Antimalware Service Executable is still spiking when some project is loaded

[Kcko]

Problem still alive -> #63070 When Im opening a some project under the git, Antimalvaware still spiking :( http://files.rjwebdesign.cz/i2/20181213-115016.png

And yes, i updated yesterday release (1.30)

@roblourens

[roblourens]

Can you check whether there are rg.exe processes active when this happens?

Is it possible that an extension is triggering a text search?

Can you try starting with --disable-extensions and checking whether it still happens?

[Kcko]

Hi Rob, There is rg.exe in processes, but only 15-20% of cpu. I have about 30 plugins and it seems that it did not help much when they are off.

I dont know how to find which bad thing makes the problem. It beat me and I do not have the energy to still investigate it.

The small clue is: When i opened small project, seem to be all OK, but when i opened large project with a few vendor GIT repo´s, it behaves like this.

We can close, I'm defeated. (I will use my workaround = turn off windows defender when Im working with VSC)

[PerpetualWar]

Same for me.... updated to 1.30 still have problems, with previous version I didn't have problems when I disabled C# plugin. Now even without C# plugin, problem is there, which makes it worse than 1.29 version for me.

I will try to disable all plugins and check then.

[roblourens]

I have about 30 plugins and it seems that it did not help much when they are off.

rg.exe should not run when you open vscode, with no extensions enabled. Can you get the command line args of these processes from Task Manager or the vscode process explorer?

[Kcko]

@roblourens I will give everything what you need, but i dont know how.

Can you show me how to do that?

[roblourens]

• In vscode, Help > Open Process Explorer
• Find the rg.exe process under "searchService"
• Right click, copy

[Kcko]

Thx, here:

11 8 104 "c:\Program Files\Microsoft VS Code\resources\app\node_modules.asar.unpacked\vscode-ripgrep\bin\rg.exe" --files --hidden --case-sensitive -g /{*/test.php,/phpunit.xml,/phpunit.xml.dist} -g !/{/vendor/,.vscode/} -g !/.git -g !/.svn -g !/.hg -g !/CVS -g !/.DS_Store -g !**/temp --no-ignore --follow --no-config

[Kcko]

Completely dump when Im loaded a big project with a few vendor git submodules:

CPU %   Memory (MB) pid Name
2   135 14252   code main
3   290 7792         window (_modal.scss - product-catalogue - Visual Studio Code)
0   11  5204             watcherService 
0   10  7008                 console-window-host (Windows internal process)
0   6   7132             winpty-process
0   9   6236                 console-window-host (Windows internal process)
0   66  10452                C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe
0   183 9480             extensionHost
5   101 3996                 c:\Users\Kcko\.vscode\extensions\devsense.phptools-vscode-1.0.3031\out\server\Devsense.PHP.LanguageServer
0   9   5616                     console-window-host (Windows internal process)
0   5   6464                 "C:\Program Files\Git\cmd\git.exe" -c core.quotepath=false -c color.ui=false blame --root --incremental -- admin/scss/_modal.scss
0   0   10432                    
0   9   14692                    console-window-host (Windows internal process)
0   32  7936                 "C:\Program Files\Microsoft VS Code\Code.exe" "c:\Program Files\Microsoft VS Code\resources\app\extensions\json-language-features\server\dist\jsonServerMain" --node-ipc --clientProcessId=9480
0   56  10000                electron_node server.js 
0   37  13776                "C:\Program Files\Microsoft VS Code\Code.exe" "c:\Program Files\Microsoft VS Code\resources\app\extensions\css-language-features\server\dist\cssServerMain" --node-ipc --clientProcessId=9480
0   5   14144                "C:\Program Files\Git\cmd\git.exe" status -z -u
0   5   11632                    git.exe status -z -u
3   5   14488                        git status --porcelain=2
0   9   13864                    console-window-host (Windows internal process)
0   33  14148                C:\Users\Kcko\.vscode\extensions\ms-vsliveshare.vsliveshare-0.3.1071\dotnet_modules\vsls-agent.exe --autoexit --pipe 709fbf6dd9e64edcaceebf816f8e01c4 --service https://insiders.liveshare.vsengsaas.visualstudio.com/
0   9   14728                    console-window-host (Windows internal process)
0   37  11288            searchService
5   8   9064                 "c:\Program Files\Microsoft VS Code\resources\app\node_modules.asar.unpacked\vscode-ripgrep\bin\rg.exe" --files --hidden --case-sensitive -g **/*.scss -g !/node_modules/** -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/temp --no-ignore --follow --no-config
0   9   15128                    console-window-host (Windows internal process)
6   8   12772                "c:\Program Files\Microsoft VS Code\resources\app\node_modules.asar.unpacked\vscode-ripgrep\bin\rg.exe" --files --hidden --case-sensitive -g /{**/*test.php,**/phpunit.xml,**/phpunit.xml.dist} -g !/{**/vendor/**,.vscode/**} -g !**/.git -g !**/.svn -g !**/.hg -g !**/CVS -g !**/.DS_Store -g !**/temp --no-ignore --follow --no-config
0   9   4972                     console-window-host (Windows internal process)
4   8   15332                electron_node tsconfig.js 
0   9   14968                    console-window-host (Windows internal process)
0   76  8056         shared-process
0   109 10456        window (Process Explorer)

[roblourens]

It is one of your PHP extensions triggering the search but I don't know why file search is triggering the Antimalware service...

[Kcko]

It was hard to find it (I have about 30/40 plugins), it worst it with plugin PHP Tools for VSC by Devense team. It is possible that it still does some other, but it is very little. (I have a few plugins for work with GIT and im always loaded a big project under the git).

video: http://bit.ly/2UVLD1u

[scramsby]

I'm still having this problem as well. Anything that triggers rg.exe spikes the CPU, both in the rg.exe process itself as well as the anti-malware service. That includes start-up with extensions enabled and also just plain old text search in the UI. Search is so slow it's basically unusable right now.

I'm on the latest Insiders release: Version: 1.31.0-insider (user setup) Commit: d315b31c6b5cdca082b0a6e193306e4001586509 Date: 2018-12-19T08:11:44.094Z Electron: 3.0.10 Chrome: 66.0.3359.181 Node.js: 10.2.0 V8: 6.6.346.32 OS: Windows_NT x64 10.0.17134

[scramsby]

Note: Doing identical text searches using other tools (TextPad in my case) work just fine and are super fast.

[Kcko]

The problem is still not fully resolved, Antimalvare is still living (but it is a little less angry). What rapidly has changed in the version 1.29 - now (behavior was normal until <= 1.28).

Version: 1.30.1 (system setup) Commit: dea8705087adb1b5e5ae1d9123278e178656186a Date: 2018-12-18T18:12:07.165Z Electron: 2.0.12 Chrome: 61.0.3163.100 Node.js: 8.9.3 V8: 6.1.534.41 OS: Windows_NT x64 10.0.17134

[roblourens]

To be clear, in text search this is a long standing issue that I don't have a solution for. In my testing, it's the same whether searching in vscode or any other tool like VS or Textpad.

But in file search, I expected this to be fixed in 1.30.1. I can't repro this issue with file search any more but I'll leave this open because it seems that something is still wrong.

[ncannasse]

I can confirm that we're having the same issue on numerous computers, using latest 1.30.1

@roblourens Is the rg.exe executable correctly signed? I think you should get in touch with Windows Defender team and see if they can help, maybe sometimes just changing the executable name will not trigger the AV.

Just to emphasis (without complaining since I understand this is not something easy to solve) that is is quite a major problem as the only known solution is to disable system-wide Defender, and the settings won't save so it is required to do that every time you restart the computer.

[roblourens]

It is signed, I have been in touch with them. If I can find a computer where this reproduces then I can investigate more but I haven't yet. Maybe you can describe exactly what you mean by "same issue" because multiple issues have already been mentioned here.

[ncannasse]

@roblourens we can reproduce this on pretty much all of our Windows 10 computers. The "same issue" is about having a very slow search feature and msmpeng.exe showing at top of processes in CPU usage during the whole time we are waiting for results. This used to happen too when hitting F5 to Compile, but it hasn't recently.

The only specific I can see is that we are using French language in Win10 + Haxe language pack extension, but that seems very unrelated to search feature.

[eamodio]

@roblourens I am seeing this issue now with both text search being slow and fetching build tasks (when hitting ctrl+shift+b). This started very recently and is only reproducible for me with the insiders builds -- switching back to stable gives instant results for both text search and fetching build tasks.

[jnewmoyer]

Getting this issue with several different projects. Only on the latest 1.32 release. Downgraded to 1.31 (Jan 19) and it went away.

[madprops]

Happening in 1.33.1 , at least when doing search:

[Anders-Frey]

@roblourens Is this issue being actively pursued? We experience the same symptoms across multiple development computers.

[oscargws]

I'm still having this issue as well

[robross0606]

I am also having this issue with the latest 1.37.1.

[kodymallory]

I was running into this issue with 1.39.2. I added rg.exe to the Windows Defender Exclusion list and that stopped the Antimalware Service Executable from pinning the CPU at 100%. This is a better workaround than disabling the Defender entirely.

[Kcko]

@kodymallory can you tell us how to do that, step by step? Im trying to set up, but ...

[kodymallory]

I went to Windows Security->Virus & Threat Protection -> Virus & Threat Protection Settings -> Add or remove Exclusions -> Add an exclusion-> Process and just input rg.exe. I had tried adding Code.exe without any success before but the rg.exe addition seems to have done the trick.

[ahmadafrasiyab]

Adding rg.exe to the exclusion list does not solve the issue for me.

[ahmadafrasiyab]

I also see the rg.exe processes open up multiple times and its so slow I cannot even type a word here !

[ahmadafrasiyab]

Team any resolution on this?

[Jamesgt]

We just moved to rushjs for 20 projects and search is literally killing our machines. Interestingly opening up the root folder with open folder plays nice, but using a VSCode workspace deterministically brings the issue. Of course it happens only on Windows, wsl2 is also fine. v1.58.1

[Kcko]

The only solution is to open a project, drink coffee and wait, life is too short to deal with nonsense :)

[LinqLover]

Experiencing the same problem right now, WSL1, Win 20H1, restarting VS Code did not help, and also occurs if all extensions are disabled. All git operations are extremely slow and there is an rg.exe process. How can you define an exception for MsMpEng? This is really annoying ...

[LinqLover]

The problem is not restricted to git operations in my case. JS/TS language support is extremely slow, too. Save file contributions, too, it's always the MsMpEng.exe slowing my machine down. Anyone else having similar issues? My defender definitions are up to date.

[LinqLover]

After taking a look into resmon, the highest read rate of MsMpEng.exe was to the node instance in my VS Code's WSL server directly (i.e., something like C:\Users\LinqLover\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\rootfs\home\Christoph\.vscode-server\bin\7f6ab5485bbc008386c4386d08766667e155244e\node). After adding this file to the exception list of Windows Defender, speed seems to be closer to normal again!

[shapeh]

I get the same Antimalware Service Executable running high when issuing a git svn clone