16

I am using Windows 7 and have a 4-core Intel CPU, and was recently running a 4-kernel parallel computation written in Wolfram Mathematica that accesses a directory on an external hard drive containing several million files. I noticed the parallel computation was proceeding slower than expected, and isolated the problem to be due to the Security Essentials process "MsMpEng.exe"; see the following screenshot:

enter image description here

The MathKernel objects are sharing CPU resource with MsMpEng.exe, which is presumably scanning the files imported by the MathKernel objects as the computation proceeds.

This is unacceptable, and has also caused some other resource complications which are not really worth delving into, but it suffices to say that I am wondering whether it is possible to temporarily disable "MsMpEng.exe" while running computations, or at least tell it to not scan files located in a specific directory when another program (in this case, Mathematica) tries to open them.

EDIT: I restarted and disabled real-time protection, and the process so far seems to be gone; I'll post later if it pops up again and causes trouble.

DumpsterDoofus
  • 927
  • 3
  • 10
  • 14
  • You should not disable your malware scanner unless you have something else that's running instead. If you have no other AV software, turn it back on and simply exclude the directory your math software is working in. – Jakke Jul 10 '14 at 20:40
  • 1
    @Jakke: Exluding paths is not enough to prevent interference with performance measurements. – Nick Westgate Sep 30 '15 at 05:19

1 Answers1

20

There's two ways to handle this. You can temporarily disable real-time protection, or if your files are contained to a handful of known paths, you can exclude them from real-time protection scanning (this is the better option).

Disabling Real-Time Protection

Microsoft Security Essentials only performs this operation when Real-time Protection is enabled. You can disable it by opening MSE, clicking the Settings tab, selecting Real-time protection, and unchecking the box.

Warning! This disables real time protection! Just in case you weren't aware... or something...

enter image description here

Excluding from Real-Time protection

From the settings panel, select 'Excluded files and locations' and add the appropriate paths:

enter image description here

Wait, can you really exclude from real-time protection?

I had thought initially that 'Excluded files and locations' only affected scans, not real-time protection. There's plenty of arguments online about it but no documentation that says either way (that I could find). The verbiage seems to indicate it only affects scans:

enter image description here

So I popped open Process Monitor, limited it to the MsMpEng.exe process and path I wanted to test, and ran Get-Content in the directory to make it go nuts:

enter image description here

enter image description here

And once I excluded the directory:

enter image description here

So yes, using excluded files and locations does exclude it from real-time protection as well as scans!

Interestingly enough, I had a hard time getting MsMpEng.exe to consistently scan anything, even after switching directories... Makes me wonder about its reliability.

Community
  • 1
rtf
  • 12,608
  • 14
  • 51
  • 89
  • This is a very bad thing to recommend, leaving a user completely vulnerable! You should make use of the Excluded files and locations instead. – Jakke Jul 10 '14 at 20:38
  • @Jakke Wrong. Excluded files doesn't affect Real-time protection. – rtf Jul 10 '14 at 20:44
  • 2
    Also, his PC isn't going to explode with viruses the moment this is shut off... I'm sure he's aware of the increased risk, but just in case, I've added a completely redundant warning. – rtf Jul 10 '14 at 20:46
  • do you have any references to back that up? I don't see any MS documentation that says Exclusions don't have any effect on real-time scanning... – Jakke Jul 10 '14 at 21:01
  • Personally I use Windows Defender on Win8 (about the same as MSE on Win7 according to MS) and I know for a fact that files that flag up do not trigger anything once they're in an excluded folder and the real-time scanner stays on... – Jakke Jul 10 '14 at 21:04
  • I suppose I could check the file handles later, but I don't see anything saying it _does_ exclude them either. Do you have a reference? – rtf Jul 10 '14 at 21:16
  • first MS doc: "This is for real-time protection only. It does not impact Full, Quick, or Custom scans. Here is the full help text for the setting: "This setting allows you to configure monitoring for incoming and outgoing files, without having to turn off monitoring entirely. It is recommended for use on servers where there is a lot of incoming and outgoing file activity but for performance reasons need to have scanning disabled for a particular scan direction. The appropriate configuration should be evaluated based on the server role. " – Jakke Jul 10 '14 at 21:30
  • As you can see, this is really only intended for a file server scenario. If you pick "Incoming only", we will only receive a notification when the file is written to disk. This means executing the file will not result in a real-time protection scan. If you choose "Outgoing only", we will only receive a notification when the file is opened. Under this setting, we will not perform a real-time protection scan when the file is closed." – Jakke Jul 10 '14 at 21:31
  • @Jakke Took a peek using Process Monitor and you're right, it does exclude. – rtf Jul 11 '14 at 15:28