Powershell : High CPU and Queue Length Pilot

In today's complex IT environments, identifying the true cause of system performance issues can feel like finding a needle in a haystack. High CPU utilization or a growing process queue might be symptoms, but what's causing them? In this article, we'll explore a powerful PowerShell script that goes beyond basic monitoring to provide deep insights into what's really slowing down your systems.

 The Problem with Traditional Monitoring

Most system monitoring tools tell you that a problem exists, but not why it exists. They might alert you to high CPU usage or memory consumption, but leave you to manually investigate the root cause. This often leads to:

1. Wasted time digging through multiple tools and logs
2. Misdiagnosed problems and ineffective solutions
3. Recurring issues that never get properly resolved
4. Frustrated users and IT professionals

Deep Process Analysis

Our advanced PowerShell monitoring script takes a different approach. When it detects performance issues, it automatically performs a comprehensive analysis to identify exactly what's happening inside your system:

Process Introspection

The script doesn't just tell you which processes are using resources—it looks inside them to find:

1. Specific command-line arguments that might indicate problematic configurations
2. Thread-level analysis to identify CPU-hungry threads within processes
3. Loaded modules/DLLs that might be causing memory bloat
4. Parent-child process relationships that reveal the true source of issues

Resource Contention Detection

Beyond single process metrics, the script identifies system-wide patterns:

1. CPU core imbalance that reveals single-threaded bottlenecks
2. I/O and network operations by process to find disk or network constraints
3. Memory pressure indicators across the system
4. Page file usage patterns that might indicate memory leaks

Root Cause Analysis & Recommendations

Most importantly, the script doesn't just dump data—it interprets it:

1. Automatically classifies the type of bottleneck (CPU, memory, disk, network)
2. Provides specific, actionable recommendations based on observed patterns
3. Flags concerning behaviors like single process dominance
4. Creates a historical record for trend analysis

Real-World Scenarios It Can Detect

This script can identify complex issues that typically take hours of manual investigation:

1. Single Thread Bottlenecks: "SQL Server is showing high CPU because a specific query thread is stuck in an infinite loop."
2. Memory Leaks: "Chrome has excessive memory usage due to extension memory leaks across 217 tabs."
3. I/O Contention: "A backup process is causing disk queue bottlenecks by using synchronous I/O operations."
4. Accumulated Issues: "System has been running for 87 days with gradual memory fragmentation."

How does it work?

The script runs as a background monitor, continuously checking for signs of trouble. When CPU utilization or process queue length exceeds configurable thresholds, it springs into action:

1. It captures a comprehensive snapshot of system activity
2. It performs deep analysis of the most resource-intensive processes
3. It correlates findings across subsystems (CPU, memory, disk, network)
4. It generates detailed logs with actionable insights
5. It can optionally send email alerts with specific findings

These are some images of the script running, this shows normal operation with the thresholds not met:

Then when the trigger is hit, in this case CPU you do not get an alert but a detailed analysis file for each process as you can see below:

Then the script goes back to looking for more issues that hit the threshold as you can see below:

Then when you look at the detailed report you see more about why and potential causes:

================================================================================

SYSTEM RESOURCE ALERT - 2025-02-28 08:12:39

CPU Utilization: 100.00%

Process Queue Length: 0

================================================================================

TOP CPU CONSUMING PROCESSES:

Name        Id           CPU     CPU% WorkingSetMB PrivateMemoryMB HandleCount ThreadCount StartTime           RunTime            

----        --           ---     ---- ------------ --------------- ----------- ----------- ---------           -------            

MsMpEng   2812 118442.546875 59221.28       295.62          319.61         743          27 08/02/2025 00:05:57 20.08:06:42.7263937

MsSense   2496   16947.15625  8473.58       254.11          228.21         933          43 08/02/2025 00:05:56 20.08:06:43.0029694

lsass      724  13129.828125  6564.91        38.58           22.47        3194          14 08/02/2025 00:05:51 20.08:06:48.4895401

System       4    8985.96875  4492.98         0.14            0.12        1970         153 08/02/2025 00:05:47 20.08:06:52.8477909

msedge    3600    7839.28125  3919.64       389.12          246.57        3664          65 14/02/2025 08:27:34 13.23:45:05.6589497

svchost    428   5684.828125  2842.41       115.97           87.02        1015          48 08/02/2025 00:05:52 20.08:06:47.9995816

firefox  10648   5000.984375  2500.49       454.71          390.09        1363          62 08/02/2025 17:06:05 19.15:06:34.8125363

svchost    468      4451.375  2225.69        40.93           27.68         977          18 08/02/2025 00:05:52 20.08:06:47.8771916

ir_agent  4644   4269.078125  2134.54       146.31          126.36         414          16 08/02/2025 23:11:12 19.09:01:27.4161665

ir_agent  9704   3913.484375  1956.74        65.39           47.88         572          29 08/02/2025 23:09:59 19.09:02:40.0483793

This will also break down on common bottlenecks per process for easy identification:

================================================================================

TOP MEMORY CONSUMING PROCESSES:

Name          Id    CPU% WorkingSetMB PrivateMemoryMB PeakWorkingSetMB

----          --    ---- ------------ --------------- ----------------

msedge      1080 1279.86       627.77          680.49          1169.02

msedge      7820  200.07       570.09          545.31           676.15

powershell 10480   15.75       469.26          423.95           506.92

firefox    10648 2361.35       422.02          357.28            572.7

msedge      3600 3710.03       394.46           249.4           509.82

msedge      5148  216.26       360.31           410.5           865.74

sqlservr    4348       0       343.43          454.11           344.76

MsMpEng     2812       0       321.86          342.79           1074.1

chrome      2548  953.71       281.57          168.06           333.63

msedge     15232  807.97          275          103.07           654.56

TOP DISK I/O PROCESSES:

Name                     IDProcess IODataBytesPersec IOOtherBytesPersec

----                     --------- ----------------- ------------------

msedge#11                     3600           5491858               7736

msedge#9                      7820            307872                  0

msedge#8                     17656            180327                  0

msedge#23                    15888            124545                  0

powershell#4                  8024             38739                  0

MicrosoftDependencyAgent      6396              8495                  0

svchost#23                     468              5634                  0

csrss                         5492              1926                  0

svchost#13                    1300               262                  0

MxNotify                      8508                 0                  0

DISK I/O INFORMATION:

Name            PercentDiskTime AvgDiskQueueLength DiskReadBytesPersec DiskWriteBytesPersec CurrentDiskQueueLength Disk

                                                                                                                   Read

                                                                                                                   sPer

                                                                                                                    sec

----            --------------- ------------------ ------------------- -------------------- ---------------------- ----

_Total                        0                  0                   0                32741                      0    0

C:                            0                  0                   0                32741                      0    0

D:                            0                  0                   0                    0                      0    0

HarddiskVolume1               0                  0                   0                    0                      0    0

HarddiskVolume4               0                  0                   0                    0                      0    0

Then you will get a summary with recommendations if you wish to review those:

CRITICAL SERVICES STATUS:

Service: Print Spooler, Status: Stopped

Service: Windows Update, Status: Stopped

Service: World Wide Web Publishing Service, Status: Running

SYSTEM UPTIME:

System has been running for: 20 days, 8 hours, 7 minutes

================================================================================

ROOT CAUSE ANALYSIS AND RECOMMENDATIONS

================================================================================

CPU BOTTLENECK DETECTED:

* Single process dominating CPU: MsMpEng (PID: 2812) using 59.27% of total CPU

  Recommendation: Investigate this process. Consider limiting its priority or investigating for bugs/optimization.

Where is the script ? 

If you would like this script please let me know by using the contact form in the site navigation.