ANAVEM
EnglishFrancais
ANAVEM
Languagefr
Event ID 153ErrorKernel-GeneralWindows

Windows Event ID 153 – Kernel-General: Memory Management Error

Event ID 153 indicates a kernel-level memory management error where Windows detected memory corruption or allocation failures, typically requiring immediate investigation to prevent system instability.

Emanuel DE ALMEIDAEmanuel DE ALMEIDA
18 March 202612 min read 4
Event ID 153Kernel-General 5 methods 12 min
Event Reference

What This Event Means

Event ID 153 represents one of the most critical memory-related events in Windows, signaling that the kernel's memory management subsystem has encountered an unrecoverable error condition. When this event fires, it means Windows has detected memory corruption, allocation failures, or other serious memory-related problems that threaten system stability.

The Windows Memory Manager continuously monitors memory pools, heap allocations, and virtual memory operations. When it detects anomalies like corrupted pool headers, invalid memory references, or failed critical allocations, it logs Event ID 153 before attempting recovery procedures. The event data typically includes memory addresses, pool types, and error codes that help identify the specific failure mode.

This event often correlates with hardware issues such as failing RAM modules, overheating, or power supply problems. However, it can also indicate software problems including buggy drivers, malware infections, or corrupted system files. The distinction between hardware and software causes requires systematic investigation using both Windows diagnostic tools and hardware testing utilities.

In enterprise environments, Event ID 153 patterns across multiple systems can indicate broader infrastructure issues, such as problematic driver updates, environmental factors affecting hardware, or configuration problems that stress memory subsystems beyond their operational limits.

Applies to

Windows 10Windows 11Windows Server 2019/2022/2025
Analysis

Possible Causes

  • Failing or corrupted RAM modules causing memory read/write errors
  • Buggy device drivers performing improper memory operations or causing memory leaks
  • Hardware overheating leading to memory corruption and instability
  • Power supply issues causing voltage fluctuations that corrupt memory contents
  • Malware infections that modify kernel memory structures or inject malicious code
  • Corrupted system files affecting memory management components
  • Incompatible or outdated drivers that don't properly handle memory allocation
  • Registry corruption affecting memory management configuration settings
  • Third-party security software interfering with kernel memory operations
  • Overclocked hardware running beyond stable memory timing specifications
Resolution Methods

Troubleshooting Steps

01

Check Event Viewer for Memory Error Patterns

Start by examining the complete event pattern to understand the scope and timing of memory errors.

  1. Open Event Viewer by pressing Win + R, typing eventvwr.msc, and pressing Enter
  2. Navigate to Windows LogsSystem
  3. Filter for Event ID 153 by right-clicking the System log and selecting Filter Current Log
  4. Set Event IDs to 153 and click OK
  5. Examine the event details, noting timestamps, frequency, and any accompanying error codes
  6. Use PowerShell to get detailed event information:
    Get-WinEvent -FilterHashtable @{LogName='System'; Id=153} -MaxEvents 50 | Format-Table TimeCreated, Id, LevelDisplayName, Message -Wrap
  7. Check for related events that occurred around the same time:
    Get-WinEvent -FilterHashtable @{LogName='System'; Id=41,1001,1003,6008} -MaxEvents 20
  8. Export the events for further analysis:
    Get-WinEvent -FilterHashtable @{LogName='System'; Id=153} | Export-Csv -Path "C:\temp\Event153_Analysis.csv" -NoTypeInformation
Pro tip: Look for patterns in timing - events occurring at regular intervals often indicate driver issues, while random occurrences suggest hardware problems.
02

Run Windows Memory Diagnostic

Use Windows built-in memory diagnostic to test for hardware-level memory problems.

  1. Open Command Prompt as Administrator
  2. Run the memory diagnostic scheduler:
    mdsched.exe
  3. Select Restart now and check for problems to run the test immediately
  4. Allow the system to restart and complete the memory test (this takes 15-30 minutes)
  5. After restart, check the test results in Event Viewer:
    Get-WinEvent -FilterHashtable @{LogName='System'; ProviderName='Microsoft-Windows-MemoryDiagnostics-Results'} -MaxEvents 5
  6. For more comprehensive testing, use the extended test mode by pressing F1 during the diagnostic boot screen
  7. If errors are found, run additional passes by restarting the diagnostic:
    bcdedit /set {memdiag} bootmenupolicy standard
  8. Check system information for memory configuration:
    Get-WmiObject -Class Win32_PhysicalMemory | Select-Object Capacity, Speed, Manufacturer, PartNumber
Warning: Memory diagnostic requires a system restart and cannot be interrupted once started. Save all work before proceeding.
03

Analyze Driver and System File Integrity

Investigate potential driver issues and system file corruption that could cause memory management errors.

  1. Run System File Checker to detect corrupted system files:
    sfc /scannow
  2. Check the SFC log for details:
    Get-Content $env:windir\Logs\CBS\CBS.log | Select-String "\[SR\]" | Select-Object -Last 20
  3. Run DISM to repair the Windows image:
    DISM /Online /Cleanup-Image /RestoreHealth
  4. Use Driver Verifier to identify problematic drivers:
    verifier /standard /all
  5. Monitor system behavior after enabling verifier, then disable it:
    verifier /reset
  6. Check for recently installed or updated drivers:
    Get-WmiObject Win32_PnPSignedDriver | Where-Object {$_.DriverDate -gt (Get-Date).AddDays(-30)} | Sort-Object DriverDate -Descending
  7. Review installed updates that might correlate with the memory errors:
    Get-HotFix | Where-Object {$_.InstalledOn -gt (Get-Date).AddDays(-30)} | Sort-Object InstalledOn -Descending
  8. Check driver signing and version information:
    Get-WindowsDriver -Online | Where-Object {$_.BootCritical -eq $true} | Select-Object Driver, Version, Date
Pro tip: Enable Driver Verifier only on suspected drivers rather than all drivers to avoid unnecessary system instability during testing.
04

Monitor Memory Usage and Pool Allocation

Use advanced tools to monitor memory pools and identify memory leaks or allocation issues.

  1. Enable pool tagging in the registry to track memory allocations:
    Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" -Name "PoolUsageMaximum" -Value 60 -Type DWord
  2. Restart the system for pool tagging to take effect
  3. Use Performance Monitor to track memory metrics:
    perfmon /res
  4. Monitor specific memory counters using PowerShell:
    Get-Counter "\Memory\Pool Nonpaged Bytes", "\Memory\Pool Paged Bytes", "\Memory\Available MBytes" -SampleInterval 5 -MaxSamples 60
  5. Check for memory leaks in specific processes:
    Get-Process | Sort-Object WorkingSet -Descending | Select-Object -First 10 Name, WorkingSet, VirtualMemorySize
  6. Use Windows Performance Toolkit (WPT) for detailed analysis:
    wpa.exe
  7. Monitor kernel memory usage patterns:
    Get-Counter "\Process(_Total)\Pool Nonpaged Bytes", "\Process(_Total)\Pool Paged Bytes" -Continuous
  8. Check memory commit charge and limits:
    Get-WmiObject -Class Win32_OperatingSystem | Select-Object TotalVirtualMemorySize, TotalVisibleMemorySize, FreeVirtualMemory
Warning: Pool tagging can impact system performance. Monitor system behavior and disable if performance degradation occurs.
05

Advanced Hardware Testing and Configuration Review

Perform comprehensive hardware testing and review system configuration for memory-related issues.

  1. Test memory modules individually by removing all but one module and testing each separately
  2. Check memory slot configuration and ensure proper seating:
    Get-WmiObject -Class Win32_PhysicalMemoryArray | Select-Object MaxCapacity, MemoryDevices
  3. Verify memory timing and voltage settings in BIOS/UEFI
  4. Monitor system temperatures during memory-intensive operations:
    Get-WmiObject -Namespace "root/OpenHardwareMonitor" -Class Sensor | Where-Object {$_.SensorType -eq "Temperature"}
  5. Test with memory stress testing tools like MemTest86+ (boot from USB)
  6. Check power supply stability using hardware monitoring tools
  7. Review motherboard QVL (Qualified Vendor List) for memory compatibility
  8. Examine system configuration for memory-related settings:
    Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" | Format-List
  9. Test system stability with reduced memory configuration
  10. Document findings and correlate with Event ID 153 occurrences:
    Get-EventLog -LogName System -InstanceId 153 -After (Get-Date).AddDays(-7) | Export-Csv -Path "C:\temp\Memory_Error_Timeline.csv"
Pro tip: When testing individual memory modules, run each test for at least 4 hours or multiple complete passes to ensure thorough validation.

Overview

Event ID 153 from the Kernel-General source fires when Windows kernel detects critical memory management issues, including memory corruption, failed allocations, or heap violations. This event typically appears in the System log and indicates serious underlying problems that can lead to system crashes, blue screens, or data corruption if left unaddressed.

The event occurs when the Windows Memory Manager encounters conditions it cannot safely handle, such as corrupted memory pools, driver memory leaks, or hardware-level memory errors. Unlike informational memory events, Event ID 153 represents actual failures that have already impacted system operation.

This event commonly appears alongside other kernel events like Event ID 41 (unexpected shutdown) or bugcheck events, forming a pattern that helps identify root causes. The timing and frequency of these events provide crucial diagnostic information for determining whether issues stem from hardware failures, driver problems, or system file corruption.

Frequently Asked Questions

What does Windows Event ID 153 indicate and how serious is it?+
Event ID 153 indicates a critical kernel-level memory management error where Windows detected memory corruption, allocation failures, or other serious memory-related problems. This is a high-severity error that can lead to system crashes, blue screens, or data corruption. The event fires when the Windows Memory Manager encounters conditions it cannot safely handle, such as corrupted memory pools or failed critical allocations. Immediate investigation is required as these errors often precede system instability or complete failure.
How can I distinguish between hardware and software causes of Event ID 153?+
Hardware-related Event ID 153 errors typically show random timing patterns, occur during memory-intensive operations, and often correlate with temperature changes or power fluctuations. Software-related causes usually show more predictable patterns, such as occurring after specific driver loads or during particular application usage. Run Windows Memory Diagnostic first - if it reports errors, the cause is likely hardware. If memory tests pass but events continue, focus on recent driver updates, system file integrity checks using SFC and DISM, and Driver Verifier testing to identify problematic software components.
Can Event ID 153 cause data loss and how do I prevent it?+
Yes, Event ID 153 can potentially cause data loss because memory corruption can affect data being written to disk or held in memory buffers. The corruption may not be immediately apparent but can manifest as file corruption, application crashes, or database inconsistencies. To prevent data loss, immediately implement regular backups, run memory diagnostics to identify failing hardware, and monitor system stability closely. If the errors persist, consider running critical applications on alternative systems until the root cause is resolved. Enable system file protection and use tools like CHKDSK to verify file system integrity.
What should I do if Event ID 153 occurs frequently on multiple systems?+
Frequent Event ID 153 occurrences across multiple systems suggest environmental or infrastructure issues rather than isolated hardware failures. Check for recent driver or Windows updates that might have introduced compatibility problems. Examine environmental factors like temperature, humidity, and power quality that could affect multiple systems simultaneously. Review any recent changes to network infrastructure, security software, or group policy settings. Use centralized logging to correlate event timing across systems and identify patterns. Consider rolling back recent updates or implementing staged testing for future changes to prevent widespread issues.
How do I monitor and prevent future Event ID 153 occurrences?+
Implement proactive monitoring by setting up Event Viewer custom views or PowerShell scripts that alert on Event ID 153 occurrences. Use Performance Monitor to track memory-related counters like Pool Nonpaged Bytes, Available Memory, and Memory\Pages/sec to identify trends before they become critical. Enable Driver Verifier on suspected drivers during maintenance windows to catch issues early. Maintain a regular schedule for memory testing, especially after hardware changes or environmental events. Document baseline memory usage patterns and set up automated alerts when usage exceeds normal thresholds. Keep detailed logs of hardware changes, driver updates, and system modifications to quickly identify potential causes when events occur.
Documentation

References (2)

1
Microsoft Learn - Troubleshoot Memory ProblemsOfficial Microsoft documentation on diagnosing and troubleshooting Windows memory management issues and kernel memory errors.https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/memory-problems
2
Windows Hardware Dev Center - Memory ManagementComprehensive guide to Windows kernel memory management architecture and troubleshooting techniques for developers and system administrators.https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/memory-management
Emanuel DE ALMEIDA
Written by

Emanuel DE ALMEIDA

Senior IT Journalist & Cloud Architect

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.

Tags
#event-id-153#memory-errors#kernel-issues

Related Windows Events

Windows Event ID 12289 – Kernel-General: Memory Manager Performance Counter Update
Event 12289
Kernel-General
Windows EventInformation

Windows Event ID 12289 – Kernel-General: Memory Manager Performance Counter Update

Event ID 12289 indicates Windows Memory Manager has updated performance counters for memory allocation tracking. This informational event helps monitor system memory usage patterns and virtual memory operations.

March 189 min
Windows Event Viewer displaying system time change events on a professional monitoring dashboard
Event 1511
Kernel-General
Windows EventInformation

Windows Event ID 1511 – Kernel-General: System Time Change Detected

Event ID 1511 fires when Windows detects a significant system time change, either from manual adjustment, NTP synchronization, or hardware clock drift. Critical for security auditing and troubleshooting time-sensitive applications.

March 1812 min
Windows Event Viewer showing system event logs on a monitoring dashboard
Event 1796
Microsoft-Windows-Kernel-General
Windows EventInformation

Windows Event ID 1796 – Microsoft-Windows-Kernel-General: System Time Change Detected

Event ID 1796 fires when Windows detects a system time change, either manual adjustment or automatic synchronization. Critical for security auditing and troubleshooting time-sensitive applications.

March 179 min
Windows server monitoring room displaying Event Viewer with critical system event logs
Event 41
Kernel-General
Windows EventCritical

Windows Event ID 41 – Kernel-General: System Rebooted Without Clean Shutdown

Event ID 41 indicates Windows rebooted unexpectedly without proper shutdown. Caused by power failures, hardware issues, or critical system errors requiring immediate investigation.

March 1712 min

Discussion

Share your thoughts and insights

You must be logged in to comment.

Log in
Loading comments...