LabVIEW

cancel
Showing results for 
Search instead for 
Did you mean: 

Executable And Windows Antimalware

Hello

I have made two executable communicating with each other with Network streams. The executable can run on the same PC or two different PC.
Both are built in LabVIEW 2018, one in 32bits the other in 64bits.

 

When these program are running the CPU usage viewed in Task Manager is less than 5% for the two programs combined.

But when one of this program starts, the CPU usage of "Antimalware Service Executable" rises to 30% then it ususally drops to around 10% (usually because it sometimes stays at 30%).
When I stop both of these programs The CPU usage of "Antimalware Service Executable" rises to 30% then goes back to less than 1 or 2%.

 

Running only one of them when it does not communicate with the other, the CPU usage of "Antimalware Service Executable" is around 5%

 

These values of CPU usage are when the program is idling. When it is running in normal operation doing data acquisition, network communication and writing files, CPU USage can go up to 40%.

On some machine with limited resources we even observed 100% CPU usage with our program using 60% "Antimalware Service Executable" using up to 35%.

How can I reduce the CPU usage of "Antimalware Service Executable" without disabling it ( because with windows update, the OS always find a way to re enable it)

 

Thanks

 

0 Kudos
Message 1 of 9
(299 Views)

Usually you can exclude files from being harassed by a AntiMalware application. Check the AntiMalware settings.

Paolo
-------------------
LV 7.1, 2011, 2017, 2019, 2021
Message 2 of 9
(289 Views)

Hello Paolo,

 

This seems to work, but I am looking for a more universal way to make this work as the application is installed by the customer on its own PC and I don't oversee every install.

Thanks

0 Kudos
Message 3 of 9
(281 Views)

 


@didje007  ha scritto:

Hello Paolo,

 

This seems to work, but I am looking for a more universal way to make this work as the application is installed by the customer on its own PC and I don't oversee every install.

Thanks



It's the very nature of anti-malware apps of not letting other programs to disable them.

Paolo
-------------------
LV 7.1, 2011, 2017, 2019, 2021
0 Kudos
Message 4 of 9
(268 Views)

May be I Should reformulate the question as why my program is considered as a Malware?

0 Kudos
Message 5 of 9
(264 Views)

@didje007 wrote:

May be I Should reformulate the question as why my program is considered as a Malware?


It's not! If it was you could not start it or the network communication would not work and both applications would think the other simply doesn't exist. But it seems to be considered a potentially bad actor since your Antimalware doesn't know it (it can't know every possible software out there, especially if it is custom made software like what you write in LabVIEW). The application not listed in its white list, it considers it potentially unsafe and seems to intercept, analyze and eventually still allow many actions the applications try to do. This could be the mere fact of keeping network sockets open for your data streams, or anything else.

 

My guess is that this analysis takes a considerable amount of time to the point where the network stream endpoints frequently attempt to do data retransmissions, which increases the load of your application and the amount of network packets the analyzer needs to intercept.

 

The proper way to deal with that is to exclude the application from the Antimalware scan on installation of your application but that requires custom installation scripts and knowledge of what Antimalware solution runs on a specific computer.

 

Alternative is to try another communication channel, for instance your own TCP/IP based protocol, that might or might not be left alone by this particular Antimalware solution.

Rolf Kalbermatter
My Blog
0 Kudos
Message 6 of 9
(185 Views)

Thank you for your responses.

Unfortunately individually registering applications with anti malware didn't work for me.

I had to play with group policies to reduce the CPU load that the malware can use.

0 Kudos
Message 7 of 9
(126 Views)

@didje007 wrote:

Thank you for your responses.

Unfortunately individually registering applications with anti malware didn't work for me.

I had to play with group policies to reduce the CPU load that the malware can use.


If your application is unsigned, then you can try to purchase code signing certificate and sign your application, this could decrease "aggressiveness" of the anti malware service. Personally I haven't seen much issues with unsigned apps from this point of view, but just an idea...

0 Kudos
Message 8 of 9
(117 Views)

I have tested signed and unsigned and I see no difference, in the CPU usage.

0 Kudos
Message 9 of 9
(110 Views)