntfs][ntfs.sys - ERESOURCE]

      LSwi Nonp          1         0         1 2658304     2658304        [<unknown> - initial work context]

      MmCa Nonp     295347    272043     23304 2591872        111        [nt!mm - Mm control areas for mapped files]

      MFE0 Nonp   53802565  53775880     26685 2563824         96        [mfeapfk][mfeavfk][mfebopk][mfehidk][mferkdet][mfetdi2k]

      TCPt Nonp      84327     84282        45 2480264      55116        [tcpip]

      BCM0 Nonp         36         0        36 2342560      65071        [bxnd52x]

      Io   Nonp   12508970  12508747       223 2242960      10058        [nt!io - general IO allocations]

      elxs Nonp         15         1        14 2170944     155067        Unknown Driver

      Mm   Nonp    1048905   1048890        15 1365480      91032        [nt!mm - general Mm Allocations]

      VoSm Nonp         40        20        20 1122480      56124        [volsnap][volsnap.sys - Bitmap allocations]

      Thre Nonp      24287     22613      1674 1057968        632        [nt!ps - Thread objects]

      RcpI Nonp          1         0         1 1048576     1048576        [sacdrv][sacdrv.sys - Internal memory mgr initial heap block]

      Devi Nonp       2450      1923       527 1035112       1964        [<unknown> - Device objects]

      NtFs Nonp     823307    799134     24173  982152         40        [ntfs][ntfs.sys - StrucSup.c]

      Ntfn Nonp     321819    297642     24177  977144         40        [ntfs][ntfs.sys - SCB_NONPAGED]

      Mdl  Nonp     947945    942185      5760  937336        162        [<unknown> - Io, Mdls]

      Irp  Nonp    2422109   2420474      1635  701952        429        [<unknown> - Io, IRP packets]

       

      MmSt Paged     64020     38995     25025 29254288       1169        [nt!mm - Mm section object prototype ptes]

      Ntff Paged    419765    400818     18947 15460752        816        [ntfs][ntfs.sys - FCB_DATA]

      CM35 Paged       688       398       290 10186752      35126        Unknown Driver

      R100 Paged        47         2        45 5461800     121373        Unknown Driver

      NtfF Paged     13768      8622      5146 4816656        936        [ntfs.sys - FCB_INDEX]

      UlHT Paged         1         0         1 4198400     4198400        [http.sys - Hash Table]

      Wmit Paged        91        35        56 3539600      63207        [<unknown> - Wmi Trace]

      IoNm Paged   6896493   6874970     21523 3047256        141        [nt!io - Io parsing names]

      MFE* Paged       819       800        19 1712416      90127        [mfehidk]

      NtFs Paged    762971    736124     26847 1538200         57        [ntfs][ntfs.sys - StrucSup.c]

      MmSm Paged     29740      7570     22170 1418880         64        Unknown Driver

      FSim Paged     23659     12668     10991 1406848        128        [nt!fsrtl - File System Run Time Mcb Initial Mapping Lookaside

      Ntfc Paged     22757      6312     16445 1184040         72        [ntfs][ntfs.sys - CCB_DATA]

      FSrm Paged      5270      4773       497 1157224       2328        [nt!fsrtl - File System Run Time]

      CMDa Paged    114170    109130      5040 1129696        224        Unknown Driver

      CM25 Paged      1123      1101        22 1064960      48407        Unknown Driver

      Ttfd Paged      5015      3629      1386 1062032        766        [<unknown> - TrueType Font driver]

      Obtb Paged     20431     20072       359  900192       2507        [nt!ob - object tables via EX handle.c]

      CM16 Paged       252        48       204  897024       4397        Unknown Driver

      CMAl Paged       915       718       197  806912       4096        Unknown Driver

      Gla1 Paged      2582      2201       381  786384       2064        [win32k.sys - Gdi handle manager specific object types allocate

      Ntf0 Paged    841364    817408     23956  778544         32        [ntfs][ntfs.sys - general pool allocation]

      NtFS Paged      6503      4453      2050  722032        352        [ntfs][ntfs.sys - SecurSup.c]

      NtFB Paged     12145     12125        20  715952      35797        [ntfs][ntfs.sys - BitmpSup.c]

       

       

      === Thu 12/18/2014 1:02:56 AM  ComputerName=BP1XILDB047  FreePTEs=146,526 ===

        ProcessTotalHandleCount=40,606;  SystemThreads=1,658;  SystemProcesses=134

       

      Memory:16774708K Avail: 6701300K  PageFlts:29195812   InRam Krnl: 2652K P:103136K

      Commit:10069504K       Pool N: 72,532K  P:106,332K     SystemUpTime(hours)=4.80

       

      Tag  Type     Allocs         Frees    Diff   Bytes    Per Alloc    Mapped_Driver

       

      MmCm Nonp     286004    285893       111 7152912      64440        [nt!mm - Calls made to MmAllocateContiguousMemory]

      MFEm Nonp       1537      1504        33 6293832     190722        [mfeavfk]

      NDpp Nonp       1236         0      1236 4910048       3972        [ndis.sys - packet pool]

      File Nonp    4319742   4290005     29737 4784504        160        [<unknown> - File objects]

      ElxA Nonp          5         0         5 4109200     821840        [elxplus]

      TPLA Nonp        768         0       768 3145728       4096        [ndis]

      Ntfr Nonp      66657     23156     43501 2785032         64        [ntfs][ntfs.sys - ERESOURCE]

      LSwi Nonp          1         0         1 2658304     2658304        [<unknown> - initial work context]

      MmCa Nonp     325519    302104     23415 2604064        111        [nt!mm - Mm control areas for mapped files]

      MFE0 Nonp   59637556  59610512     27044 2593768         95        [mfeapfk][mfeavfk][mfebopk][mfehidk][mferkdet][mfetdi2k]

      TCPt Nonp      93148     93103        45 2480264      55116        [tcpip]

      BCM0 Nonp         36         0        36 2342560      65071        [bxnd52x]

      Io   Nonp   13983584  13983359       225 2251152      10005        [nt!io - general IO allocations]

      elxs Nonp         15         1        14 2170944     155067        Unknown Driver

      Mm   Nonp    1048905   1048890        15 1365480      91032        [nt!mm - general Mm Allocations]

      VoSm Nonp         40        20        20 1122480      56124        [volsnap][volsnap.sys - Bitmap allocations]

      Thre Nonp      27180     25496      1684 1064288        632        [nt!ps - Thread objects]

      RcpI Nonp          1         0         1 1048576     1048576        [sacdrv][sacdrv.sys - Internal memory mgr initial heap block]

      Devi Nonp       2600      2073       527 1035112       1964        [<unknown> - Device objects]

      NtFs Nonp     898416    874140     24276  986272         40        [ntfs][ntfs.sys - StrucSup.c]

      Ntfn Nonp     355434    331154     24280  981264         40        [ntfs][ntfs.sys - SCB_NONPAGED]

      Mdl  Nonp    1064709   1058988      5721  932344        162        [<unknown> - Io, Mdls]

      Irp  Nonp    2427677   2426061      1616  687248        425        [<unknown> - Io, IRP packets]

      RaME Nonp          3         0         3  630784     210261        [storport]

       

      MmSt Paged     68002     42854     25148 29456976       1171        [nt!mm - Mm section object prototype ptes]

      Ntff Paged    468018    448985     19033 15530928        816        [ntfs][ntfs.sys - FCB_DATA]

      CM35 Paged      1060       770       290 10186752      35126        Unknown Driver

      R100 Paged        47         2        45 5461800     121373        Unknown Driver

      NtfF Paged     14828      9664      5164 4833504        936        [ntfs.sys - FCB_INDEX]

      UlHT Paged         1         0         1 4198400     4198400        [http.sys - Hash Table]

      Wmit Paged        91        35        56 3539600      63207        [<unknown> - Wmi Trace]

      IoNm Paged   7687158   7665502     21656 3071064        141        [nt!io - Io parsing names]

      MFE* Paged       931       912        19 1712416      90127        [mfehidk]

      NtFs Paged    826416    799424     26992 1556776         57        [ntfs][ntfs.sys - StrucSup.c]

      FSrm Paged      5732      5141       591 1497816       2534        [nt!fsrtl - File System Run Time]

      MmSm Paged     30777      8511     22266 1425024         64        Unknown Driver

      FSim Paged     24414     13381     11033 1412224        128        [nt!fsrtl - File System Run Time Mcb Initial Mapping Lookaside

      Ntfc Paged     24010      7098     16912 1217664         72        [ntfs][ntfs.sys - CCB_DATA]

      CMDa Paged    122469    117227      5242 1163640        221        Unknown Driver

      CM25 Paged      1123      1101        22 1064960      48407        Unknown Driver

      Ttfd Paged      5015      3629      1386 1062032        766        [<unknown> - TrueType Font driver]

      Obtb Paged     22899     22538       361  904368       2505        [nt!ob - object tables via EX handle.c]

      CM16 Paged       283        79       204  897024       4397        Unknown Driver

      CMAl Paged       915       718       197  806912       4096        Unknown Driver

      Gla1 Paged      2949      2565       384  792576       2064        [win32k.sys - Gdi handle manager specific object types allocate

      Ntf0 Paged    919058    895046     24012  779888         32        [ntfs][ntfs.sys - general pool allocation]

      NtFS Paged      6771      4705      2066  727152        351        [ntfs][ntfs.sys - SecurSup.c]

      NtFB Paged     13696     13676        20  715952      35797        [ntfs][ntfs.sys - BitmpSup.c]

       

       

      === Thu 12/18/2014 1:34:01 AM  ComputerName=BP1XILDB047  FreePTEs=146,526 ===

        ProcessTotalHandleCount=40,291;  SystemThreads=1,649;  SystemProcesses=133

       

      Memory:16774708K Avail: 6701732K  PageFlts:32792311   InRam Krnl: 2656K P:112024K

      Commit:10063492K       Pool N: 73,436K  P:115,244K     SystemUpTime(hours)=5.32

       

      Tag  Type     Allocs         Frees    Diff   Bytes    Per Alloc    Mapped_Driver

       

      MmCm Nonp     287162    287051       111 7152912      64440        [nt!mm - Calls made to MmAllocateContiguousMemory]

      MFEm Nonp       1537      1504        33 6293832     190722        [mfeavfk]

      File Nonp    5540071   5508642     31429 5058328        160        [<unknown> - File objects]

      NDpp Nonp       1236         0      1236 4910048       3972        [ndis.sys - packet pool]

      ElxA Nonp          5         0         5 4109200     821840        [elxplus]

      TPLA Nonp        768         0       768 3145728       4096        [ndis]

      Ntfr Nonp      71451     25408     46043 2947720         64        [ntfs][ntfs.sys - ERESOURCE]

      MmCa Nonp     357114    331996     25118 2795040        111        [nt!mm - Mm control areas for mapped files]

      LSwi Nonp          1         0         1 2658304     2658304        [<unknown> - initial work context]

      MFE0 Nonp   65253520  65226566     26954 2573768         95        [mfeapfk][mfeavfk][mfebopk][mfehidk][mferkdet][mfetdi2k]

      TCPt Nonp     101487    101442        45 2480264      55116        [tcpip]

      BCM0 Nonp         36         0        36 2342560      65071        [bxnd52x]

      Io   Nonp   15479760  15479537       223 2242960      10058        [nt!io - general IO allocations]

      elxs Nonp         15         1        14 2170944     155067        Unknown Driver

      Mm   Nonp    1048905   1048890        15 1365480      91032        [nt!mm - general Mm Allocations]

      VoSm Nonp         40        20        20 1122480      56124        [volsnap][volsnap.sys - Bitmap allocations]

      NtFs Nonp    1755108   1728841     26267 1065912         40        [ntfs][ntfs.sys - StrucSup.c]

      Ntfn Nonp     428838    402539     26299 1065872         40        [ntfs][ntfs.sys - SCB_NONPAGED]

      Thre Nonp      30005     28326      1679 1061128        632        [nt!ps - Thread objects]

      RcpI Nonp          1         0         1 1048576     1048576        [sacdrv][sacdrv.sys - Internal memory mgr initial heap block]

      Devi Nonp       2760      2233       527 1035112       1964        [<unknown> - Device objects]

      Mdl  Nonp    1205558   1199555      6003  968520        161        [<unknown> - Io, Mdls]

      Irp  Nonp    2432682   2430984      1698  736056        433        [<unknown> - Io, IRP packets]

      CcSc Nonp     196601    194587      2014  644480        320        [nt!cc - Cache Manager Shared Cache Map]

       

      MmSt Paged     73508     46644     26864 33138736       1233        [nt!mm - Mm section object prototype ptes]

      Ntff Paged    557430    537652     19778 16138848        816        [ntfs][ntfs.sys - FCB_DATA]

      CM35 Paged      1444      1142       302 11530240      38179        Unknown Driver

      NtfF Paged     17228     10831      6397 5987592        936        [ntfs.sys - FCB_INDEX]

      R100 Paged        47         2        45 5461800     121373        Unknown Driver

      UlHT Paged         1         0         1 4198400     4198400        [http.sys - Hash Table]

      Wmit Paged        91        35        56 3539600      63207        [<unknown> - Wmi Trace]

      IoNm Paged   9269135   9246871     22264 3155096        141        [nt!io - Io parsing names]

      NtFs Paged   2205108   2175382     29726 1762184         59        [ntfs][ntfs.sys - StrucSup.c]

      MFE* Paged      1005       986        19 1712416      90127        [mfehidk]

      FSim Paged     26726     14229     12497 1599616        128        [nt!fsrtl - File System Run Time Mcb Initial Mapping Lookaside

      MmSm Paged     33414      9430     23984 1534976         64        Unknown Driver

      Ntfc Paged     25564      8546     17018 1225296         72        [ntfs][ntfs.sys - CCB_DATA]

      CMDa Paged    127441    122083      5358 1177856        219        Unknown Driver

      CM25 Paged      1123      1101        22 1064960      48407        Unknown Driver

      Ttfd Paged      5015      3629      1386 1062032        766        [<unknown> - TrueType Font driver]

      FSrm Paged      7515      6922       593 1057912       1784        [nt!fsrtl - File System Run Time]

      Obtb Paged     25316     24956       360  904288       2511        [nt!ob - object tables via EX handle.c]

      CM16 Paged       315       110       205  901120       4395        Unknown Driver

      Ntfo Paged     31706     25345      6361  874248        137        [ntfs][ntfs.sys - SCB_INDEX normalized named buff

        1 2 Previous Next