On my system, from time to time there is an automatic mount/unmount of a plugged device. I guess it's done by some software on the machine. is there any way to monitor PnP mount/unmount events on the system and detect which application triggers the event (rather that uninstalling application after application)?
Asked
Active
Viewed 36 times
1 Answers
1
You can easily track events in the device manager (I am assuming Windows)
-Open Device manager -Find your device and Right Click -Select Properties -Click the Events Tab - select View All Events will take your to the event viewer with the filter for the device.
You can find quite a bit of data in - C:\Windows\INF\setupapi.dev.log (its hard to read but might help diagnose)
Or you can try USBLogView - http://www.nirsoft.net/utils/usb_log_view.html
Upgrayedd
- 141
- 1
- 1
- 5
-
But non of the suggested above can be used to find which software made the mount/unmount – Denis Aug 25 '15 at 16:20
-
@Denis - In the details of the events, you have ProcessID, and UserID. For most devices this will be PID 4 and `S-1-5-18` but it may have the actual process ID. If there process is not running anymore you can use [SysMon](https://technet.microsoft.com/en-ie/sysinternals/dn798348) to log all process starts and then wait to the next mount to happen. – Peter Hahndorf Aug 25 '15 at 16:46