How Windows Defender can kill application performance

How Windows Defender can kill application performance

Most Windows machines have Windows Defender enabled. It might protect you, but it can virtually kill your IntraWeb application performance.

IntraWeb creates many temporary files when it is processing all incoming requests and generating responses. These files, by default, i.e. without any special configuration, are saved in a temporary folder which path is provided by Windows (result returned by GetTempPath() function in Kernel32.dll). Most of the times, you just don’t need to worry about it and the default temporary folder is good enough. However, Windows Defender will scan ALL files created in your hard disk, including those temporary files created by IntraWeb.

In many cases we have detected that Windows Defender can take an incredibly LONG time scanning those files, even though they are small (e.g. less than 64 kb). The situation is even worse when Windows Defender detects tags like “<script>” inside those temporary files, which it probably considers suspect. In that case, it can take up to 200 ms to scan a file and release the file handle, so the IntraWeb application can proceed. During that time, your IntraWeb application might be waiting for it to be available again, so that thread is basically waiting for Windows Defender… and so is the application user.

Recently, Andreas Hausladen wrote about Windows Defender and its impact on compilation times of Delphi applications in Delphi 10.1 Berlin. Although his results are much better, the cummulative impact is significant when you have a huge number of files being generated (just like an IW server application).

So, our recommendation, in case you have Windows Defender installed on your server is:

  • Do NOT disable it completely. Yes, it makes your Windows server safer.
  • Use a non-default temporary path for your IntraWeb server application. Just set ServerController.CacheDir property to something like C:IWTempMyAppName or any other EMPTY and EXCLUSIVE folder. Have in mind that you MUST NOT SHARE THIS DIRECTORY. If you have more than one IntraWeb application, use different folders, one for each application. You have been warned! 🙂
  • Configure Windows Defender to exclude this folder. Follow these simple steps:
  • Open Windows Defender and select Tools -> Options
  • Select “Excluded Files and Folders”, and then click on “Add”.
  • Select the folder used as cache dir by your IntraWeb application. Click OK and then Save.

You are done now. Your IntraWeb application will probably perform much better and will be able to handle a higher volume of requests.

Although this procedures were specifically targeted to Windows Defender, most anti virus software have similar impacts on your application. If you have other anti virus software installed on your server, you should configure it to skip IntraWeb temp folder as well.