On 2021-05-07 04:57, Lam Jian Zhou via Cygwin wrote:
We have encountered an issue with Cygwin process get slow when using McAfee
anti-virus.
We have put all the exclusion on not scanning or checking on Cygwin process and
folder, but the slowness still exists.
We have tried McAfee recommendation on this :
https://docs.mcafee.com/bundle/endpoint-security-10.7.x-common-product-guide-windows/page/GUID-459435D7-AE7B-4656-9120-9235F39EA0D6.html
but still not able to solve the issue.
We have tried to find the issue in various forum but there is not much helpful
information on this and even the McAfee support told us only Cygwin support can
give the answer.
Would you able to give some recommendation of what should be exclude for Cygwin
process?
Or is there any other windows process will be trigger along with the Cygwin?
so, we can exclude them as well.
Cygwin support is a bunch of volunteers, so unless you can demonstrate an
obvious reproducible problem across multiple different installations, using a
simple test case, caused by Cygwin doing something it should not, it is unlikely
anyone here will be able to help much.
Please note that Cygwin is doing only what it has to, in order to support a
POSIX development environment under Windows.
If it seems too slow for your uses, please consider testing, timing, and running
your development toolchain under faster environments: try one of the many
distros under WSL, local or server VMs, Docker, etc.
The problem is with McAfee going out to servers to check every executable,
rather than remember locally that a file has already been checked using a hash
over contents and properties, and skipping future checks.
If you have problems with McAfee, complain to Intel, and thence to whoever
insists you run a legacy AV suite.
Run Windows Defender if you need an AV and want to minimize slowdown.
More intrusive AV will intercept and interfere more with performance (like
anything called End Point Protection, which is known to break Cygwin).
Have your techs run your processes with only Windows and Cygwin installed, then
with Windows Defender, then with Intel McAfee AV to see the differences.
Looking at the McAfee exclusions, they are decades out of date, most
installations are now x86_64, and may also support x86 [32 bit], so you need to
exclude the compiler and build toolchain utilities (gcc, llvm, clang, binutils,
coreutils, c/make, libtool, git packages) in /bin/, /usr/*86*-pc-cygwin/,
/lib/gcc/*86*-pc-cygwin/[1-9]*/ and all their DLLs /bin/cyg...*.dll for all
installed compiler and utility versions.
Note that Cygwin supports git (and is part of the toolchain used to build Git
for Windows mentioned by McAfee), so add /usr/libexec/, /usr/libexec/git-core/,
and other contents of that tree to your exclusions.
On development machines, Adaptive Threat Protection (guessing based on patterns
matching existing malware) will slow down every step of every build, so switch
it off, as well as any other guessing games, cloud or remote access!
Following McAfee's suggestions, using gpg keys and SHA2 hashes, make a verified
clean Cygwin developer build of everything you use, and upload everything
installed to McAfee's GTI servers, and the validation files to your own TIE
servers: clone to each developer machine and run a local TIE server there.
Do the same for everything in all your production builds.
--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
