Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > alt.comp.os.windows-10 > #181295 > unrolled thread

Defender running slowly

Back to article view | Back to alt.comp.os.windows-10

Contents

  Defender running slowly Jim the Geordie <jim@jimXscott.co.uk> - 2025-01-13 09:43 +0000
    Re: Defender running slowly VanguardLH <V@nguard.LH> - 2025-01-13 06:50 -0600
      Re: Defender running slowly Jim the Geordie <jim@jimXscott.co.uk> - 2025-01-13 13:11 +0000
        Re: Defender running slowly VanguardLH <V@nguard.LH> - 2025-01-13 09:00 -0600
          Re: Defender running slowly Jim the Geordie <jim@jimXscott.co.uk> - 2025-01-13 15:23 +0000
          Re: Defender running slowly Paul <nospam@needed.invalid> - 2025-01-13 11:05 -0500
            Re: Defender running slowly Zaidy036 <Zaidy036@air.isp.spam> - 2025-01-13 13:51 -0500
            Re: Defender running slowly VanguardLH <V@nguard.LH> - 2025-01-13 15:37 -0600

#181295 — Defender running slowly

I have followed instruction (from several sources) to make the file 
MsMpEng.exe as an exception for Defender, but it is still there after a 
restart.
What am I doing wrong?
Windows 10
Brave browser.
Thunderbird.
-- 
Jim the Geordie

[toc] | [next] | [standalone]

#181296

Jim the Geordie <jim@jimXscott.co.uk> wrote:

> I have followed instruction (from several sources) to make the file 
> MsMpEng.exe as an exception for Defender, but it is still there after a 
> restart.
> What am I doing wrong?
> Windows 10
> Brave browser.
> Thunderbird.

MsMpEng.exe *is* Windows Defender: 
  MS (Microsoft) 
  Mp (Malware Protection) 
  Eng (Engine)
  
An exception does not kill a process, but exclude it from getting
scanned.  

Are you running some other/3rd-party anti-virus program?  If so, only
ONE should be running at a time (as the on-demand aka realtime scanner),
not multiple running at the same time.  If you want to use a 3rd-party
AV, disable Windows Defender.  Be sure to use a 3rd-party AV that
properly registers itself in Windows which will have Windows grant the
3rd-party AV as the antimalware protector.
  
The "instructions" came from where, specifically?  Just because you
found something on the Web doesn't mandate it is valid, or applies in
your situtation.

[toc] | [prev] | [next] | [standalone]

#181297

On 13/01/2025 12:50, VanguardLH wrote:
> Jim the Geordie <jim@jimXscott.co.uk> wrote:
> 
>> I have followed instruction (from several sources) to make the file
>> MsMpEng.exe as an exception for Defender, but it is still there after a
>> restart.
>> What am I doing wrong?
>> Windows 10
>> Brave browser.
>> Thunderbird.
> 
> MsMpEng.exe *is* Windows Defender:
>    MS (Microsoft)
>    Mp (Malware Protection)
>    Eng (Engine)
>    
> An exception does not kill a process, but exclude it from getting
> scanned.
> 
> Are you running some other/3rd-party anti-virus program?  If so, only
> ONE should be running at a time (as the on-demand aka realtime scanner),
> not multiple running at the same time.  If you want to use a 3rd-party
> AV, disable Windows Defender.  Be sure to use a 3rd-party AV that
> properly registers itself in Windows which will have Windows grant the
> 3rd-party AV as the antimalware protector.
>    
> The "instructions" came from where, specifically?  Just because you
> found something on the Web doesn't mandate it is valid, or applies in
> your situtation.

That's fine.
My PC seems to be faster/less 'laggy'.
The instructions came from Microsoft (among others, but they were all 
the same)
I am not running any other AV program.

-- 
Jim the Geordie

[toc] | [prev] | [next] | [standalone]

#181301

Jim the Geordie <jim@jimXscott.co.uk> wrote:

> On 13/01/2025 12:50, VanguardLH wrote:
>> Jim the Geordie <jim@jimXscott.co.uk> wrote:
>> 
>>> I have followed instruction (from several sources) to make the file
>>> MsMpEng.exe as an exception for Defender, but it is still there after a
>>> restart.
>>> What am I doing wrong?
>>> Windows 10
>>> Brave browser.
>>> Thunderbird.
>> 
>> MsMpEng.exe *is* Windows Defender:
>>    MS (Microsoft)
>>    Mp (Malware Protection)
>>    Eng (Engine)
>>    
>> An exception does not kill a process, but exclude it from getting
>> scanned.
>> 
>> Are you running some other/3rd-party anti-virus program?  If so, only
>> ONE should be running at a time (as the on-demand aka realtime scanner),
>> not multiple running at the same time.  If you want to use a 3rd-party
>> AV, disable Windows Defender.  Be sure to use a 3rd-party AV that
>> properly registers itself in Windows which will have Windows grant the
>> 3rd-party AV as the antimalware protector.
>>    
>> The "instructions" came from where, specifically?  Just because you
>> found something on the Web doesn't mandate it is valid, or applies in
>> your situtation.
> 
> That's fine.
> My PC seems to be faster/less 'laggy'.
> The instructions came from Microsoft (among others, but they were all 
> the same)
> I am not running any other AV program.

If you add msmpeng.exe as an exception to the scans by Windows Defender,
you leave your setup vulnerable if the file becomes compromised, but you
told Defender not to scan itself.  The expection is that Defender will
defends its own core files, but I wasn't aware that Defender would scan
its own core files in scans, but instead defend itself at all times, not
just during scans.

If you are going to exclude msmpeng.exe from scans, you might as well as
exclude its entire folder (C:\Program Files\Windows Defender).

Are you seeing high CPU usage for long periods which are eliminated by
excluding msmpeng.exe (the scanner) from Defender's own scans?  There
are high CPU moments when Defender scans itself, but the on-access
(real-time) scanner should only be scanning changed files (changed or
new), not every file all the time.  If there are lots of file changes,
like thousands (either in file count, or rewrites to the same file) then
Defender will be busy rescanning those files.  Possibly on ancient
hardware the msmpeng.exe process may remain high.  If hardware upgrading
(CPU, memory) is not an option, you might want to switch off Defender to
go with a 3rd-party AV; however, most will also get busy when there are
lots of file changes as they, too, have to scan the changed files.

If you scheduled the on-demand scanner, you might want to move that
schedule to a time when you are not using the computer.  However,
on-demand scans won't find anything the on-access/realtime scanner did
not find.  Only if you disabled the on-access scanner, installed new
files during which the scanner was disabled, and then reenabled the
scanner then the scanner won't see the changed files, so an on-demand
scan later will look at those files added while the on-access scanner
was quiesced.

[toc] | [prev] | [next] | [standalone]

#181302

On 13/01/2025 15:00, VanguardLH wrote:
> Jim the Geordie <jim@jimXscott.co.uk> wrote:
> 
>> On 13/01/2025 12:50, VanguardLH wrote:
>>> Jim the Geordie <jim@jimXscott.co.uk> wrote:
>>>
>>>> I have followed instruction (from several sources) to make the file
>>>> MsMpEng.exe as an exception for Defender, but it is still there after a
>>>> restart.
>>>> What am I doing wrong?
>>>> Windows 10
>>>> Brave browser.
>>>> Thunderbird.
>>>
>>> MsMpEng.exe *is* Windows Defender:
>>>     MS (Microsoft)
>>>     Mp (Malware Protection)
>>>     Eng (Engine)
>>>     
>>> An exception does not kill a process, but exclude it from getting
>>> scanned.
>>>
>>> Are you running some other/3rd-party anti-virus program?  If so, only
>>> ONE should be running at a time (as the on-demand aka realtime scanner),
>>> not multiple running at the same time.  If you want to use a 3rd-party
>>> AV, disable Windows Defender.  Be sure to use a 3rd-party AV that
>>> properly registers itself in Windows which will have Windows grant the
>>> 3rd-party AV as the antimalware protector.
>>>     
>>> The "instructions" came from where, specifically?  Just because you
>>> found something on the Web doesn't mandate it is valid, or applies in
>>> your situtation.
>>
>> That's fine.
>> My PC seems to be faster/less 'laggy'.
>> The instructions came from Microsoft (among others, but they were all
>> the same)
>> I am not running any other AV program.
> 
> If you add msmpeng.exe as an exception to the scans by Windows Defender,
> you leave your setup vulnerable if the file becomes compromised, but you
> told Defender not to scan itself.  The expection is that Defender will
> defends its own core files, but I wasn't aware that Defender would scan
> its own core files in scans, but instead defend itself at all times, not
> just during scans.
> 
> If you are going to exclude msmpeng.exe from scans, you might as well as
> exclude its entire folder (C:\Program Files\Windows Defender).
> 
> Are you seeing high CPU usage for long periods which are eliminated by
> excluding msmpeng.exe (the scanner) from Defender's own scans?  There
> are high CPU moments when Defender scans itself, but the on-access
> (real-time) scanner should only be scanning changed files (changed or
> new), not every file all the time.  If there are lots of file changes,
> like thousands (either in file count, or rewrites to the same file) then
> Defender will be busy rescanning those files.  Possibly on ancient
> hardware the msmpeng.exe process may remain high.  If hardware upgrading
> (CPU, memory) is not an option, you might want to switch off Defender to
> go with a 3rd-party AV; however, most will also get busy when there are
> lots of file changes as they, too, have to scan the changed files.
> 
> If you scheduled the on-demand scanner, you might want to move that
> schedule to a time when you are not using the computer.  However,
> on-demand scans won't find anything the on-access/realtime scanner did
> not find.  Only if you disabled the on-access scanner, installed new
> files during which the scanner was disabled, and then reenabled the
> scanner then the scanner won't see the changed files, so an on-demand
> scan later will look at those files added while the on-access scanner
> was quiesced.

Starting at the beginning:
My pc was running sluggishly, so I installed Process Explorer to see if 
I could spot where it was happening.
The three most active processes seem to be My email (Thunderbird), My 
browser (Brave) and MsMpEng.exe (not necessarily in that order at all times)
As I said, I excluded MsMpEng.exe and my pc seems to be running more 
smoothly. However, the MsMpEng.exe process is still showing the same 
kind of numbers as before.
Perhaps I should quit while I'm ahead?

-- 
Jim the Geordie

[toc] | [prev] | [next] | [standalone]

#181303

On Mon, 1/13/2025 10:00 AM, VanguardLH wrote:
> Jim the Geordie <jim@jimXscott.co.uk> wrote:
> 
>> On 13/01/2025 12:50, VanguardLH wrote:
>>> Jim the Geordie <jim@jimXscott.co.uk> wrote:
>>>
>>>> I have followed instruction (from several sources) to make the file
>>>> MsMpEng.exe as an exception for Defender, but it is still there after a
>>>> restart.
>>>> What am I doing wrong?
>>>> Windows 10
>>>> Brave browser.
>>>> Thunderbird.
>>>
>>> MsMpEng.exe *is* Windows Defender:
>>>    MS (Microsoft)
>>>    Mp (Malware Protection)
>>>    Eng (Engine)
>>>    
>>> An exception does not kill a process, but exclude it from getting
>>> scanned.
>>>
>>> Are you running some other/3rd-party anti-virus program?  If so, only
>>> ONE should be running at a time (as the on-demand aka realtime scanner),
>>> not multiple running at the same time.  If you want to use a 3rd-party
>>> AV, disable Windows Defender.  Be sure to use a 3rd-party AV that
>>> properly registers itself in Windows which will have Windows grant the
>>> 3rd-party AV as the antimalware protector.
>>>    
>>> The "instructions" came from where, specifically?  Just because you
>>> found something on the Web doesn't mandate it is valid, or applies in
>>> your situtation.
>>
>> That's fine.
>> My PC seems to be faster/less 'laggy'.
>> The instructions came from Microsoft (among others, but they were all 
>> the same)
>> I am not running any other AV program.
> 
> If you add msmpeng.exe as an exception to the scans by Windows Defender,
> you leave your setup vulnerable if the file becomes compromised, but you
> told Defender not to scan itself.  The expection is that Defender will
> defends its own core files, but I wasn't aware that Defender would scan
> its own core files in scans, but instead defend itself at all times, not
> just during scans.
> 
> If you are going to exclude msmpeng.exe from scans, you might as well as
> exclude its entire folder (C:\Program Files\Windows Defender).
> 
> Are you seeing high CPU usage for long periods which are eliminated by
> excluding msmpeng.exe (the scanner) from Defender's own scans?  There
> are high CPU moments when Defender scans itself, but the on-access
> (real-time) scanner should only be scanning changed files (changed or
> new), not every file all the time.  If there are lots of file changes,
> like thousands (either in file count, or rewrites to the same file) then
> Defender will be busy rescanning those files.  Possibly on ancient
> hardware the msmpeng.exe process may remain high.  If hardware upgrading
> (CPU, memory) is not an option, you might want to switch off Defender to
> go with a 3rd-party AV; however, most will also get busy when there are
> lots of file changes as they, too, have to scan the changed files.
> 
> If you scheduled the on-demand scanner, you might want to move that
> schedule to a time when you are not using the computer.  However,
> on-demand scans won't find anything the on-access/realtime scanner did
> not find.  Only if you disabled the on-access scanner, installed new
> files during which the scanner was disabled, and then reenabled the
> scanner then the scanner won't see the changed files, so an on-demand
> scan later will look at those files added while the on-access scanner
> was quiesced.
> 

Just as a general observation, the "claimed" CPU usage of that executable
is small, yet the amount of total I/O it has done, is pretty impressive,
for something not using a lot of CPU. The I/O has happened
over many hours.

   [Picture]

    https://i.postimg.cc/dVcgppjN/msmpeng-activity.gif

The Sysinternals Process Explorer is available here. It can be run
as Administrator, for some activities this gives a bit of extra info,
but Administrator is not needed for casual usage like in the picture.
The CPU usage includes two digits after the decimal, which is useful.

   https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer

Does MSMPENG.exe slow down the machine ? You bet your ass it does.
But it shows up, when you attempt to read files.

As an example, you may have a copy of hashdeep64.exe or md5deep64.exe ,
which is a program that can generate a checksum value for each and
every file on a PC. The poor "hashdeep" runs at about 14% of normal
speed, when Defender is finished scanning the shit out of each
file as it is being read. This is where you are losing the performance.
The real time performance, when your activities do high I/O, is
slowed considerably by Defender.

But at the background scan level, which is what the top picture is
demonstrating, it should not be making the system particularly laggy.

When running high I/O programs, you have to go to the security panel
and "disable Real Time scan", for those activities that you suspect
are innocuous. While malware could come out of hiding while you
have the Real Time scan disabled, it's not much of a computer
if I/O activity is being strangled.

Not all I/O activity is necessarily scanned to the same extent.
If you run a Macrium Reflect backup while the OS is running,
the I/O there is at cluster level, and scanning the shit out
of individual clusters isn't particularly an effective security
measure. Whereas reading whole files is more of interest to
a Defender.

There can be some places worth setting an exception. If your mail tool
stores messages as separate .eml files, you could have a hundred thousand
of those, and any time the email tool scans the email store, that's
going to make Defender nuts and the activity will slow to a crawl.
Then you have to make the decision, whether disabling real time on
that folder is a necessary thing or not.  Again, if your email
becomes basically unusable due to parallel scanning activity,
it's not much of a computer if you can't use it.

But I would avoid random vacuous application of Exceptions.
Exceptions are not the new breakfast cereal. They're to be
used with thought and reflection, balancing security versus
abysmal performance.

   Paul

[toc] | [prev] | [next] | [standalone]

#181308

On 1/13/2025 11:05 AM, Paul wrote:
> On Mon, 1/13/2025 10:00 AM, VanguardLH wrote:
>> Jim the Geordie <jim@jimXscott.co.uk> wrote:
>>
>>> On 13/01/2025 12:50, VanguardLH wrote:
>>>> Jim the Geordie <jim@jimXscott.co.uk> wrote:
>>>>
>>>>> I have followed instruction (from several sources) to make the file
>>>>> MsMpEng.exe as an exception for Defender, but it is still there after a
>>>>> restart.
>>>>> What am I doing wrong?
>>>>> Windows 10
>>>>> Brave browser.
>>>>> Thunderbird.
>>>>
>>>> MsMpEng.exe *is* Windows Defender:
>>>>     MS (Microsoft)
>>>>     Mp (Malware Protection)
>>>>     Eng (Engine)
>>>>     
>>>> An exception does not kill a process, but exclude it from getting
>>>> scanned.
>>>>
>>>> Are you running some other/3rd-party anti-virus program?  If so, only
>>>> ONE should be running at a time (as the on-demand aka realtime scanner),
>>>> not multiple running at the same time.  If you want to use a 3rd-party
>>>> AV, disable Windows Defender.  Be sure to use a 3rd-party AV that
>>>> properly registers itself in Windows which will have Windows grant the
>>>> 3rd-party AV as the antimalware protector.
>>>>     
>>>> The "instructions" came from where, specifically?  Just because you
>>>> found something on the Web doesn't mandate it is valid, or applies in
>>>> your situtation.
>>>
>>> That's fine.
>>> My PC seems to be faster/less 'laggy'.
>>> The instructions came from Microsoft (among others, but they were all
>>> the same)
>>> I am not running any other AV program.
>>
>> If you add msmpeng.exe as an exception to the scans by Windows Defender,
>> you leave your setup vulnerable if the file becomes compromised, but you
>> told Defender not to scan itself.  The expection is that Defender will
>> defends its own core files, but I wasn't aware that Defender would scan
>> its own core files in scans, but instead defend itself at all times, not
>> just during scans.
>>
>> If you are going to exclude msmpeng.exe from scans, you might as well as
>> exclude its entire folder (C:\Program Files\Windows Defender).
>>
>> Are you seeing high CPU usage for long periods which are eliminated by
>> excluding msmpeng.exe (the scanner) from Defender's own scans?  There
>> are high CPU moments when Defender scans itself, but the on-access
>> (real-time) scanner should only be scanning changed files (changed or
>> new), not every file all the time.  If there are lots of file changes,
>> like thousands (either in file count, or rewrites to the same file) then
>> Defender will be busy rescanning those files.  Possibly on ancient
>> hardware the msmpeng.exe process may remain high.  If hardware upgrading
>> (CPU, memory) is not an option, you might want to switch off Defender to
>> go with a 3rd-party AV; however, most will also get busy when there are
>> lots of file changes as they, too, have to scan the changed files.
>>
>> If you scheduled the on-demand scanner, you might want to move that
>> schedule to a time when you are not using the computer.  However,
>> on-demand scans won't find anything the on-access/realtime scanner did
>> not find.  Only if you disabled the on-access scanner, installed new
>> files during which the scanner was disabled, and then reenabled the
>> scanner then the scanner won't see the changed files, so an on-demand
>> scan later will look at those files added while the on-access scanner
>> was quiesced.
>>
> 
> Just as a general observation, the "claimed" CPU usage of that executable
> is small, yet the amount of total I/O it has done, is pretty impressive,
> for something not using a lot of CPU. The I/O has happened
> over many hours.
> 
>     [Picture]
> 
>      https://i.postimg.cc/dVcgppjN/msmpeng-activity.gif
> 
> The Sysinternals Process Explorer is available here. It can be run
> as Administrator, for some activities this gives a bit of extra info,
> but Administrator is not needed for casual usage like in the picture.
> The CPU usage includes two digits after the decimal, which is useful.
> 
>     https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer
> 
> Does MSMPENG.exe slow down the machine ? You bet your ass it does.
> But it shows up, when you attempt to read files.
> 
> As an example, you may have a copy of hashdeep64.exe or md5deep64.exe ,
> which is a program that can generate a checksum value for each and
> every file on a PC. The poor "hashdeep" runs at about 14% of normal
> speed, when Defender is finished scanning the shit out of each
> file as it is being read. This is where you are losing the performance.
> The real time performance, when your activities do high I/O, is
> slowed considerably by Defender.
> 
> But at the background scan level, which is what the top picture is
> demonstrating, it should not be making the system particularly laggy.
> 
> When running high I/O programs, you have to go to the security panel
> and "disable Real Time scan", for those activities that you suspect
> are innocuous. While malware could come out of hiding while you
> have the Real Time scan disabled, it's not much of a computer
> if I/O activity is being strangled.
> 
> Not all I/O activity is necessarily scanned to the same extent.
> If you run a Macrium Reflect backup while the OS is running,
> the I/O there is at cluster level, and scanning the shit out
> of individual clusters isn't particularly an effective security
> measure. Whereas reading whole files is more of interest to
> a Defender.
> 
> There can be some places worth setting an exception. If your mail tool
> stores messages as separate .eml files, you could have a hundred thousand
> of those, and any time the email tool scans the email store, that's
> going to make Defender nuts and the activity will slow to a crawl.
> Then you have to make the decision, whether disabling real time on
> that folder is a necessary thing or not.  Again, if your email
> becomes basically unusable due to parallel scanning activity,
> it's not much of a computer if you can't use it.
> 
> But I would avoid random vacuous application of Exceptions.
> Exceptions are not the new breakfast cereal. They're to be
> used with thought and reflection, balancing security versus
> abysmal performance.
> 
>     Paul
I use Defender as real time protection but run other AV scanners in my 
unattended overnight batches. To do that the batch deactivates Defender 
first and reactivates it after the "other" scan.

Note that each program has a log file and a quarantine folder. It is 
best to add quarantine folders as exceptions to the "other" scanners. To 
keep retained log files at a reasonable quantity I keep a max number of 
each which is controlled in the batch. Also note that the Defenders log 
is one large file at C:\Users\xxxx\AppData\Local\Temp\MpCmdRun.log and 
not individual files.

[toc] | [prev] | [next] | [standalone]

#181312

Paul <nospam@needed.invalid> wrote:

> Just as a general observation, the "claimed" CPU usage of that executable
> is small, yet the amount of total I/O it has done, is pretty impressive,
> for something not using a lot of CPU. The I/O has happened
> over many hours.
> 
>    [Picture]
> 
>     https://i.postimg.cc/dVcgppjN/msmpeng-activity.gif
> 
> The Sysinternals Process Explorer is available here. It can be run
> as Administrator, for some activities this gives a bit of extra info,
> but Administrator is not needed for casual usage like in the picture.
> The CPU usage includes two digits after the decimal, which is useful.
> 
>    https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer
> 
> Does MSMPENG.exe slow down the machine ? You bet your ass it does.
> But it shows up, when you attempt to read files.
> 
> As an example, you may have a copy of hashdeep64.exe or md5deep64.exe ,
> which is a program that can generate a checksum value for each and
> every file on a PC. The poor "hashdeep" runs at about 14% of normal
> speed, when Defender is finished scanning the shit out of each
> file as it is being read. This is where you are losing the performance.
> The real time performance, when your activities do high I/O, is
> slowed considerably by Defender.
> 
> But at the background scan level, which is what the top picture is
> demonstrating, it should not be making the system particularly laggy.
> 
> When running high I/O programs, you have to go to the security panel
> and "disable Real Time scan", for those activities that you suspect
> are innocuous. While malware could come out of hiding while you
> have the Real Time scan disabled, it's not much of a computer
> if I/O activity is being strangled.
> 
> Not all I/O activity is necessarily scanned to the same extent.
> If you run a Macrium Reflect backup while the OS is running,
> the I/O there is at cluster level, and scanning the shit out
> of individual clusters isn't particularly an effective security
> measure. Whereas reading whole files is more of interest to
> a Defender.
> 
> There can be some places worth setting an exception. If your mail tool
> stores messages as separate .eml files, you could have a hundred thousand
> of those, and any time the email tool scans the email store, that's
> going to make Defender nuts and the activity will slow to a crawl.
> Then you have to make the decision, whether disabling real time on
> that folder is a necessary thing or not.  Again, if your email
> becomes basically unusable due to parallel scanning activity,
> it's not much of a computer if you can't use it.
> 
> But I would avoid random vacuous application of Exceptions.
> Exceptions are not the new breakfast cereal. They're to be
> used with thought and reflection, balancing security versus
> abysmal performance.
> 
>    Paul

I've seen tons of I/O activity when 2 on-access/real-time AV scanners
were active.  I'd see the first AV open the file to scan it, the 2nd AV
see the file got opened, so the 2nd AV would scan the file.  The 1st AV
would see the 2nd AV opened the file, so the 1st AV would rescan the
same file.  And the death grip continued for about 30K opens on the same
file with the AVs battling each other over which would be the last to
open the file to scan it.  That's why it is a bad scenario to have two,
or more, AV on-access scanners active at the same time.  If you feel
compelled to use a 2nd AV to double-check for malware, disable its
on-access scanner, and just schedule it to do an on-demand scan, and
disable it from scanning the folder of the other AV.  

As for high CPU usage, or *lots* of I/O, I've seen that with other AV
software, too.  It isn't unique to Defender.

As for scanning e-mail, it is superfluous to configure the AV on-access
scanner to scan when a new message arrives.  Whether scanning the e-mail
traffic, when the e-mail gets saved into a message store, or scanning
later when extracting the message, the same on-access scanner gets used.
Attachments in an e-mail are just long text encoded strings, and are not
executable.  Not until extraction into a file can they become an
executable danger.  You get earlier warning, but not greater pest
detection.  Defender's on-access scanner doesn't scan e-mails (but does
for its on-demand/scheduled scans) while other AVs have the option to
scan e-mail traffic which should be disabled since there is no added
detection coverage.  You end up scanning twice without any added pest
coverage: once on message delivery while scanning the e-mail traffic,
and again if and when an attachment is extracted.  What does the AV
scanner see when an e-mail arrives for its attachments?  Long text
encoded strings which are no danger.  What about the e-mail body?  Nope,
no danger there, either, unless you are so stupid as to allow Javascript
to get executed in an HTML-formatted e-mail.  E-mail clients should
default to NOT running any scripts in e-mails.  E-mail is not a
substitute for web docs, but way too many senders treat it as such.

[toc] | [prev] | [standalone]

Back to top | Article view | alt.comp.os.windows-10

csiph-web