Windows Explorer Memory Leak

Hi Rick,

I'm Amr, an Independen advisor, and a fellow Microsoft customer. I’m happy to look into this for you.

I understand that you're having a problem with a memory leak in Windows Explorer on your AMD-based PCs. You've tried updating Windows and AMD drivers, but the problem persists. You've also tried removing any third-party handles, but the problem still occurs.
You've noticed that Explorer sets a commit of about 3.27MB periodically and that this roughly equals the overage in working set memory. You've also noticed that restarting Explorer clears the working set memory and RAM usage goes back to normal. This makes you believe that there is a handle leak, but you can't find the cause.
Here are a few things you can try to do to find the cause of the memory leak:
1. Disable any unnecessary services. Some services can run in the background and use up system resources, even if you are not using them. Disabling unnecessary services can free up memory and improve performance.
2. Run a memory diagnostic tool. A memory diagnostic tool can scan your system for memory errors. If there are any errors, the tool can fix them.
you can run a memory diagnostic tool by following these steps: .Press Windows+R to open the Run dialog box. . Type "mdsched.exe" and press Enter. . In the Memory Diagnostic window, select the Restart now and check for the problems (recommended) option. . Click on the Restart button. . Your computer will restart and begin scanning for memory errors.
Once the scan is complete, your computer will restart again.
You can view the results of the scan in the Event Viewer.
To do this, open Event Viewer and navigate to Windows Logs > Memory.
3. Use the Windows Debugger to attach to Explorer and step through the code to see where the leak is occurring, please follow this link to guide you on how to download and install it.

https://www.tomshardware.com/how-to/use-windows...
4. Use the Windows Performance Toolkit to collect a memory dump of Explorer when the problem occurs. This will allow you to analyze the dump and identify the module that is causing the leak.
To do so : .Download and install the Windows Performance Toolkit, please follow this link to guide you on how to download and install it.
https://www.tenforums.com/tutorials/117625-down...
. Once the Windows Performance Toolkit is installed, open a command prompt as an administrator.
. In the command prompt, type the following command: "wpr -start ReferenceSet" Once the ReferenceSet is started, reproduce the problem that is causing the memory leak.
. Once the problem has occurred, type the following command to stop the ReferenceSet: "wpr -stop ReferenceSet" . The Windows Performance Toolkit will create a memory dump file in the current directory.
Note: These are non-Microsoft websites. The page appears to be providing accurate, safe information. Watch out for ads on the site that may advertise products frequently classified as PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the site before you decide to download and install it.
I hope this helps, please feel free to reply to this if you need any further Assistance.
This is a user-to-user support forum. We're users just like you helping other users to find solutions to their problems.
Kindly

Amr

To give back to the community, help the next person who encounters this problem by indicating whether this reply solved your problem, by clicking yes or no below.

Hi Amir,

I realize these are unofficial support forums but I have found some useful information from reading through questions from other users. I appreciate your response! I decided to reach out here because there are some really helpful independent advisors on these forums that have started me on this troubleshooting path and I have learned a lot in the past few months.

I forgot to mention I have also ran "sfc /scannow" and "DISM.exe /Online /Cleanup-image /Restorehealth"

I have already done most of the steps you have suggested;

I have run a WPR multiple times but it is difficult to locate the issue. In a couple of days, I will run the WPR again and try to post a screenshot of the handles and memory when the PC is near critical. I can see handles being opened and some are closed but I am not sure if I am looking at an issue or if it's normal. BTW if you add the directory after the WPR - stop command you can put it anywhere. ie "wpr -stop ReferenceSet C:\handle.etl"

As for memory check, I can do it on one of the PC's but it's difficult as these PC's don't often get restarted and run the same applications at all times. I did not suspect faulty memory as the issue is occurring on multiple PC's with the same chipset. The likelihood of faulty memory on all the PC's is extremely remote. The non-Microsoft applications that are running on them are clean and running on hundreds of Intel-based PC's that we have. We have found memory leaks on some of the Intel-based PC's but we were able to pinpoint the raid controllers causing the issues and they were fixed via a driver update.

I have disabled any services that are not being used, and even some Windows services while I troubleshoot which have been known to cause issues with performance like superfetch (sysmain), NDU (setting to 4 in the registry, which I believe disables it), indexing, windows search and windows experience. Anything that would be classified as unnecessary overhead while trying to troubleshoot.

I have also added an entry for Multi-Plane Overlay in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Dwm - Entry OverlayTestMode DWORD Value of 00000005. I did this as DWM also gets mildly high but I am not sure if it's normal and does not get even close to the 1-2GB that explorer.exe reaches. Also, MPO has been known to cause issues with AMD display drivers with flickering and memory (I have recently enabled this and am unsure if this has yet to have an effect).

I had to reset explorer.exe on all the PC's before I decided to reach out here because I needed to start another project.

Here are the tools I have acquired through my extensive research on these forums and elsewhere which I have been using to try and locate the leak.

poolmon

processexplorer

RAMMap

VMMap

WPR

Shexview-x64 ( to disable and non-Microsoft handles )

Recently found ProcessHacker 2 ( combines a lot of these tools into one UI )

I used xperf in the past and might go back to trying to view those logs again but I feel I'm going in circles at this point.

I will run the Windows debugger as soon as the PC gets closer to a critical level. If there is anything from these tools that I could post that would help assist me please let me know. If you can point me possibly to a source that would explain what to look for in the Windows debugger logs? I will look for this information as well, possibly in one of the sources you listed.

Rick

I have waited a week and took screenshots to show what I am looking at. As you can see Explorer keeps setting just over 3.27 MB in commit for section handles but I can't link it to anything. Restarting explorer clears the working set memory and usage goes down to the normal 50% or so.

Explorer in task manager:

VMMap before explorer task restart:

VMMap after explorer restart:

Process Hacker 2 Info:

General:

Memory:

Handles:

Threads:

If anyone has any insight into this I would appreciate it. This is still a frustrating ongoing issue.

Hi Rick,

Were you able to find a solution to this? Seeing similar behavior on a friend's machine with AMD CPU and AMD GPU. I saw you posted on tenforums as well, I can't find any other iterations of the issue online. Thanks!

- Jesse

Hi Jessie, unfortunately, I have not had any movement on this but I if there is a solution I will update this post.

Hi,

Although I have an Intel CPU, I am also dealing with this issue and would love to see a fix.

Once I relaunch explorer, it starts at ~130-170MB memory usage.

When the issue is triggered, it continuously increases, and I have seen it above 2GB.

At that point, I also cannot use certain functions, such as right-clicking onto the taskbar to launch the task manager, other things unresponsive to clicking such as the extended tray icons (^ icon on the right), etc.

Here: https://answers.microsoft.com/en-us/windows/forum/all/windows-11-memory-leak/d5771b34-dd15-473f-af0c-28b5c6058a31

Nord VPN was proposed as the cause, and I do have that.

Do you also have the Nord VPN app installed?

Cheers,

GT

I have seen the same issue after the June or July Windows updates and Motherboard BIOS update. I am using AMD Ryzen 9 3900X, TUF GAMING X570-PLUS(latest BIOS), Windows 11 Pro latest version. I only have Firefox and Chrome running, the Windows Explorer memory usage keeps going up even though no folder is opened. I've disabled all startup apps. I suspect the issue could be caused by this new BIOS update.

TUF GAMING X570-PLUS (WI-FI) BIOS 4802

"1. Update AGESA version to ComboV2PI 1.2.0.A
2. Mitigate the AMD potential security vulnerabilities for AMD Athlon™ processors and Ryzen™ processors
3. Improve system stability"

Same story here! AMD Ryzen 5800H (I don't know if it connected with AMD)

Few weeks ago I updated to Windows 11 and sometimes start to see extreme lags of my system. Checked by ProcessHacker I saw 15-20 GB (!!!) of memory usage by Explorer. It's crazy!

Restarting Explorer helps, but only for some time (few hours). And then again. 2-3 times I'm doing this during my working day (8-10 hours).

I have minimum applications, mostly using Firefox and Windows Terminal. Explorer I'm never using as a file manager (for me enough FAR Manager in terminal). I have official drivers from Lenovo only.

Have no idea what can cause this behavior. I join this thread to find the solution together.