From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ua1-x943.google.com (mail-ua1-x943.google.com [IPv6:2607:f8b0:4864:20::943]) by sourceware.org (Postfix) with ESMTPS id 1B3683857C48 for ; Sun, 9 May 2021 02:50:59 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 1B3683857C48 Received: by mail-ua1-x943.google.com with SMTP id g24so4110247uak.11 for ; Sat, 08 May 2021 19:50:59 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=TWhq/vHwmBhugUe8tYwm4tn8V2VwStxWKHrfQYmi51A=; b=OiAffbGS22BrJQ8+crIxAW6YyPWPKfbRs5Qfa8p5HVHbz+u6h4G+v2177vJlHnju7O 93sJnIonfyg4paeNvQ/tLYkCscT7+ecIvihkyHr9p584bZNjLexM7EmGTrfORvp9pWHW Y9JukgMcl+xghPZtPBpwZVXW+l3rQl+d8wtXPf3hoCcDb8iChP8S92bfbFdtqhTX3/IB kCZQqgC9G2dIj+/aFF3RkHdtTlet7zNV6Hwq4ohnnlHMEscFjeHJgJt+Vbshu4/DDWt7 aelgTG3YyWWysrbMvdRVaXS4gjRVgR+SAhy0Y9TGjkgLOlnzv6n4aGCYHuX16+pfNaWp /NqQ== X-Gm-Message-State: AOAM530lS/dxC9ime6/F4/k90NPfhj6eXmbxtdMjv63tpJaH0GfgerRG 2U03VPqICl9fGF2xysyw0JeR0qhso+LxcvmbTRTJMR8LhGI= X-Google-Smtp-Source: ABdhPJyre9KEPd6vAlWK1kl/AZYs8Tg/tzgT5VzdyQzk+I/En95TkYhkQI9vhrsg41m3TfMMcxJPxxM06XmlezNt+LI= X-Received: by 2002:ab0:6487:: with SMTP id p7mr1900940uam.123.1620528658344; Sat, 08 May 2021 19:50:58 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Jim McNamara Date: Sat, 8 May 2021 22:50:45 -0400 Message-ID: Subject: Re: McAfee Anti-Virus Exclusion To: Cygwin X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 May 2021 02:51:01 -0000 On Sat, May 8, 2021, 7:33 PM Brian Inglis wrote: > On 2021-05-07 04:57, Lam Jian Zhou via Cygwin wrote: > > We have encountered an issue with Cygwin process get slow when using > McAfee anti-virus. > > We have put all the exclusion on not scanning or checking on Cygwin > process and folder, but the slowness still exists. > > We have tried McAfee recommendation on this : > https://docs.mcafee.com/bundle/endpoint-security-10.7.x-common-product-guide-windows/page/GUID-459435D7-AE7B-4656-9120-9235F39EA0D6.html > but still not able to solve the issue. > > > > We have tried to find the issue in various forum but there is not much > helpful information on this and even the McAfee support told us only Cygwin > support can give the answer. > > > > Would you able to give some recommendation of what should be exclude for > Cygwin process? > > Or is there any other windows process will be trigger along with the > Cygwin? so, we can exclude them as well. > > Cygwin support is a bunch of volunteers, so unless you can demonstrate an > obvious reproducible problem across multiple different installations, > using a > simple test case, caused by Cygwin doing something it should not, it is > unlikely > anyone here will be able to help much. > Please note that Cygwin is doing only what it has to, in order to support > a > POSIX development environment under Windows. > If it seems too slow for your uses, please consider testing, timing, and > running > your development toolchain under faster environments: try one of the many > distros under WSL, local or server VMs, Docker, etc. > > The problem is with McAfee going out to servers to check every executable, > rather than remember locally that a file has already been checked using a > hash > over contents and properties, and skipping future checks. > If you have problems with McAfee, complain to Intel, and thence to whoever > insists you run a legacy AV suite. > > Run Windows Defender if you need an AV and want to minimize slowdown. > More intrusive AV will intercept and interfere more with performance (like > anything called End Point Protection, which is known to break Cygwin). > Have your techs run your processes with only Windows and Cygwin installed, > then > with Windows Defender, then with Intel McAfee AV to see the differences. > > Looking at the McAfee exclusions, they are decades out of date, most > installations are now x86_64, and may also support x86 [32 bit], so you > need to > exclude the compiler and build toolchain utilities (gcc, llvm, clang, > binutils, > coreutils, c/make, libtool, git packages) in /bin/, /usr/*86*-pc-cygwin/, > /lib/gcc/*86*-pc-cygwin/[1-9]*/ and all their DLLs /bin/cyg...*.dll for > all > installed compiler and utility versions. > Note that Cygwin supports git (and is part of the toolchain used to build > Git > for Windows mentioned by McAfee), so add /usr/libexec/, > /usr/libexec/git-core/, > and other contents of that tree to your exclusions. > > On development machines, Adaptive Threat Protection (guessing based on > patterns > matching existing malware) will slow down every step of every build, so > switch > it off, as well as any other guessing games, cloud or remote access! > > Following McAfee's suggestions, using gpg keys and SHA2 hashes, make a > verified > clean Cygwin developer build of everything you use, and upload everything > installed to McAfee's GTI servers, and the validation files to your own > TIE > servers: clone to each developer machine and run a local TIE server there. > Do the same for everything in all your production builds. > > -- > Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada > > This email may be disturbing to some readers as it contains > too much technical detail. Reader discretion is advised. > [Data in binary units and prefixes, physical quantities in SI.] > > -- > Problem reports: https://cygwin.com/problems.html > FAQ: https://cygwin.com/faq/ > Documentation: https://cygwin.com/docs.html > Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple Hi, I have really good luck with Webroot. AVG ... not so much (cygwin false positives) ! Webroot and malwarebytes go good together. Webroot uses own outbound firewall and windows defender for inbound. I think I remember from YouTube review it has to be connected to internet for scanner to detect threats. It is good to know that software labeled endpoint software wont work. I know of one such place using it. I hope you can use defender and save $. If not, hopefully 2 more good suggestions for you. Robo-loki >