Defender consumes ~50% of my machine when creating a Win10 developer VM

[bitcrazed]

Environment

Item	Value
OS, Version / Build	Windows 10 Build 20236
Processor Architecture	x64
Processor Type & Model	Core i7 6650 in a Surface Pro 4
Memory	16GB
Storage Type, free / capacity (e.g. C: SSD 128GB / 512GB)	83GB free / 256GB SSD
Relevant apps installed	N/A

Description

Defender is significantly impacting the performance of my machine while Hyper-V downloads the Windows 10 Developer VM quick create image.

Steps to reproduce

1. Create a new Win 10 developer VM via Hyper-V Quick Create

2. While VM downloads ...

3. ... Open Task manager | Processes & sort by CPU

Expected behavior

Machine remains highly responsive while it downloads a VM in the background.

Actual behavior

Find that Defender is consuming ~40-50% of my CPU.

[bitcrazed]

Tracked via AzDO-29797864

[bitcrazed]

Update: The team has root-caused the issue, implemented a fix, submitted it to servicing. The fix should be delivered in a few weeks and arrive shortly afterwards in our normal servicing channels (plus it'll show up in our Insider builds around the same time).

I'll try to update the thread when the update lands in servicing and/or insiders.

[Poopooracoocoo]

btw I've noticed that overall Defender consumes a lot more resources than other AVs. IIRC it scores very low on AV Comparatives perf tests. Defender is terrible on mechanical hard drives too.

The interface is really a fixer-upper too but it's one of faster ones, being XAML/native. It's ironic that the information like when the device was last scanned was replaced by "Security at a glance" in an update. It doesn't let you immediately scan from the home page but it isn't too much of a problem as you can do it from the systray context menu.

note: i submitted feedback like this years ago and won't do it again. 🙃

oof i was off topic. uh anyway, it is great to hear that a fix is on its way.

[bitcrazed]

Hey @Poopooracoocoo. Defender and all anti-malware tools do an important job in keeping us safe(or at least safer) from malware. To do that work, they inevitably incur a performance cost.

We are actively working with Defender to help measure and improve Defender's performance in many key scenarios that matter to developers, esp. since developers are much more likely to work intensively with large volumes of smaller files.

We've already made some great strides and have dramatically decreased Defender overhead for some key scenarios. We still have a long way to go, but we've got a great working relationship that's bearing fruit.

This is just one of the latest issues found, and quickly remedied (thank you Valeria 😄) by the team. Lots more great work on the way. Stay tuned! 😜

[bitcrazed]

Closing since this fix is now shipped and you should no longer see Defender get (as) busy when creating a dev VM.