On Sat, May 8, 2021, 7:33 PM Brian Inglis <brian.ing...@systematicsw.ab.ca> wrote:
> On 2021-05-07 04:57, Lam Jian Zhou via Cygwin wrote: > > We have encountered an issue with Cygwin process get slow when using > McAfee anti-virus. > > We have put all the exclusion on not scanning or checking on Cygwin > process and folder, but the slowness still exists. > > We have tried McAfee recommendation on this : > https://docs.mcafee.com/bundle/endpoint-security-10.7.x-common-product-guide-windows/page/GUID-459435D7-AE7B-4656-9120-9235F39EA0D6.html > but still not able to solve the issue. > > > > We have tried to find the issue in various forum but there is not much > helpful information on this and even the McAfee support told us only Cygwin > support can give the answer. > > > > Would you able to give some recommendation of what should be exclude for > Cygwin process? > > Or is there any other windows process will be trigger along with the > Cygwin? so, we can exclude them as well. > > Cygwin support is a bunch of volunteers, so unless you can demonstrate an > obvious reproducible problem across multiple different installations, > using a > simple test case, caused by Cygwin doing something it should not, it is > unlikely > anyone here will be able to help much. > Please note that Cygwin is doing only what it has to, in order to support > a > POSIX development environment under Windows. > If it seems too slow for your uses, please consider testing, timing, and > running > your development toolchain under faster environments: try one of the many > distros under WSL, local or server VMs, Docker, etc. > > The problem is with McAfee going out to servers to check every executable, > rather than remember locally that a file has already been checked using a > hash > over contents and properties, and skipping future checks. > If you have problems with McAfee, complain to Intel, and thence to whoever > insists you run a legacy AV suite. > > Run Windows Defender if you need an AV and want to minimize slowdown. > More intrusive AV will intercept and interfere more with performance (like > anything called End Point Protection, which is known to break Cygwin). > Have your techs run your processes with only Windows and Cygwin installed, > then > with Windows Defender, then with Intel McAfee AV to see the differences. > > Looking at the McAfee exclusions, they are decades out of date, most > installations are now x86_64, and may also support x86 [32 bit], so you > need to > exclude the compiler and build toolchain utilities (gcc, llvm, clang, > binutils, > coreutils, c/make, libtool, git packages) in /bin/, /usr/*86*-pc-cygwin/, > /lib/gcc/*86*-pc-cygwin/[1-9]*/ and all their DLLs /bin/cyg...*.dll for > all > installed compiler and utility versions. > Note that Cygwin supports git (and is part of the toolchain used to build > Git > for Windows mentioned by McAfee), so add /usr/libexec/, > /usr/libexec/git-core/, > and other contents of that tree to your exclusions. > > On development machines, Adaptive Threat Protection (guessing based on > patterns > matching existing malware) will slow down every step of every build, so > switch > it off, as well as any other guessing games, cloud or remote access! > > Following McAfee's suggestions, using gpg keys and SHA2 hashes, make a > verified > clean Cygwin developer build of everything you use, and upload everything > installed to McAfee's GTI servers, and the validation files to your own > TIE > servers: clone to each developer machine and run a local TIE server there. > Do the same for everything in all your production builds. > > -- > Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada > > This email may be disturbing to some readers as it contains > too much technical detail. Reader discretion is advised. > [Data in binary units and prefixes, physical quantities in SI.] > > -- > Problem reports: https://cygwin.com/problems.html > FAQ: https://cygwin.com/faq/ > Documentation: https://cygwin.com/docs.html > Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple Hi, I have really good luck with Webroot. AVG ... not so much (cygwin false positives) ! Webroot and malwarebytes go good together. Webroot uses own outbound firewall and windows defender for inbound. I think I remember from YouTube review it has to be connected to internet for scanner to detect threats. It is good to know that software labeled endpoint software wont work. I know of one such place using it. I hope you can use defender and save $. If not, hopefully 2 more good suggestions for you. Robo-loki > -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
