From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com [IPv6:2607:f8b0:4864:20::102d]) by sourceware.org (Postfix) with ESMTPS id 590293858D38 for ; Fri, 12 Apr 2024 18:01:18 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 590293858D38 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 590293858D38 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::102d ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712944880; cv=none; b=J5Xkv2yNKUyh7IGyyi2k2j4XNWiszfAVwL7gaj5aJerZyVMmGeZ/z75n0TKLRQACYP63nNiua/srnprbIgz/M+PLqwTHKSAXa/ueD9CgagFdy1neVNrncRmH+Z2PjYsQdSfkRNovkOcNgwvFX5X9dcHnL72vCnDUeCDOJLvbK/0= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712944880; c=relaxed/simple; bh=x4bzGmRE/XO0Q0aXgjdt2rJyrysVxOycPM8b9omSbkA=; h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=gxD7ZpeQgMD4VFyxTNEGPNVQijeij1g2HsmQ/f7DQuuFCUIvIqi3XexToc8mVPubaIpVHp17xvIIAQhm9YJ7xecAcZeoCGcYtl/ATwY+ihEhahSjluAuHDBv/QWjlFjLIRzXOVu7GbZ+T0RkE7qall5SxMjbMeQBXLaOYCnpwgI= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pj1-x102d.google.com with SMTP id 98e67ed59e1d1-2a528a1a1bdso846312a91.3 for ; Fri, 12 Apr 2024 11:01:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712944877; x=1713549677; darn=cygwin.com; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=vFcHoMFLUQBRrYSkdJJa1JbWvCJ5r9H/yqzsczYKay4=; b=BFdxJxz1oYOG6gA2tj7p6gq+A9lCStugmvkhnhwPeZ9g8W+UCnDlA/zqeWA3KRL6Fp ZX3B5CTRv80wo18JLb4yQkEj3Q7OwIsIBuR0LjOQyUnWSvkfp8pFwIX/P1qogHGGLmE0 YI7LgESLAW1aUrDIysnhqnGclz16v9etO6Q+rCrFEPNB946ud9aKNiz2tJWLQGVbn9uJ RxRjLRMufsJme8DAiqd10PhsjfLjOrrDxubPU9YDGl/SbReFFl1LNsdcF8PMU6g5juGc 5JkMYzUcshT2GFNOiJGc3dXTLCDDdZq8zh0PqmGzkoIiAQvVlCbWl9eDxqv6l+7bZqpx KtMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712944877; x=1713549677; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=vFcHoMFLUQBRrYSkdJJa1JbWvCJ5r9H/yqzsczYKay4=; b=igQZY91MbCTHHs/o5U6hIEGY+g4hZ+gtHfoxzFULyjfq2DlJybDHE/CMTh8fPixbn/ 9njO/JHqbxm5wCPMt0rM0fCS+NrLxEigC7drKuYialhs/SY28uQ9d/R8jijrDAi+4TeK T2I/Qhslajxyg/s+3rnvwhF3d4r3Zt9vPgdDu+TDtzWK+S6P8XGP2FUHWQpb7K1fA9ww vi23TL3D9mhLiJXDgxTkC0MvjvANqdquVfvw/qKEpUUPAJhNexlMADBkVKgE6rYKKOIY LFQG94W1jx9mPHMvknPzC064Jb4Hq7OYsW8mMw27Q4QT+gcZdlE09GfuCESbL9qKnkmm 2eiQ== X-Gm-Message-State: AOJu0Yy1ebY5x9b18CWb3nRmVlRD4nU0AgH1YF8aIfhywP8DE2o+K0wb rWoln2/PBaJh7/tl/dcSHk3YH8GtOBTDC806/d67QI/jmAAEomj1ZXp2Q2GbphWSDnsH38NVyzL D6wtEoVcp9euH2KpJkL5GfyQUFFOwfQ== X-Google-Smtp-Source: AGHT+IG8JCiUyMn8DJ4ZRoxGGMGl+kO5oc6Zkqj41BeSgBEp92t+7FVd4mr1AvtAgPso+iWqwX9Id4iGBJspnb9OW00= X-Received: by 2002:a17:90a:eb17:b0:2a2:399f:60e7 with SMTP id j23-20020a17090aeb1700b002a2399f60e7mr3421210pjz.23.1712944876967; Fri, 12 Apr 2024 11:01:16 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: J M Date: Fri, 12 Apr 2024 20:01:04 +0200 Message-ID: Subject: Re: Cygwin a bit slow To: cygwin@cygwin.com Content-Type: multipart/alternative; boundary="000000000000e96e9a0615ea0eac" X-Spam-Status: No, score=0.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --000000000000e96e9a0615ea0eac Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, For me not use AV or disable parts is not an option... Then, if AV is inspecting the CreateProcess, these processes can be known the path of these process? Ex, I launch grep. One AV process can discern the path of these process, or it is impossible to find out if the executable is inside of c:\cygwin64 directory and discard and/or not catch the event, and then inform to the AV enterprises howto to do these tasks? I did the following tests with Avast AV: With all shields stopped or all shields up, same result, one more time that other: Launch multiple while true with echo and grep by example and sleep to results. In all cases, cpu very high and memory progressively up and up until windows crash memory exhausted. The AVs not known howto discern this or it is impossible discern this? Regards El jue., 11 abr. 2024 1:17, Sam Edge via Cygwin escribi=C3=B3: > On 10/04/2024 11:34, Christian Franke via Cygwin wrote: > > J M via Cygwin wrote: > >> ... > >> > >> Specifically for this problem, I have investigated the problem and can > be > >> related to pipes and antivirus. > >> > >> Specifically > >> while true > >> do > >> echo ABC | grep AAA > >> done > >> > >> It makes the cpu of that antivirus go up. > > > > This is as expected because malware scanners hook into Win32 API's > > CreateProcess*() calls which are also used by the fork()/exec() > > emulation of Cygwin. Each run of 'grep' above uses at least two > > CreateProcess*() calls. > > This is very true and depends greatly on the AV being used. I find Trend > is particularly bad, even if you exclude all the Cygwin directories and > directories of files being accessed. Somehow, the way the hooks are > implemented stalls process creation and file open in ways that Windows > Defender does not. This is particularly noticeable when using > Cygwin-based build tools - build times generally increase at least > 10-fold after installing Trend. > > On one job, I wasted a lot of time and client's money collecting logs > for Trend to analyse to no avail. I think the product is basically very > badly written. The fact that it creates dozens of processes with > hundreds of threads just to do AV scanning does not fill me with > confidence! > > Wherever possible, I remove third-party AV from Windows machines and > install group policy to enforce Windows Defender and malware detection > in the browser and/or a proxy & the email server instead. Saves a lot of > CPU cycles. :-) > > > -- > Sam Edge > > > -- > Problem reports: https://cygwin.com/problems.html > FAQ: https://cygwin.com/faq/ > Documentation: https://cygwin.com/docs.html > Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple > --000000000000e96e9a0615ea0eac--