Mail Archives: cygwin/2021/05/08/18:43:32
| X-Recipient: | archive-cygwin AT delorie DOT com
|
| X-Original-To: | cygwin AT cygwin DOT com
|
| Delivered-To: | cygwin AT cygwin DOT com
|
| DMARC-Filter: | OpenDMARC Filter v1.3.2 sourceware.org F2EAC385800F
|
| Authentication-Results: | sourceware.org; dmarc=none (p=none dis=none)
|
| header.from=SystematicSw.ab.ca
|
| Authentication-Results: | sourceware.org;
|
| spf=none smtp.mailfrom=brian DOT inglis AT systematicsw DOT ab DOT ca
|
| X-Authority-Analysis: | v=2.4 cv=W+Nb6Tak c=1 sm=1 tr=0 ts=6097140a
|
| a=T+ovY1NZ+FAi/xYICV7Bgg==:117 a=T+ovY1NZ+FAi/xYICV7Bgg==:17
|
| a=IkcTkHD0fZMA:10 a=SyYMxH9GAAAA:8 a=3x7OlR9i_kfz9Hq7hvcA:9 a=QEXdDO2ut3YA:10
|
| a=wkYXoHsSPKQA:10
|
| To: | cygwin AT cygwin DOT com
|
| References: | <SI2PR06MB4428406980C4C5CB49D96E0495579 AT SI2PR06MB4428 DOT apcprd06 DOT prod DOT outlook DOT com>
|
| From: | Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>
|
| Organization: | Systematic Software
|
| Subject: | Re: McAfee Anti-Virus Exclusion
|
| Message-ID: | <c4c91b98-d94f-1e7c-c568-87b767cb142a@SystematicSw.ab.ca>
|
| Date: | Sat, 8 May 2021 16:43:20 -0600
|
| User-Agent: | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
|
| Thunderbird/78.10.1
|
| MIME-Version: | 1.0
|
| In-Reply-To: | <SI2PR06MB4428406980C4C5CB49D96E0495579@SI2PR06MB4428.apcprd06.prod.outlook.com>
|
| X-CMAE-Envelope: | MS4xfP7TpdETbnyKn+5q7ZKgbfStV7i1sahZI/Mc193mMroUWSxvvTse+kxwGnvlWlsnIPcwwVN5OjXuT5fVBHUe1GK9qEAhfyzVUWK11Lzt8v3eg9LIuawq
|
| TRNfScuOvyLVmXWNfYd5LLIpc5zisZeXYPRIDx9lFdA8IrNnn0v7TJa8RHfNm1tksORz3gK7TsCdgNR8bnqcnDUnSgQDwn9bfZE=
|
| X-Spam-Status: | No, score=0.6 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
|
| KAM_LAZY_DOMAIN_SECURITY, NICE_REPLY_A, RCVD_IN_BARRACUDACENTRAL,
|
| RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE,
|
| TXREP autolearn=no autolearn_force=no version=3.4.2
|
| X-Spam-Checker-Version: | SpamAssassin 3.4.2 (2018-09-13) on
|
| server2.sourceware.org
|
| X-BeenThere: | cygwin AT cygwin DOT com
|
| X-Mailman-Version: | 2.1.29
|
| List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com>
|
| List-Unsubscribe: | <https://cygwin.com/mailman/options/cygwin>,
|
| <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
|
| List-Archive: | <https://cygwin.com/pipermail/cygwin/>
|
| List-Post: | <mailto:cygwin AT cygwin DOT com>
|
| List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help>
|
| List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>,
|
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
|
| Reply-To: | cygwin AT cygwin DOT com
|
| Errors-To: | cygwin-bounces AT cygwin DOT com
|
| Sender: | "Cygwin" <cygwin-bounces AT cygwin DOT com>
|
On 2021-05-07 04:57, Lam Jian Zhou via Cygwin wrote:
> We have encountered an issue with Cygwin process get slow when using McAfee anti-virus.
> We have put all the exclusion on not scanning or checking on Cygwin process and folder, but the slowness still exists.
> We have tried McAfee recommendation on this : https://docs.mcafee.com/bundle/endpoint-security-10.7.x-common-product-guide-windows/page/GUID-459435D7-AE7B-4656-9120-9235F39EA0D6.html but still not able to solve the issue.
>
> We have tried to find the issue in various forum but there is not much helpful information on this and even the McAfee support told us only Cygwin support can give the answer.
>
> Would you able to give some recommendation of what should be exclude for Cygwin process?
> Or is there any other windows process will be trigger along with the Cygwin? so, we can exclude them as well.
Cygwin support is a bunch of volunteers, so unless you can demonstrate an
obvious reproducible problem across multiple different installations, using a
simple test case, caused by Cygwin doing something it should not, it is unlikely
anyone here will be able to help much.
Please note that Cygwin is doing only what it has to, in order to support a
POSIX development environment under Windows.
If it seems too slow for your uses, please consider testing, timing, and running
your development toolchain under faster environments: try one of the many
distros under WSL, local or server VMs, Docker, etc.
The problem is with McAfee going out to servers to check every executable,
rather than remember locally that a file has already been checked using a hash
over contents and properties, and skipping future checks.
If you have problems with McAfee, complain to Intel, and thence to whoever
insists you run a legacy AV suite.
Run Windows Defender if you need an AV and want to minimize slowdown.
More intrusive AV will intercept and interfere more with performance (like
anything called End Point Protection, which is known to break Cygwin).
Have your techs run your processes with only Windows and Cygwin installed, then
with Windows Defender, then with Intel McAfee AV to see the differences.
Looking at the McAfee exclusions, they are decades out of date, most
installations are now x86_64, and may also support x86 [32 bit], so you need to
exclude the compiler and build toolchain utilities (gcc, llvm, clang, binutils,
coreutils, c/make, libtool, git packages) in /bin/, /usr/*86*-pc-cygwin/,
/lib/gcc/*86*-pc-cygwin/[1-9]*/ and all their DLLs /bin/cyg...*.dll for all
installed compiler and utility versions.
Note that Cygwin supports git (and is part of the toolchain used to build Git
for Windows mentioned by McAfee), so add /usr/libexec/, /usr/libexec/git-core/,
and other contents of that tree to your exclusions.
On development machines, Adaptive Threat Protection (guessing based on patterns
matching existing malware) will slow down every step of every build, so switch
it off, as well as any other guessing games, cloud or remote access!
Following McAfee's suggestions, using gpg keys and SHA2 hashes, make a verified
clean Cygwin developer build of everything you use, and upload everything
installed to McAfee's GTI servers, and the validation files to your own TIE
servers: clone to each developer machine and run a local TIE server there.
Do the same for everything in all your production builds.
--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
- Raw text -