Windows Defender

For the past few weeks, I've received an update for Windows Defender
definitions almost every day. When I install it, Defender proceeds to
busy up my machine for quite a long time, slowing other things down. Is
anybody else seeing this update behavior?

After serious thinking Jason wrote :
For the past few weeks, I've received an update for Windows Defender
definitions almost every day. When I install it, Defender proceeds to
busy up my machine for quite a long time, slowing other things down. Is
anybody else seeing this update behavior?

No such problems here.
Win7 64bit SP1

--
Zo

"Genius may have its limitations, but stupidity is not thus
handicapped." -- Elbert Hubbard

Jason wrote:
For the past few weeks, I've received an update for Windows Defender
definitions almost every day. When I install it, Defender proceeds to
busy up my machine for quite a long time, slowing other things down. Is
anybody else seeing this update behavior?

A general rule of thumb is, the System folder on computers
is treated differently than the rest of C: .

Even when a third party AV has "real time protection" disabled,
you may catch it doing a System folder scan at startup. In
some cases, even when a third-party AV is "removed" some
services can be left behind, either doing scans of System
folder (using the last set of definitions), or alternately,
still doing heuristic (behavioral) checks when the system
is running.

So it's really hard to say what is going on. I think Windows
Defender shares some of the characteristics with other
commercial offerings.

*******

Modern Windows has the ETW tracing system. That collects
certain kinds of events, such as registry operations,
or useful things like CreateFile, ReadFile, WriteFile. The
trace includes the name of the thing doing the operation.
In the case of Services though, they still get to hide
behind their "SVCHOST cloak", so the user must do a lot
of extra work to expose them.

If you have a problem during the day, using Sysinternals
ProcMon taps into ETW, and logs it. If you thought Windows
Defender was scanning your System folder say, you could
start ProcMon, set the display filter for ReadFile events,
then see if a process with MsMpEng in the name or similar,
is busy doing reads. Then check the path of each read,
to see if it is the system folder, or some other folder.

If your problem was during the first two minutes of system
operation, you could use the Windows Performance Assessment
kit, which also uses ETW tracing during startup and shutdown. It
widens the tracing window, to include stuff closer to T=0.
But it's a bit on the bloated side, something "designed"
for IT people (to try to impress them I guess). Even after
playing with that program for a couple days, I still couldn't
get as nice looking a graph later, as I could get with the
WinXP-era BootVis program. Which was a similar effort,
but didn't put on a show for folks. BootVis was all business.

If you were using Windows Performance Assessment, what you'd
see is "MsMpEng" in the trace, and perhaps two minutes of
disk activity associated with that executable. That's all
WPA would show you. But if you experience "grinding" on a
computer during boot, maybe the desktop is late showing
up, it may still be worthwhile doing boot-time tracing
to see what is going on. For example, if it was not
MsMpEng doing it, but some other Windows process, you
might be a lot more alarmed.

*******

Since this is Windows 7, you may also experience extended
periods of time, where a Windows Update helper is "grinding"
all the packages on the OS. To see what needs updating.
Later OSes use some sort of caching for this, with the
idea being, that perhaps less grinding of the disk is needed.
So if you see TiWorker, wuaueng, or other weird stuff in
your ProcMon trace, that could be the support for Windows
Update at work.

To slap such a process upside the head, simply visit the
Windows Update control panel. And pretend to be interested
in updates. As the actual Windows Update panel and a request
from there, can cause the "scanning" process to stop. Until
the next time.

I have a whole raft of things I do to Windows, to quiesce
the thing when I want its undivided attention. This includes

1) Disable real time protection on Windows Defender.
2) Disable the Search Indexer. This includes changing the
recovery policy, setting the recovery policy to *not*
attempt to restart it. The Search Indexer is a lot more
aggressive than its Service definition implies. As if
some other process in Windows will restart it on you.
I generally have to keep the Properties panel open,
so I can give it another whack if it starts itself again.
3) If some of that Windows Update scanning is going on,
do a quick visit to Windows Update to try to stop it.

n) Now, do the program install you were planning on doing,
knowing that fewer things will be slowing it down.

In some cases, attention to the little details, frees up
enough disk bandwidth for the big install you were doing
to complete in half the time.

Paul

On Sat, 2 Apr 2016 13:57:55 -0400, Jason
wrote:

For the past few weeks, I've received an update for Windows Defender
definitions almost every day. When I install it, Defender proceeds to
busy up my machine for quite a long time, slowing other things down. Is
anybody else seeing this update behavior?


If you are using a 3rd party antivirus solution, it is best practice
to disable Windows Defender. See:

http://windows.microsoft.com/en-us/w...-off=windows-7

Stormin' Norman wrote on 4/2/2016 :
On Sat, 2 Apr 2016 13:57:55 -0400, Jason
wrote:

For the past few weeks, I've received an update for Windows Defender
definitions almost every day. When I install it, Defender proceeds to
busy up my machine for quite a long time, slowing other things down. Is
anybody else seeing this update behavior?


If you are using a 3rd party antivirus solution, it is best practice
to disable Windows Defender. See:

http://windows.microsoft.com/en-us/w...-off=windows-7

That's not correct. See below, this is quoted from the link you have
provided above:

" Windows Defender is antispyware software that's included with Windows
and runs automatically when it's turned on. Using antispyware software
can help protect your computer against spyware and other potentially
unwanted software. Spyware can be installed on your computer without
your knowledge any time you connect to the Internet, and it can infect
your computer when you install some programs using a CD, DVD, or other
removable media. Spyware can also be programmed to run at unexpected
times, not just when it's installed."

It is not an antivirus program as it once was, so it is perfectly safe
to run it together with your antivirus program. I've running
WinDefender along side Avast since I started using Win 7 without any
conflicts what so ever.

--
Zo

Click..Click..Click..darn, out of taglines!

On Sun, 03 Apr 2016 12:18:37 -0400, Zo wrote:

Stormin' Norman wrote on 4/2/2016 :
On Sat, 2 Apr 2016 13:57:55 -0400, Jason
wrote:

For the past few weeks, I've received an update for Windows Defender
definitions almost every day. When I install it, Defender proceeds to
busy up my machine for quite a long time, slowing other things down. Is
anybody else seeing this update behavior?


If you are using a 3rd party antivirus solution, it is best practice
to disable Windows Defender. See:

http://windows.microsoft.com/en-us/w...-off=windows-7

That's not correct. See below, this is quoted from the link you have
provided above:

" Windows Defender is antispyware software that's included with Windows
and runs automatically when it's turned on. Using antispyware software
can help protect your computer against spyware and other potentially
unwanted software. Spyware can be installed on your computer without
your knowledge any time you connect to the Internet, and it can infect
your computer when you install some programs using a CD, DVD, or other
removable media. Spyware can also be programmed to run at unexpected
times, not just when it's installed."

It is not an antivirus program as it once was, so it is perfectly safe
to run it together with your antivirus program. I've running
WinDefender along side Avast since I started using Win 7 without any
conflicts what so ever.


Obviously you can do as you wish, my recommendation is based upon the
experience gained from maintaining a network of over 100 workstations
in my business.

I hope you are able to resolve your issue.

On Sat, 02 Apr 2016 20:10:30 -0400 "Paul" wrote in
article
In
some cases, even when a third-party AV is "removed" some
services can be left behind, either doing scans of System
folder (using the last set of definitions), or alternately,
still doing heuristic (behavioral) checks when the system
is running.



The free version of Malwarebytes does this. I uninstalled it but it kept
starting a service at boot. It was particularly annoying to expunge all
evidence of it...

On Sat, 02 Apr 2016 20:10:30 -0400 "Paul" wrote in
article
n) Now, do the program install you were planning on doing,
knowing that fewer things will be slowing it down.

In some cases, attention to the little details, frees up
enough disk bandwidth for the big install you were doing
to complete in half the time.

Paul


Amen. Thanks :-)

I keep getting definition updates for Windows Defender in Windows
Update.

I have Kaspersky Anti-Virus installed.

Do I actuallly *need* Windows Defender? If so, why?

If not, how do I unintall Windows Defender, and stop the definition
updates?

tyvm

Definition Update for Windows Defender - KB915597 (Definition 1.217.1113.0)

Installation date: ?12/?04/?2016 10:42

Installation status: Successful

Update type: Important

Install this update to revise the definition files used to detect spyware and other potentially unwanted software. Once you have installed this item, it cannot be removed.

More information:
http://www.microsoft.com/athome/secu.../overview.mspx

Help and Support:
http://go.microsoft.com/fwlink/?LinkId=52661

On Wed, 13 Apr 2016 19:01:01 +0100, lid wrote:

I keep getting definition updates for Windows Defender in Windows
Update.

I have Kaspersky Anti-Virus installed.

Do I actuallly *need* Windows Defender? If so, why?

If not, how do I unintall Windows Defender, and stop the definition
updates?


Others might disagree, but IMHO, you do not need to have windows
defender activated. The easiest and wisest course of action is to
deactivate it using these instructions:

http://windows.microsoft.com/en-us/w...-off=windows-7

On Wed, 13 Apr 2016 18:15:38 +0000, Stormin' Norman
wrote:

On Wed, 13 Apr 2016 19:01:01 +0100, lid wrote:

I keep getting definition updates for Windows Defender in Windows
Update.

I have Kaspersky Anti-Virus installed.

Do I actuallly *need* Windows Defender? If so, why?

If not, how do I unintall Windows Defender, and stop the definition
updates?


Others might disagree, but IMHO, you do not need to have windows
defender activated. The easiest and wisest course of action is to
deactivate it using these instructions:

http://windows.microsoft.com/en-us/w...-off=windows-7

Okay, I just turned Defender off.

Will that stop Windows Update loading definitions for Defender in the
future, or it some extra jiggery-pokery needed?

lid brought next idea :
On Wed, 13 Apr 2016 18:15:38 +0000, Stormin' Norman
wrote:

On Wed, 13 Apr 2016 19:01:01 +0100, lid wrote:

I keep getting definition updates for Windows Defender in Windows
Update.

I have Kaspersky Anti-Virus installed.

Do I actuallly *need* Windows Defender? If so, why?

If not, how do I unintall Windows Defender, and stop the definition
updates?


Others might disagree, but IMHO, you do not need to have windows
defender activated. The easiest and wisest course of action is to
deactivate it using these instructions:

http://windows.microsoft.com/en-us/w...-off=windows-7

Okay, I just turned Defender off.

Will that stop Windows Update loading definitions for Defender in the
future, or it some extra jiggery-pokery needed?

That should prevent the updating of definitions. Of course, MS could
update the Defender software itself through WU.

I think you will be pleased with the difference you will see with it
disabled.

On Wed, 13 Apr 2016 11:50:17 -0700, Brian
wrote:

brought next idea :
On Wed, 13 Apr 2016 18:15:38 +0000, Stormin' Norman
wrote:

On Wed, 13 Apr 2016 19:01:01 +0100, lid wrote:

I keep getting definition updates for Windows Defender in Windows
Update.

I have Kaspersky Anti-Virus installed.

Do I actuallly *need* Windows Defender? If so, why?

If not, how do I unintall Windows Defender, and stop the definition
updates?


Others might disagree, but IMHO, you do not need to have windows
defender activated. The easiest and wisest course of action is to
deactivate it using these instructions:

http://windows.microsoft.com/en-us/w...-off=windows-7

Okay, I just turned Defender off.

Will that stop Windows Update loading definitions for Defender in the
future, or it some extra jiggery-pokery needed?

That should prevent the updating of definitions. Of course, MS could
update the Defender software itself through WU.

I think you will be pleased with the difference you will see with it
disabled.


Yeah, what he said.......