What turning off real time scanning does for a multiple small file transfer

Started by Jeremy Collake, December 21, 2012, 03:03:43 AM

Previous topic - Next topic

Jeremy Collake

...What turning off real time scanning does for a multiple small file transfer
Software Engineer. Bitsum LLC.

BenYeeHua

MSE?
Because I don't has a MLC/TLC pendrive/SSD, so I can't testing for it. :P

PS:It is better that, draw a red line between on/off on the image. ;)

Jeremy Collake

Yea, but I was not precise on the line location, though it is easily guessable with a small margin of error.

And, yes, MSE, sadly. All other security software would likely be worse, or at maybe as good, I think. Except for some installers and archives, where  I have heard MSE (trying to do a proper deep scan of them) get a bit 'stalled'. Still, it is recommendation.


Software Engineer. Bitsum LLC.

Jeremy Collake

And I didn't go out and test this.. just noticed it was going slow and disabled scanning. Figured it'd be interesting.
Software Engineer. Bitsum LLC.

hanemach_gt

The matter is as old as Windows, here is my observation in Windows 7:

http://gtweak.blogspot.com/2012/03/how-your-avis-may-affect-overall.html

GetBackupInfoGT is a script which is a part of my another script GTweak (now discontinued). It loops through registry backups created by GTweak, and the above test has been made on 100 artificial backups AFAIK. The process finished much faster after the removal of AV.
<img src="[url="http://imageshack.com/a/img913/7827/On37F9.gif"]http://imageshack.com/a/img913/7827/On37F9.gif[/url]"/>

BenYeeHua

Yup, just think when you are testing a SSD performance with many 4k/small files. :)
Some anti-virus has the setting to remember scanned file and just pass them, some are enable/don't have it as hidden setting.
And some of them is scan for the first time, then just passing them until reboot.
----
It seen like my anti-virus not scanning too many file(I set it as "only scan running xxx.exe"). ;D
I also installed anti-trojan/anti-spyware, but I sure it affect some operation, as it monitor the registry, driver, network etc.
Because it cause my proxy tester become slower(like increased 5 mins :o)
----
And ya, old problem. ;D

hanemach_gt

There weren't many files in case of my test, one registry backup made by GTweak (on a relatively "clean" system) in Windows 7 consists of 8 files at most (depends on privileges) and weights approximately 100MB. Nevertheless, even by 800 files the effect is noticeable.
<img src="[url="http://imageshack.com/a/img913/7827/On37F9.gif"]http://imageshack.com/a/img913/7827/On37F9.gif[/url]"/>

BenYeeHua


nikkil

You're never a loser until you quit trying.

BenYeeHua


Jeremy Collake

Ah, nice!

You know the largest 'kicker' problem for these scanners? Larger compressed archives (ZIP, etc..) and installers/SFX (also compressed archives with a decompression stub attached). These take major resources to scan since the whole archive must be read to extract each file and scan it, though in some cases a few file types are skipped at least.

With Windows 8, Windows Defender kind of acts in the background and really isn't obtrusive or interfering. It seems to function faster than anything else I've tried, and *most importantly* is not prone to false positives (though they do happen). Some other security software is big on false positives because they scare the user into buying their software and/or make the user think the software is doing something. Of course, we all know how I feel about false positives, funding the new deserted False Positive Report.

Compressed or protected executables (e.g. packed with PECompact) also take longer to scan, especially if multiple layers of protection are added.
Software Engineer. Bitsum LLC.

BenYeeHua

Ya, just like you are putting your item inside the box which inside the box which.......
----
QuoteWith Windows 8, Windows Defender kind of acts in the background and really isn't obtrusive or interfering. It seems to function faster than anything else I've tried, and *most importantly* is not prone to false positives (though they do happen). Some other security software is big on false positives because they scare the user into buying their software and/or make the user think the software is doing something. Of course, we all know how I feel about false positives, funding the new deserted False Positive Report.
Ya, just sometimes the MSE will making whole the computer lag when it is scanning Big File, and MSE is too "quiet" for all user, I saw many of them talking about MSE is too "quiet" and uninstall/disable it to using other anti-virus with firewall, email scan ... ;D

And the most problem of some "anti-virus" is their firewall scanning too slow, and blocking the half-open line. :P