delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2024/04/12/14:01:45

X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0FA48385828E
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
s=default; t=1712944903;
bh=XLVvpUBLdzcW3VrC7Fht7Dt1YQOSQOitKnHt9ii8vPY=;
h=References:In-Reply-To:Date:Subject:To:List-Id:List-Unsubscribe:
List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
From;
b=L7wNfo0KdYGovXp1L+IWBJBdN7GLK9K17eeCV1NpWsN9eyBiu54o/k2mFZERBIAfP
OtApZbPOmdGtAz3wWBugLSFiU5gwUPKyqQh78+RIBMKGNy/flK9Em91Dwe640c0X8L
V7UOj3KPSMdUPgmTIz6Ig5//PWl6UX0BQoIuh0es=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 590293858D38
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 590293858D38
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712944880; cv=none;
b=J5Xkv2yNKUyh7IGyyi2k2j4XNWiszfAVwL7gaj5aJerZyVMmGeZ/z75n0TKLRQACYP63nNiua/srnprbIgz/M+PLqwTHKSAXa/ueD9CgagFdy1neVNrncRmH+Z2PjYsQdSfkRNovkOcNgwvFX5X9dcHnL72vCnDUeCDOJLvbK/0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
t=1712944880; c=relaxed/simple;
bh=x4bzGmRE/XO0Q0aXgjdt2rJyrysVxOycPM8b9omSbkA=;
h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To;
b=gxD7ZpeQgMD4VFyxTNEGPNVQijeij1g2HsmQ/f7DQuuFCUIvIqi3XexToc8mVPubaIpVHp17xvIIAQhm9YJ7xecAcZeoCGcYtl/ATwY+ihEhahSjluAuHDBv/QWjlFjLIRzXOVu7GbZ+T0RkE7qall5SxMjbMeQBXLaOYCnpwgI=
ARC-Authentication-Results: i=1; server2.sourceware.org
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1712944877; x=1713549677;
h=to:subject:message-id:date:from:in-reply-to:references:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=vFcHoMFLUQBRrYSkdJJa1JbWvCJ5r9H/yqzsczYKay4=;
b=igQZY91MbCTHHs/o5U6hIEGY+g4hZ+gtHfoxzFULyjfq2DlJybDHE/CMTh8fPixbn/
9njO/JHqbxm5wCPMt0rM0fCS+NrLxEigC7drKuYialhs/SY28uQ9d/R8jijrDAi+4TeK
T2I/Qhslajxyg/s+3rnvwhF3d4r3Zt9vPgdDu+TDtzWK+S6P8XGP2FUHWQpb7K1fA9ww
vi23TL3D9mhLiJXDgxTkC0MvjvANqdquVfvw/qKEpUUPAJhNexlMADBkVKgE6rYKKOIY
LFQG94W1jx9mPHMvknPzC064Jb4Hq7OYsW8mMw27Q4QT+gcZdlE09GfuCESbL9qKnkmm
2eiQ==
X-Gm-Message-State: AOJu0Yy1ebY5x9b18CWb3nRmVlRD4nU0AgH1YF8aIfhywP8DE2o+K0wb
rWoln2/PBaJh7/tl/dcSHk3YH8GtOBTDC806/d67QI/jmAAEomj1ZXp2Q2GbphWSDnsH38NVyzL
D6wtEoVcp9euH2KpJkL5GfyQUFFOwfQ==
X-Google-Smtp-Source: AGHT+IG8JCiUyMn8DJ4ZRoxGGMGl+kO5oc6Zkqj41BeSgBEp92t+7FVd4mr1AvtAgPso+iWqwX9Id4iGBJspnb9OW00=
X-Received: by 2002:a17:90a:eb17:b0:2a2:399f:60e7 with SMTP id
j23-20020a17090aeb1700b002a2399f60e7mr3421210pjz.23.1712944876967; Fri, 12
Apr 2024 11:01:16 -0700 (PDT)
MIME-Version: 1.0
References: <CAL8MddUVziE5+10=dANw_H8ySJRvhj-wZ857YqkcudmTZbJe+w AT mail DOT gmail DOT com>
<CA+kUOakQhTnCLdkhBCtiRn+G+0K4nQ-UCYN65044+D_OMsqfGg AT mail DOT gmail DOT com>
<CAL8MddWSvE8JHMSLzosREvWvzrJGGEEDi0cCQprL05SMGSsPqg AT mail DOT gmail DOT com>
<df9abc70-6135-2871-c78f-aa87bc12f25b AT t-online DOT de>
<cab76864-77d6-48d1-85cb-ceda3e8b1e4e AT gmx DOT com>
In-Reply-To: <cab76864-77d6-48d1-85cb-ceda3e8b1e4e@gmx.com>
Date: Fri, 12 Apr 2024 20:01:04 +0200
Message-ID: <CAL8MddX6cSKMxt6SKb5hZk=+xFaUe0=sexPdg7_F_BK8yNx1fA@mail.gmail.com>
Subject: Re: Cygwin a bit slow
To: cygwin AT cygwin DOT com
X-Spam-Status: No, score=0.4 required=5.0 tests=BAYES_00, DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
server2.sourceware.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.30
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: J M via Cygwin <cygwin AT cygwin DOT com>
Reply-To: J M <cesarjorgemartinez AT gmail DOT com>
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 43CI1iEW1444033 

Hi,

For me not use AV or disable parts is not an option...

Then, if AV is inspecting the CreateProcess, these processes can be known
the path of these process?

Ex, I launch grep. One AV process can discern the path of these process, or
it is impossible to find out if the executable is inside of c:\cygwin64
directory and discard and/or not catch the event, and then inform to the AV
enterprises howto to do these tasks?

I did the following tests with Avast AV:

With all shields stopped or all shields up, same result, one more time that
other:

Launch multiple while true with echo and grep by example and sleep to
results.

In all cases, cpu very high and memory progressively up and up until
windows crash memory exhausted.

The AVs not known howto discern this or it is impossible discern this?

Regards

El jue., 11 abr. 2024 1:17, Sam Edge via Cygwin <cygwin AT cygwin DOT com>
escribió:

> On 10/04/2024 11:34, Christian Franke via Cygwin wrote:
> > J M via Cygwin wrote:
> >> ...
> >>
> >> Specifically for this problem, I have investigated the problem and can
> be
> >> related to pipes and antivirus.
> >>
> >> Specifically
> >> while true
> >> do
> >> echo ABC | grep AAA
> >> done
> >>
> >> It makes the cpu of that antivirus go up.
> >
> > This is as expected because malware scanners hook into Win32 API's
> > CreateProcess*() calls which are also used by the fork()/exec()
> > emulation of Cygwin. Each run of 'grep' above uses at least two
> > CreateProcess*() calls.
>
> This is very true and depends greatly on the AV being used. I find Trend
> is particularly bad, even if you exclude all the Cygwin directories and
> directories of files being accessed. Somehow, the way the hooks are
> implemented stalls process creation and file open in ways that Windows
> Defender does not. This is particularly noticeable when using
> Cygwin-based build tools - build times generally increase at least
> 10-fold after installing Trend.
>
> On one job, I wasted a lot of time and client's money collecting logs
> for Trend to analyse to no avail. I think the product is basically very
> badly written. The fact that it creates dozens of processes with
> hundreds of threads just to do AV scanning does not fill me with
> confidence!
>
> Wherever possible, I remove third-party AV from Windows machines and
> install group policy to enforce Windows Defender and malware detection
> in the browser and/or a proxy & the email server instead. Saves a lot of
> CPU cycles. :-)
>
>
> --
> Sam Edge
>
>
> --
> Problem reports:      https://cygwin.com/problems.html
> FAQ:                  https://cygwin.com/faq/
> Documentation:        https://cygwin.com/docs.html
> Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple
>

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019