Xernicus Posted July 6, 2019 Author Posted July 6, 2019 (edited) @DoubleDragon Windows Defender taking 40% of your RAM? Periodic scans outside of what you've scheduled? Something is wrong. How much memory is it consuming? Defender/MSE is one of- if not the lightest antivirus programs I've ever seen. Recently serviced a laptop with 2(!) gigs of RAM, I saw no issues with Defender RAM usage. In fact, in the past I've often uninstalled "well-known" AV programs for customers (if they did not have a paid subscription) and replaced them with MSE with immediate performance benefits. Also, I'm curious as to why you'd disable anonymous error telemetry? I can understand disabling most, but anon error reporting? It takes nearly 0 resources on even the oldest machines, and fixes issues for all. Plus it's anon. The only reason why I could see disabling it would be pirated software. But here's the usual culprits for MsMpEng RAM issues (Windows Defender, which takes 50MB of RAM on my personal machine): -There's an active infection that's spoofing the service executable - or has hooked into it -You have "suspect" software on your machine. If this doesn't go away, usually this would be something that disagrees with the "software protection" service (ie: anti-piracy). Check for KMS bypasses. -There is a process that's triggering a real-time scan continuously. This will happen if you have continuous direct kernel access from a program unknown to Microsoft (NOTE: This should be seen by all AV companies, and exhibit similar behavior for all AV/AM programs). This can be seen in development. I'd recommend following best practices if you're not already-- or using a virtual machine for development. On the plus side, Microsoft will learn from it and your memory (and potentially CPU) usage will drop soon. For all: RE: MBAM and Defender- normally having two AV programs running at the same time causes issues, but mbam isn't an AV, but rather AM. (Anti-Malware) Both will detect big threats- but they're two different products. If you have MBAM Pro or Business and it's conflicting with Defender, I'd leave MBAM realtime disabled for now and wait awhile-- there should be a compatibility update that will allow both to run at the same time. For now I'd have Defender run real-time, and run weekly MBAM scans (monthly if home). For the record: -Defender detection rate: 99.8% - more false positives (not a bad thing unless you're a power user) -MBAM's detection rate: 99.6% - less false positives (good for power users), less detection (bad for normal users) -These percentages are not counting false positives. V1903 is not an "Enterprise" release. It's a GM (Golden Master) release approved for all systems. I'm curious what changes Microsoft has made to the kernel that makes some believe v1903 is made for enterprise.@DoubleDragon What do you mean by 30 day support? The lifecycle is through 2020 for home/pro users and through 2029 (through LTSB, if chosen) for Enterprise users. I'd certainly hope that people upgrade before 10 years - or even one year- have passed. Updates should not cause performance degradation. If anything-- performance should increase. In fact- with v1903 specifically, Microsoft worked with Intel and AMD to reduce the performance impact that the Spectre/Meltdown patches have. And those patches have a HUGE impact on performance, especially for machines with less than 8 gigs of RAM. I'd suggest using GRC's InSpectre for you to disable these patches: https://www.grc.com/inspectre.htm Edited July 6, 2019 by Xernicus fixed paragraphs, replaced "now", with "also" + NOTE 1 Quote
DoubleDragon Posted July 6, 2019 Posted July 6, 2019 (edited) I was talking about the Mainstream support end date semi-annual maintenance that is supported for each build that is semi-annual once it ends the build is no longer modified but patched There is no support after 2020 as of yet for builds up to Education the latest for the newest 1903 expires 12/8/2020 https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet and the only version with 10 year maintenance branch is the Enterprise LTSC version https://en.wikipedia.org/wiki/Windows_10_editions On my computer defender and windows update does take a load but this is only when the OS is freshly installed and updates have completed Don't use defender or malware bytes I just simply open gpedit and disable defender from the system components and monitor the system my self sense I don't install random piracy programs Im sure it'll stay clean Periodically I will run ccleaner portable but I love my temp files it's like once every few months I may do that for space but if I don't it'll just lapse over for next time I do a fresh install because Windows 10 is known for file corruption for me that is at least once a year V1903 is not an "Enterprise" release. of course it's not but I didn't say it was made directly for it I said it was made basically for it because of the update patch that is..... for businesses I wouldn't suggest not to install the update if you have Enterprise you kinda reversed my words there Not trying to start a squabble just friendly opinions thanks for all the questions was fun answering them Edited July 6, 2019 by DoubleDragon Quote
Snuffs99 Posted July 6, 2019 Posted July 6, 2019 I installed 1903 the other day and took 3 attempts, first 2 failed miserably and left me with BSODs before windows decided to auto rollback to 1809, which was nice of it tbh. Downside to the 1903 update failing and the rollback was that it took hours to re-download and install 1903 feature update only for it to fail once again..... Anyways after a bit of messing around repairing system files using DISM and SFC on my 3rd attempt 1903 update took and installed fine. As expected my fang (legacy device) wouldn't work but that is nothing unique to 1903 so was easily fixed once i'd turned digital signiture enforcement off and pointed windows to the "unsigned" drivers i'd made a while back (made them for creators update).....All is good so far. @Xernicus Nice bit of info there mate, its been a while since i used anything from GRC (years tbh but do still have spinrite) so was nice to have a bit of nostalgia from XP days checking my ports etc. As for MBAM and defender....totally agree however in some cases where using MBAM its Windows itself that turns defender off if it detects MBAM. I use MBAM corp which does run fine with defender however like you have suggested i use defender as my real time and run MB once a month or so, usually when i have a spare 10 min and nothing to do. lol ...Up to now though the last year or so MB has not found anything defender hasn't already taken care of. Can never be too careful though. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.