Sorry I missed the reply, given it grows so quickly I would run: wpr.exe -start VirtualAllocation Leave it for 3 minutes while growing, then run: wpr.exe -stop C:\ VirtualAllocation.etl if you give that to Sophos they should be able to see the stacks responsible for the mem allocations.
↧