Create Event Viewer ID

Discussion in 'Windows 10 Help and Support' started by borate, Oct 28, 2015.

  1. borate

    borate Senior Member

    Joined:
    Oct 6, 2011
    Messages:
    75
    Likes Received:
    3
    The object is to create a unique Event Viewer ID that appears when a specific background process starts - Windows 10 Calculator, for example.

    When calculator is in use, it is listed only in the Task Manager APPS area. However, when it's not running it randomly appears only as a background task. This is what should trigger the event. The ID should not be generated when calculator is launched or in use.

    I am not a code or script writer, so this advice would have to be simple to follow. Clues or referrals will be much appreciated.
     
    #1 borate, Oct 28, 2015
    Last edited: Oct 28, 2015
  2. ussnorway

    ussnorway Windows Forum Team
    Staff Member Premium Supporter

    Joined:
    May 22, 2012
    Messages:
    2,535
    Likes Received:
    315
    As calculator isn't a service it's hard to track in events… imo your best workaround would be to attach a rider like a firewall block or memory access (both can be tracked) but then the issue is timing i.e does this fictitious task goto the BITS control after a time out period or is it totally random and more importantly does if only have to run on a especially configured system setup to allow these no-standard events pass security?
     
  3. borate

    borate Senior Member

    Joined:
    Oct 6, 2011
    Messages:
    75
    Likes Received:
    3
    Thanks for the feedback. Tested the Firewall block; no effect. This BG process often kicks in after a SLEEP cycle. (The calculator is not being used, and hasn't been for days.) THAT I've dealt with.

    But when the calc BG process pops ups randomly during a session - for no apparent reason - it has to be closed manually. I'd like to automate that either with a tool that spontaneously kills it, or one that generates an Event ID that I can utilize in Task Scheduler.

    This behavior may be peculiar to MS store apps. I tested another calculator app from the MS store and it acted similarly, though in that case the BG process was listed as "store." When these processes run in the BG, keyboard initialed shortcuts lag by 5'. It's a bug that likely will never be fixed.
     
  4. ussnorway

    ussnorway Windows Forum Team
    Staff Member Premium Supporter

    Joined:
    May 22, 2012
    Messages:
    2,535
    Likes Received:
    315
    If the app is from the Microsoft store then (by default) it wants to track your location, id and usage… the extra keyboard lag is normally a sign that the session is being recorded… basic monitoring should not be causing that much lag but you may also have some 3rd party software getting in the way.

    Just [windows key] + [x] then [t]… find the offending app and hit the [end task] to kill it… you could script this to a desktop icon or mouse/ keyboard shortcut sequence to save time if it's something i.e. the same one, that is popping up a lot.
     
  5. borate

    borate Senior Member

    Joined:
    Oct 6, 2011
    Messages:
    75
    Likes Received:
    3
    Humm, interesting thought, but I don't think it's an MS monitoring issue as there is no shortcut lag if clicked or tapped - only when a SC is executed via a keystroke. And when it's in that lag state it applies to shortcuts for all programs, stored-sourced or not.

    A batch file has been created to kill the process manually. It's that last automation step that is elusive. ^ Thanks for chiming in.
     
  6. borate

    borate Senior Member

    Joined:
    Oct 6, 2011
    Messages:
    75
    Likes Received:
    3
    Update, as of 11/30/15

    After considerable experimentation it appears that the lag will occur when a STORE app (Calculator, for example) or "store" itself is listed in Task Manager background processes. Kill the process, and the lag vanishes. When the app is actually running, it is listed under APPS, not background processes. Then at random times, often after a sleep cycle or at boot, it will spontaneously appear as a background process - Calculator, (System) Settings, or Store.

    The only effective way found here to get rid of these "rogue" processes is to kill them with a command line similar to this: "C:\Windows\SysWOW64\wbem\WMIC.exe process WHERE name="Calculator.exe" call terminate" - either via a shortcut or the Task Scheduler, perhaps triggering on an informational event in Event Viewer.

    The speculated causes of this annoyance are discussed in this article and its embedded links... https://superuser.com/questions/426947/slow-windows-desktop-keyboard-shortcuts/957210#957210

    Allegedly this is a longstanding issue, but I never experienced it prior to W10. It's disconcerting that an MS employee isn't assigned to regularly peruse Windows forums like these in order to spot problems, and report them to appropriate techs for resolution. The workarounds are an annoyance and the chances of a fix seem slim.
     
  7. Saltgrass

    Saltgrass Excellent Member
    Microsoft Community Contributor

    Joined:
    Oct 16, 2009
    Messages:
    15,157
    Likes Received:
    393
    This may not be related to your exact question, but what you are seeing are not "rogue" apps but a designed process. Ever since Windows 8, the apps require special actions to shut them down. In Windows 8 the window had to be dragged to the bottom of the screen. In 8.1 the window had to be dragged to the bottom and paused until it rotated. Since Windows 8, you could use Task Manager to End the Task but only Windows 10 requires that action.

    Otherwise, the app can stay in a Suspended mode as you have noticed. From there, it can wake up, temporarily, to fill some need such as updating the advertising.

    Some apps, even after being terminated using Task Manager, can show up again after a reboot and are almost impossible to kill.

    If you want something to alert you to app activity, perhaps looking at the app controller or Host would be an option.
     
    ussnorway likes this.
  8. borate

    borate Senior Member

    Joined:
    Oct 6, 2011
    Messages:
    75
    Likes Received:
    3
    Update, as of 12/5/15

    Yes, these may be suspended processes. WHY they cause a lag is yet to be determined.

    Speculated causes of this annoyance are discussed in this article and its embedded links... https://superuser.com/questions/426947/slow-windows-desktop-keyboard-shortcuts/957210#957210 where "Helen" posted a workaround...

    Disable SUPERFETCH. Click START, type "services", <enter>, double-click on SUPERFETCH. Stop it. Disable it.

    No performance hit has been noted by doing so, and shortcuts launched via keyboard no longer lag. Fingers crossed.
     
  9. Neemobeer

    Neemobeer Windows Forum Team
    Staff Member

    Joined:
    Jul 4, 2015
    Messages:
    2,408
    Likes Received:
    363
    Even though this post is a little old I thought it would be fun to write a powershell script to do this. It loops through and finds processes defined in $watchlist and does the folowing
    • Creates a balloon notification
    • Stopped the process(es)
    • Writes an event to the Application log
    #Find and stop select processes

    [void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")

    #Stop these processes
    $watchlist = "notepad", "calculator"


    #Show a Notification ballon when a process is stopped
    Function Get-Notification([string]$Title, [string]$Message)
    {

    $notify = New-Object System.Windows.Forms.NotifyIcon

    $notify.Icon = "C:\Users\Justin\Desktop\folder.ico"
    $notify.BalloonTipIcon = "Error"
    $notify.BalloonTipText = $Message
    $notify.BalloonTipTitle = $Title

    $notify.Visible = $True
    $notify.ShowBalloonTip(5000)
    }



    #Loop checks all processes and sleeps for 5 seconds.
    While($True)
    {
    $procs = Get-Process
    ForEach($p In $procs)
    {
    ForEach($w In $watchlist)
    {
    if(($p).Name -eq $w)
    { Get-Notification -Title "Found $p" -Message "Process found, stopping"
    Stop-Process $p
    Write-EventLog -LogName Application -EntryType Information -EventId 9999 -Message "Stopped $p" -Source EventSystem -ErrorAction SilentlyContinue
    }
    }
    }
    Start-Sleep -s 5
    }
     
    ussnorway likes this.
  10. borate

    borate Senior Member

    Joined:
    Oct 6, 2011
    Messages:
    75
    Likes Received:
    3
    Very fine. Problem was solved as outlined in my most recent post, but I have filed your script for future reference.

    Thanks for taking the time!
     

Share This Page

Loading...