System with UWF on resets every 4-5 minutes and the event log is empty after the reset

Søren Bonefeld 41 Reputation points
2022-03-09T12:48:00.42+00:00

I have searched for a write filter exclusion, but not found any.
I have searched for a way to see, what is written to the write filter buffer, but not found any.
I have found this old command for Windows 8: "uwfmgr overlay get-files c:"
But that does not work for Windows 10 Enterprise IOT.
I have used the command:
uwfmgr overlay get-availablespace

And the available space is suddenly decresing, but the task manager says that there is 0 bytes written to the disk.

I hope that somebody is able to help me with this problem.

Question: How do I find the filenames and/or programs that are writing to the protected disk?

Question: How do I preserve the event logs after reset.

Windows for IoT
Windows for IoT
A family of Microsoft operating systems designed for use in Internet of Things (IoT) devices.
402 questions
Windows 365 Enterprise
0 comments No comments
{count} votes

Accepted answer
  1. Sean Liming 4,601 Reputation points
    2022-03-12T16:37:40.76+00:00

    I have a utility that implements the get-files call: https://www.annabooks.com/SW_UWFUtility.html. Click on the Overlay files tab to get a list.

    I typically open exclusions on a couple of folders:
    uwfmgr.exe file add-exclusion c:\Windows\System32\winevt\Logs
    uwfmgr.exe file add-exclusion c:\Windows\assembly


1 additional answer

Sort by: Most helpful
  1. Seeya Xi-MSFT 16,471 Reputation points
    2022-03-10T08:42:54.877+00:00

    Hi @Søren Bonefeld ,

    Welcome to Microsoft Q&A!
    Firstly, i recommend you read this about UWF: https://learn.microsoft.com/en-us/windows/iot-core/secure-your-device/unifiedwritefilter
    When protecting the data volume, we recommend that you add exceptions for the servicing and logging folders that are accessed by Windows OS Services.
    See this part in the link above: Recommended Exclusions which contains log folders.
    Then, maybe you can find the root cause.
    I answered your question indirectly, hope this helps you.

    Best regards,
    Seeya


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.