Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Get-ChildItem triggers Antimalware Service Executable

See original GitHub issue

Steps to reproduce

Choose a directory with a fair amount of beefy executables and issue Get-ChildItem on the directory.

Expected behavior

Obtain a directory listing in a reasonable amount of time.

Actual behavior

In reality it takes far longer than it should, mostly because displaying the directory listing triggers the Antimalware Service Executable which burns a CPU core but more importantly, takes a significant amount of time to finish scaling with the size of the directory.

PS C:\Users\Matty\Downloads> ls | measure -Property Length -Sum


Count    : 83
Average  :
Sum      : 7041940346
Maximum  :
Minimum  :
Property : Length

83 files and 7 Gigs of Downloads with a fair amount of .exe, .iso and what not.

PS C:\Users\Matty\Downloads> Measure-Command {$list = Get-ChildItem; foreach ($elem in $list) {Write-Host $elem}}
...
Days              : 0
Hours             : 0
Minutes           : 0
Seconds           : 2
Milliseconds      : 631
Ticks             : 26310762
TotalDays         : 3,04522708333333E-05
TotalHours        : 0,0007308545
TotalMinutes      : 0,04385127
TotalSeconds      : 2,6310762
TotalMilliseconds : 2631,0762

So just ordinarily printing the name of the files takes 2 seconds and 631 milliseconds (already not quite what I’d expect, but ok). Now, executing the following script block (forgive me, I couldn’t devise a better solution to demo the artifact)

$start = Get-Date;
ls ~\Downloads
$end = Get-Date;
$span = $end - $start;
Write-Host $span;

Prints out the following:

"Exactly what I'd see if invoking Get-ChildItem plain from the console"
00:00:07.8705418

This is fishy.

Environment data

Latest nightly.

PS C:\Users\Matty\Downloads> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      6.0.0-alpha
SerializationVersion           1.1.0.1
GitCommitId                    v6.0.0-alpha.12-21-g2077e42b52cd431a9097cf6673f9b4d5f4e4f391
PSEdition                      Core
BuildVersion                   3.0.0.0
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
CLRVersion
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}

Issue Analytics

State:
Created 7 years ago
Comments:12 (4 by maintainers)

Top GitHub Comments

1reaction

vorscommented, Nov 9, 2017

Lol, what a thread. I probably would not be able to unicycle after that long.

0reactions

powercodecommented, Nov 6, 2017

Seems like we could improve on the Console output. For each line we write, we make PInvoke calls to GetConsoleScreenBufferInfo, GetConsoleMode and WriteConsole. Do we really have to to the first two calls for each line?

Top Results From Across the Web

What is Antimalware Service Executable? Why is it High ...

Antimalware service executable is a Windows Security process that executes real-time protection against malware.

How To Fix Antimalware Service Executable (MsMpEng) ...

Fix #1: Scan your Computer for Malware; Fix #2: Change Windows Defender Scheduling settings; FIX #3: Add Antimalware Service Executable to the Windows ......

Stop antimalware service executable (Windows defender ...

Hi, I am aware that there are several posts on this, and I have tried to follow the solutions given, but this problem...

Windows Defender - Add exclusion folder programmatically

The correct way to do this is using the Add-MpPreference PowerShell cmdlet. Use this cmdlet to add exclusions for file name extensions, paths, ......

How to Fix “Antimalware Service Executable” High CPU ...

Read our guide to learn how to prevent Antimalware Service Executable from hogging your system's resources with just a few simple steps.