How to get a list of processes with disk activity on Windows

Nowadays, it’s important to secure your computer. That also involves monitoring unusual behavior, for example a lot of disk activity while you are idle. Thanks to Windows, we have all the tools we need for that already.

processes with disk activity

While it is a good idea to be aware of processes with a high disk activity, it is important to know that most trojans hide as regular processes with common names, so even if you look up a process online and it turns out to be safe you can still be a victim of a trojan. To be sure there are no trojans, download one of our Top 5 antispyware tools

Getting The List

1. Step First of all, close all of your programs to simplify this process.
2. Step Next open the Windows 7 task manager via CTRL + ALT + DEL (click at the bottom on start task manager)
3. Step Go to the tab Performance when after opening the Windows task manager
4. Step At the bottom there’s a button called Resource Monitor… with an admin icon, click on it.
5. Step Now get familiar with the UI of the resource monitor if you don’t use this tool a lot
6. Step When you’re done go to the tab Disk
7. Step Uncollapse the field Processes with Disk Activity
8. Step There are different columns, PID, Read (B/sec), Write /B/sec) and Total (B/sec) that are important
9. Step Click on the column name Write (B/sec) to sort all process with disk activity that are currently writing to your disk
10. Step Now analyse the processes that are very active (although all programs are closed)
11. For further analysis right-click on a suspicious process and click on Search Online

Analyze processes with suspicious disk activity

12. It should open a Google search for the process name
13. Append a “what is” at the beginning for even more explanations
14. Create a list of whitelist and blacklist processes. Put all suspicious processes on a list and do some research on

I hope this will help some of you to find all suspicious processes with disk activity. Obviously, many viruses also use names of common applications and Windows files.

Warning: Do you have processes that have a name very similar to Windows processes. Let’s say svhost.exe instead of svchost.exe?


Viruses often use very similar names to confuse you. Make sure to properly read the names and identify them.


Cybersecurity Awareness Month

October is Cybersecurity Awareness Month. Missed any of our previous guides? You can find them here:

5 of 5 0 (100%) 1 vote
- Cheers!

Written by:
Oliver is the founder and lead editor of this site. He is interested in finding new ways to break Windows, find common errors and help others to fix them. Aside from that, he loves to fully customize systems with Rainmeter and Dreamscene, find out more about ancient civilizations like the Chachapoya, sharpen his digital photography skills and create software with a small group of selected developers. If you would like to connect with him to discuss anything, send him a mail!

Learn More About.Me

Follow me on Twitter for daily updates:

Contact The Author:

Get Free Help

Connect With Our Site:



Need help? Ask a question at our QA site, click the red button to get started:
Want to support us? Great, simply buy your favorite games from G2A via our referral link ( and save money at the same time:

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Current day month ye@r *