Windows Defender Real-time Protection Eats CPU Resources

kencarter · 2021-04-02T13:03:40.000Z

Greetings to the well of knowledge…

Windows Server 2016 VM. Serves as a terminal server for our accounting department’s Dynamics Great Plains installation.

Recently, Windows Defender’s real-time malware scan has been sucking up 50 to 80% of the CPU when it is active, causing the CPU to run sustained at 95 to 100%… Turning off real-time protection opens the gates and GP transaction processing continues unabated.

I decided to run the server with real-time protection off for a few days, however something happens that causes it to be turned back on when I go back into Settings.

Defender.png800×627 86.5 KB

Has anyone else seen this behavior?

Thanks,

Ken

GDaddy · 2021-04-02T13:28:21.000Z

You could use GPOs to turn off Real Time Protection. You can find it here: Windows Components/Microsoft Defender Antivirus/Real-time Protection.
But better would be to add GP, either as File, Folder, Process, as an exclusion. Especially if user have Internet access on this Term Server.

jessevas · 2021-04-02T14:33:12.000Z

i did see that happen once in January. The next Windows update fixed it.

supaplex-starwind · 2021-04-04T06:06:13.000Z

Sometimes it just happens to Windows Defender. You can track down what files and folders are being scanned and exclude them as GDaddy suggests. One more option is to temporarily add more vCPU to the virtual machine to compensate for the increased load or implement some Hyper-V performance tweaks to make things faster https://www.hyper-v.io/several-tips-hints-full-throttle-hyper-v-performance/ . Migrating to Windows Server 2019 VM is also a possible resolution.