# Windows Defender can Significantly Impact Intel CPU Performance, We have the Fix



## btarunr (Jun 27, 2022)

Kevin Glynn, aka "Uncle Webb," our associate software author behind popular utilities such as ThrottleStop and RealTemp, developed a new utility named Counter Control, which lets you monitor and log the performance counters of Intel Core processors since 2008 (Core "Nehalem"). During development for ThrottleStop, Kevin discovered a fascinating bug with Windows Defender, the built-in security software of Windows, which causes significantly higher performance impact on the processor than it should normally have. Of course a security software is bound to have some (small) performance impact during real-time protection, but this is much bigger.



 


The first sign that something is happening is that HWiNFO will be reporting a reduced "Effective Clock" speed when the CPU is fully loaded. A much bigger problem is that when Defender is affected by the bug, performance of your machine will be significantly reduced. For example, a Core i9-10850K running at 5.00 GHz all-core loses 1000 Cinebench points (or 6%). Such a performance loss has been reported by owners of Intel Core 8th, 9th, 10th and 11th Gen, both desktop and mobile CPUs, on both Windows 10 and Windows 11. AMD processors are not affected.





 

 
The underlying issue that costs so much performance is that Windows Defender will randomly start using all seven hardware performance counters provided by Intel Core processors, which includes three fixed function counters. Each of these counters can be programmed in one of four modes, to configure at which privilege level it counts—Disabled, OS (ring-0), User (ring>0), and All-Ring levels. Since these counters are a shared resource, it is possible that multiple programs want to access these counters at the same time.

Popular system utilities like HWiNFO, OCCT, Core Temp, and ThrottleStop, all set these counters to "mode 3" or "All-Ring Levels." Since they all set the same mode, there's no issues with multiple programs using the same counter. Windows Defender on the other hand will set these counters to "mode 2", at what looks like random intervals, for random durations of time. This can happen when a computer first boots up or it can happen at any time after that. While Windows Defender is running in the background, it can start and stop or continuously try to change these counters to mode 2 at any time. Just to clarify, the performance loss will happen even without any monitoring software running—Defender will still use excessive CPU time.

The issue is not with the Intel hardware, as setting the same timers as Windows Defender manually has no negative performance impact. Also, if these counters are manually overwritten, Defender detects that, immediately stops whatever it is doing and performance returns to normal—without any negative effect on the ability to detect viruses in real-time.



 

 
Our Counter Control software monitors and logs the "IA32_FIXED_CTR_CTRL" register of Intel Core processors, located at MSR 0x38D. This register provides access to the three fixed-function performance monitoring counters mentioned before. Counter Control will inform users if any software is using the Intel fixed-function counters, and for how long they've been in use. Typical values reported by Counter Control look like this: 

Not Used - 0x000: The three fixed function counters are stopped. None of the counters are presently being used.
Defender - 0x222: All three fixed function counters are programmed to mode 2. This is the value that Windows Defender sets these counters to when it is using them.
Normal - 0x330: Two counters are programmed to mode 3. One counter is programmed to mode 0 and is not being used. This is normal. Most monitoring programs that use these counters will program the counter control register to this value.
Warning - 0x332: This is shown when two counters are being used normally by monitoring software while the third counter has been set to mode 2, likely by Windows Defender. This is a warning that two different programs might be fighting over control of the shared counters. You might see the counter control register constantly changing between 0x222 and 0x332. This is what you will see when running HWiNFO if Windows Defender is trying to use the IA32_FIXED function counters at the same time.



 
If your system seems affected, showing the "Defender" readout, then a quick fix is to click the "Reset Counters" button in Counter Control. By pressing the button, one timer will be reprogrammed to mode 3, which will be detected by Defender, and Defender will stop doing its thing and restore performance. Please verify with benchmarks.



 
There are two ways to go about mitigating this performance loss permanently. You could disable Windows Defender Real-time Monitoring, which is highly not recommended due to the security implications; or you could use the latest version 9.5 of ThrottleStop, which has a feature in the "Options" window, called "Windows Defender Boost." Ticking this ensures maximum performance and accurate Core Effective Clock monitoring in all applications whether Windows Defender real-time protection is enabled or not. To achieve that goal, ThrottleStop activates one of the programmable timers immediately. When Windows Defender detects that some user software is trying to use one of the programmable counters, it stops using all the counters and leaves them alone for as long as that counter stays enabled. This returns performance back to normal. The "Reset" button in Counter Control does the same, and gives people a way to activate only this mechanism, without having to start ThrottleStop. Just to clarify, Windows Defender will continue to work fine. It can still detect and notify users of any viruses. When started once, with the "Windows Defender Boost" option, ThrottleStop will let the timer running in mode 3, even when closed. This means you can start ThrottleStop once at bootup, close it right afterward, and your system will be protected from the Defender performance issues.

If "Windows Defender Boost" is not checked, the counter will be initially cleared. This stops the Window Defender algorithm but ThrottleStop will no longer try to keep one counter running while using ThrottleStop and it will not keep that one counter running after you exit ThrottleStop. This allows a person to use ThrottleStop without having to worry that ThrottleStop might be doing something to Windows Defender that it should not be doing. After ThrottleStop starts up, if that timer is not being used, after 10 minutes or so, Windows Defender will check that timer, see that it is not being used, and will be able to start its mysterious performance-eating algorithm again.

Let us know your experience in the comments of this article. It'll be interesting to see how widespread this issue is, we have confirmed (thread at TPU, thread at OCN) it to be happening on many systems in recent months. If we make enough noise, I'm sure Microsoft will look into why they need that many timers in Defender, why there's such a big performance hit, and fix it accordingly.

As always, let us know your thoughts and questions in the comments. Also let us know if you didn't understand certain technical details, so we can improve this writeup.

Counter Control is available as free download in our downloads section.

*View at TechPowerUp Main Site*


----------



## phanbuey (Jun 27, 2022)

wow what a great find... and solution!


----------



## HD64G (Jun 27, 2022)

Good thing it was both found and solved using a small tool. Kudos!


----------



## plastiscɧ (Jun 27, 2022)

i have always known and said...!
now we have it in black and white. 

great job!







@lexluthermiester 

i killed it a long time ago


----------



## VulkanBros (Jun 27, 2022)

I have a fix too...AMD CPU  (couldn't resist )


----------



## ThrashZone (Jun 27, 2022)

Hi,
Well I'll stick with disabling windows/ microsoft pretender Oops defender with @W1zzard scripts 
It's pure-d crapware anyway get a real antivirus
10








						Windows 10 Tweaks for VGA Benchmark
					

Updated for Windows 10 21H2 Update  - Install without Internet, so you can create an offline user - name the user "TPU" (the user will be deleted at the end of the scripts and you're using "Administrator") - Install VGA driver, from USB, still without network, so Windows Update won't install a...




					www.techpowerup.com
				



11








						Windows 11 Tweaks for GPU Benchmark
					

Updated for 22H2  - Install without Internet - When it prompts you to go online, press Shift+F10 and type "OOBE\BYPASSNRO" (that's an o not a zero at the end). After the automatic reboot you can install without network - Install on systems without TPM, UEFI or other requirements...




					www.techpowerup.com


----------



## unclewebb (Jun 27, 2022)

Here is an easy test to see if this is an issue for your Intel based computer.

Run Counter Control 1.1 and see if it reports 0x222 for the status of the counters. This is usually a sign that Windows Defender is hard at work, wasting CPU cycles. Run Cinebench R23 and see what score you get for a baseline.





It appears that Windows Defender is reducing CPU performance. Press the Reset Counters button and this will stop the Windows Defender Real-time Notification messaging system that has run amok. It also resets the counters to normal values. The result is a nice boost in performance.





People have been aware of inconsistent performance for quite a while. This problem has been around for at least 2 years and probably longer. Nice to finally find a way to detect this issue as well as come up with a solution for this problem. Simply running ThrottleStop 9.5 is enough to fix this issue and restore full performance.


----------



## tabascosauz (Jun 27, 2022)

@AusWolf good you brought up Defender CPU usage few days ago, this might be something worth checking out for yours


----------



## Ed_1 (Jun 27, 2022)

I tried it on a 12600k and it shows normal all times running CBxx with HWinfo64, also checked with PE and defender shows 0.0 usage.
So seems I am not affected or at least not while I tested, maybe right after a fresh reboot would show different results.


----------



## AusWolf (Jun 27, 2022)

tabascosauz said:


> @AusWolf good you brought up Defender CPU usage few days ago, this might be something worth checking out for yours


Huh? Do you mean Defender initiating a search even when Cinebench is running if I don't move the mouse? If so, that's really annoying. I'll test the program, see what it says.

Honestly, I thought it was an issue of Defender not considering Cinebench as "user input". I wouldn't have thought it had anything to do with having an Intel CPU.


----------



## Makaveli (Jun 27, 2022)

Ed_1 said:


> I tried it on a *12600k *and it shows normal all times running CBxx with HWinfo64, also checked with PE and defender shows 0.0 usage.
> So seems I am not affected or at least not while I tested, maybe right after a fresh reboot would show different results.


"Such a performance loss has been reported by owners of Intel Core 8th, 9th, 10th and 11th Gen, both desktop and mobile CPUs"


----------



## unclewebb (Jun 27, 2022)

Ed_1 said:


> I tried it on a 12600k and it shows normal all times


So far this issue has only been reported on computers with Intel 8th to 11th Gen CPUs.

Try doing a sleep resume cycle. Exit HWiNFO and leave Counter Control running on the desktop. Does Counter Control still report Normal or Not Used after you resume? My 10th Gen computer always shows Defender has set the counters to 0x222 after I resume from sleep.

Some users originally thought that this might only last for a few minutes. In some instances, I have seen this slow down due to Windows Defender go on for 3 or 4 hours. I gave up monitoring after that. Performance is reduced for the entire time.


----------



## Vayra86 (Jun 27, 2022)

Fork some of my supporter Kudos over to the Webb please 

Well done sir!


----------



## unclewebb (Jun 27, 2022)

AusWolf said:


> Do you mean Defender initiating a search even when Cinebench is running if I don't move the mouse?


You can be running Cinebench or playing a game or moving the mouse or using your computer however you normally use your computer. Whatever Windows Defender is doing, it can have a big negative impact on performance. Do some 3D Mark testing while Windows Defender has the counters set to 0x222 and then do a similar test when this is not happening. The drop in performance should be obvious.


----------



## ThrashZone (Jun 27, 2022)

Hi,
Last I looked a 5800x with 3060 laptop would be my choice.


----------



## Blaeza (Jun 27, 2022)

Even though I'm on AMD, this is an amazing find.  Well done @unclewebb


----------



## GreiverBlade (Jun 27, 2022)

VulkanBros said:


> I have a fix too...AMD CPU  (couldn't resist )


and here i was, "awwwww defender is the issue" and then read "AMD cpu not affected" proceed to "oh, so Defender is perfectly fine ... Intel is the issue"

did they use a "performance boost shortcut that turned ou to be a vulnerability" (after mitigation: also a loss of performance ) but failed and instead made an issue?

nonetheless AWESOME @unclewebb  fantastic job!

@ThrashZone actually Defender is perfectly fine ... and other "real" antivirus always turned bad later on ... (free or not)
i use defender since i switched to Win 8.1 and never had any issue ever (which i had with "real" antivirus which were ranging from "ressources hog" to "not efficient at all and had to do all manually or reinstall" to me every single paid/subscription even the "free" version of them are just scam. )


----------



## AusWolf (Jun 27, 2022)

unclewebb said:


> You can be running Cinebench or playing a game or moving the mouse or using your computer however you normally use your computer. Whatever Windows Defender is doing, it can have a big negative impact on performance. Do some 3D Mark testing while Windows Defender has the counters set to 0x222 and then do a similar test when this is not happening. The drop in performance should be obvious.


Wow! This is night and day. 

Here's a Cinebench run after a normal startup (Steam and GOG Galaxy running in the background):




And here's a Cinebench run after clicking "Reset Counters" (Steam and GOG Galaxy still running in the background):


----------



## OneMoar (Jun 27, 2022)

cue microsoft & intel patching this in 3 2 1 ...


----------



## unclewebb (Jun 27, 2022)

For a long time some people have noticed that HWiNFO was not reporting the full effective clock speed when the CPU was fully loaded. This was not a problem with HWiNFO. This happens because Windows Defender is changing the system counters that HWiNFO is trying to use. This interferes with HWiNFO's Effective Clock results. 

The small difference in Effective Clock speed when fully loaded does not accurately indicate the drop in performance. 
Many users might have noticed this issue but chose to ignore it, thinking it was not that important.


----------



## ThrashZone (Jun 27, 2022)

GreiverBlade said:


> and here i was, "awwwww defender is the issue" and then read "AMD cpu not affected" proceed to "oh, so Defender is perfectly fine ... Intel is the issue"
> 
> did they use a "performance boost shortcut that turned ou to be a vulnerability" (after mitigation: also a loss of performance ) but failed and instead made an issue?
> 
> ...


Hi,
No thanks I'll stick with the "bad third party" mbam pro and keep getting rid of pretender


----------



## AusWolf (Jun 27, 2022)

GreiverBlade said:


> and here i was, "awwwww defender is the issue" and then read "AMD cpu not affected" proceed to "oh, so Defender is perfectly fine ... Intel is the issue"
> 
> did they use a "performance boost shortcut that turned ou to be a vulnerability" (after mitigation: also a loss of performance ) but failed and instead made an issue?


Actually, Defender *is* the issue... on a few select Intel platforms.  (including mine)


----------



## unclewebb (Jun 27, 2022)

GreiverBlade said:


> AMD cpu not affected


AMD CPUs have not been tested yet. They might have a similar issue where Windows Defender is hard at work, doing something in the background that it really does not need to be doing.



OneMoar said:


> microsoft patching this in 3 2 1 ...


Given that this issue has been around for years, it will likely take longer than that.



AusWolf said:


> Wow! This is night and day.


Thanks for posting your results.

Was this all just an honest mistake or was someone trying to make Intel CPUs look slower than they are? All CPU reviews during the last few years are suddenly suspect if they were not testing for this issue. Windows Defender can start and stop this part of its algorithm at any time. As soon as it starts, performance tanks.


----------



## GreiverBlade (Jun 27, 2022)

AusWolf said:


> Actually, Defender *is* the issue... on a few select Intel platforms. (including mine)


well the issue is caused by Intel thus Intel is the cause then?



unclewebb said:


> AMD CPUs have not been tested yet. They might have a similar issue where Windows Defender is hard at work, doing something in the background that it really does not need to be doing.


if they have, i do not notice it  defender is at 0% Malware protection is at 0.2% which is MsMp (and also use half the RAM your screenshot show )

@ThrashZone  MBAM is ok ... but i meant other AV like well ... Norton and co which are more akin to malware than AV in the end 
and defender was recognized as one of the best (if not the best) in the AV category, some time ago, although i do not remember the source but i am 100% sure i did read it somewhere


----------



## AusWolf (Jun 27, 2022)

unclewebb said:


> Thanks for posting your results.


No problem. I hope something can be done to bring this to Microsoft's attention and fix this.



unclewebb said:


> Was this all just an honest mistake or was someone trying to make Intel CPUs look slower than they are? All CPU reviews during the last few years are suddenly suspect if they were not testing for this issue. Windows Defender can start and stop this part of its algorithm at any time. As soon as it starts, performance tanks.


It starts as soon as you boot up the system. I think Intel would be under more suspicion if AMD CPUs were slowed down. Who would want to cripple Intel? Microsoft? Nah, they're best buddies for life.



GreiverBlade said:


> well the issue is caused by Intel thus Intel is the cause then?


How is it caused by Intel?


----------



## OneMoar (Jun 27, 2022)

unclewebb said:


> Was this all just an honest mistake or was someone trying to make Intel CPUs look slower than they are? All CPU reviews during the last few years are suddenly suspect if they were not testing for this issue. Windows Defender can start and stop this part of its algorithm at any time. As soon as it starts, performance tanks.


can we not with the clickbait speculation

great job finding this its a minor bug and will be shortly patched if enough noise is made about it

6% is hardly significant in the grand scheme

remember that your average user doesn't care and if it doesn't impact the average user neither does intel/microsoft

and PSA:Windows defender Consistently ranks at the top of the protection and performance charts it should be your goto when basic protection is required


----------



## AusWolf (Jun 27, 2022)

GreiverBlade said:


> if they have, i do not notice it  defender is at 0% Malware protection is at 0.2% which is MsMp (and also use half the RAM your screenshot show )


Defender is at 0% on my system as well, and look at the results.


----------



## GreiverBlade (Jun 27, 2022)

AusWolf said:


> How is it caused by Intel?


duh, because the issue is predominantly affecting Intel setup? (half joke) 



AusWolf said:


> Defender is at 0% on my system as well, and look at the results.


before or after using the tool in that news???


----------



## AusWolf (Jun 27, 2022)

GreiverBlade said:


> before or after using the tool in that news???


Both, actually.


----------



## lexluthermiester (Jun 27, 2022)

plastiscɧ said:


> i have always known and said...!
> now we have it in black and white.
> 
> I kiss your eyes.
> ...


Right? At least now we know and have a fix. Of course, this does nothing for the other problems inherent with Windows Defender..



ThrashZone said:


> Well I'll stick with disabling windows/ microsoft pretender Oops defender with @W1zzard scripts
> It's pure-d crapware anyway get a real antivirus


Same. I'll stick with the complete removal procedure I've been utilizing for nearly a decade.


----------



## ThrashZone (Jun 27, 2022)

lexluthermiester said:


> Right? At least now we know and have a fix. Of course, this does nothing for the other problems inherent with Windows Defender..
> 
> 
> Same. I'll stick with the complete removal procedure I've been utilizing for nearly a decade.


Hi,
Yeah 10 was bad but 11 is far worse than that.

I just started removing pretender early this year mainly because I started using it a bit more.


----------



## lexluthermiester (Jun 27, 2022)

OneMoar said:


> cue microsoft & intel patching this in 3 2 1 ...


First, this is purely a microsoft coding problem. Second, it's been happening for donkey's years. You really expect them to patch it anytime soon?



unclewebb said:


> Was this all just an honest mistake or was someone trying to make Intel CPUs look slower than they are? All CPU reviews during the last few years are suddenly suspect if they were not testing for this issue. Windows Defender can start and stop this part of its algorithm at any time. As soon as it starts, performance tanks.


Really makes one wonder about all the reviews and benchmarks we've seen over the years. This is one of the MANY reasons I remove defender from the systems I use.



OneMoar said:


> can we not with the clickbait speculation


What?!?


OneMoar said:


> PSA:Windows defender Consistently ranks at the top of the protection and performance charts it should be your goto when basic protection is required


Seriously, you gotta hush your cakehole.


----------



## AusWolf (Jun 27, 2022)

lexluthermiester said:


> Really make one wonder about all the reviews and benchmarks we've seen over the years. This is one of the MANY reasons I remove defender from the systems I use.
> 
> Seriously, you gotta hush your cakehole.


So what do you use instead?

Honestly, even with this issue, I still think Windows Defender is and should be the go-to antivirus app for 99% of home users.


----------



## OneMoar (Jun 27, 2022)

lexluthermiester said:


> First, this is purely a microsoft coding problem. Second, it's been happening for donkey's years. You really expect expect them to patch it anytime soon?
> 
> Really make one wonder about all the reviews and benchmarks we've seen over the years. This is one of the MANY reasons I remove defender from the systems I use.
> 
> ...


go be wrong somewhere else lex









						Test Microsoft Defender 4.18 for Windows 10 (221213)
					

The current test Microsoft Defender 4.18 for Windows 10 (221213) from April 2022 of AV-TEST, the leading international and independent service provider for antivirus software and malware.




					www.av-test.org
				




I have waning tolerance for idiots as I age please do your homework first defender has for years consistently been as good if not better then most solutions on the market the only recommendation I give  other  then defender is Avria or MBAM if the situation calls for a second option &
 the amount of times I have run a scan with MBAM or AVRIA and they have found something that defender missed is ...... honestly can't tell you because I haven't seen it happen in person yet


----------



## ThrashZone (Jun 27, 2022)

Hi,
I'm sure it's by design 
Just like intel now using all these crap thermal defective cores for ms back ground services also by design.


----------



## AusWolf (Jun 27, 2022)

Fun fact: after applying the fix, my CPU's idle power consumption drops from 12-15 W to 8.5 W. Now somebody tell me about Rocket Lake being inefficient!


----------



## plastiscɧ (Jun 27, 2022)

OneMoar said:


> 6% is hardly significant in the grand scheme


would you say the same if your car is drinking 6% more. or 6% inflation is okay...?!

i have been insulted of course that in the past:




okay i am still here and this thread here is very insightful. everything must be put on the table. then things can also get better.


----------



## OneMoar (Jun 27, 2022)

its interesting because programmatically speaking there is little reason to use that register to begin with its a `old` way of doing it something that has existed since at least nethalm 
and its even more interesting because seemly older chips are not affected in the same way 
its like somebody took a page out of the initial intel documentation for it and never bothered to check if it worked properly on newer platforms

somebody should run a test with VT-D on vs Off and see if the behavior changes 
intel's performance counters have been the subject of many an issue for awhile 
there was a rash of bad actors abusing them to ddos linux machines back in like 2011ish


----------



## unclewebb (Jun 27, 2022)

OneMoar said:


> clickbait speculation


I agree. Sorry for my enthusiasm.



OneMoar said:


> 6% is hardly significant in the grand scheme


I think you under estimate how many computer buying decisions are based on far less than a 1000 point difference in Cinebench scores. If two computers were sitting at more or less the same price point and one was performing that much better, no one would be buying the lower performing computer.



OneMoar said:


> remember that your average user doesn't care and if it doesn't impact the average user neither does intel/microsoft


I totally agree. That is why I do not think Microsoft will ever make any changes to Windows Defender to reduce its impact on performance.



OneMoar said:


> Windows defender Consistently ranks at the top of the protection and performance charts


I did not say that Windows Defender is a bad antivirus program. I think a lot of user negativity towards Defender is because of this flaw that was discovered. I think Windows Defender can still be a top ranked antivirus program without needing to use so many CPU cycles. If Windows Defender can randomly stop this part of its algorithm, does it really need to be running for hours at a time? Probably not. Protection still seems to work fine whether this part of Windows Defender is running or not.



OneMoar said:


> never bothered to check if it worked properly on newer platforms


All Intel CPUs use performance monitoring counters. These counters were used in Core 2 Duo CPUs and probably quite a few Intel CPUs before that. There is no problem with these counters at the hardware level. The number of available counters for each CPU has changed over time. Newer CPU generations include more programmable counters. 

Monitoring these counters is just an easy way to detect when Windows Defender has started to run some special procedure that may last for 5 minutes after first booting up or it can start at any time after that and go on for hours.

On my computer, when booting up after a blue screen, this part of the Windows Defender algorithm will not start for the first 5+ minutes. If this is important, it should start up immediately upon every boot.


----------



## OneMoar (Jun 27, 2022)

unclewebb said:


> I agree. Sorry for my enthusiasm.
> 
> 
> I think you under estimate how many computer buying decisions are based on far less than a 1000 point difference in Cinebench scores. If two computers were sitting at more or less the same price point and one was performing that much better, no one would be buying the lower performing computer.
> ...


it should clear the registers thats on defender for not handling it correctly, but the issues with the perf MSR 0X38D go back to 2009 its always been a bit janky
but this is like a hour fix stops if somebody on the defender team notices have you filed a feedback hub report yet?

and I didn't say that you were implying defender was bad it was directed at the yahoos jumping on the 'defender sucks' bandwagon without knowing wtf they are talking about
jesus people do you not notice that every other av provider uses more cpu then defender I have seen idle cpu usage in the 30-40% range with other solutions (looking at you trendmicro,norton)

If i saw a AV product using 4% cpu at idle I would jump for joy because thats pretty dam fine compared to everybody else


----------



## ThrashZone (Jun 27, 2022)

Hi,
You're not helping your case mentioning those two shit companies


----------



## unclewebb (Jun 27, 2022)

OneMoar said:


> have you filed a feedback hub report yet?


Not yet. If this is an important issue I think they will find out about it soon enough.

I have used Windows Defender for years because of its low CPU usage. After this fix is applied, CPU usage is even lower.

Some of Windows Defender's competition have become extremely bloated. I have not used Trend Micro or Norton in years. I do not know how the recent versions compare to Windows Defender when it comes to CPU usage.


----------



## OneMoar (Jun 27, 2022)

unclewebb said:


> Not yet. If this is an important issue I think they will find out about it soon enough.
> 
> I have used Windows Defender for years because of its low CPU usage. After this fix is applied, CPU usage is even lower.
> 
> Some of Windows Defender's competition have become extremely bloated. I have not used Trend Micro or Norton in years. I do not know how the recent versions compare to Windows Defender when it comes to CPU usage.


trendmicro is a good 10% on a i7 9700  I just checked a client pc


----------



## chrcoluk (Jun 27, 2022)

Mine just says not used.  So I guess i am ok.


----------



## lexluthermiester (Jun 27, 2022)

OneMoar said:


> go be wrong somewhere else lex


Look in a mirror. Happy sand-brushing to you.


OneMoar said:


> I have waning tolerance for idiots


Aww, that was adorable. You must not like yourself very much then. Any other treasures of wisdom you want to share, hmmmm?



AusWolf said:


> So what do you use instead?


There are plenty of good ones that are on par with or better than defender in the detection arena without being so invasive, intrusive and annoying. Many of them use lower/fewer system resources to get the job done. Comodo is my current fav.


AusWolf said:


> I still think Windows Defender is and should be the go-to antivirus app for 99% of home users.


We could not disagree more on that.



unclewebb said:


> I did not say that Windows Defender is a bad antivirus program.


I have and will continue to do so. Windows Defender is crapware compared to much of the competition.


unclewebb said:


> I think a lot of user negativity towards Defender is because of this flaw that was discovered.


Not at all. The annoying habit of defender deleting files without user prompting/verification is a big reason. By default defender takes that action on files which contain known or suspected viral-like routines, even for files that don't actually contain a virus. This can be a serious effing headache for many forms of legitimate work. The next problem is that defender reports back to microsoft every single file it scans, regardless of whether you want it to or not. This is a serious problem for data that needs complete confidentiality/secrecy.



unclewebb said:


> Not yet. If this is an important issue I think they will find out about it soon enough.


Don't hold your breath on that one..


----------



## DBH (Jun 27, 2022)

Ohh updated my old Throttlestop and can confirm it's fixed the issue! Thanks


----------



## AusWolf (Jun 27, 2022)

lexluthermiester said:


> There are plenty of good ones that are on par with or better than defender in the detection arena without being so invasive, intrusive and annoying. Many of them use lower/fewer system resources to get the job done. Comodo is my current fav.


Is it free?

I'll have a look at it. I have my reservations, though, as I haven't used any other antivirus app since Defender started to come integrated in Windows.

Edit: How do you find Defender annoying? It's only a module in your system settings / Windows security centre. It couldn't be any lower profile than this.


----------



## Deleted member 24505 (Jun 27, 2022)

VulkanBros said:


> I have a fix too...AMD CPU  (couldn't resist )


The issue is not with the Intel hardware so your comment is 

12700k, no issue here, apart from the crappy ADL CPU i guess.


----------



## Jism (Jun 27, 2022)

This article reminded me to switch off quick scan in it's completeness.

also the upping of random "samples" to MS ... I really dont need it.


----------



## bug (Jun 27, 2022)

VulkanBros said:


> I have a fix too...AMD CPU  (couldn't resist )


Since you couldn't resist: use Linux


----------



## Veseleil (Jun 27, 2022)

Disable the damn spyware.

Edit:
Been reading trough posts, and the fact that people still believe in AV made me kinda sad. It's 2022. damn, learn how to protect your (windows) PC already...
Sorry for million edits, Eng. is not my native.


----------



## lexluthermiester (Jun 27, 2022)

AusWolf said:


> Is it free?


Oh yeah, they have an excellent free option. However, I pay for the premium version because I want to continue supporting the company. Would rather pay for Comodo than use defender for free. Reason? Configuration choices and respect for user privacy. By default, Comodo does cloud referencing and analysis. However, should a user need complete data security and privacy, those can be shut off. In fact the whole suite can be easily isolated from the internet if needed.

However, we're getting off-topic, so let's rope ourselves in..


----------



## ThrashZone (Jun 27, 2022)

Veseleilo said:


> View attachment 252708
> Disable the damn spyware.
> 
> Edit:
> ...


Hi,
That's nice but it's just a fraction of what W1zard's script does 
Here is win-11's

```
rem Disable Windows Defender. For this to work you have to manually disable "Tamper protection"
powershell "if ((Get-ItemProperty -Path 'HKLM:SOFTWARE\Microsoft\Windows Defender\Features').TamperProtection -eq 4) { exit 0; } ; Write-Output 'Windows Defender can not be disabled, Tamper Protection is still active' '' 'Disable Tamper Protection manually, then press OK' | msg /w *"
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Spynet" /v SpyNetReporting /t REG_DWORD /d 0 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Spynet" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v DisableRoutinelyTakingAction /t REG_DWORD /d 1 /f
reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v SecurityHealth /f
```

Win-10's


```
rem Disable Windows Defender. For this to work you have to manually disable "Tamper protection"
powershell "if ((Get-ItemProperty -Path 'HKLM:SOFTWARE\Microsoft\Windows Defender\Features').TamperProtection -eq 4) { exit 0; } ; Write-Output 'Windows Defender can not be disabled, Tamper Protection is still active' '' 'Disable Tamper Protection manually, then press OK' | msg /w *"
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Spynet" /v SpyNetReporting /t REG_DWORD /d 0 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Spynet" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v DisableRoutinelyTakingAction /t REG_DWORD /d 1 /f
reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v SecurityHealth /f
```


----------



## Verpal (Jun 27, 2022)

OneMoar said:


> can we not with the clickbait speculation
> 
> great job finding this its a minor bug and will be shortly patched if enough noise is made about it
> 
> ...


Considering in many case ''generational improvement'' can be as little as 20%, and 6% is way way above what would generally describe as ''measurable difference'', I don't think reviewer should just ignore this potential source of error. Also, I don't think the article tried to stop people from using Windows defender at any point whatsoever.

and PSA: TPU is resided by nerd, nerd cares about 6%.


----------



## phanbuey (Jun 27, 2022)

6% is huge.

All of this stuff adds up - like 6% for this, another 10% for virtualization based security, another few percent for the indexer, and now you have a machine that's 20-25% slower than it's supposed to be and stuttering in games.

So related question:




Some game guides (like the Ascent) recommend putting the program in the excluded exploit protection programs to stop stuttering... does this effectively get rid of this need?  Will do some testing with this fix vs exploit protection on and off... this would be huge if people didn't need to jump through the control flow guard disabling hoops and could just use the windows defender boost.


----------



## Veseleil (Jun 27, 2022)

ThrashZone said:


> Hi,
> That's nice but it's just a fraction of what W1zard's script does
> Here is win-11's
> 
> ...


I'm aware of that, but i learned my ways... my way, since the XP days. Services and Regedit are my main start shortcuts. I've pasted that reg entry for the illiterate people, but i do have many different system tweaking tools. For a fast way of disabling spyware and similar, I've been using Blackbird for years. Great little tool.


----------



## ThrashZone (Jun 27, 2022)

Veseleilo said:


> I'm aware of that, but *i learned my ways... my way, since the XP days.* Services and Regedit are my main start shortcuts. I've pasted that reg entry for the illiterate people, but i do have many different system tweaking tools. For a fast way of disabling spyware and similar, I've been using Blackbird for years. Great little tool.


Hi,
That rhymes


----------



## Veseleil (Jun 27, 2022)

ThrashZone said:


> Hi,
> That rhymes


Used to write songs when I was younger and had longer and stronger periods of depression. I kinda hate rhymes nowadays.


----------



## AusWolf (Jun 27, 2022)

Veseleilo said:


> View attachment 252708
> Disable the damn spyware.
> 
> Edit:
> ...


Why? You can avoid viruses by not visiting dodgy websites, which works 99% of the time, but there's always that 1% when you click on something that someone not so tech-savvy posted. An AV can be quite useful then.


----------



## Veseleil (Jun 27, 2022)

AusWolf said:


> Why? You can avoid viruses by not visiting dodgy websites, which works 99% of the time, but there's always that 1% when you click on something that someone not so tech-savvy posted. An AV can be quite useful then.


AV software have too many security risks involved, and as an entity that has higher privileges than a system administrator (in most cases), therefore it cannot be trusted.


----------



## AusWolf (Jun 27, 2022)

Veseleilo said:


> AV software have too many security risks involved, and as an entity that has higher privileges than a system administrator (in most cases), therefore it cannot be trusted.


I'd rather have an AV just in case. The internet is a vile place. You never know what's lurking on the site you're about to visit, or on the link Random Joe posted and you're about to click on.


----------



## Veseleil (Jun 27, 2022)

AusWolf said:


> I'd rather have an AV just in case. The internet is a vile place. You never know what's lurking on the site you're about to visit, or on the link Random Joe posted and you're about to click on.


NoScript and uBlock origin take care of that. I choose what i want to see on a new sites, and I visit everything I want to without fear. I dare to do things on my PC, that I can only dream of IRL.


----------



## ThrashZone (Jun 27, 2022)

Hi,
Plenty of people just using edge and windows pretender oops defender were hit by ransomware my dear old mom to amounted to nothing but did happen under microsoft securities watch
Since getting a real antivirus bitdefender I believe nothing eventful for about a year now 

So yeah say pretender is free/ great if you want facts just don't support such a broad stroke it's really just more telemetryware under a false sense of security so is crappy chroedge.


----------



## Deleted member 24505 (Jun 28, 2022)

Most of the time, the AV software is the V imo.


----------



## R-T-B (Jun 28, 2022)

GreiverBlade said:


> and here i was, "awwwww defender is the issue" and then read "AMD cpu not affected" proceed to "oh, so Defender is perfectly fine ... Intel is the issue"
> 
> did they use a "performance boost shortcut that turned ou to be a vulnerability" (after mitigation: also a loss of performance ) but failed and instead made an issue?


No.  This is ms misusing a documented intel feature, ie not intels fault.


----------



## TheDeeGee (Jun 28, 2022)

Doesn't affect me as i play with a 60 FPS cap, so CPU usage is like 30-50% plus the 4% of Windows Defender.



Veseleilo said:


> AV software have too many security risks involved, and as an entity that has higher privileges than a system administrator (in most cases), therefore it cannot be trusted.


I used NOD32 for over 10 years until i noticed it did like 150GB writes a day wearing down my SSD life.

Been using Defender for a year and a half now, no point in an paid AV these days, just use your brain when browsing. And use uBlock Origin.



phanbuey said:


> 6% is huge.
> 
> All of this stuff adds up - like 6% for this, another 10% for virtualization based security, another few percent for the indexer, and now you have a machine that's 20-25% slower than it's supposed to be and stuttering in games.
> 
> ...


20-25%?

Sounds like you have a messed up Windows installation. I'm having between 0.3% and 5% usage.


----------



## DeathtoGnomes (Jun 28, 2022)

btarunr said:


> When started once, with the "Windows Defender Boost" option, ThrottleStop will let the timer running in mode 3, even when closed. This means you can start ThrottleStop once at bootup, close it right afterward, and your system will be protected from the Defender performance issues.


@unclewebb What about creating a powershell script to accomplish the same thing as your software does without loading the programs into windows (assuming some users dont install TS)?  That could be used via the task manager so you wont have to open a program. Another option would be make a file added within your programs install folder that could be used to execute the fix at windows boot up, via task manager as well.


----------



## AusWolf (Jun 28, 2022)

DeathtoGnomes said:


> @unclewebb What about creating a powershell script to accomplish the same thing as your software does without loading the programs into windows (assuming some users dont install TS)?  That could be used via the task manager so you wont have to open a program. Another option would be make a file added within your programs install folder that could be used to execute the fix at windows boot up, via task manager as well.


I would love that! With a locked CPU, I haven't got much use of ThrottleStop, except for this.


----------



## phanbuey (Jun 28, 2022)

TheDeeGee said:


> Doesn't affect me as i play with a 60 FPS cap, so CPU usage is like 30-50% plus the 4% of Windows Defender.
> 
> 
> I used NOD32 for over 10 years until i noticed it did like 150GB writes a day wearing down my SSD life.
> ...



Run a sottr bench on a clean install, then shut off control flow guard / defender Realtime scan, vbs, indexer and it an run the bench again -- your gains will be in the double % easy.


----------



## dwmc (Jun 28, 2022)

__





						Redirecting
					





					answers.microsoft.com
				




According to the above, this has been a problem for 6 years at least.   Why hasn't MS done something about it?   They don't care?


----------



## unclewebb (Jun 28, 2022)

DeathtoGnomes said:


> What about creating a powershell script to accomplish the same thing


You cannot access individual registers within the CPU by only using a powershell script. You need to run a separate program that uses a signed driver so it can run at the Ring 0 level to access the MSR registers.  



AusWolf said:


> I haven't got much use of ThrottleStop, except for this.


This is part of the master plan.   

The ability to solve this issue will give users a reason to try ThrottleStop. My Cinebench scores are almost identical whether ThrottleStop is running or not. ThrottleStop is not a major source of CPU or memory usage.





Think of Counter Control as a proof of concept kind of program. If the thought of having to run ThrottleStop all of the time really makes people's skin crawl, I will consider writing a separate program that quietly runs in the background and takes care of this problem. It would be best to leave it running in the background so it can also take care of this issue when you resume from sleep. Any program that checks a single register every 5 or 10 seconds and when you resume from sleep is not going to be a significant drain of CPU resources. 



dwmc said:


> this has been a problem for 6 years at least


I think the Windows Defender problem listed on that site you posted is different from this new Windows Defender problem. Good to know that these issues take a while to solve.


----------



## looniam (Jun 28, 2022)

DeathtoGnomes said:


> @unclewebb What about creating a powershell script to accomplish the same thing as your software does without loading the programs into windows (assuming some users dont install TS)?  That could be used via the task manager so you wont have to open a program. Another option would be make a file added within your programs install folder that could be used to execute the fix at windows boot up, via task manager as well.


a picture is worth 1000 w0rds . .











ok yeah you need TS.


----------



## lexluthermiester (Jun 28, 2022)

dwmc said:


> __
> 
> 
> 
> ...


They're lazy. They don't fix anything unless they: A. Know about it. B. Think it's a problem. and C. Are being pressured by the public.


----------



## unclewebb (Jun 28, 2022)

looniam said:


> ExitTime=


If you are going to use that undocumented INI option, best to set it to 15 seconds. I might change that in the future.


----------



## lexluthermiester (Jun 28, 2022)

AusWolf said:


> Edit: How do you find Defender annoying? It's only a module in your system settings / Windows security centre. It couldn't be any lower profile than this.





lexluthermiester said:


> Not at all. The annoying habit of defender deleting files without user prompting/verification is a big reason. By default defender takes that action on files which contain known or suspected viral-like routines, even for files that don't actually contain a virus. This can be a serious effing headache for many forms of legitimate work. The next problem is that defender reports back to microsoft every single file it scans, regardless of whether you want it to or not. This is a serious problem for data that needs complete confidentiality/secrecy.


There you go.


----------



## R-T-B (Jun 28, 2022)

Veseleilo said:


> AV software have too many security risks involved, and as an entity that has higher privileges than a system administrator (in most cases), therefore it cannot be trusted.


Wait until you find out about whats running in the ME or PSP enclaves.


----------



## jpuser-axp (Jun 28, 2022)

I have figured out how to use ThrottleStop 9.5.
Start and exit. It is very easy.
However, I do not know how to use Counter Control.

Do I start Counter Control, click "Reset Counters" and exit?
If so, will the Defender problem be permanently fixed as long as the PC is running?


----------



## TheDeeGee (Jun 28, 2022)

phanbuey said:


> Run a sottr bench on a clean install, then shut off control flow guard / defender Realtime scan, vbs, indexer and it an run the bench again -- your gains will be in the double % easy.


Thanks, but no thanks.

I've learned messing with windows the hard way.

If it can't be disabled or uninstalled without an app, leave it alone or risk messing up future updates.


----------



## 8tyone (Jun 28, 2022)

Excellent investigative work! Thank you Mr. Kevin.


----------



## zebra_hun (Jun 28, 2022)

I say thank you, too.
Zeb


----------



## Chrispy_ (Jun 28, 2022)

Is the problem limited to 8th, 9th, 10th, 11th, and 12th gen only?

I've seen Windows Defender use 100% of a core on low-powered devices like old Bay-Trail Celerons etc. 100% of one core is either a quarter or half of the entire performance those devices have to offer.


----------



## Naito (Jun 28, 2022)

OneMoar said:


> the amount of times I have run a scan with MBAM or AVRIA and they have found something that defender missed is


I've run Defender and MBAM for many years in parallel and honestly, I've found Defender to always be capable enough to not need MBAM intervention. So much so, that I don't bother running anything but Defender lately. 

The inclusion of Defender on Windows Server 2019 and 2022 is also a welcome addition.


----------



## DeathtoGnomes (Jun 28, 2022)

Naito said:


> I've run Defender and MBAM for many years in parallel and honestly, I've found Defender to always be capable enough to not need MBAM intervention. So much so, that I don't bother running anything but Defender lately.
> 
> The inclusion of Defender on Windows Server 2019 and 2022 is also a welcome addition.


The question is, can they tailor to specifically avoid Defender.


----------



## Dark_Phoenix (Jun 28, 2022)

I ran Counter Control after reading this post and in the current section it shows Unknown > 0x777. If I reset counters it will change to Normal 0x337, but it'll either stay at 0x337 or change back to 0x777 after a minute or 2.


----------



## Naito (Jun 28, 2022)

DeathtoGnomes said:


> The question is, can they tailor to specifically avoid Defender.


Same can be said about most things. Like most AVs, Defender employs realtime monitoring and other heuristics to detect threats. The benefit of Defender is that so many PC's run it by default which helps with large scale analytics, machine learning, etc. Detection will be much quicker on such a network. 

Any sufficiently popular software will more likely be targeted as you're guaranteed to have a much bigger attack surface. More chance of success, more reward for the hacker.


----------



## phanbuey (Jun 28, 2022)

TheDeeGee said:


> Thanks, but no thanks.
> 
> I've learned messing with windows the hard way.
> 
> If it can't be disabled or uninstalled without an app, leave it alone or risk messing up future updates.



You don't need to install any apps for what I suggested, they're windows settings you can toggle on and off.
What is Control Flow Guard in Windows; How to turn it On or Off (thewindowsclub.com)
How to Disable Virtualization-Based Security (VBS) in Windows 11 | Beebom
- you can also just disable virtualization in the bios to do the same effect and then test performance.

The point I was trying to make is that security apparatus in windows looks like it might be a 5% hit, and is in some very synthetic benches, but it's closer to 15% in real games when taking into account IO/memory latency with just those two settings.  The system virtualizes the kernel and then nannies memory access with extreme overhead.

We have a juicy chunk of performance left on the table when it comes to OS and software optimizations.  Will be interesting to see also if CPU accelerators will come into play for some of these tasks.


----------



## Veseleil (Jun 28, 2022)

R-T-B said:


> Wait until you find out about whats running in the ME or PSP enclaves.


We all know about spyware abillities integrated into chips as "security features". The difference is that i can't do much about that, and i can at least prevent some shady software running in the OS.


----------



## R-T-B (Jun 28, 2022)

Veseleilo said:


> We all know about spyware abillities integrated into chips as "security features". The difference is that i can't do much about that, and i can at least prevent some shady software running in the OS.


They aren't really spyware, more useless features just waiting for a vulnerability, but same end result:

Source: Me.  I'm well known as a ME security researcher.


----------



## zebra_hun (Jun 28, 2022)

YT Video Link

15500 vs 16700 Cinebench R23 score. I start TS with windows, and use .ini to stop 5 sec later.


----------



## NfiniteL00p (Jun 28, 2022)

I've not been able to replicate this issue for some reason. The highest Defender CPU usage I got was 0.31% during the Cinebench R23.200 run; otherwise it hovered around 0.06% or less. Windows 11 Enterprise Build 21H2, latest updates, 12th Gen Intel Core i9-12900K for the CPU.


----------



## Aquinus (Jun 28, 2022)

> We have the Fix



When I first saw this part of the title, I thought to myself, "I do too. Use Linux."


----------



## Ed_1 (Jun 29, 2022)

NfiniteL00p said:


> I've not been able to replicate this issue for some reason. The highest Defender CPU usage I got was 0.31% during the Cinebench R23.200 run; otherwise it hovered around 0.06% or less. Windows 11 Enterprise Build 21H2, latest updates, 12th Gen Intel Core i9-12900K for the CPU.


12th gen doesn't seem to be effected, I never see defender show up in app.


----------



## othersteve (Jun 29, 2022)

Ed_1 said:


> 12th gen doesn't seem to be effected, I never see defender show up in app.


Yup, agreed, I've yet to see any issues on the new XPS 13 Plus I've been using. Hopefully that means it isn't affected.


----------



## lexluthermiester (Jun 29, 2022)

TheDeeGee said:


> If it can't be disabled or uninstalled without an app, leave it alone or risk messing up future updates.


It's not about what you do, rather how you do it. IF done the right way, it's easy-breezy and works perfectly. Key point, doing it the right way.



othersteve said:


> Yup, agreed, I've yet to see any issues on the new XPS 13 Plus I've been using. Hopefully that means it isn't affected.


Or you didn't notice. If your computing habits and activities don't require intensive compute power, you might not even notice.


----------



## ThrashZone (Jun 29, 2022)

Ed_1 said:


> 12th gen doesn't seem to be effected, I never see defender show up in app.


Hi,
Read the op and see for yourself here's the first clue



Not to many people stare are task manager especially when doing other things.


----------



## othersteve (Jun 29, 2022)

lexluthermiester said:


> It not about what you do, rather how you do it. IF done the right way, It's easy-breezy and works perfectly. Key point, doing it the right way.
> 
> 
> Or you didn't notice. If your computing habits and activities don't require intensive compute power, you might not even notice.


No, what I mean to say is that Counter Control doesn't seem to have reported anything amiss on my system yet.


----------



## lexluthermiester (Jun 29, 2022)

othersteve said:


> No, what I mean to say is that Counter Control doesn't seem to have reported anything amiss on my system yet.


Ah, ok. Understood.


----------



## Ed_1 (Jun 29, 2022)

ThrashZone said:


> Hi,
> Read the op and see for yourself here's the first clue
> View attachment 252875
> Not to many people stare are task manager especially when doing other things.


That's 10th gen I ran the app for many hours, I see only normal and not used.
here my log
2022-06-27  13:38:28  00:13:48  0x330  Normal

2022-06-27  13:42:37  00:03:07  0x000  Not Used
2022-06-27  17:15:47  03:33:10  0x330  Normal

2022-06-28  12:31:11  00:00:43  0x000  Not Used

2022-06-28  19:17:36  00:01:47  0x330  Normal

Plus running CB23 before and after I get same score, even after reset counters.


----------



## unclewebb (Jun 29, 2022)

Ed_1 said:


> Plus running CB23 before and after I get same score


When testing, boot up and run Counter Control.  Do not push the Reset Counters button and do not run ThrottleStop 9.5. When my 10th Gen computer first boots up or when I resume from sleep, the counters are in mode 0x222 and performance is decreased. If your computer does not have this problem then you do not need to fix anything. You will not see any improvement in Cinebench R23 scores if you do not have this problem.



Dark_Phoenix said:


> 0x777


Thanks for posting that. 12th Gen CPUs do not seem to have this issue.



zebra_hun said:


> 15500 vs 16700 Cinebench R23


Thanks for posting that video. It shows the problem exactly.


----------



## Ed_1 (Jun 29, 2022)

unclewebb said:


> When testing, boot up and run Counter Control.  Do not push the Reset Counters button and do not run ThrottleStop 9.5. When my 10th Gen computer first boots up or when I resume from sleep, the counters are in mode 0x222 and performance is decreased. If your computer does not have this problem then you do not need to fix anything. You will not see any improvement in Cinebench R23 scores if you do not have this problem.
> 
> 
> Thanks for posting that. 12th Gen CPUs do not seem to have this issue.
> ...


fresh restart and it shows not used 0x000
when running CB23 I get 100% load so as I said before it doesn't seem to affect 12th gen or at least my 12th gen config.

As far as sleep goes I always disable sleep with powercfg  /hibernate  off right after windows install so can't really test that, never use sleep.
I just let the monitor go into low power mode


----------



## Nemiyen (Jun 29, 2022)

This has been great to prove the issue exists for Windows Defender, please can someone confirm this same bug exists for Teams because... Damn! That program is slow as hell! Especially when in a video meeting lol.


----------



## Tarnak (Jun 29, 2022)

Hi,

I've encountered issue on mine AW 17r4 i7700HQ. 0x222 changing very quickly.
Resetting seems to fix it to 0x330.

Thx UncleWebb


----------



## phanbuey (Jun 29, 2022)

Nemiyen said:


> This has been great to prove the issue exists for Windows Defender, please can someone confirm this same bug exists for Teams because... Damn! That program is slow as hell! Especially when in a video meeting lol.


Teams is an absolute disaster... I can confirm it's a ton better on 12th gen since it's relegated to e cores.


----------



## RobinHood2022 (Jun 29, 2022)

I have an Intel Core i5-7600K at 3.8GHz running Windows 11 (despite the fact that this CPU isn't "officially" supported by Microsoft for Windows 11), and I'm getting solid "Not Used" status, hex value 0x000, even while running a scan using Windows Defender. It seems to me, therefore, that I am unaffected by this bug which Kevin is talking about.

My advice to anyone who is experiencing problems with this bug is to _regularly run Windows Update. _Yes, I know people don't like to hear something like that, but it's good advice -- and it WORKS.


----------



## TheHunter (Jun 29, 2022)

I have this bug on my 11700kf and win10

It started this year around Jan-feb..  at first i thought it was nvidia driver fault had some constant registry writes until i finally noticed it was defender..

3dmark physics is also affected


So i just need to run this once per boot or is it permanent?


Edit;  and if I disable virtualization it also eliminates this issue as someone mentioned it one page earlier?

Thanks


----------



## ThrashZone (Jun 29, 2022)

Hi,
Ran into this 








						Performance Test April 2022
					

Performance Test April 2022 for Microsoft Windows 10 security products released, 17 products' impact on system performance was tested.




					www.av-comparatives.org
				




mbam at almost 20% right behind defender 24% 
The way default setting are in mbam I'd believe it updating every hour those little hits can be a pain on low resource systems







phanbuey said:


> Teams is an absolute disaster... I can confirm it's a ton better on 12th gen since it's relegated to e cores.


I get rid of teams 
Seems most use zoom anyway why waist time with teams or even skype anymore.


----------



## unclewebb (Jun 29, 2022)

RobinHood2022 said:


> I'm getting solid "Not Used" status


That is good. Best to monitor for this for a few days. Do some sleep resume cycles if you normally use that.

In Windows 10 on my 10th Gen CPU, sleep resume is a guaranteed way for Windows Defender to set the timers to mode 0x222 and for it to start running its algorithm which reduces performance.



RobinHood2022 said:


> even while running a scan using Windows Defender


The Windows Defender automatic scanning feature works whether the timers are in mode 0x222 or not. It is almost like Defender has a separate chunk of code that is sometimes causing excessive CPU usage in the background. It can start or stop at anytime. Unless you are monitoring for this, it is difficult to know when this might be happening. It seems like this chunk of code is not running on Intel's recent 12th Gen CPUs.



RobinHood2022 said:


> _regularly run Windows Update_


This problem has been around for years. So far, nothing on Windows Update seems to fix it.



TheHunter said:


> So i just need to run this once per boot or is it permanent?


Pushing the Reset Counters button seems to fix this issue until the computer goes to sleep or you reboot. If you want to be 100% sure this does not start up again, run ThrottleStop and minimize it to the system tray. You can start Counter Control at any time to see what is going on with the counters.


----------



## TheHunter (Jun 29, 2022)

It says normal now and it fixes the issue 100%, tested cpuz benchmark and it's consistent all the time now.

Thanks


----------



## TheDeeGee (Jun 30, 2022)

I'm getting almost 800 more points with reset timer.

Now it's very unclear how to run ThrottleStop, do i need to click "Turn On" to enable it? Do i have to apply it every reboot?


----------



## UrsineSaturn9 (Jun 30, 2022)

I tested it out on 10750h and only got "Normal" status. But I've been running TS v9.2 for ages anyway, so have updated to v9.5 and left this feature turned on. Absolutely love ThrottleStop for my gaming laptop. Used to routinely hit temperatures of 100C and with this program, some undervolting and limiting the turbo ratios I rarely get more than 70-75C while gaming.


----------



## unclewebb (Jun 30, 2022)

TheDeeGee said:


> I'm getting almost 800 more points with reset timer.


A rough estimate is about +100 points for every core you have. I have a 10 core 10850K so it gains 1000 points. A 6 core CPU will typically gain 600 points and an 8 core CPU should gain about 800 points in Cinebench R23. Those are just some numbers off the top of my head. 



TheDeeGee said:


> how to run ThrottleStop


To fix this problem you can run ThrottleStop, minimize it to the System Tray / Notification Area and that is all you need to do. There is no need to enable any of its many options.

Some users have decided to immediately exit ThrottleStop after it starts. This works for me but I cannot guarantee that this will work for everyone. I prefer to leave ThrottleStop running.

If you exit ThrottleStop, you will definitely need to run it gain if you do a sleep resume cycle or if you reboot. 

ThrottleStop has an INI option that you can use to force ThrottleStop to immediately exit. If you are going to use this option, at the moment, I would set it to 15 seconds.
Add this line to the ThrottleStop.INI configuration file.

ExitTime=15

In the next version of ThrottleStop, I will be changing things so setting this to 1 second should be good enough. 



UrsineSaturn9 said:


> I've been running TS v9.2


TS 9.2 and 9.3 used to automatically fix this problem. Back then, I had no idea what was causing this problem or why ThrottleStop had this magic ability. I stopped using one of the programmable counters in TS 9.4 and didn't really think too much about it. This provided Windows Defender the opportunity to take over control of all of the counters so it could run its slow and sluggish algorithm. It took a while to get everything figured out. TS 9.5 uses one of the programmable counters like TS 9.2 and 9.3 used to use.  



UrsineSaturn9 said:


> Absolutely love ThrottleStop


Good to hear. ThrottleStop has greatly improved the user experience for quite a few laptop owners worldwide.


----------



## ThrashZone (Jun 30, 2022)

Hi,
@unclewebb 
I always wondered why isn't there a pinned thread with the throttle stop version download here ?








						ThrottleStop
					

Optimize and tweak your Intel processor




					www.techpowerup.com


----------



## unclewebb (Jun 30, 2022)

ThrashZone said:


> a pinned thread


That sounds like a good idea. I have never created a pinned thread before. I will put it on the things to do list.


----------



## ThrashZone (Jun 30, 2022)

unclewebb said:


> That sounds like a good idea. I have never created a pinned thread before. I will put it on the things to do list.


Hi,
Sure would make it easier to find your awesome software besides using various search engines


----------



## Yooyoo1987 (Jul 1, 2022)

I have 10400f with the same issue, hope ms will correct this bug asap.


----------



## Aaron2 (Jul 1, 2022)

I have an i7-9700K and so far I only get Normal and Not Used in Counter Control over the last three days, and I shutdown every night (fast reboot disabled). I have applied no tweaks to my knowledge that affect Defender in any way. Strange...


----------



## AusWolf (Jul 1, 2022)

Also:








Notice how single-threaded performance also suffers when the Defender timer is active. The multi-thread ratio is the same in both instances.


----------



## unclewebb (Jul 2, 2022)

@AusWolf 
How about doing some 3D Mark testing?

It tends to be fairly consistent and should show some reduced performance because of this Windows Defender feature.


----------



## AusWolf (Jul 3, 2022)

unclewebb said:


> @AusWolf
> How about doing some 3D Mark testing?
> 
> It tends to be fairly consistent and should show some reduced performance because of this Windows Defender feature.


Done. Interestingly, it's not as consistent as I thought it would be:








The CPU score clearly shows the difference. I don't know why my GPU score was lower the second time. I didn't change any setting in 3DMark or in Adrenalin. AMD GPUs are weird.








It's also strange that some scores were affected in the CPU profile test, some others were not.


----------



## TheHunter (Jul 3, 2022)

For me it was timespy and and firestrike physics that showed the most difference, cpu profile not as much.

By both at least 1000-1500points difference..


But back then i didnt test this tool yet, just disable/enable realtime protection.


----------



## FLFLFL (Jul 4, 2022)

I get this, is OK ?


----------



## unclewebb (Jul 5, 2022)

FLFLFL said:


> OK


0x222 is bad.

0x000 is good.


----------



## ThrashZone (Jul 5, 2022)

unclewebb said:


> 0x222 is bad.
> 
> 0x000 is good.


Hi,
Saw you found one of the dummies on elevenforums 

I posted to brink this thread and he saw fit to make a news story


----------



## lexluthermiester (Jul 5, 2022)

ThrashZone said:


> Saw you found one of the dummies on elevenforums


Devin isn't the worst there, for sure. He's a bit of a smart-ass but mostly harmless. It's Kari you have to be very careful of. @unclewebb be very careful how you interact with Kari. Say the wrong thing to them and they will get you banned, no matter who you are.


----------



## ThrashZone (Jul 5, 2022)

lexluthermiester said:


> Devin isn't the worst there, for sure. He's a bit of a smart-ass but mostly harmless. It's Kari you have to be very careful of. @unclewebb be very careful how you interact with Kari. Say the wrong thing to them and they will get you banned, no matter who you are.


Hi,
No I was referring to cereberus.


----------



## lexluthermiester (Jul 6, 2022)

ThrashZone said:


> Hi,
> No I was referring to cereberus.


Yeah, them too.


----------



## ThrashZone (Jul 6, 2022)

lexluthermiester said:


> Yeah, them too.


Hi,
I know he uses a three headed dog but there is still just one of him so "them" don't apply


----------



## skates (Jul 14, 2022)

OneMoar said:


> go be wrong somewhere else lex
> 
> 
> 
> ...


I read that article and was not surprised.  I have defender running on a new build and traditionally I disable it because I have ESET home internet (for many years now).  I simply forgot to disable Defender on my new build and after looking at the eset review at av-test for Dec 2021, it's a perfect score.  So, I think I'll disable defender unless someone with more knowledge can tell me why I would need it to supplement eset?



skates said:


> I read that article and was not surprised.  I have defender running on a new build and traditionally I disable it because I have ESET home internet (for many years now).  I simply forgot to disable Defender on my new build and after looking at the eset review at av-test for Dec 2021, it's a perfect score.  So, I think I'll disable defender unless someone with more knowledge can tell me why I would need it to supplement eset?


Here is the eset review  https://www.av-test.org/en/antiviru...mber-2021/eset-internet-security-15.0-211609/


----------



## AusWolf (Jul 14, 2022)

skates said:


> I read that article and was not surprised.  I have defender running on a new build and traditionally I disable it because I have ESET home internet (for many years now).  I simply forgot to disable Defender on my new build and after looking at the eset review at av-test for Dec 2021, it's a perfect score.  So, I think I'll disable defender unless someone with more knowledge can tell me why I would need it to supplement eset?
> 
> 
> Here is the eset review  https://www.av-test.org/en/antiviru...mber-2021/eset-internet-security-15.0-211609/


No one in their right mind will ever tell you to "supplement" an AV with another. Running more than one doesn't benefit you in any way, but can harm system performance.


----------



## skates (Jul 14, 2022)

AusWolf said:


> No one in their right mind will ever tell you to "supplement" an AV with another. Running more than one doesn't benefit you in any way, but can harm system performance.


Thank you for the advice.



skates said:


> Thank you for the advice.


Actually, defender is off, but windows 11 does report on ESET and Malware Bytes, so I was confused because the defender tray icon, although being off, isn't complaining like in windows 10.  Windows 11 also gives the ability to have defender 'periodically' do a scan.


----------



## AsRock (Jul 14, 2022)

ThrashZone said:


> Hi,
> Yeah 10 was bad but 11 is far worse than that.
> 
> I just started removing pretender early this year mainly because I started using it a bit more.



Dam now i got a queen song in my head.


----------



## Mussels (Jul 16, 2022)

skates said:


> Thank you for the advice.
> 
> 
> Actually, defender is off, but windows 11 does report on ESET and Malware Bytes, so I was confused because the defender tray icon, although being off, isn't complaining like in windows 10.  Windows 11 also gives the ability to have defender 'periodically' do a scan.


Enabling another AV disables defender, and has for longer than i can remember

The tray icon etc are not the same as actively scanning or competing


----------



## lexluthermiester (Jul 16, 2022)

Mussels said:


> Enabling another AV disables defender, and has for longer than i can remember


While true, the services keep running and using system resources. It's best to remove it in favor of a replacement.


----------



## Mussels (Jul 16, 2022)

lexluthermiester said:


> While true, the services keep running and using system resources. It's best to remove it in favor of a replacement.


but while inactive, it's not doing any scanning or triggering performance losses

It goes dormant to switch back on if your other AV is disabled (which genuinely is a good thing, as so many scams have instructions on "if you have problems, disable your AV..."


----------



## lexluthermiester (Jul 16, 2022)

Mussels said:


> but while inactive, it's not doing any scanning or triggering performance losses
> 
> It goes dormant to switch back on if your other AV is disabled (which genuinely is a good thing, as so many scams have instructions on "if you have problems, disable your AV..."


Anyone foolish/silly enough to be falling for such a scam is not someone who is going to go through the effort to remove Defender anyway, so that's a mute point. The task of removing Defender is for experienced users who know better that to be taken in by scams, not the technologically illiterate.


----------



## TheoneandonlyMrK (Jul 16, 2022)

lexluthermiester said:


> First, this is purely a microsoft coding problem. Second, it's been happening for donkey's years. You really expect them to patch it anytime soon?
> 
> 
> Really makes one wonder about all the reviews and benchmarks we've seen over the years. This is one of the MANY reasons I remove defender from the systems I use.
> ...


I am pretty sure W1zzard disables defender, telemetry etc before benching, it's a plus for sure since it means all Tpu reviews right now are still valid.

Maybe someone else said this shrug.


----------



## TheHunter (Jul 17, 2022)

Well now it's my daily tool, and haven't had any regression since then, I just enable/reset by each new logon and that's it. 


btw I think I saw one user mentioning about 15sec delay in ini file, but there is no such file, I just have exe, do I make one by exe location?


----------



## Mussels (Jul 17, 2022)

TheoneandonlyMrK said:


> I am pretty sure W1zzard disables defender, telemetry etc before benching, it's a plus for sure since it means all Tpu reviews right now are still valid.
> 
> Maybe someone else said this shrug.


He does, as do most serious reviewers


----------



## unclewebb (Jul 17, 2022)

TheHunter said:


> delay in ini file, but there is no such file,


Counter Control does not yet have an INI file but I will probably add one in the near future.

ThrottleStop 9.5.1 has a new INI file option so it will reset the timer and then immediately exit. Let me known in a message if you want to try that feature.


----------



## AlwaysHope (Jul 17, 2022)

Mussels said:


> He does, as do most serious reviewers


But that relegates the benchmarks to academic performance, not real world practical for everyday users. 
I mean are regular users going to disable defender & telemetry, etc.. just for the sake of performance on their systems?


----------



## Mussels (Jul 17, 2022)

AlwaysHope said:


> But that relegates the benchmarks to academic performance, not real world practical for everyday users.
> I mean are regular users going to disable defender & telemetry, etc.. just for the sake of performance on their systems?


I brought this up in another thread as well about required software
Hard to praise a motherboard for its overclocking performance, if the average user gets massive performance losses after installing the required software for its OLED display, etc.

I agree with W1zzard that hardware reviews definitely need to be done with a clean OS, even with the AV disabled - as that's a software issue and it can change over time - things like AV should only be enabled when you're comparing AV programs.

That said, i think any required software should be tested with a before and after comparison. If you cant use RGB controllers, OLED displays or update the BIOS without these softwares the average user will install them - and they need to know if they're got performance issues.


----------



## lexluthermiester (Jul 17, 2022)

Mussels said:


> He does, as do most serious reviewers


But does he disable or remove?


----------



## Mussels (Jul 17, 2022)

lexluthermiester said:


> But does he disable or remove?


Unsure, it's documented on the forums somewhere - he has a guide on what he does and why

Windows 11 Tweaks for GPU Benchmark | TechPowerUp Forums

He disables


----------



## lexluthermiester (Jul 17, 2022)

Mussels said:


> Unsure, it's documented on the forums somewhere - he has a guide on what he does and why
> 
> Windows 11 Tweaks for GPU Benchmark | TechPowerUp Forums
> 
> ...


Fair enough then.


----------



## ThrashZone (Jul 17, 2022)

lexluthermiester said:


> But does he disable or remove?


Hi,
Disables for the most part and deletes some automatic processes 

W1zard's 10 & 11 script removes the most annoying part to 
The defender shield on taskbar/ action center so it doesn't show a yellow flag on it for setting changes off default like disabling cloud sample sending/.....or needs or wants to scan 
So yeah kind of a half measure to remove the wd pestware.


----------



## TheHunter (Jul 19, 2022)

unclewebb said:


> Counter Control does not yet have an INI file but I will probably add one in the near future.
> 
> ThrottleStop 9.5.1 has a new INI file option so it will reset the timer and then immediately exit. Let me known in a message if you want to try that feature.


Sure I would like to test


----------



## Deleted member 24505 (Jul 19, 2022)

Hardware reviews need to be done with a clean install with nothing disabled, as that is most likely what the avg users install would be like. It is only people like us that will tweak windows and disable certain stuff. Surely the hardware results should show results based on the avg persons PC.


----------



## RandomBeeps77 (Jul 19, 2022)

After a hell of tweaks finally deactivated. Battery went from 1.30h with desktop sightseeing to 7h battery with firefox 6 tabs and Code Editor... Battery is at 85% at the factory capacity. Laptop. from late 2018.

The tweak from OP helped a lot.


----------



## AusWolf (Jul 22, 2022)

I turned my PC on today, and got "not used" from Counter Control. Previously, it has always been "Defender" until I reset the counters. Has Microsoft issued an update or something?


----------



## zebra_hun (Jul 22, 2022)

Idk. Later i will check. I use ts 9.3 with autostart, cant test original w10. I hope, ms patched.


----------



## AusWolf (Jul 22, 2022)

AusWolf said:


> I turned my PC on today, and got "not used" from Counter Control. Previously, it has always been "Defender" until I reset the counters. Has Microsoft issued an update or something?


I'll take it back. It's back to "Defender" now.


----------



## Deleted member 24505 (Jul 22, 2022)

Tried mine a few times, always get normal 0x330


----------



## unclewebb (Jul 22, 2022)

AusWolf said:


> I'll take it back. It's back to "Defender" now.


I get "Not Used" when booting up immediately after a blue screen. A sleep resume cycle is always enough for Windows Defender to resume wasting CPU cycles. Nothing has changed with the most recent Windows Defender versions. This issue has already been forgotten.


----------



## TheHunter (Jul 27, 2022)

AusWolf said:


> I turned my PC on today, and got "not used" from Counter Control. Previously, it has always been "Defender" until I reset the counters. Has Microsoft issued an update or something?


Sometimes it shows not used, but it will start to use defender eventually.


----------



## FLFLFL (Jul 27, 2022)

Defender ON...

Defender OFF...

the results with Defender play Up-Down on Hi margin, with Defender OFF small margin 5-7Cb only.

If I let HP bloatware to run + Intel Tuning software with Defender ON
Performance drops to 700-710Cb

The 850+ with Defender ON are from TrottleStop… otherwise i7-11th Gen plays like i5
Our good HP take care us , and Intel lock from Factory everything


----------



## DyslexicStoner240 (Jul 30, 2022)

Can someone please tell me if I can close the program once it's fixed or should I minimize it and let it run in the background?


----------



## TheHunter (Jul 30, 2022)

There was a Defender update yesterday





and now when I rebooted few times, it started as normal or not used - by not used I started realtemp and it switched to normal 0x330, so I guess they fixed it?


EDIT: false alarm! it's back lol


----------



## unclewebb (Jul 31, 2022)

DyslexicStoner240 said:


> if I can close the program once it's fixed


What program?

If you are using Counter Control then you can usually close this program and the problem will not happen again until you either reboot or do a sleep resume or hibernate resume cycle. You can run Counter Control at any time to see the status of your counters. 

I prefer to run ThrottleStop 9.5 all of the time so I do not have to worry about this issue. ThrottleStop will automatically reset the timers after you resume from sleep or hibernate.


----------



## DyslexicStoner240 (Jul 31, 2022)

unclewebb said:


> What program?
> 
> If you are using Counter Control then you can usually close this program and the problem will not happen again until you either reboot or do a sleep resume or hibernate resume cycle. You can run Counter Control at any time to see the status of your counters.
> 
> I prefer to run ThrottleStop 9.5 all of the time so I do not have to worry about this issue. ThrottleStop will automatically reset the timers after you resume from sleep or hibernate.


Thanks for answering my question!


----------



## Jasper (Aug 11, 2022)

Hi,

Must I TURN ON Throttlestop using the button to realize this benefit OR is simply STARTING Throttlestop sufficient?

Thank you.


----------



## unclewebb (Aug 11, 2022)

Jasper said:


> TURN ON


Turn On is not necessary. 

Do some Cinebench testing to prove what works for your situation.


----------



## mikev92 (Aug 17, 2022)

Seems to be fixed in latest Beta build 22622.575.


----------



## unclewebb (Aug 18, 2022)

mikev92 said:


> Seems to be fixed


Interesting. Try doing a few sleep resume cycles to make sure Defender does not wake up and bite you in the back side.

Thanks for the update.


----------



## mikev92 (Aug 18, 2022)

unclewebb said:


> Interesting. Try doing a few sleep resume cycles to make sure Defender does not wake up and bite you in the back side.
> 
> Thanks for the update.


Tried that and restarting a few times, still says 'Normal'. Usually it would switch to 'Defender' about 3-4 minutes after waking/booting and if it didn't then it usually would after a while. but so far it hasn't.

It's worth mentioning that this is a clean install so there's a chance that it was fixed on earlier builds but I didn't bother checking because I set up TS way back when it was discovered.

Another interesting thing is that VBS is now enabled by default when clean installing 22H2 which wasn't the case with 21H2 (when using Rufus), so I'll test how it goes with VBS off.

Edit: Same thing with VBS off so it probably has no effect on it, but yeah I'd say it's finally fixed.


----------



## TheHunter (Sep 17, 2022)

So I upgraded to windows 11 and the issues is still present.  I'm on retail channel.


Sometimes it starts as not used, but it will turn into defender mode eventually.


----------



## lexluthermiester (Sep 17, 2022)

TheHunter said:


> So I upgraded to windows 11 and the issues is still present.  I'm on retail channel.
> 
> 
> Sometimes it starts as not used, but it will turn into defender mode eventually.


Windows Defender is NOT going to behave. It is not going to obey you. So you have two options. Ignore it and carry on(dealing with the annoyances going forward), or delete Windows Defender and use something that will obey your settings and config choices. There are plenty of security suites out there that do better(some much better) than defender.


----------



## TheHunter (Sep 18, 2022)

lexluthermiester said:


> Windows Defender is NOT going to behave. It is not going to obey you. So you have two options. Ignore it and carry on(dealing with the annoyances going forward), or delete Windows Defender and use something that will obey your settings and config choices. There are plenty of security suites out there that do better(some much better) than defender.


Like?

I use to run nod32 security for a long time, but ditched it eventually because its built-in firewall started to eat cycles..


----------



## lexluthermiester (Sep 18, 2022)

TheHunter said:


> Like?


Comodo is my personal fav currently. Their firewall and HIPS features are second to no one, IMO. ESET is also good as is Avira.


TheHunter said:


> because its built-in firewall started to eat cycles..


That's going to happen no matter what you use, especially Defender. Try to remember though, modern CPU's are far more powerful that they once were, so a firewall/security suite is not really going impact your over-all performance to any degree you will notice.

So do you research, figure out which one seems good for your needs and computing ethic/style and try it out. All of the respectable brands have a trial version for users to try. If they don't have a trial version, they're not worth your time.


----------



## TheHunter (Sep 24, 2022)

I updated to 22h2 today and so far so good.



I totally forgot about it running in the background and it hasn't been triggered yet, now when I saw it running over 2hrs, I opened both apps to see what's going on and it's still ok


----------



## TheHunter (Sep 25, 2022)

Yes it is fixed.


----------



## lexluthermiester (Sep 26, 2022)

TheHunter said:


> Yes it is fixed.


I still advise removing Defender and replacing it with some better and less intrusive.


----------



## Mussels (Sep 30, 2022)

lexluthermiester said:


> I still advise removing Defender and replacing it with some better and less intrusive.


Not many options are less intrusive

Bitdefender is good, but requires an email
Kaspersky is fine if you're not into the politics with Russia, but preinstalls a VPN
Avast, Avira, Malwarebytes have all had their own scandals and issues....



For the average home PC, defender does great.


----------



## lexluthermiester (Sep 30, 2022)

Mussels said:


> Not many options are less intrusive


Perhaps so, but there are options. Comodo is not intrusive, privacy protection is one of their driving motivations. Avira is currently respectful of peoples privacy also. There are others as well.



Mussels said:


> For the average home PC, defender does great.


This is where we disagree. The average user has no idea the level of intrusion microsoft makes into their information and they use Defender, in part, to do it. IMPO, almost anything would be better.


----------



## Mussels (Sep 30, 2022)

Intrusion into their information...
Sorry what exactly are they stealing from me?

Most home users have nothing on their PC worth that level of paranoia and fear.


----------



## lexluthermiester (Sep 30, 2022)

Mussels said:


> Sorry what exactly are they stealing from me?


A detail list of files stored on a given PC as well as a list of what you download. Edge collect surfing habits and lists of sites you visit. Windows telemetry gathers data on your computing habits. It's the trifecta of privacy invasion. Anyone who allows it is fool to themselves.


Mussels said:


> Most home users have nothing on their PC worth that level of paranoia and fear.


Anything that could be used to profile a user or identify same outside the context of personal computing is a risk to said user and therefore a risk to the entire user base. There are practical risks not worth taking or tolerating. If you chose not to acknowledge those risks, that's your choice, but you can not deny they exist. Advising people not to be concerned about them is unwise.


----------



## TheHunter (Oct 5, 2022)

Fck me, it 's back.. -_-, MS is so dumb..







lexluthermiester said:


> I still advise removing Defender and replacing it with some better and less intrusive.


any good suggestion? I did try a few in the past, avast, avira, kaspersky - removed this right away, it blocked too much lol, trendmicro -had this for a long time, then switched to nod32 security until they messed it up and firewall started to consume more cpu..

Then I installed malwarebytes Tinywall and kept default Defender, and haven't looked back, until this counter control issue started to happen., I still remember it good, it was this year around mid January @ win10.

I bought this 11700kf end of December 2021 and all was ok at first,  tested/benchmarked a lot. Then few weeks later I started to see some strange regression..


----------



## lexluthermiester (Oct 5, 2022)

TheHunter said:


> any good suggestion?


Comodo is my current fav and goto. It has the best personal firewall I've seen so far and it is fully customizable. The HIPS functions, which watchdogs programs and the OS, is exceptional. Comodo makes microsoft look like monkey's flinging poo.


			https://download.comodo.com/cis/download/installs/8060/standalone/cispro_installer.exe?af=7639
		

The free version does not exire. It'll ask you to try the pro version and to be fair $40 for a 3PC 1year license is damn decent.


----------



## Solaris17 (Oct 5, 2022)

btarunr said:


> Defender - 0x222: All three fixed function counters are programmed to mode 2. This is the value that Windows Defender sets these counters to when it is using them.



This doesn't seem entirely accurate. "Defender" while obviously causing issues in this context by setting these values; any software can assign these values. Are you performing other checks to be certain it is defender before reporting it as the performance issue @unclewebb ?


----------



## unclewebb (Oct 5, 2022)

Solaris17 said:


> This doesn't seem entirely accurate.


You are 100% correct. Any software can use these timers within the CPU and any software can set these timers to mode 2. 

The word Defender is only a warning. It is not a confirmation that Windows Defender is guilty of anything. Open the Task Manager, go to the Details tab and have a look to see if the Microsoft Malware Protection Engine (MsMpEng.exe) is using more CPU cycles than usual. 

If I had this problem, I would run a consistent benchmark like Cinebench R23 and I would compare my score to when these timers are not being set to mode 2. If you are running Windows Defender and you see a noticeable increase in performance when these timers are not being set to mode 2, and MsMpEng.exe is using more CPU cycles than usual, I would conclude that Windows Defender is why your performance is being reduced.


----------



## Solaris17 (Oct 5, 2022)

unclewebb said:


> You are 100% correct. Any software can use these timers within the CPU and any software can set these timers to mode 2.
> 
> The word Defender is only a warning. It is not a confirmation that Windows Defender is guilty of anything. Open the Task Manager, go to the Details tab and have a look to see if the Microsoft Malware Protection Engine (MsMpEng.exe) is using more CPU cycles than usual.
> 
> If I had this problem, I would run a consistent benchmark like Cinebench R23 and I would compare my score to when these timers are not being set to mode 2. If you are running Windows Defender and you see a noticeable increase in performance when these timers are not being set to mode 2, and MsMpEng.exe is using more CPU cycles than usual, I would conclude that Windows Defender is why your performance is being reduced.



Sick thanks for explaining!


----------



## TheHunter (Oct 7, 2022)

Seems to be ok again.. and i didnt start anything unusual last time when i saw it, maybe they fixed it again with recent defender update.





weird stuff..

@lexluthermiester 

does that comodo av also disable Defender?


----------



## Mussels (Oct 8, 2022)

TheHunter said:


> does that comodo av also disable Defender?


Defender disables the moment any other AV is installed and active


----------



## lexluthermiester (Oct 8, 2022)

Mussels said:


> Defender disables the moment any other AV is installed and active


This.


----------

