I have a Windows 2012 R2 std. server with a memory leak. Something tells me that the leak started after we installed Symantic Endpoint protection 12.1.5 – but I am not sure. I tried to disable Symantic without any change to the memory leak.
Using RamMap I can see that The Nonpaged Pool grows ~1GB per day.
Using Poolmon, I can see that the “file” tag is the cause of the memory leak in the nonpaged pool.
How do I debug this further? I seems like “file” is a generic tag used for unknown files? Or I cant really search for that?
Any suggestion would be greatly appreciated..
Update:
Best Answer
Use XPerf/Windows Performance Analyzer to record pool allocations.
http://blogs.msdn.com/b/ntdebugging/archive/2012/11/30/troubleshooting-pool-leaks-part-7-windows-performance-toolkit.aspx