If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Windows Defender
For the past few weeks, I've received an update for Windows Defender
definitions almost every day. When I install it, Defender proceeds to busy up my machine for quite a long time, slowing other things down. Is anybody else seeing this update behavior? |
Ads |
#2
|
|||
|
|||
Windows Defender
After serious thinking Jason wrote :
For the past few weeks, I've received an update for Windows Defender definitions almost every day. When I install it, Defender proceeds to busy up my machine for quite a long time, slowing other things down. Is anybody else seeing this update behavior? No such problems here. Win7 64bit SP1 -- Zo "Genius may have its limitations, but stupidity is not thus handicapped." -- Elbert Hubbard |
#3
|
|||
|
|||
Windows Defender
Jason wrote:
For the past few weeks, I've received an update for Windows Defender definitions almost every day. When I install it, Defender proceeds to busy up my machine for quite a long time, slowing other things down. Is anybody else seeing this update behavior? A general rule of thumb is, the System folder on computers is treated differently than the rest of C: . Even when a third party AV has "real time protection" disabled, you may catch it doing a System folder scan at startup. In some cases, even when a third-party AV is "removed" some services can be left behind, either doing scans of System folder (using the last set of definitions), or alternately, still doing heuristic (behavioral) checks when the system is running. So it's really hard to say what is going on. I think Windows Defender shares some of the characteristics with other commercial offerings. ******* Modern Windows has the ETW tracing system. That collects certain kinds of events, such as registry operations, or useful things like CreateFile, ReadFile, WriteFile. The trace includes the name of the thing doing the operation. In the case of Services though, they still get to hide behind their "SVCHOST cloak", so the user must do a lot of extra work to expose them. If you have a problem during the day, using Sysinternals ProcMon taps into ETW, and logs it. If you thought Windows Defender was scanning your System folder say, you could start ProcMon, set the display filter for ReadFile events, then see if a process with MsMpEng in the name or similar, is busy doing reads. Then check the path of each read, to see if it is the system folder, or some other folder. If your problem was during the first two minutes of system operation, you could use the Windows Performance Assessment kit, which also uses ETW tracing during startup and shutdown. It widens the tracing window, to include stuff closer to T=0. But it's a bit on the bloated side, something "designed" for IT people (to try to impress them I guess). Even after playing with that program for a couple days, I still couldn't get as nice looking a graph later, as I could get with the WinXP-era BootVis program. Which was a similar effort, but didn't put on a show for folks. BootVis was all business. If you were using Windows Performance Assessment, what you'd see is "MsMpEng" in the trace, and perhaps two minutes of disk activity associated with that executable. That's all WPA would show you. But if you experience "grinding" on a computer during boot, maybe the desktop is late showing up, it may still be worthwhile doing boot-time tracing to see what is going on. For example, if it was not MsMpEng doing it, but some other Windows process, you might be a lot more alarmed. ******* Since this is Windows 7, you may also experience extended periods of time, where a Windows Update helper is "grinding" all the packages on the OS. To see what needs updating. Later OSes use some sort of caching for this, with the idea being, that perhaps less grinding of the disk is needed. So if you see TiWorker, wuaueng, or other weird stuff in your ProcMon trace, that could be the support for Windows Update at work. To slap such a process upside the head, simply visit the Windows Update control panel. And pretend to be interested in updates. As the actual Windows Update panel and a request from there, can cause the "scanning" process to stop. Until the next time. I have a whole raft of things I do to Windows, to quiesce the thing when I want its undivided attention. This includes 1) Disable real time protection on Windows Defender. 2) Disable the Search Indexer. This includes changing the recovery policy, setting the recovery policy to *not* attempt to restart it. The Search Indexer is a lot more aggressive than its Service definition implies. As if some other process in Windows will restart it on you. I generally have to keep the Properties panel open, so I can give it another whack if it starts itself again. 3) If some of that Windows Update scanning is going on, do a quick visit to Windows Update to try to stop it. n) Now, do the program install you were planning on doing, knowing that fewer things will be slowing it down. In some cases, attention to the little details, frees up enough disk bandwidth for the big install you were doing to complete in half the time. Paul |
#4
|
|||
|
|||
Windows Defender
On Sat, 2 Apr 2016 13:57:55 -0400, Jason
wrote: For the past few weeks, I've received an update for Windows Defender definitions almost every day. When I install it, Defender proceeds to busy up my machine for quite a long time, slowing other things down. Is anybody else seeing this update behavior? If you are using a 3rd party antivirus solution, it is best practice to disable Windows Defender. See: http://windows.microsoft.com/en-us/w...-off=windows-7 |
#5
|
|||
|
|||
Windows Defender
Stormin' Norman wrote on 4/2/2016 :
On Sat, 2 Apr 2016 13:57:55 -0400, Jason wrote: For the past few weeks, I've received an update for Windows Defender definitions almost every day. When I install it, Defender proceeds to busy up my machine for quite a long time, slowing other things down. Is anybody else seeing this update behavior? If you are using a 3rd party antivirus solution, it is best practice to disable Windows Defender. See: http://windows.microsoft.com/en-us/w...-off=windows-7 That's not correct. See below, this is quoted from the link you have provided above: " Windows Defender is antispyware software that's included with Windows and runs automatically when it's turned on. Using antispyware software can help protect your computer against spyware and other potentially unwanted software. Spyware can be installed on your computer without your knowledge any time you connect to the Internet, and it can infect your computer when you install some programs using a CD, DVD, or other removable media. Spyware can also be programmed to run at unexpected times, not just when it's installed." It is not an antivirus program as it once was, so it is perfectly safe to run it together with your antivirus program. I've running WinDefender along side Avast since I started using Win 7 without any conflicts what so ever. -- Zo Click..Click..Click..darn, out of taglines! |
#6
|
|||
|
|||
Windows Defender
On Sun, 03 Apr 2016 12:18:37 -0400, Zo wrote:
Stormin' Norman wrote on 4/2/2016 : On Sat, 2 Apr 2016 13:57:55 -0400, Jason wrote: For the past few weeks, I've received an update for Windows Defender definitions almost every day. When I install it, Defender proceeds to busy up my machine for quite a long time, slowing other things down. Is anybody else seeing this update behavior? If you are using a 3rd party antivirus solution, it is best practice to disable Windows Defender. See: http://windows.microsoft.com/en-us/w...-off=windows-7 That's not correct. See below, this is quoted from the link you have provided above: " Windows Defender is antispyware software that's included with Windows and runs automatically when it's turned on. Using antispyware software can help protect your computer against spyware and other potentially unwanted software. Spyware can be installed on your computer without your knowledge any time you connect to the Internet, and it can infect your computer when you install some programs using a CD, DVD, or other removable media. Spyware can also be programmed to run at unexpected times, not just when it's installed." It is not an antivirus program as it once was, so it is perfectly safe to run it together with your antivirus program. I've running WinDefender along side Avast since I started using Win 7 without any conflicts what so ever. Obviously you can do as you wish, my recommendation is based upon the experience gained from maintaining a network of over 100 workstations in my business. I hope you are able to resolve your issue. |
#7
|
|||
|
|||
Windows Defender
On Sat, 02 Apr 2016 20:10:30 -0400 "Paul" wrote in
article In some cases, even when a third-party AV is "removed" some services can be left behind, either doing scans of System folder (using the last set of definitions), or alternately, still doing heuristic (behavioral) checks when the system is running. The free version of Malwarebytes does this. I uninstalled it but it kept starting a service at boot. It was particularly annoying to expunge all evidence of it... |
#8
|
|||
|
|||
Windows Defender
On Sat, 02 Apr 2016 20:10:30 -0400 "Paul" wrote in
article n) Now, do the program install you were planning on doing, knowing that fewer things will be slowing it down. In some cases, attention to the little details, frees up enough disk bandwidth for the big install you were doing to complete in half the time. Paul Amen. Thanks :-) |
#9
|
|||
|
|||
Windows Defender
I keep getting definition updates for Windows Defender in Windows
Update. I have Kaspersky Anti-Virus installed. Do I actuallly *need* Windows Defender? If so, why? If not, how do I unintall Windows Defender, and stop the definition updates? tyvm Definition Update for Windows Defender - KB915597 (Definition 1.217.1113.0) Installation date: ?12/?04/?2016 10:42 Installation status: Successful Update type: Important Install this update to revise the definition files used to detect spyware and other potentially unwanted software. Once you have installed this item, it cannot be removed. More information: http://www.microsoft.com/athome/secu.../overview.mspx Help and Support: http://go.microsoft.com/fwlink/?LinkId=52661 |
#11
|
|||
|
|||
Windows Defender
On Wed, 13 Apr 2016 18:15:38 +0000, Stormin' Norman
wrote: On Wed, 13 Apr 2016 19:01:01 +0100, lid wrote: I keep getting definition updates for Windows Defender in Windows Update. I have Kaspersky Anti-Virus installed. Do I actuallly *need* Windows Defender? If so, why? If not, how do I unintall Windows Defender, and stop the definition updates? Others might disagree, but IMHO, you do not need to have windows defender activated. The easiest and wisest course of action is to deactivate it using these instructions: http://windows.microsoft.com/en-us/w...-off=windows-7 Okay, I just turned Defender off. Will that stop Windows Update loading definitions for Defender in the future, or it some extra jiggery-pokery needed? |
#12
|
|||
|
|||
Windows Defender
lid brought next idea :
On Wed, 13 Apr 2016 18:15:38 +0000, Stormin' Norman wrote: On Wed, 13 Apr 2016 19:01:01 +0100, lid wrote: I keep getting definition updates for Windows Defender in Windows Update. I have Kaspersky Anti-Virus installed. Do I actuallly *need* Windows Defender? If so, why? If not, how do I unintall Windows Defender, and stop the definition updates? Others might disagree, but IMHO, you do not need to have windows defender activated. The easiest and wisest course of action is to deactivate it using these instructions: http://windows.microsoft.com/en-us/w...-off=windows-7 Okay, I just turned Defender off. Will that stop Windows Update loading definitions for Defender in the future, or it some extra jiggery-pokery needed? That should prevent the updating of definitions. Of course, MS could update the Defender software itself through WU. I think you will be pleased with the difference you will see with it disabled. |
#13
|
|||
|
|||
Windows Defender
On Wed, 13 Apr 2016 11:50:17 -0700, Brian
wrote: brought next idea : On Wed, 13 Apr 2016 18:15:38 +0000, Stormin' Norman wrote: On Wed, 13 Apr 2016 19:01:01 +0100, lid wrote: I keep getting definition updates for Windows Defender in Windows Update. I have Kaspersky Anti-Virus installed. Do I actuallly *need* Windows Defender? If so, why? If not, how do I unintall Windows Defender, and stop the definition updates? Others might disagree, but IMHO, you do not need to have windows defender activated. The easiest and wisest course of action is to deactivate it using these instructions: http://windows.microsoft.com/en-us/w...-off=windows-7 Okay, I just turned Defender off. Will that stop Windows Update loading definitions for Defender in the future, or it some extra jiggery-pokery needed? That should prevent the updating of definitions. Of course, MS could update the Defender software itself through WU. I think you will be pleased with the difference you will see with it disabled. Yeah, what he said....... |
Thread Tools | |
Display Modes | Rate This Thread |
|
|