28 June 22, 18:05
Quote:Kevin Glynn, the developer of popular tools like ThrottleStop and RealTemp has discovered a bug in Windows Defender that was causing it to consume more system resources than was required. He has also released a new app that fixes this problem.Continue Reading
Windows Defender consumes more resources on Intel CPUs
Antivirus programs are constantly scanning your system for unusual activity to prevent malware from impacting your system. That's normal, and Windows Defender is no exception to this.
But there's more to it than meets the eye. A screenshot shared by Techpowerup shows that Defender used about 4% of the CPU while CineBench was running, and some benchmark comparisons resulted in a 6% loss because the antivirus was using excessive resources. It uses these for the Real-time Protection notifications.
Computer processors have special registers called hardware performance counters. Techpowerup's report mentions that Windows Defender uses all possible hardware performance counters, including the fixed function counters in Intel processors.
These counters can run in one of 4 possible modes:Windows Defender sets these counters to mode 2 at random intervals for an unspecified amount of time. This can happen anytime, at start up or during normal usage. The problem is that this starts chewing up CPU usage, which leaves fewer resources for other programs.
- Disabled
- OS (ring-0)
- User (ring >0)
- All-Ring levels
Interestingly, AMD CPUs are not affected by this issue.
The value of these performance counters are set to mode 3 or All-Ring levels, when you run system monitoring tools such as including ThrottleStop, HWinfo to name a few. When Windows Defender detects a change in the counter, it will not reset it, which also ensures your computer runs at maximum efficiency.
Now, you can't have system tools running all the time. So, how do we fix this issue?
Counter Control and ThrottleStop 9.5
Say hello to a new app called Counter Control. This application, also made by Glynn, fixes the performance impact of Windows Defender. How does it do that?
It monitors and logs the IA32_FIXED_CTR_CTRL register located at MSR 0x38D. It not only reports whether Defender is impacting your system's performance, but also provides a way to set the counter to mode 3. The best part is that this does not affect the antivirus capabilities of Windows Defender, so your computer's security is not comprosmised.
How can I check if my Intel computer is affected?
Download Counter Control and run it, it's a portable software. The utility supports most Intel CPUs that have been released since 2008.
If you see the code 0x222 in the app's GUI, it means that Windows Defender is using up CPU cycles needlessly to gain control of the counter. Here is a screenshot that I took that highlights the status.
Click the Reset Counters button in the app, and the code will change to 0x330, which indicates that everything is normal. That's it.
Do I need to run Counter Control every time I start my computer? Yes, you will need to run it and click on Reset Counters when your PC restarts. This is necessary since Windows Defender randomly starts using up the counters.
Alternatively, you can use ThrottleStop 9.5 for fixing the performance issue. The latest update for the popular undervolting app, introduces a new feature called Windows Defender Boost. Enable this option, and run the app when you start the computer. This is essentially the same as using Counter Control, but if you're already using ThrottleStop to undervolt your laptop, then this saves you an additional click.
...