Guides
All guides
VPN & Firewall
FortiGate IPsec VPNPalo Alto VPNCisco ASA VPNJuniper SRX VPNSonicWall VPN
Switching & Routing
Catalyst high CPUNexus vPCOSPF ExStartBGP Active/Idle
Load Balancing
F5 pool member down
Servers & Virtualization
Linux high loadWindows high memoryESXi disconnectedProxmox node offline
Containers
K8s CrashLoopDocker exit 137
Databases
MySQL replication lagPostgreSQL connsOracle ORA-12541
Cloud
AWS no internetAzure VPN gateway
Backup
Veeam job failed
Web & App
Nginx 502
Compare
Marvis alternativeChatGPT vs TM
Home / Troubleshoot / Windows Server High Memory
Windows Server · High Memory

Windows Server High Memory Usage: How to Find the Cause

By the Tech Matrix engineering team · Updated June 2026

High memory on Windows Server is usually one process growing unbounded — or a kernel driver leaking pool. The trick is telling which, then finding the offender. Here's how.

Step 1 — Find the top consumer

Use Resource Monitor (memory tab) or PowerShell to rank processes by working set:

Get-Process | Sort-Object WS -Descending | Select-Object -First 10 Name, @{N='WS(MB)';E={[int]($_.WS/1MB)}}

If one process dominates and keeps growing, that's a user-mode leak — investigate that application/service.

Step 2 — Process memory vs kernel pool

If no single process explains the usage, the leak may be in the kernel pool (a driver). Check the split in Task Manager (In use vs the pools), then identify the leaking pool tag:

poolmon.exe   (sort by Bytes with 'b'; note the top pool Tag)

Map the tag to a driver with findstr against the driver files, or use the Windows Driver Kit's pooltag list. A growing nonpaged pool tag points at a specific driver.

Step 3 — Standby vs leaked

Not all "used" memory is a problem — the standby/cache list holds reclaimable memory and is normal. Use RAMMap to see the real breakdown (Process, Standby, Driver Locked) so you don't chase healthy cache.

Step 4 — Fix

For a user-mode leak: patch or restart the offending application/service. For a driver/pool leak: update or roll back the driver mapped to the leaking tag. If it's just cache pressure, right-size the server or the application's working set.

How Tech Matrix solves this in ~60 seconds

Telling a real leak from healthy cache, and a user-mode leak from a driver pool leak, takes several tools. Tech Matrix reads the process and pool breakdown on your host, tells you which it is and the offending process or driver tag, and gives the fix for your Windows Server build — with your approval.

Create free account →See how it works

Frequently asked questions

How do I find what's using memory on Windows Server?

Resource Monitor's Memory tab, or PowerShell: 'Get-Process | Sort WS -Descending'. If one process grows unbounded it's a user-mode leak.

How do I find a Windows kernel pool / driver memory leak?

Use poolmon.exe, sort by bytes, note the top pool tag, then map the tag to a driver. A growing nonpaged pool tag indicates a leaking driver.

Is high standby memory on Windows a problem?

No — standby/cache is reclaimable and normal. Use RAMMap to separate real process/driver usage from healthy cache before troubleshooting.