Windows Defender can Significantly Impact Intel CPU Performance, We have the Fix

[Veseleil]

Disable the damn spyware.

Edit:
Been reading trough posts, and the fact that people still believe in AV made me kinda sad. It's 2022. damn, learn how to protect your (windows) PC already...
Sorry for million edits, Eng. is not my native.

 

[lexluthermiester]

Is it free?

Oh yeah, they have an excellent free option. However, I pay for the premium version because I want to continue supporting the company. Would rather pay for Comodo than use defender for free. Reason? Configuration choices and respect for user privacy. By default, Comodo does cloud referencing and analysis. However, should a user need complete data security and privacy, those can be shut off. In fact the whole suite can be easily isolated from the internet if needed.

However, we're getting off-topic, so let's rope ourselves in..

 

[ThrashZone]

View attachment 252708
Disable the damn spyware.

Edit:
Been reading trough posts, and the fact that people still believe in AV made me kinda sad. It's 2022. damn, learn how to protect your (windows) PC already...
Sorry for million edits, Eng. is not my native.

Hi,
That's nice but it's just a fraction of what W1zard's script does
Here is win-11's

rem Disable Windows Defender. For this to work you have to manually disable "Tamper protection"
powershell "if ((Get-ItemProperty -Path 'HKLM:SOFTWARE\Microsoft\Windows Defender\Features').TamperProtection -eq 4) { exit 0; } ; Write-Output 'Windows Defender can not be disabled, Tamper Protection is still active' '' 'Disable Tamper Protection manually, then press OK' | msg /w *"
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Spynet" /v SpyNetReporting /t REG_DWORD /d 0 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Spynet" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v DisableRoutinelyTakingAction /t REG_DWORD /d 1 /f
reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v SecurityHealth /f

Win-10's

rem Disable Windows Defender. For this to work you have to manually disable "Tamper protection"
powershell "if ((Get-ItemProperty -Path 'HKLM:SOFTWARE\Microsoft\Windows Defender\Features').TamperProtection -eq 4) { exit 0; } ; Write-Output 'Windows Defender can not be disabled, Tamper Protection is still active' '' 'Disable Tamper Protection manually, then press OK' | msg /w *"
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Spynet" /v SpyNetReporting /t REG_DWORD /d 0 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Spynet" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v DisableRoutinelyTakingAction /t REG_DWORD /d 1 /f
reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v SecurityHealth /f

 

[Verpal]

can we not with the clickbait speculation

great job finding this its a minor bug and will be shortly patched if enough noise is made about it

6% is hardly significant in the grand scheme

remember that your average user doesn't care and if it doesn't impact the average user neither does intel/microsoft

and PSA:Windows defender Consistently ranks at the top of the protection and performance charts it should be your goto when basic protection is required

Considering in many case ''generational improvement'' can be as little as 20%, and 6% is way way above what would generally describe as ''measurable difference'', I don't think reviewer should just ignore this potential source of error. Also, I don't think the article tried to stop people from using Windows defender at any point whatsoever.

and PSA: TPU is resided by nerd, nerd cares about 6%.

 

[phanbuey]

6% is huge.

All of this stuff adds up - like 6% for this, another 10% for virtualization based security, another few percent for the indexer, and now you have a machine that's 20-25% slower than it's supposed to be and stuttering in games.

So related question:

Some game guides (like the Ascent) recommend putting the program in the excluded exploit protection programs to stop stuttering... does this effectively get rid of this need? Will do some testing with this fix vs exploit protection on and off... this would be huge if people didn't need to jump through the control flow guard disabling hoops and could just use the windows defender boost.

 

[Veseleil]

Hi,
That's nice but it's just a fraction of what W1zard's script does
Here is win-11's

rem Disable Windows Defender. For this to work you have to manually disable "Tamper protection"
powershell "if ((Get-ItemProperty -Path 'HKLM:SOFTWARE\Microsoft\Windows Defender\Features').TamperProtection -eq 4) { exit 0; } ; Write-Output 'Windows Defender can not be disabled, Tamper Protection is still active' '' 'Disable Tamper Protection manually, then press OK' | msg /w *"
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Spynet" /v SpyNetReporting /t REG_DWORD /d 0 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Spynet" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v DisableRoutinelyTakingAction /t REG_DWORD /d 1 /f
reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v SecurityHealth /f

Win-10's

rem Disable Windows Defender. For this to work you have to manually disable "Tamper protection"
powershell "if ((Get-ItemProperty -Path 'HKLM:SOFTWARE\Microsoft\Windows Defender\Features').TamperProtection -eq 4) { exit 0; } ; Write-Output 'Windows Defender can not be disabled, Tamper Protection is still active' '' 'Disable Tamper Protection manually, then press OK' | msg /w *"
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Spynet" /v SpyNetReporting /t REG_DWORD /d 0 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Spynet" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v DisableRoutinelyTakingAction /t REG_DWORD /d 1 /f
reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v SecurityHealth /f

I'm aware of that, but i learned my ways... my way, since the XP days. Services and Regedit are my main start shortcuts. I've pasted that reg entry for the illiterate people, but i do have many different system tweaking tools. For a fast way of disabling spyware and similar, I've been using Blackbird for years. Great little tool.

 

[ThrashZone]

I'm aware of that, but i learned my ways... my way, since the XP days. Services and Regedit are my main start shortcuts. I've pasted that reg entry for the illiterate people, but i do have many different system tweaking tools. For a fast way of disabling spyware and similar, I've been using Blackbird for years. Great little tool.

Hi,
That rhymes

 

[Veseleil]

Hi,
That rhymes

Used to write songs when I was younger and had longer and stronger periods of depression. I kinda hate rhymes nowadays.

 

[AusWolf]

View attachment 252708
Disable the damn spyware.

Edit:
Been reading trough posts, and the fact that people still believe in AV made me kinda sad. It's 2022. damn, learn how to protect your (windows) PC already...
Sorry for million edits, Eng. is not my native.

Why? You can avoid viruses by not visiting dodgy websites, which works 99% of the time, but there's always that 1% when you click on something that someone not so tech-savvy posted. An AV can be quite useful then.

 

[Veseleil]

Why? You can avoid viruses by not visiting dodgy websites, which works 99% of the time, but there's always that 1% when you click on something that someone not so tech-savvy posted. An AV can be quite useful then.

AV software have too many security risks involved, and as an entity that has higher privileges than a system administrator (in most cases), therefore it cannot be trusted.

 

[AusWolf]

AV software have too many security risks involved, and as an entity that has higher privileges than a system administrator (in most cases), therefore it cannot be trusted.

I'd rather have an AV just in case. The internet is a vile place. You never know what's lurking on the site you're about to visit, or on the link Random Joe posted and you're about to click on.

 

[Veseleil]

I'd rather have an AV just in case. The internet is a vile place. You never know what's lurking on the site you're about to visit, or on the link Random Joe posted and you're about to click on.

NoScript and uBlock origin take care of that. I choose what i want to see on a new sites, and I visit everything I want to without fear. I dare to do things on my PC, that I can only dream of IRL.

 

[ThrashZone]

Hi,
Plenty of people just using edge and windows pretender oops defender were hit by ransomware my dear old mom to amounted to nothing but did happen under microsoft securities watch
Since getting a real antivirus bitdefender I believe nothing eventful for about a year now

So yeah say pretender is free/ great if you want facts just don't support such a broad stroke it's really just more telemetryware under a false sense of security so is crappy chroedge.

 

[Deleted member 24505]

Most of the time, the AV software is the V imo.

 

[R-T-B]

and here i was, "awwwww defender is the issue" and then read "AMD cpu not affected" proceed to "oh, so Defender is perfectly fine ... Intel is the issue"

did they use a "performance boost shortcut that turned ou to be a vulnerability" (after mitigation: also a loss of performance ) but failed and instead made an issue?

No. This is ms misusing a documented intel feature, ie not intels fault.

 

[TheDeeGee]

Doesn't affect me as i play with a 60 FPS cap, so CPU usage is like 30-50% plus the 4% of Windows Defender.

AV software have too many security risks involved, and as an entity that has higher privileges than a system administrator (in most cases), therefore it cannot be trusted.

I used NOD32 for over 10 years until i noticed it did like 150GB writes a day wearing down my SSD life.

Been using Defender for a year and a half now, no point in an paid AV these days, just use your brain when browsing. And use uBlock Origin.

6% is huge.

All of this stuff adds up - like 6% for this, another 10% for virtualization based security, another few percent for the indexer, and now you have a machine that's 20-25% slower than it's supposed to be and stuttering in games.

So related question:
View attachment 252710

Some game guides (like the Ascent) recommend putting the program in the excluded exploit protection programs to stop stuttering... does this effectively get rid of this need? Will do some testing with this fix vs exploit protection on and off... this would be huge if people didn't need to jump through the control flow guard disabling hoops and could just use the windows defender boost.

20-25%?

Sounds like you have a messed up Windows installation. I'm having between 0.3% and 5% usage.

 

[DeathtoGnomes]

When started once, with the "Windows Defender Boost" option, ThrottleStop will let the timer running in mode 3, even when closed. This means you can start ThrottleStop once at bootup, close it right afterward, and your system will be protected from the Defender performance issues.

@unclewebb What about creating a powershell script to accomplish the same thing as your software does without loading the programs into windows (assuming some users dont install TS)? That could be used via the task manager so you wont have to open a program. Another option would be make a file added within your programs install folder that could be used to execute the fix at windows boot up, via task manager as well.

 

[AusWolf]

@unclewebb What about creating a powershell script to accomplish the same thing as your software does without loading the programs into windows (assuming some users dont install TS)? That could be used via the task manager so you wont have to open a program. Another option would be make a file added within your programs install folder that could be used to execute the fix at windows boot up, via task manager as well.

I would love that! With a locked CPU, I haven't got much use of ThrottleStop, except for this.

 

[phanbuey]

Doesn't affect me as i play with a 60 FPS cap, so CPU usage is like 30-50% plus the 4% of Windows Defender.


I used NOD32 for over 10 years until i noticed it did like 150GB writes a day wearing down my SSD life.

Been using Defender for a year and a half now, no point in an paid AV these days, just use your brain when browsing. And use uBlock Origin.


20-25%?

Sounds like you have a messed up Windows installation. I'm having between 0.3% and 5% usage.

Run a sottr bench on a clean install, then shut off control flow guard / defender Realtime scan, vbs, indexer and it an run the bench again -- your gains will be in the double % easy.

 

[dwmc]

Redirecting

According to the above, this has been a problem for 6 years at least. Why hasn't MS done something about it? They don't care?

 

[unclewebb]

What about creating a powershell script to accomplish the same thing

You cannot access individual registers within the CPU by only using a powershell script. You need to run a separate program that uses a signed driver so it can run at the Ring 0 level to access the MSR registers.

I haven't got much use of ThrottleStop, except for this.

This is part of the master plan.

The ability to solve this issue will give users a reason to try ThrottleStop. My Cinebench scores are almost identical whether ThrottleStop is running or not. ThrottleStop is not a major source of CPU or memory usage.

Think of Counter Control as a proof of concept kind of program. If the thought of having to run ThrottleStop all of the time really makes people's skin crawl, I will consider writing a separate program that quietly runs in the background and takes care of this problem. It would be best to leave it running in the background so it can also take care of this issue when you resume from sleep. Any program that checks a single register every 5 or 10 seconds and when you resume from sleep is not going to be a significant drain of CPU resources.

this has been a problem for 6 years at least

I think the Windows Defender problem listed on that site you posted is different from this new Windows Defender problem. Good to know that these issues take a while to solve.

 

[looniam]

@unclewebb What about creating a powershell script to accomplish the same thing as your software does without loading the programs into windows (assuming some users dont install TS)? That could be used via the task manager so you wont have to open a program. Another option would be make a file added within your programs install folder that could be used to execute the fix at windows boot up, via task manager as well.

a picture is worth 1000 w0rds . .

ok yeah you need TS.

 

[lexluthermiester]

Redirecting

According to the above, this has been a problem for 6 years at least. Why hasn't MS done something about it? They don't care?

They're lazy. They don't fix anything unless they: A. Know about it. B. Think it's a problem. and C. Are being pressured by the public.

 

[unclewebb]

ExitTime=

If you are going to use that undocumented INI option, best to set it to 15 seconds. I might change that in the future.

 

[lexluthermiester]

Edit: How do you find Defender annoying? It's only a module in your system settings / Windows security centre. It couldn't be any lower profile than this.

Not at all. The annoying habit of defender deleting files without user prompting/verification is a big reason. By default defender takes that action on files which contain known or suspected viral-like routines, even for files that don't actually contain a virus. This can be a serious effing headache for many forms of legitimate work. The next problem is that defender reports back to microsoft every single file it scans, regardless of whether you want it to or not. This is a serious problem for data that needs complete confidentiality/secrecy.

There you go.