http://blogs.msdn.com/b/ntdebugging/archive/2006/12/18/understanding-poo l-consumption-and-event-id_3a00_--2020-or-2019.aspx
MmSt So if we see MmSt as the top tag for instance consuming far and away the largest amount, we can look at pooltag.txt and know that it's the memory manager and also using that tag in a search engine query we might get the more popular KB304101 which may resolve the issue! You can also use Ken's Article http://www.adopenstatic.com/cs/blogs/ken/archive/2006/07/10/Using-PoolMo n-_2800_Pool-Monitor_2900_-to-debug-kernel-memory-leaks.aspx findstr /l /m Sbap*.sys >From this article it looks like Kaspersky AV filter which is the SBAP Poolmon tag. http://forum.kaspersky.com/lofiversion/index.php/t152765.html Note that the SbAp module is occupying 165577272 bytes of nonpaged memory. Performing a string search inside the WINDIR\system32\drivers\ folder shows that its the klif driver. HTH Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -----Original Message----- From: Mike Leone [mailto:oozerd...@gmail.com] Sent: Thursday, April 07, 2011 1:54 PM To: NT System Admin Issues Subject: Troubleshooting Event ID 2019, using memsnap Lately, we;ve had a number of systems exhibit event ID 2019, "server was unable to allocate from the system non-paged pool because the pool was empty". The system eventually becomes unresponsive, and I have to reboot, to clear it. Something is causing a memory leak, but I'm having trouble figuring out what. I ran "memsnap -p memsnp.txt", to capture kernel pool information. Later, I went back and ran it again, and then did a "memsnap -a", to analyze. And the lines with the biggest change are something with a tag of "MmSt", with a change of ~2M bytes, and "SbAp" with a change of almost 9M. But what am I to make of this info? Where do I look to figure out what "MmSt: and "SbAp" are? And what program/process they belong to, so I can track down the culprit? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
