Windows 10 Create Event Viewer ID

ussnorway

Windows Forum Team

Staff member

Joined

May 22, 2012

Messages

4,533

• Oct 29, 2015

• #2

As calculator isn't a service it's hard to track in events… imo your best workaround would be to attach a rider like a firewall block or memory access (both can be tracked) but then the issue is timing i.e does this fictitious task goto the BITS control after a time out period or is it totally random and more importantly does if only have to run on a especially configured system setup to allow these no-standard events pass security?

 

Upvote 0 Downvote

B

borate

Senior Member

Joined

Oct 6, 2011

Messages

75

• Oct 29, 2015

• Thread Author
• #3

Thanks for the feedback. Tested the Firewall block; no effect. This BG process often kicks in after a SLEEP cycle. (The calculator is not being used, and hasn't been for days.) THAT I've dealt with.

But when the calc BG process pops ups randomly during a session - for no apparent reason - it has to be closed manually. I'd like to automate that either with a tool that spontaneously kills it, or one that generates an Event ID that I can utilize in Task Scheduler.

This behavior may be peculiar to MS store apps. I tested another calculator app from the MS store and it acted similarly, though in that case the BG process was listed as "store." When these processes run in the BG, keyboard initialed shortcuts lag by 5'. It's a bug that likely will never be fixed.

 

Upvote 0 Downvote

ussnorway

Windows Forum Team

Staff member

Joined

May 22, 2012

Messages

4,533

• Oct 30, 2015

• #4

borate said:

This behavior may be peculiar to MS store apps.

Click to expand...

If the app is from the Microsoft store then (by default) it wants to track your location, id and usage… the extra keyboard lag is normally a sign that the session is being recorded… basic monitoring should not be causing that much lag but you may also have some 3rd party software getting in the way.

borate said:

it has to be closed manually. I'd like to automate that

Click to expand...

Just [windows key] + [x] then [t]… find the offending app and hit the [end task] to kill it… you could script this to a desktop icon or mouse/ keyboard shortcut sequence to save time if it's something i.e. the same one, that is popping up a lot.

 

Upvote 0 Downvote

B

borate

Senior Member

Joined

Oct 6, 2011

Messages

75

• Oct 30, 2015

• Thread Author
• #5

Humm, interesting thought, but I don't think it's an MS monitoring issue as there is no shortcut lag if clicked or tapped - only when a SC is executed via a keystroke. And when it's in that lag state it applies to shortcuts for all programs, stored-sourced or not.

A batch file has been created to kill the process manually. It's that last automation step that is elusive. ^ Thanks for chiming in.

 

Upvote 0 Downvote

B

borate

Senior Member

Joined

Oct 6, 2011

Messages

75

• Nov 30, 2015

• Thread Author
• #6

Update, as of 11/30/15

After considerable experimentation it appears that the lag will occur when a STORE app (Calculator, for example) or "store" itself is listed in Task Manager background processes. Kill the process, and the lag vanishes. When the app is actually running, it is listed under APPS, not background processes. Then at random times, often after a sleep cycle or at boot, it will spontaneously appear as a background process - Calculator, (System) Settings, or Store.

The only effective way found here to get rid of these "rogue" processes is to kill them with a command line similar to this: "C:\Windows\SysWOW64\wbem\WMIC.exe process WHERE name="Calculator.exe" call terminate" - either via a shortcut or the Task Scheduler, perhaps triggering on an informational event in Event Viewer.

The speculated causes of this annoyance are discussed in this article and its embedded links... https://superuser.com/questions/426947/slow-windows-desktop-keyboard-shortcuts/957210#957210

Allegedly this is a longstanding issue, but I never experienced it prior to W10. It's disconcerting that an MS employee isn't assigned to regularly peruse Windows forums like these in order to spot problems, and report them to appropriate techs for resolution. The workarounds are an annoyance and the chances of a fix seem slim.

 

Upvote 0 Downvote

Saltgrass

Excellent Member

Microsoft Community Contributor

Joined

Oct 16, 2009

Messages

15,156

• Nov 30, 2015

• #7

This may not be related to your exact question, but what you are seeing are not "rogue" apps but a designed process. Ever since Windows 8, the apps require special actions to shut them down. In Windows 8 the window had to be dragged to the bottom of the screen. In 8.1 the window had to be dragged to the bottom and paused until it rotated. Since Windows 8, you could use Task Manager to End the Task but only Windows 10 requires that action.

Otherwise, the app can stay in a Suspended mode as you have noticed. From there, it can wake up, temporarily, to fill some need such as updating the advertising.

Some apps, even after being terminated using Task Manager, can show up again after a reboot and are almost impossible to kill.

If you want something to alert you to app activity, perhaps looking at the app controller or Host would be an option.

 

Upvote 0 Downvote

B

borate

Senior Member

Joined

Oct 6, 2011

Messages

75

• Dec 5, 2015

• Thread Author
• #8

Update, as of 12/5/15

Yes, these may be suspended processes. WHY they cause a lag is yet to be determined.

Speculated causes of this annoyance are discussed in this article and its embedded links... https://superuser.com/questions/426947/slow-windows-desktop-keyboard-shortcuts/957210#957210 where "Helen" posted a workaround...

Disable SUPERFETCH. Click START, type "services", <enter>, double-click on SUPERFETCH. Stop it. Disable it.

No performance hit has been noted by doing so, and shortcuts launched via keyboard no longer lag. Fingers crossed.

 

Upvote 0 Downvote

Neemobeer

Cloud Security Engineer

Staff member

Joined

Jul 4, 2015

Messages

8,998

• Dec 17, 2015

• #9

Even though this post is a little old I thought it would be fun to write a powershell script to do this. It loops through and finds processes defined in $watchlist and does the folowing

• Creates a balloon notification
• Stopped the process(es)
• Writes an event to the Application log

#Find and stop select processes

[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")

#Stop these processes
$watchlist = "notepad", "calculator"


#Show a Notification ballon when a process is stopped
Function Get-Notification([string]$Title, [string]$Message)
{

$notify = New-Object System.Windows.Forms.NotifyIcon

$notify.Icon = "C:\Users\Justin\Desktop\folder.ico"
$notify.BalloonTipIcon = "Error"
$notify.BalloonTipText = $Message
$notify.BalloonTipTitle = $Title

$notify.Visible = $True
$notify.ShowBalloonTip(5000)
}



#Loop checks all processes and sleeps for 5 seconds.
While($True)
{
$procs = Get-Process
ForEach($p In $procs)
{
ForEach($w In $watchlist)
{
if(($p).Name -eq $w)
{ Get-Notification -Title "Found $p" -Message "Process found, stopping"
Stop-Process $p
Write-EventLog -LogName Application -EntryType Information -EventId 9999 -Message "Stopped $p" -Source EventSystem -ErrorAction SilentlyContinue
}
}
}
Start-Sleep -s 5
}

 

Upvote 0 Downvote

Solution

B

borate

Senior Member

Joined

Oct 6, 2011

Messages

75

• Dec 17, 2015

• Thread Author
• #10

Very fine. Problem was solved as outlined in my most recent post, but I have filed your script for future reference.

Thanks for taking the time!

 

Upvote 0 Downvote