typeperf.exe

Windows Performance Monitoring Tool

System UtilityLegitimatePerformance Tool

CPU Usage

0-15%

Memory

20-60 MB

Location

C:\Windows\System32

Publisher

Microsoft Corporation

Quick Answer

typeperf.exe is a legitimate Windows utility. It collects performance counter data via the Windows Performance Counter infrastructure and can log results to CSV or stdout when invoked from the command line.

Is it a Virus?

✔ NO - Safe

Must be located in C:\Windows\System32\typeperf.exe or C:\Windows\SysWOW64\typeperf.exe

Warning

Not typically a background service

typeperf.exe runs when invoked by a user or script; unexpected persistence warrants checking scheduled tasks or remote monitoring jobs

Can I Disable?

✔ YES

If you do not use Performance Monitor automation, you can avoid running typeperf.exe by not executing perf commands or scripts that call it

What is typeperf.exe?

typeperf.exe is a built-in Windows command-line utility used to collect real-time and logged performance counter data. It runs from the command prompt to query system counters and can export results to CSV or stdout for analysis. It's commonly used by admins for capacity planning and diagnostics, not a background service by default.

Typeperf queries Windows Performance Counters via PDH, sampling at a defined interval and returning metrics such as CPU, memory, disk I/O, and network counters. It can log to a file or stream output to the console for scripted monitoring.

Quick Fact: Typeperf has been a staple in Windows diagnostics for decades, enabling precise, scriptable collection of performance data without a GUI.

Types of TypePerf Operations

Command-Line Counter Query: Invoked with a counter path and interval to print samples to console
CSV Logging: Uses -o to specify a CSV log file for later analysis
Remote Counter Collection: Counters can be queried on a remote computer using a \\computername\counter path
Batch/Script Integration: Often used in batch files and monitoring scripts for automated diagnostics
Continuous Monitoring: Can run for extended periods to generate performance baselines

Is typeperf.exe Safe?

Yes, typeperf.exe is safe when it's the legitimate file from Microsoft located in the Windows System32 directory.

Is typeperf.exe a Virus or Malware?

The real typeperf.exe is not a virus. Malware may mimic names, so verify location and digital signature.

How to Tell if typeperf.exe is Legitimate or Malware

File Location: Must be in C:\Windows\System32\typeperf.exe or C:\Windows\SysWOW64\typeperf.exe. Any other path is suspicious.
Digital Signature: Right-click the file in Explorer -> Properties -> Digital Signatures. Should show "Microsoft Corporation" as signer.
Resource Usage: Normally uses minimal CPU; high activity only occurs when actively logging counters.
Behavior: Occasional runs during perf tests or monitoring scripts are expected. Unexpected persistent activity warrants malware scanning.

Red Flags: If typeperf.exe is located outside System32, lacks a valid signature, or runs without an invoked command, scan with up-to-date antivirus and verify via Windows Defender or your security suite.

Why Is typeperf.exe Running on My PC?

typeperf.exe runs when a user or script invokes performance data collection. It may be started manually, via scheduled tasks, or as part of diagnostic or monitoring routines.

Reasons it's running:

Active Monitoring: A logged performance test or real-time monitoring session is actively collecting counters.
Scheduled Diagnostics: A scheduled task or script periodically runs typeperf to generate performance baselines.
Remote Monitoring: Counter collection from a remote computer triggers local typeperf.exe invocations as part of a monitoring job.
System Troubleshooting: IT admins run typeperf as part of troubleshooting performance issues on servers or workstations.
Automation and Scripting: Batch scripts, PowerShell, or monitoring agents invoke typeperf for data collection.

Can I Disable or Remove typeperf.exe?

Yes, you can disable typeperf.exe usage. It is a legitimate tool but not a mandatory Windows component. Do not delete it from System32; instead stop invoking it via scripts or disable scheduled tasks.

How to Stop typeperf.exe

Cancel Active Logging: If a typeperf session is running in a console, press Ctrl+C to stop.
Terminate Script/Task: If invoked by a script or task, disable or delete the script or task in Task Scheduler.
Review Startup Behavior: Check Task Manager > Startup for any entries invoking typeperf and disable them.
Check Remote Monitoring: Inspect monitoring agents or SCCM/Intune configurations that may trigger performance data collection.
Disable Logging to File: If you don’t need CSV logging, remove the -o parameter in your scripts to prevent file creation.

How to Remove TypePerf Usage (Not the Binary)

✔ Identify and delete or disable scripts calling typeperf.exe
✔ Remove scheduled tasks that invoke typeperf.exe
✔ If you must remove the binary, do not delete Windows system files; consider applying a policy to restrict its execution

Common Problems: High CPU or Memory Usage

If typeperf.exe is consuming excessive resources or behaving unexpectedly during a data collection task:

Common Causes & Solutions

Too Many Counters: Query only the necessary counters and increase the sample interval to reduce overhead.
Long-Running Logging: Limit log duration or rotate logs to avoid very large files; use batching in scripts.
Remote Counter Issues: Verify network connectivity and counter availability on the remote machine; ensure proper permissions.
Invalid Counter Paths: Double-check counter paths (e.g., \\Processor(_Total)\\% Processor Time) for typos.
Insufficient Permissions: Run with elevated rights or adjust user permissions for remote counters and logging directories.
Disk I/O Contention: Log to a fast drive and monitor disk bandwidth; reduce concurrent I/O by staggering samples.

Quick Fixes:
1. Review active typeperf sessions with the console (Ctrl+C to stop)
2. Limit the number of counters to essential ones only
3. Change sampling interval to a higher value if possible
4. Redirect logs to a different drive or enable log rotation
5. Update Windows Performance Counter libraries if available

Frequently Asked Questions

Is typeperf.exe a virus?

No, the legitimate typeperf.exe from Microsoft is a standard Windows performance monitoring tool located in C:\Windows\System32\typeperf.exe and signed by Microsoft Corporation.

What is typeperf.exe used for?

It collects performance counters from Windows, allowing real-time or logged data output to the console or CSV files for diagnostics and capacity planning.

Can I run typeperf.exe on Windows 11/10?

Yes. It is included with Windows and can be used from the command prompt or via scripts to collect counters on supported Windows versions.

How do I log performance counters to a CSV file?

Run typeperf with the -o option to specify a CSV file and -si to set the sample interval. Example: typeperf \Processor(_Total)\% Processor Time -si 5 -o perf.csv

Why are there multiple lines of typeperf output?

If multiple counters are specified, each sample expands into a row with values for each counter. Use -f CSV to ensure consistent formatting.

How do I stop typeperf.exe from running automatically?

Disable any scheduled tasks, startup entries, or scripts that invoke typeperf.exe. Do not delete the binary; simply prevent its invocation.