Windows Defender Scan Speed

[romath]

Am I the only one that finds Defender very slow? It takes well over
3 hours to accomplish (full scan) what other similar apps do in half the
time or less (Spybot, Ad-Aware, AVG). As far as I can tell, they
all do about the same job quality, catching some of the same and some
different problems. This is an Athlon 64/3000 system with a 160GB and
750GB drives (mostly empty). Thanks.

Roger

 

[Bill Sanderson]

I have a machine which seems to have a similar issue--quickscans are still
running hours after they started, according to the times recorded.

I haven't had a chance to troubleshoot it yet, though.

Here are some immediate thoughts:

1) Run task manager, if on Vista tell it to look at processes from all
users, sort by cpu time, and see what is hogging the CPU--look down below
Defender to see whether there is some other application which is eating a
lot of cpu time at the same time as the scan.

One possible suspect would be a real-time antivirus--it might be worthwhile
to try disabling real-time scanning by your antivirus during the scan to see
what effect that has.

2) Not all antispyware apps are created equal. Windows Defender is pretty
intensive in its scanning, and a full scan may look at far more files than
some other products--it will be looking inside ZIP and ISO files, for
example. There is an options setting to turn this off which may shorten the
scan time, if you happen to have large numbers of such archive files on your
system. However, that leaves a place for malware to hide on your system.

Have you considered running quickscans instead of full scans? You might
read what Windows Defender's help file recommends--which, as I recall, is a
quickscan daily, following up with a full scan only when something is found,
or there is reason to suspect a problem. The quickscan is designed
specifically to look for active spyware--it isn't a shortened full scan, it
starts with processes in memory and works outward--with the intent of
finding anything actively at work on your machine.

That said, something seems not right on this machine. Have you ever spotted
the scan seeming to hang at any particular file or part of the scan?

 

[romath]

I have a machine which seems to have a similar issue--quickscans are still
running hours after they started, according to the times recorded.

I haven't had a chance to troubleshoot it yet, though.

Here are some immediate thoughts:

1) Run task manager, if on Vista tell it to look at processes from all
users, sort by cpu time, and see what is hogging the CPU--look down below
Defender to see whether there is some other application which is eating a
lot of cpu time at the same time as the scan.

One possible suspect would be a real-time antivirus--it might be worthwhile
to try disabling real-time scanning by your antivirus during the scan to see
what effect that has.

2) Not all antispyware apps are created equal. Windows Defender is pretty
intensive in its scanning, and a full scan may look at far more files than
some other products--it will be looking inside ZIP and ISO files, for
example. There is an options setting to turn this off which may shorten the
scan time, if you happen to have large numbers of such archive files on your
system. However, that leaves a place for malware to hide on your system.

Have you considered running quickscans instead of full scans? You might
read what Windows Defender's help file recommends--which, as I recall, is a
quickscan daily, following up with a full scan only when something is found,
or there is reason to suspect a problem. The quickscan is designed
specifically to look for active spyware--it isn't a shortened full scan, it
starts with processes in memory and works outward--with the intent of
finding anything actively at work on your machine.

That said, something seems not right on this machine. Have you ever spotted
the scan seeming to hang at any particular file or part of the scan?

Thanks for the ideas. I'm using XP. WD full scan does spend
considerable time in System Volume\restore_ files, which I sense is
where the biggest difference with others lies. But 3:15 for a full
system scan seems excessive.

 

[Bill Sanderson]

Any recollection of how many files it lists when it is done?

I think scan start, end, and results are logged--probably in the System
Events log, fwiw.

 

[Engel]

Hello Roger,

Perhaps some maintenance, in SAFE MODE.

Clearing Temporary Internet files, cookies and history in Internet Explorer

Tools>Internet Options>General
You’ll see Delete Cookies, Delete files, Delete History
- --

If you believe your system is stable and in good shape delete all but the
latest restore point on your machine by using the disk cleanup utility:

Go to 'Start > All Programs > Accessories > System Tools > Disk Cleanup'.

Click on Disk Cleanup and click the more options tab and then click 'Clean
up' in the System Restore box.
- --

Try running the "chkdsk /r" command at the command prompt
< http://support.microsoft.com/kb/315265>
- -- ---

Then defrag.
- --

Reboot
- --

Now try a WD scan.
- --


I hope this post is helpful.

Let us know how it works ºut.

Еиçеl
- -- ---

 

[occam]

Another idea - do you have any other anti-spyware (or anti-virus)
programs doing 'real-time' monitoring at the same time? I no longer use
spybot or ad-aware, however I have noticed that my Spyware Terminator
'real-time shield' slows down other scans (and even backups). A case of
one busy-body program poking its nose into the affairs of another,
irrespective of the fact that they are doing the same thing.

 

[romath]

Hello Roger,

Perhaps some maintenance, in SAFE MODE.

Thanks. I do the kind of maintenance you suggest daily or every few
days with desktop utilities.

I took some time to test a little further. A full AVG 8.0 scan (A-V +
anti-sypware) took a little over 3 hrs Thurs night and showed 1.4m
files scanned. With Spybot's real-time function disabled, Win Defender
took 3:40 and showed 1.64m files scanned (1:50 and 780k of that was the
main hard drive). Then I deleted some big things from the backup
folders on my second drive, such as Adobe CS3 and Sys Restore. That
reduced WD's time to 3:05 and 1.27m files. Spybot took <25 minutes on
147k files and Ad-Aware took 1:34 with 614k files scanned. While that
makes Win Defender seem more thorough, is that really the case
substantively? Spybot found something neither of the other two did,
although they were run consecutively.

Overall, it seems like a lot of time is being spent in the backup
folders, so I have to look more at those. Thanks.

Roger

 

[Engel]

Well Roger,

Thanks for the report.

I was betting all my money with CHKDSK but appear I lost. <Chkdsk can repair
problems related to bad sectors, lost clusters, cross-linked files, and
directory errors>.

Hopefully the people in this forum who are smarter than me (not hard to do)
will have a quick solution for you.

Thanks for posting back. That's always a nice gesture when we get back a
post indicating if the suggestions were helpful or not.

I am out of answers. Sorry I couldn't help

Good luck
- -- ----