看看Windows Defender的扫描盘运行? [英] Find out if Windows Defender disc scan is running?
问题描述
在Windows后卫盘扫描需要花费大量的性能从系统。
有什么办法一个C#应用程序,以找出是否盘片扫描当前正在运行?
The Windows Defender disc scan takes a lot of performance from the system. Is there any way for a C# application to find out if the disc scan is currently running?
推荐答案
可以检查的处理器负荷 MsMpEng.exe (反恶意软件服务的可执行文件)目前正在生产。在我的电脑有50%的CPU(完全占据1个CPU核心),同时观察安装运行。
You can check for the processor load that MsMpEng.exe (Antimalware Service Executable) is currently producing. On my computer it runs with 50% CPU (1 CPU core fully occupied) while observing an installation.
据块,我的安装程序写入到磁盘的EXE或DLL文件高达25秒! (安装悬挂明显)
It blocks an EXE or DLL file that my installer writes to disk for up to 25 seconds! (The installer hanging obviously)
注意 MsMpEng.exe 控制面板开启WindowsDefender完全关闭后,甚至跑步。所以只是检查,如果服务正在运行是不够的。你必须检查它的当前CPU的负载
Note that MsMpEng.exe is even running after turning WindowsDefender completely off in control panel. So just checking if the service is running is not enough. You must check for it's current CPU load.
Windows Defender的扫描每个EXE和DLL每次的重新当你启动应用程序 - 尽管它已经扫描所有这些文件已安装应用程序时!因此,每次你开始你有一个巨大的延迟的应用程序:将多个DLL您的应用程序加载的速度较慢
Windows Defender scans each Exe and Dll everytime anew when you start an application - ALTHOUGH it has already scanned all these files when the application has been installed! So each time you start an application you have a tremendous delay: the more DLLs your application loads, the slower.
特别是当你的应用程序使用像Themida或WinLicense反盗版保护,Windows Defender的需要极长的检查这些文件。
Especially when your application uses anti-piracy protection like Themida or WinLicense, Windows Defender needs EXTREMELY long to check these files.
WindowsDefender扫描每一个可执行文件(EXE,DLL)当你的应用程序只打开文件不读书或将其写入单个字节,从而导致延迟的CreateFile()长达25秒!
WindowsDefender scans every executable file (EXE, DLL) when your application ONLY opens the file without reading or writing one single byte from it, which results in delaying CreateFile() for up to 25 seconds!
这是完全清楚的,微软有没有知识来编写快速,高效的反恶意软件。 (我从来没有见过任何杀毒软件运行25秒扫描一个单一的文件!),建议安装其他防病毒程序,这将导致WindowsDefender被自动关闭。
It is completely clear that Microsoft has not the knowledge to write fast and efficient antimalware software. (I have never seen any Antivirus running 25 seconds to scan one single file!) It is recommended to install another Antivirus program, which will result in WindowsDefender being disabled automatically.
当用户打开/关闭Windows Defender的以下注册表项更改:
When the user has turned on/off Windows Defender the following Registry keys change:
Windows 8的关闭:
Windows 8 Off:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdBoot
"Group"= "_Early-Launch"
"Start"= 3 // SERVICE_DEMAND_START
"ImagePath"= "\SystemRoot\system32\drivers\WdBoot.sys"
Windows 8的开:
Windows 8 On:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdBoot
"Group"= "Early-Launch"
"Start"= 0 // SERVICE_BOOT_START
"ImagePath"= "system32\drivers\WdBoot.sys"
请注意,当你检查它的状态,即使启用了WdBoot服务通常是没有运行。 ?现在看来,这只能运行,同时启动Windows
Note that the WdBoot service is normally not running when you check it's status, even if enabled. It seems it runs only while booting Windows?
Windows 7中的Windows 8和Windows 10关:
Windows 7, Windows 8 and Windows 10 Off:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
"DisableRealtimeMonitoring"=1
Windows 7中的Windows 8和Windows 10在:
Windows 7, Windows 8 and Windows 10 On:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
"DisableRealtimeMonitoring"=0
// or the entry does not exist
这钥匙不能由管理员用户更改。写许可只给予用户系统和基团WinDefend和的TrustedInstaller。
This key cannot be changed by an administrator user. Write permission is only given to the user "SYSTEM" and the groups "WinDefend" and "TrustedInstaller".
由于Windows 10不再可能从与系统/ NT AUTHORITY用户运行的服务将这个值( - >访问被拒绝)。也许微软会检查试图将这个值应用程序的数字签名。
Since Windows 10 it is no longer possible to write this value from a service that runs with the "System/NT AUTHORITY" user (-> Access Denied). Probably Microsoft checks the digital signature of the application that tries to write this value.
和真正的吮吸在Windows 10,你可以打开!关闭Windows Defender的,重新启动计算机,它会再次启用
And what really sucks on Windows 10 is that you can turn off Windows Defender, restart the computer and it will be enabled again!
和还有另一个关键影响的Windows Defender:(默认情况下它不存在,但可以作为一个正常的管理员创建)
And there is another key affecting Windows Defender: (By default it does not exist, but can be created as a normal admin)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender
"DisableAntiSpyware" = 1
这关键的作用就是你单击Windows Defender的控制面板中,你会得到一个消息告诉:这个应用程序是通过组策略关闭.....要允许该应用程序来运行,请联系您的安全管理员启用通过组策略节目
The effect of this key is that you click "Windows Defender" in Control Panel and you get a messagebox telling: "This application is turned off by group policy..... To allow this application to run, contact your security administrator to enable the program via group policy."
请注意,那该键进行不会关闭的Windows Defender。它仅禁止用户可以打开Windows后卫配置面板(MsAscUi.exe)
Note, that this key does NOT turn off Windows Defender. It only forbids that a user can open the Windows Defender configuration panel (MsAscUi.exe).
这篇关于看看Windows Defender的扫描盘运行?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
