Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Sunday, July 24, 2016 6:50 PM
Hello all,
I've seen this problem on many forums, but unfortunately none of them provide an answer.
The issue is that wfpdiag.etl is constantly writing to hard disk with 32kb/s, the curious thing is that the file size never exceeds 128KB.
From what I read this file is related to Windows firewall and network, do you know if there is any way to stop this file from writing to hard disk?
Thank you,
Iulian
All replies (7)
Sunday, July 24, 2016 8:58 PM
Well on my system wfpdiag.etl has about a minute after boot as that last update, and is about 98k. Two of those one under All User and one ProgramData both in a wfp folder.
So can you check if it is third party software that maybe having some affect on this. Do a clean boot see if it does it then, and it does not when on a clean boot, follow the 'How to determine what is causing the problem by performing a clean boot' section.
Sunday, August 7, 2016 7:59 AM
Hello again,
Thank you for your response, apparently Bitdefender Internet Security (which manages Windows Firewall) is causing the above describes issue. From what I've read on forums wfpdiag.etl is a trace for diagnostic (probably located somewhere in Event Viewer).
Does anybody know how can I turn off this trace?
Thank you in advance,
Iulian
Sunday, August 7, 2016 12:40 PM
Can only suggest you log this on the https://forum.bitdefender.com/ hopefully someone there can advise.
Thursday, June 1, 2017 2:03 PM | 2 votes
Hi Iulian (and all others with the same problem),
today I found a simple solution for this problem. You can turn off writing to wfpdiag.etl with the following command (run as administrator):
netsh wfp set options netevents=off
Here is the background info. We were running into the same problem, only our systems where writing at a constant speed of 4MB/sec to this file. This impacted performance, otherwise it would probably have gone unnoticed. Our application uses winpcap, which loads a network driver (npf.sys) that inserts itself into the network stack. Right after a fresh windows boot, wfpdiag would not be written. Only after our application loaded the driver and exited, windows started writing at a constant speed - and only if the firewall was active for the public domain. My guess is that the driver does not clean up properly and wfp then begins logging tons of events to wfpdiag.etl, perhaps one for each network packet arriving at the link. And we have a 10G link with lots of traffic.
Disabling the "netevents" option simply turns off writing to wfpdiag.etl. The driver is probably still not cleaning up properly, but who cares. wfpdiag.etl stays quiet agan and the performance is back to normal.
This solution also fits the reports by other users, that wfpdiag.etl writing is somehow related to their antivirus software. This kind of software also comes with network stack filters and quite likely this also causes WFP (Windows Filtering Platform) to log events.
Regards
Hajo
(P.S. if this solves your problem, then please mark it as "Propose as answer", so others will find it. Thanks).
Lit Window Productions
Tuesday, September 5, 2017 6:00 AM
This worked for me. I have now added it to my list of must-do Powershell commands to run after installation.
netsh wfp set options netevents=off
Thank you!
Thursday, January 4, 2018 3:38 PM
Thanks and very informative.
Sunday, May 5, 2019 6:44 PM
You can turn off writing to wfpdiag.etl with the following command (run as administrator):
netsh wfp set options netevents=off
Before doing this, it might be reasonable to launch Event Viewer, and look at the corresponding log, in this case Applications and services Log - Microsoft - Windows - WFP logs folder. You can view individual logs, find out what Events cause excessive logging, and choose Disable Log for any of these logs if needed. Another approach to disable logging is described here.