Windows default checks and policies

Australia IT Operations Management

Release

australia

ft:locale

fr-FR

ft:publication_title

Australia IT Operations Management

ft:clusterId

itom

bundleId

itom

workflow

Technology

Windows default checks and policies

Rversion finale: Australia

Mis à jour 12 mars 2026

15 minutes de lecture

Agent Client Collector provides the following default checks and policies for Windows health monitoring.

Windows event monitoring checks

Tableau 1. Windows OS Events policy
Check	Description	Usage and Example	Output
os.windows.check-event-log	Measures the Windows event log against parameter thresholds and returns a CRITICAL\WARNING\OK event.	Usage: -w warning - Triggers a WARNING event if the event log count matching the pattern is above the WARNING parameter value specified in the check parameter. -c critical - Triggers a CRITICAL event if the event log count matching the pattern is above the CRITICAL parameter value specified in the check parameter. -e event level - Specifies the severity level of the event. Possible values: Information, Verbose, Critical, Warning, Error. -i - Unique event ID -d - The duration of time, in hours, in which you want to retrieve events from the Windows event log. Usage example: `winchecks check-windows-event-log -w 5 -c 10 -e "Information" -l "Application" -d 24`	Check Event Log OK: The Event Log that matches the pattern is <matched count>
os.windows.check-event-log-count	Measures the Windows event log against parameter thresholds and returns a CRITICAL\WARNING\OK event. Provides information on the number of events that have occurred within a specified duration for a single log file and a single ID. Also indicates the filters to be applied to retrieve events for a specific single-valued windows event level and provider name. Retrieving events from multiple log files is not supported. The number of events is provided, without details of each and every event.	Usage: -w warning - Triggers a WARNING event if the event log count matching the pattern is above the WARNING parameter value specified in the check parameter. -c critical - Triggers a CRITICAL event if the event log count matching the pattern is above the CRITICAL parameter value specified in the check parameter. -l log_file - The log file to be monitored. Name of the file is written in double quotation marks. -r regex_pattern - The regex pattern which filters out the description in the event log. Written in double quotation marks. -e event level - Specifies the severity level of the event. Possible values: Information, Verbose, Critical, Warning, Error. -i id - Unique event ID -d duration_hour - The duration of time, in hours, in which you want to retrieve events from the Windows event log. Decimal points can be used; for example, 30 minutes - 0.5. -p provider_name - Source of the event, written in double quotation marks. Usage example: `winchecks check-windows-event-log -w 5 -c 10 -e "Information" -l "Application" -d 24`	Check Event Log OK: The Event Log that matches the pattern is <matched count>
os.windows.check-event-log-details	Collects and filters Windows Event logs based on the `duration_hour`, `event_log_level` and `log_file` values. Retrieves and filters Windows event logs according to the provided parameters. It returns details about the events with CRITICAL, WARNING, or OK status, based on the specified severity level.	Usage: -d duration_hour - Duration (in hours) from the current time to filter events (Default: 24). -e event_log_level - Filter the events based on the event level. Possible values are: Information, Verbose, Critical, Warning, Error. Multiple values are comma-separated (Default: Information). For example: Information, Warning -i id - Filters events based on the specified event IDs. For multiple IDs, values are comma-separated and enclosed in double quotation marks. For example: "1257, 1001" -l log_file - Specifies the log file name to filter events. The name of the file is written in double quotation marks. Supports creating custom files and multiple values are comma-separated. (Default: Application). For example: "Application, System" -p provider_name - The name of the event provider, enclosed in double quotation marks. -r regex_pattern - Filters events by matching the event message with the specified pattern. Value must be enclosed in double quotation marks. -s servicenow_event_severity - Creates a servicenow event with the value given in this parameter. Possible values are: Critical, Warning and OK. Usage example: `winchecks check-windows-event-log-details -d 24 -l Application -e Warning -r "*" -s Warning`	Check Event Log Details WARNING: Type: Information, Category: Application, Machine: ws19-inc0061393.LOCAL.LAB, Event_ID: 1704, Message: Security policy in the Group policy objects has been applied successfully., TimeCreated: 10/14/2024 12:09:35 AM. Type: Information, Category: Application, Machine: ws19-inc0061393.LOCAL.LAB, Event_ID: 16384, Message: Successfully scheduled Software Protection service for restart at 2124-09-20T06:25:44Z. Reason: Rules Engine, TimeCreated: 10/13/2024 11:25:44 PM. Type: Information, Category: Application, Machine: ws19-inc0061393.LOCAL.LAB, Event_ID: 16394, Message: Offline downlevel migration succeeded., TimeCreated: 10/13/2024 11:24:19 PM. Type: Information, Category: Application, Machine: ws19-inc0061393.LOCAL.LAB, Event_ID: 8224, Message: The VSS service is shutting down due to idle timeout., TimeCreated: 10/13/2024 11:51:36 AM.
os.windows.check-disk-name	Takes the storage drive name as input and verifies if the drive is present. Returns a CRITICAL\WARNING\OK value based on the parameter provided.	winchecks check-windows-disk-name <options> -d : Disk name (Default = C) Usage example:`winchecks check-windows-disk-name -d C`	Windows Checks OK: Disk storage C is present.
os.windows.check-processor-queue-length	Measures the process queue length against thresholds and returns a CRITICAL\WARNING\OK event according to the thresholds given in the accompanying parameters.	Usage: -w warning - Triggers a WARNING event if the processor queue length count matching the pattern is above the WARNING parameter value specified in the check parameter. -c critical - Triggers a CRITICAL event if the processor queue length count matching the pattern is above the CRITICAL parameter value specified in the check parameter. Usage example: `winchecks check-windows-processor-queue-length -w 5 -c 10`	Processor Queue Length OK: The Processor Queue length is 0.00
os.windows.check-system-cpu-load	Checks CPU Load by using typeperf. Measures the CPU load against configured thresholds and returns a CRITICAL\WARNING\OK event according to the thresholds given in the accompanying parameters.	Usage: -w warning - Triggers a WARNING event if the CPU load count matching the pattern is above the WARNING parameter value specified in the check parameter. -c critical - Triggers a CRITICAL event if the CPU load count matching the pattern is above the CRITICAL parameter value specified in the check parameter. Usage example: `winchecks check-windows-cpu-load -w 85 -c 95`	CPU Load OK: The total CPU utilization is 26.92%
os.windows.check-system-disk	Measures the free physical memory against thresholds and returns a CRITICAL\WARNING\OK event according to the thresholds given in the accompanying parameters.	Usage: -w warning - Triggers a WARNING event if the event log percentage matching the pattern is above the WARNING parameter value specified in the check parameter. -c critical - Triggers a CRITICAL event if the event log percentage matching the pattern is above the CRITICAL parameter value specified in the check parameter. -t fs_type - Checks only volumes with the specified filesystem types. -m mount_points - Checks only the specified mount points. -x ignore_type - Skip volumes with the specified filesystem types. -i ignore_mnt - Skip the specified mount points when collecting disk usage. Returns an error if a specified mount point does not exist in the system. -r ignore_mnt_regex - Skip volumes whose names match the given regular expression. -l ignore_label - Skip volumes whose labels match the given regular expression. Usage example: `winchecks check-windows-disk -w 85 -c 95`	Disk Usage Check OK: The disk usage is %
os.windows.check-system-memory-percent	Collects the RAM usage. Measures the memory usage against configured thresholds and returns a CRITICAL\WARNING\OK event according to the thresholds given in the accompanying parameters.	Usage: -w warning - Triggers a WARNING event if the memory use percentage matching the pattern is above the WARNING parameter value specified in the check parameter. -c critical - Triggers a CRITICAL event if the memory use percentage matching the pattern is above the CRITICAL parameter value specified in the check parameter. Usage example: `winchecks check-windows-ram -w 85 -c 95`	RAM Usage OK: The total memory utilization is 84%
os.windows.check-system-process	Query running processes to find running processes that match the given arguments (pattern, name, both pattern and name. At least one must be given). Measures the running processes against configured thresholds and filters, returns a CRITICAL\WARNING\OK event according to the thresholds given in the accompanying parameters.	Usage: -n name - Process executable name to check the process execution. -p pattern - Pattern (sub string) to search for in the command that invoked the process. Produces valid results only if the user running the Agent owns the queried process has view permissions for the queried process. -w warnover - Triggers a WARNING status if the query returns more processes than those specified by the argument. -W warnunder - Triggers a WARNING status if the query returns fewer processes than those specified by the argument. -c critover - Triggers a CRITICAL event if the query returns more processes than those specified by the argument. -C critunder - Triggers a CRITICAL event if the query returns fewer processes than those specified by the argument. Usage example: `winchecks check-windows-processes -n explorer`	Check Process OK: OK Found 1 matching running processes named explorer
os.windows.check-directory	Verifies whether a Windows directory exists.	Usage: -d --directory Path to the relevant directory; use '\' for separation. Usage example: `winchecks check-windows-directory -d dir_path`	Check Directory OK: The directory 'C:/Users/Public' exists
os.windows.check-pagefile	Collects the Pagefile usage and compares it against the WARNING and CRITICAL thresholds.	Usage: -w warning - Triggers a WARNING event if the Pagefile usage is above the WARNING parameter value specified in the check parameter. -c critical - Triggers a CRITICAL event if the Pagefile usage is above the CRITICAL parameter value specified in the check parameter. Usage example: `winchecks check-windows-pagefile -w 75 -c 85`	Check Windows Page File OK: Page file usage at 31.63%
os.windows.check-free-physical-memory	Measures the free physical memory against configured thresholds and returns a CRITICAL\WARNING\OK event according to the thresholds given in the accompanying parameters.	Usage: -w warning - Triggers a WARNING event if the free physical memory is under the WARNING parameter value specified in the check parameter. -c critical - Triggers a CRITICAL event if the free physical memory is under the CRITICAL parameter value specified in the check parameter. Usage example: `winchecks check-windows-free-physical-memory -w 10 -c 5`	Free Physical Memory OK: The Free Physical Memory is 20.25%
os.windows.check-free-virtual-memory	Measures the free virtual memory against configured thresholds and returns a CRITICAL\WARNING\OK event according to the thresholds given in the accompanying parameters.	Usage: -w warning - Triggers a WARNING event if the free virtual memory is above the WARNING parameter value specified in the check parameter. -c critical - Triggers a CRITICAL event if the free virtual memory is above the CRITICAL parameter value specified in the check parameter. Usage example: `winchecks check-windows-free-virtual-memory -w 10 -c 5`	Free Virtual Memory OK: The Free Virtual Memory is 25.66%
os.windows.check-process-cpu	Processes CPU usage against configured thresholds and returns a CRITICAL\WARNING\OK event according to the thresholds given in the accompanying parameters.	Usage: -p processname - Process name to collect CPU usage. -w warning - Triggers a WARNING event if the CPU usage is above the WARNING parameter value specified in the check parameter. -c critical - Triggers a CRITICAL event if the CPU usage is above the CRITICAL parameter value specified in the check parameter. Usage example: `winchecks check-windows-process-cpu-p acc -c 95 -w 85`	Check Process CPU OK: Process CPU usage is 0.0000%
os.windows.check-process-memory	Processes memory usage against thresholds and returns a CRITICAL\WARNING\OK event according to the thresholds given in the accompanying parameters.	Usage: -p processname - Process name to collect memory usage. -w warning - Triggers a WARNING event if the process memory usage is above the WARNING parameter value specified in the check parameter. -c critical - Triggers a CRITICAL event if the process memory usage is above the CRITICAL parameter value specified in the check parameter. Usage example: `winchecks check-windows-process-memory-p acc -c 95 -w 85`	Check Process Memory OK: Process Memory usage is 0.0149%
os.windows.check-user-account	Takes the list of user names as an input and verifies whether the user account is active. Returns a CRITICAL\WARNING\OK value.	winchecks check-windows-user-disabled (options) -u : Comma separated List of User Name Usage example: `winchecks check-windows-user-disabled- u Administrator,Guest`	User Name and Status

Windows metric monitoring checks

Tableau 2. Windows OS Metrics policy
Check	Description	Usage and Example	Output
os.windows.check-processor-queue-length	Measures the processor queue length.	Usage: -s scheme - Replaces output's hostname + process with the given value (example: hostname.process) Usage example: `command: winchecks metric-windows-processor-queue-length --scheme hostname.proc`	win2019-dc-64bit.cpu.queuelength 0.00 1645371109
os.windows.check-system-cpu-load	Collects average CPU load per second.	Usage: -s scheme - Replaces output's hostname + process with the given value (example: hostname.process) Usage example: `command: winchecks metric-windows-cpu-load -scheme hostname.proc`	win2019-dc-64bit.cpu.loadavgsec 15.07 1645371561
os.windows.check-system-cpu	Collects the CPU core metric.	Usage: -s , scheme Replaces output's hostname+process with the given value (example: hostname.process) Usage example: `command: winchecks metric-windows-cpu -scheme hostname.proc`	win2019-dc-64bit.cpu.cpu0.cores 2 1645371681
os.windows.check-system-disk-usage	Collects the following disk usage metrics usage: total in GB usage in GB avail in GB used percentage	Usage: -i , ignore_mnt: Comma separated list of mount points to ignore (:C) -I, include_mnt: Comma separated list of mount points to include. —scheme, scheme: Replaces output's hostname+process with the given value (example: hostname.process). Usage example: `command: winchecks metric-windows-disk-usage-scheme hostname.proc`	win2019-dc-64bit.disk_usage.disk_C.total(GB) 99.40 1645371774 win2019-dc-64bit.disk_usage.disk_C.used(GB) 50.72 1645371774 win2019-dc-64bit.disk_usage.disk_C.avail(GB) 48.68 1645371774 win2019-dc-64bit.disk_usage.disk_C.used_percentage 51.02 1645371774
os.windows.check-system-memory-percent	Collects RAM percentage usage, Free Physical Memory percentage and Free Virtual Memory percentage.	Usage: -s, scheme - Replaces output's hostname+process with the given value (example: hostname.process) Usage example: `command: winchecks metric-windows-disk-usage-scheme hostname.proc`	win2019-dc-64bit.mem.free_physical_percentage 13.30 1645371856 win2019-dc-64bit.mem.free_virtual_percentage 13.93 1645371856 win2019-dc-64bit.ram.usage_percentage 86.07 1645371856
os.windows.check-system-network	Collects the following active network adapter metrics: Total bytes per sec Packets/sec Packets Received per sec Packets Sent per sec Current Bandwidth Bytes Received per sec Packets Received Unicast per sec Packets Received Non-Unicast per sec Packets Received Discarded Packets ReceivedErrors Packets Received Unknown Bytes sent per sec Packets sent unicast per sec Packets sent non-unicast per sec Packets outbound discarded Packets outbound errors Output queue length Offloaded connections TCP Active RSC Connections TCP RSC Coalesced Packets per sec TCP RSC Exceptions per sec TCP RSC Average Packet Size	Usage: -s scheme: Replaces output's hostname + process with the given value (example: hostname.process) Usage name: `command: winchecks metric-windows-network --scheme hostname.proc`	win2019-dc-64bit.system.network.Network_Interface(Intel[R]_82574L_Gigabit_Network_Connection).<metric name><metric value>Bytes_Total/sec 98742.67 1645372042 For example: win2019-dc-64bit.system.network.Network_Interface(Intel[R]_82574L_Gigabit_Network_Connection).Bytes_Total/sec 98742.67 1645372042
os.windows.check-system-uptime	Collects system uptime.	Usage: -s, scheme - Replaces output's hostname+process with the given value (example: hostname.process) Usage example: `command: winchecks metric-windows-uptime --scheme hostname.proc`	win2019-dc-64bit.system.uptime(sec) 4614142.06 1645372124
os.windows.check-system-disk	Collects the following disk metrics: AvgDiskSecPerRead AvgDiskSecPerWrite DiskReadBytesPerSec DiskWriteBytesPerSec	Usage: -i, ignore_mnt - Comma separated list of mount points to ignore (:C) -I, include_mnt - Comma separated list of mount points to include. —scheme - Replaces output's hostname+process with the given value (example: hostname.process). Usage example: `command: winchecks metric-windows-disk`	win2019-dc-64bit.disk._total.AvgDisksec/Read 0.000000 1645372198 win2019-dc-64bit.disk._total.AvgDisksec/Write 0.000608 1645372198 win2019-dc-64bit.disk._total.DiskReadBytes/sec 0.000000 1645372198 win2019-dc-64bit.disk._total.DiskWriteBytes/sec 34941.692255 1645372198 win2019-dc-64bit.disk.C.AvgDisksec/Read 0.000000 1645372200 win2019-dc-64bit.disk.C.AvgDisksec/Write 0.000000 1645372200 win2019-dc-64bit.disk.C.DiskReadBytes/sec 0.000000 1645372200 win2019-dc-64bit.disk.C.DiskWriteBytes/sec 0.000000 1645372200
os.windows.check-system-memory	Collects the following disk metrics: FreePhysicalMemory TotalPhysicalMemory FreeVirtualMemory TotalVirtualMemorySize AvailableMemory TotalVisibleMemorySize	Usage: -s, scheme - Replaces output's hostname+process with the given value (example: hostname.process) Usage example: `command: winchecks metric-windows-memory --scheme hostname.proc`	win2019-dc-64bit.mem.free_physical(KB) 1175440.00 1645372274 win2019-dc-64bit.mem.total_physical(KB) 8588898304.00 1645372274 win2019-dc-64bit.mem.free_virtual(KB) 1747636.00 1645372274 win2019-dc-64bit.mem.total_virtual(KB) 12263156.00 1645372274 win2019-dc-64bit.mem.available(KB) 1202032640.00 1645372274 win2019-dc-64bit.mem.total_visible(KB) 8387596.00 1645372274
os.windows.check-process-status	Collects windows process status with CPU and memory data used by the process.	Usage: -n, process - Process name to collect status metric. —scheme - Replaces output's hostname+process with the given value (example: hostname.process).	win2019-dc-64bit.Process.Status 67 1645372421 win2019-dc-64bit.Process.CpuPercent 0 1645372421 win2019-dc-64bit.Process.Memory(KB) 1226444 1645372421
os.windows.metrics-process-status	Retrieves the number of running instances, the percentage of CPU utilization, and the memory usage (in kilobytes) of the specified Windows process.	Usage: -n, process - Process name to collect status metric. —scheme - Replaces output's hostname+process with the given value (example: hostname.process). Usage example: `command: winchecks metric-windows-process-status -n Svchost -s hostname.proc`	WIN-R493MKFE75G.Process.Status 1 1625478491 WIN-R493MKFE75G.Process.CpuPercent 0 1625478491 WIN-R493MKFE75G.Process.MemoryKB 276 162547849

Windows OS event checks - Extended

Runs Windows extended checks on operational Windows servers. To run this policy, activate one of the checks and provide a CI filter on the policy's Monitored CIs tab to run these checks on selected CIs.

Tableau 3. Windows OS Events - Extended policy
Check	Description	Usage and Example	Output
os.windows.check-processor-queue-length	Measures the processor queue length.	Usage: -s scheme - Replaces output's hostname + process with the given value (example: hostname.process) Usage example: `command: winchecks metric-windows-processor-queue-length --scheme hostname.proc`	win2019-dc-64bit.cpu.queuelength 0.00 1645371109
os.windows.check-system-cpu	Collects the CPU core metric.	Usage: -s , scheme Replaces output's hostname+process with the given value (example: hostname.process) Usage example: `command: winchecks metric-windows-cpu -scheme hostname.proc`	win2019-dc-64bit.cpu.cpu0.cores 2 1645371681
os.windows.check-system-cpu-load	Collects average CPU load per second.	Usage: -s scheme - Replaces output's hostname + process with the given value (example: hostname.process) Usage example: `command: winchecks metric-windows-cpu-load -scheme hostname.proc`	win2019-dc-64bit.cpu.loadavgsec 15.07 1645371561
os.windows.check-system-disk-usage	Collects the following disk usage metrics usage: total in GB usage in GB avail in GB used percentage	Usage: -i , ignore_mnt: Comma separated list of mount points to ignore (:C) -I, include_mnt: Comma separated list of mount points to include. —scheme, scheme: Replaces output's hostname+process with the given value (example: hostname.process). Usage example: `command: winchecks metric-windows-disk-usage-scheme hostname.proc`	win2019-dc-64bit.disk_usage.disk_C.total(GB) 99.40 1645371774 win2019-dc-64bit.disk_usage.disk_C.used(GB) 50.72 1645371774 win2019-dc-64bit.disk_usage.disk_C.avail(GB) 48.68 1645371774 win2019-dc-64bit.disk_usage.disk_C.used_percentage 51.02 1645371774
os.windows.check-system-memory-percent	Collects RAM percentage usage, Free Physical Memory percentage and Free Virtual Memory percentage.	Usage: -s, scheme - Replaces output's hostname+process with the given value (example: hostname.process) Usage example: `command: winchecks metric-windows-disk-usage-scheme hostname.proc`	win2019-dc-64bit.mem.free_physical_percentage 13.30 1645371856 win2019-dc-64bit.mem.free_virtual_percentage 13.93 1645371856 win2019-dc-64bit.ram.usage_percentage 86.07 1645371856
os.windows.check-system-network	Collects the following active network adapter metrics: Total bytes per sec Packets/sec Packets Received per sec Packets Sent per sec Current Bandwidth Bytes Received per sec Packets Received Unicast per sec Packets Received Non-Unicast per sec Packets Received Discarded Packets ReceivedErrors Packets Received Unknown Bytes sent per sec Packets sent unicast per sec Packets sent non-unicast per sec Packets outbound discarded Packets outbound errors Output queue length Offloaded connections TCP Active RSC Connections TCP RSC Coalesced Packets per sec TCP RSC Exceptions per sec TCP RSC Average Packet Size	Usage: -s scheme: Replaces output's hostname + process with the given value (example: hostname.process) Usage name: `command: winchecks metric-windows-network --scheme hostname.proc`	win2019-dc-64bit.system.network.Network_Interface(Intel[R]_82574L_Gigabit_Network_Connection).<metric name><metric value>Bytes_Total/sec 98742.67 1645372042 For example: win2019-dc-64bit.system.network.Network_Interface(Intel[R]_82574L_Gigabit_Network_Connection).Bytes_Total/sec 98742.67 1645372042
os.windows.check-system-uptime	Collects system uptime.	Usage: -s, scheme - Replaces output's hostname+process with the given value (example: hostname.process) Usage example: `command: winchecks metric-windows-uptime --scheme hostname.proc`	win2019-dc-64bit.system.uptime(sec) 4614142.06 1645372124
os.windows.check-system-disk	Collects the following disk metrics: AvgDiskSecPerRead AvgDiskSecPerWrite DiskReadBytesPerSec DiskWriteBytesPerSec	Usage: -i, ignore_mnt - Comma separated list of mount points to ignore (:C) -I, include_mnt - Comma separated list of mount points to include. —scheme, scheme - Replaces output's hostname+process with the given value (example: hostname.process). Usage example: `command: winchecks metric-windows-disk`	win2019-dc-64bit.disk._total.AvgDisksec/Read 0.000000 1645372198 win2019-dc-64bit.disk._total.AvgDisksec/Write 0.000608 1645372198 win2019-dc-64bit.disk._total.DiskReadBytes/sec 0.000000 1645372198 win2019-dc-64bit.disk._total.DiskWriteBytes/sec 34941.692255 1645372198 win2019-dc-64bit.disk.C.AvgDisksec/Read 0.000000 1645372200 win2019-dc-64bit.disk.C.AvgDisksec/Write 0.000000 1645372200 win2019-dc-64bit.disk.C.DiskReadBytes/sec 0.000000 1645372200 win2019-dc-64bit.disk.C.DiskWriteBytes/sec 0.000000 1645372200
os.windows.check-system-memory	Collects the following disk metrics: FreePhysicalMemory TotalPhysicalMemory FreeVirtualMemory TotalVirtualMemorySize AvailableMemory TotalVisibleMemorySize	Usage: -s, scheme - Replaces output's hostname+process with the given value (example: hostname.process) Usage example: `command: winchecks metric-windows-memory --scheme hostname.proc`	win2019-dc-64bit.mem.free_physical(KB) 1175440.00 1645372274 win2019-dc-64bit.mem.total_physical(KB) 8588898304.00 1645372274 win2019-dc-64bit.mem.free_virtual(KB) 1747636.00 1645372274 win2019-dc-64bit.mem.total_virtual(KB) 12263156.00 1645372274 win2019-dc-64bit.mem.available(KB) 1202032640.00 1645372274 win2019-dc-64bit.mem.total_visible(KB) 8387596.00 1645372274
os.windows.check-process-status	Collects windows process status with CPU and memory data used by the process.	Usage: -n, process - Process name to collect status metric. —scheme, scheme - Replaces output's hostname+process with the given value (example: hostname.process).	win2019-dc-64bit.Process.Status 67 1645372421 win2019-dc-64bit.Process.CpuPercent 0 1645372421 win2019-dc-64bit.Process.Memory(KB) 1226444 1645372421