Monitor reports when the Resource Exhaustion Detector detects intermittent memory exhaustion
This machine is undergoing severe memory exhaustion issues! The user of this machine is most likely experiencing significant loss of productivity due to the state of the PC.
This health monitor turns RED when Windows 10 and above detects more than 3 memory exhaustion events in a day.
•The system commit charge requests have exceeded the amount of physical memory available, thus causing significant performance issues to the user of the system.
•There may be potential applications, which are leaking memory causing the system to enter into this state.
•Do understand that this can translate into a significant problem
1. Exiting the applications and restarting them (which the user would have been prompted to do) will cause the memory leaks in that session to be eliminated
2. Examine the payload of the event to understand the actual applications causing user problems; understand whether they are applications needed by the user or malware/spyware that needs to be eliminated.
3. If it is usage of legitimate applications that is causing this problem, consider increasing the amount of installed RAM for this machine to alleviate the loss of productivity.
| Target | Microsoft.Windows.Client.Win10.Aggregate.Computer |
| Parent Monitor | System.Health.PerformanceState |
| Category | StateCollection |
| Enabled | True |
| Alert Generate | False |
| Alert Auto Resolve | False |
| Monitor Type | Microsoft.Windows.RepeatedEventLogTimer2StateMonitorType |
| Remotable | True |
| Accessibility | Public |
| RunAs | System.PrivilegedMonitoringAccount |
Home
<UnitMonitor ID="Microsoft.Windows.Client.Win10.Computer.RADAR_Warning.Monitor" RunAs="System!System.PrivilegedMonitoringAccount" Accessibility="Public" ParentMonitorID="SystemHealth!System.Health.PerformanceState" Target="Microsoft.Windows.Client.Win10.Aggregate.Computer" TypeID="Windows!Microsoft.Windows.RepeatedEventLogTimer2StateMonitorType" Remotable="true" Enabled="true" Priority="Normal" ConfirmDelivery="false">
<Category>StateCollection</Category>
<OperationalStates>
<OperationalState ID="MemoryAdequate" HealthState="Success" MonitorTypeStateID="TimerEventRaised"/>
<OperationalState ID="MemoryLow" HealthState="Warning" MonitorTypeStateID="RepeatedEventRaised"/>
</OperationalStates>
<Configuration>
<RepeatedComputerName>
$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$
</RepeatedComputerName>
<RepeatedLogName>System</RepeatedLogName>
<RepeatedExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>Microsoft-Windows-Resource-Exhaustion-Detector</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>2004</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</RepeatedExpression>
<Consolidator>
<ConsolidationProperties/>
<TimeControl>
<WithinTimeSchedule>
<Interval>86400</Interval>
</WithinTimeSchedule>
</TimeControl>
<CountingCondition>
<Count>2</Count>
<CountMode>OnNewItemTestOutputRestart_OnTimerSlideByOne</CountMode>
</CountingCondition>
</Consolidator>
<TimerWaitInSeconds>86400</TimerWaitInSeconds>
</Configuration>
</UnitMonitor>