X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org F1452393C87E
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1620528663;
	bh=70tiCbu0Q2zxk8mYeVfC7Ilz7WpnjXXdOpbYGGhRh44=;
	h=References:In-Reply-To:Date:Subject:To:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	From;
	b=sJK1KSPasuvuxgBoY0bZ/BrX6y/wrow38cosvIP7UhW/8flmYTrx5WUax9mp2NNR1
	mmkHEx+iBUlPq+kCKKY99gGqSRgouDUnV2oEc0bIShQql8KJJrj8M+lviQr6twpRqc
	d99Le8ePHChqUEp6vE92a8WJWM6XhV8simmoWBlM=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.3.2 sourceware.org 1B3683857C48
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:references:in-reply-to:from:date
	:message-id:subject:to;
	bh=TWhq/vHwmBhugUe8tYwm4tn8V2VwStxWKHrfQYmi51A=;
	b=OiAffbGS22BrJQ8+crIxAW6YyPWPKfbRs5Qfa8p5HVHbz+u6h4G+v2177vJlHnju7O
	93sJnIonfyg4paeNvQ/tLYkCscT7+ecIvihkyHr9p584bZNjLexM7EmGTrfORvp9pWHW
	Y9JukgMcl+xghPZtPBpwZVXW+l3rQl+d8wtXPf3hoCcDb8iChP8S92bfbFdtqhTX3/IB
	kCZQqgC9G2dIj+/aFF3RkHdtTlet7zNV6Hwq4ohnnlHMEscFjeHJgJt+Vbshu4/DDWt7
	aelgTG3YyWWysrbMvdRVaXS4gjRVgR+SAhy0Y9TGjkgLOlnzv6n4aGCYHuX16+pfNaWp
	/NqQ==
X-Gm-Message-State:	AOAM530lS/dxC9ime6/F4/k90NPfhj6eXmbxtdMjv63tpJaH0GfgerRG
	2U03VPqICl9fGF2xysyw0JeR0qhso+LxcvmbTRTJMR8LhGI=
X-Google-Smtp-Source:	ABdhPJyre9KEPd6vAlWK1kl/AZYs8Tg/tzgT5VzdyQzk+I/En95TkYhkQI9vhrsg41m3TfMMcxJPxxM06XmlezNt+LI=
X-Received:	by 2002:ab0:6487:: with SMTP id p7mr1900940uam.123.1620528658344;
	Sat, 08 May 2021 19:50:58 -0700 (PDT)
MIME-Version:	1.0
References:	<SI2PR06MB4428406980C4C5CB49D96E0495579 AT SI2PR06MB4428 DOT apcprd06 DOT prod DOT outlook DOT com>
	<c4c91b98-d94f-1e7c-c568-87b767cb142a AT SystematicSw DOT ab DOT ca>
In-Reply-To:	<c4c91b98-d94f-1e7c-c568-87b767cb142a@SystematicSw.ab.ca>
Date:	Sat, 8 May 2021 22:50:45 -0400
Message-ID:	<CAEMWCRsMkJQGK_mFuLk7tzj0XNNjkL8jowVDM8N922WRLR1iRQ@mail.gmail.com>
Subject:	Re: McAfee Anti-Virus Exclusion
To:	Cygwin <cygwin AT cygwin DOT com>
X-Spam-Status:	No, score=-0.3 required=5.0 tests=BAYES_00, DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
	TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version:	SpamAssassin 3.4.2 (2018-09-13) on
	server2.sourceware.org
X-Content-Filtered-By:	Mailman/MimeDel 2.1.29
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Jim McNamara via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	Jim McNamara <nefariousscheme AT gmail DOT com>
Sender:	"Cygwin" <cygwin-bounces AT cygwin DOT com>

On Sat, May 8, 2021, 7:33 PM Brian Inglis <Brian DOT Inglis AT systematicsw DOT ab DOT ca>
wrote:

> On 2021-05-07 04:57, Lam Jian Zhou via Cygwin wrote:
> > We have encountered an issue with Cygwin process get slow when using
> McAfee anti-virus.
> > We have put all the exclusion on not scanning or checking on Cygwin
> process and folder, but the slowness still exists.
> > We have tried McAfee recommendation on this :
> https://docs.mcafee.com/bundle/endpoint-security-10.7.x-common-product-guide-windows/page/GUID-459435D7-AE7B-4656-9120-9235F39EA0D6.html
> but still not able to solve the issue.
> >
> > We have tried to find the issue in various forum but there is not much
> helpful information on this and even the McAfee support told us only Cygwin
> support can give the answer.
> >
> > Would you able to give some recommendation of what should be exclude for
> Cygwin process?
> > Or is there any other windows process will be trigger along with the
> Cygwin? so, we can exclude them as well.
>
> Cygwin support is a bunch of volunteers, so unless you can demonstrate an
> obvious reproducible problem across multiple different installations,
> using a
> simple test case, caused by Cygwin doing something it should not, it is
> unlikely
> anyone here will be able to help much.
> Please note that Cygwin is doing only what it has to, in order to support
> a
> POSIX development environment under Windows.
> If it seems too slow for your uses, please consider testing, timing, and
> running
> your development toolchain under faster environments: try one of the many
> distros under WSL, local or server VMs, Docker, etc.
>
> The problem is with McAfee going out to servers to check every executable,
> rather than remember locally that a file has already been checked using a
> hash
> over contents and properties, and skipping future checks.
> If you have problems with McAfee, complain to Intel, and thence to whoever
> insists you run a legacy AV suite.
>
> Run Windows Defender if you need an AV and want to minimize slowdown.
> More intrusive AV will intercept and interfere more with performance (like
> anything called End Point Protection, which is known to break Cygwin).
> Have your techs run your processes with only Windows and Cygwin installed,
> then
> with Windows Defender, then with Intel McAfee AV to see the differences.
>
> Looking at the McAfee exclusions, they are decades out of date, most
> installations are now x86_64, and may also support x86 [32 bit], so you
> need to
> exclude the compiler and build toolchain utilities (gcc, llvm, clang,
> binutils,
> coreutils, c/make, libtool, git packages) in /bin/, /usr/*86*-pc-cygwin/,
> /lib/gcc/*86*-pc-cygwin/[1-9]*/ and all their DLLs /bin/cyg...*.dll for
> all
> installed compiler and utility versions.
> Note that Cygwin supports git (and is part of the toolchain used to build
> Git
> for Windows mentioned by McAfee), so add /usr/libexec/,
> /usr/libexec/git-core/,
> and other contents of that tree to your exclusions.
>
> On development machines, Adaptive Threat Protection (guessing based on
> patterns
> matching existing malware) will slow down every step of every build, so
> switch
> it off, as well as any other guessing games, cloud or remote access!
>
> Following McAfee's suggestions, using gpg keys and SHA2 hashes, make a
> verified
> clean Cygwin developer build of everything you use, and upload everything
> installed to McAfee's GTI servers, and the validation files to your own
> TIE
> servers: clone to each developer machine and run a local TIE server there.
> Do the same for everything in all your production builds.
>
> --
> Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
>
> This email may be disturbing to some readers as it contains
> too much technical detail. Reader discretion is advised.
> [Data in binary units and prefixes, physical quantities in SI.]
>
> --
> Problem reports:      https://cygwin.com/problems.html
> FAQ:                  https://cygwin.com/faq/
> Documentation:        https://cygwin.com/docs.html
> Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple


Hi,

I have really good luck with Webroot.
AVG ... not so much (cygwin false positives) ! Webroot and malwarebytes go
good together. Webroot uses own outbound firewall and windows defender for
inbound. I think I remember from YouTube review it has to be connected to
internet for scanner to detect threats.

It is good to know that software labeled endpoint software wont work. I
know of one such place using it.

I hope you can use defender and save $. If not, hopefully 2 more good
suggestions for you.

Robo-loki





>

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -