As noted above, many filter events are excluded by default. Some of these built-in filters may need to be removed to get a clear picture of the issue to be analyzed. For example, the following default filters should always be removed when analyzing file system activity if you are going to submit the log to OSR.
•Process Name is System
•Operation begins with IRP_MJ_
•Operation begins with FASTIO_
•Result begins with FAST IO
To remove any filter, simply select the event from the list of filters and click on Remove, followed by OK.