Hi, For me not use AV or disable parts is not an option... Then, if AV is inspecting the CreateProcess, these processes can be known the path of these process? Ex, I launch grep. One AV process can discern the path of these process, or it is impossible to find out if the executable is inside of c:\cygwin64 directory and discard and/or not catch the event, and then inform to the AV enterprises howto to do these tasks? I did the following tests with Avast AV: With all shields stopped or all shields up, same result, one more time that other: Launch multiple while true with echo and grep by example and sleep to results. In all cases, cpu very high and memory progressively up and up until windows crash memory exhausted. The AVs not known howto discern this or it is impossible discern this? Regards El jue., 11 abr. 2024 1:17, Sam Edge via Cygwin escribió: > On 10/04/2024 11:34, Christian Franke via Cygwin wrote: > > J M via Cygwin wrote: > >> ... > >> > >> Specifically for this problem, I have investigated the problem and can > be > >> related to pipes and antivirus. > >> > >> Specifically > >> while true > >> do > >> echo ABC | grep AAA > >> done > >> > >> It makes the cpu of that antivirus go up. > > > > This is as expected because malware scanners hook into Win32 API's > > CreateProcess*() calls which are also used by the fork()/exec() > > emulation of Cygwin. Each run of 'grep' above uses at least two > > CreateProcess*() calls. > > This is very true and depends greatly on the AV being used. I find Trend > is particularly bad, even if you exclude all the Cygwin directories and > directories of files being accessed. Somehow, the way the hooks are > implemented stalls process creation and file open in ways that Windows > Defender does not. This is particularly noticeable when using > Cygwin-based build tools - build times generally increase at least > 10-fold after installing Trend. > > On one job, I wasted a lot of time and client's money collecting logs > for Trend to analyse to no avail. I think the product is basically very > badly written. The fact that it creates dozens of processes with > hundreds of threads just to do AV scanning does not fill me with > confidence! > > Wherever possible, I remove third-party AV from Windows machines and > install group policy to enforce Windows Defender and malware detection > in the browser and/or a proxy & the email server instead. Saves a lot of > CPU cycles. :-) > > > -- > Sam Edge > > > -- > Problem reports: https://cygwin.com/problems.html > FAQ: https://cygwin.com/faq/ > Documentation: https://cygwin.com/docs.html > Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple >