Endless WebDAV requests caused by WqlEventQuery

Hi, 

I'm facing problems when mapping a drive via WebDAV and simultaneously using WqlEventQuery to monitor created or deleted logical disks.

1. WebDAV:

The network drive is mapped to a folder e.g. http://192.168.178.10/folder. Here it is important that the network device does not allow access to http://192.168.178.10/ and will respond with a 403 status code if that "root" folder is accessed via e.g. PROPFIND.

I have also set up a WebDAV server on localhost for troubleshooting which is configured to behave equally.

2. WqlEventQuery:

I need to monitor whenever logical drives are created and do this using a WqlEventQuery and ManagementEventWatcher (in C#) which looks like "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA Win32_LogicalDisk". 

Now the issue is that as soon as the ManagementEventWatcher is started, Windows tries to access the mapped WebDAV drive but not using the path which was used for mapping. Instead it tries to access the devices "root" folder "http://192.168.178.10)" which obviously will be answered with 403. These accesses keep happening as long as the ManagementEventWatcher is running. Below you can also find a screenshot of what it looks like on my testserver on localhost.

Every second I get 4 PROPFIND requests to "/". The issue here is that this causes the MsMpEng.exe to consume quite some CPU time and the mouse cursor is constantly flickering and showing the loading cursor.

I also found that the process hosting the WebDAV client service (svchost with ref to webclnt.dll)
continuously spawns new processes of executable rundll32.exe with the following entrypoint/command:
davclnt.dll, DavSetCookie (probably that's also why MsMpEng is becoming active).

Does anybody have an idea why this happens and how I could manage to have both WebDAV and the WqlEventQuery running without these weird accesses?