Is it a Virus?
✔ NO - Safe
Located in C:\Windows\System32\diskperf.exe and signed by Microsoft
Warning
Typically used by admin tools
Not an everyday user process; invoked as part of performance monitoring
Can I Disable?
✔ YES
Disabling won't remove the tool, but you can stop it from enabling counters automatically
What is diskperf.exe?
diskperf.exe is a Windows utility that controls the Disk Performance Counters used by Performance Monitor. It allows enabling or disabling the counters so you can collect disk I/O metrics for system diagnostics and capacity planning. This tool is commonly used by IT professionals to baseline storage performance and troubleshoot disk bottlenecks.
DiskPerf toggles kernel-mode I/O counters exposed as Disk/PhysicalDisk performance objects, enabling monitoring software to gather metrics like Disk Bytes/sec and Disk Transfers/sec.
Quick Fact: Disk performance counters help quantify disk I/O bottlenecks and are commonly used by admins to baseline storage performance.
Types of DiskPerf Operations
- Enable Counters: Runs diskperf -y to activate per-disk performance data
- Disable Counters: Runs diskperf -n to deactivate counters
- Query Status: Checks whether counters are currently enabled
Is diskperf.exe Safe?
Yes, diskperf.exe is safe when it's the legitimate file from Microsoft located in C:\Windows\System32 and signed by Microsoft Corporation.
Is diskperf.exe a Virus or Malware?
The real diskperf.exe is NOT a virus. However, malware can masquerade with similar names. Verify the path and signature.
How to Tell if diskperf.exe is Legitimate or Malware
- File Location: Must be in
C:\Windows\System32\diskperf.exe. Any diskperf.exe elsewhere is suspicious.
- Digital Signature: Right-click diskperf.exe -> Properties -> Digital Signatures. Should show "Microsoft Windows".
- Process Path: In Task Manager or Sysinternals Process Explorer, verify the path is
C:\Windows\System32\diskperf.exe.
- System Integration: DiskPerf interacts with Performance Monitor; verify it is not launching unexpectedly.
Red Flags: DiskPerf files outside System32, missing digital signature, or executing without admin purpose are red flags; run antivirus and verify via sigcheck.
Why Is diskperf.exe Running on My PC?
diskperf.exe runs to manage disk I/O performance counters that PerfMon consumes. It may be invoked by admin actions or maintenance tasks.
Reasons it's running:
- Performance Monitoring Enabled: You or a management tool enabled disk performance counters to collect I/O metrics.
- System Diagnostics or Baselines: Admins run disk performance logging to baseline storage throughput for capacity planning.
- Startup or Maintenance Script: A script runs at startup to ensure counters are available for monitoring tasks.
- Remote Monitoring Agent: Monitoring agents enable DiskPerf counters to report metrics to a central console.
- Performance Tools and Reports: PerfMon, Resource Monitor, or SIEM tools query Disk counters during reporting cycles.
Can I Disable or Remove diskperf.exe?
Yes, you can disable diskperf.exe. It won't prevent Windows from starting, but it will stop counter generation until re-enabled.
How to Stop diskperf.exe
- Disable Counters: Run in an elevated CMD: diskperf -n
- Reboot: Restart the machine to ensure counters are not loaded at startup
- Verify Disabled: Open Performance Monitor to confirm Disk and PhysicalDisk counters are not populated
- Policy Control: If deployed via group policy, adjust the policy to avoid enabling at startup
- Remove Automation: Disable any startup task that runs diskperf -y
How to Uninstall or Remove diskperf
- ✔ No standalone uninstall; disable via diskperf -n and rely on Windows features
- ✔ If part of a vendor image, consult administrator guidelines
- ✔ You can use System Restore or reimage to revert to a baseline
Common Problems: Disk Performance Counters
If diskperf.exe or disk counters show issues, try these fixes.
Common Causes & Solutions
- Counters not enabled: Open an elevated command prompt and run diskperf -y, then reboot.
- Counters not visible in PerfMon: Ensure Performance Monitor is configured to show Disk and PhysicalDisk counters; verify service dependencies.
- Diskperf.exe not found in System32: Verify the Windows installation integrity; the file should reside in C:\Windows\System32.
- Insufficient privileges: Run diskperf and PerfMon with administrator rights.
- Conflicting monitoring tools: Disable other tools that may interfere with disk counters or use consistent namespaces.
- Outdated Windows version: Update Windows to ensure DiskPerf compatibility and performance counters stability.
Quick Fixes:
1. Open an elevated CMD and run diskperf -y
2. Reboot the computer
3. Open perfmon and add Disk and PhysicalDisk counters
4. If needed, run diskperf -n to disable and re-enable
5. Check Event Viewer for related DiskPerf events
Frequently Asked Questions
Is diskperf.exe a virus?
No, diskperf.exe is a legitimate Windows utility located in C:\Windows\System32 and signed by Microsoft Corporation.
What does diskperf.exe do?
DiskPerf enables or disables Windows Disk Performance Counters to feed Performance Monitor with disk I/O metrics.
Where is diskperf.exe located?
C:\Windows\System32\diskperf.exe. If found elsewhere, investigate for tampering.
Can I disable diskperf.exe?
Yes. Run diskperf -n to disable counters; this does not uninstall Windows.
How do I enable disk performance counters?
Open an elevated Command Prompt and run diskperf -y, then reboot. After that, use PerfMon to view Disk counters.
Why are Disk counters missing in PerfMon?
Counters may be disabled or blocked by policy. Ensure diskperf is enabled and PerfMon is configured to show Disk and PhysicalDisk objects.