Slow scan on windows

Scan (rescan, not the first one after startup) on windows is very slow compared to linux (wsl actually, on the same machine). For ~24K files in ~1GB total size it’s less than one second on linux and at least 45 seconds on windows. Syncthing 1.29.2 on windows.

The profile shows most of the time spent on os.Statsyscall.GetFileAttribbutesEx → cgocall. But it shouldn’t be that slow.

syncthing-cpu-windows-amd64-v1.29.2-142831.pprof (28.4 KB)

We, unfortunately, do a lot more work on Windows in order to figure out the actual case of things on a case insensitive filesystem. :frowning:

2 Likes

Any way to speed things up? Or to know if it’s performing the best it can on windows? Because according to task manager neither CPU nor Disk usage is above 5%, and I feel like something is slowing it down, like windows defender.

1 Like

Anti-malware software sits between your application and the OS. It can indeed slow things down. I have seen it in my corporate environment slowing down subversion repository http checkouts. And some other things. Signals are not given to the application as they are kept sleeping while the malware protection is active protecting and scanning through files/memory or inspecting network traffic.

You could try to whitelist the syncthing process in Windows Defender or the AV solution you’re currently using.

Windows Security / Virus & threat protection / Manage settings / scroll down to Exclusions / Add or remove exclusions / Add an exclusion / Process to add an Exclusion to Windows Defender. I strongly urge you to use the full path and filename in the exclusion. While there are two processes that normally run, you only need a single exclusion.

On the Windows machine that I’m writing this on, that full path and filename is “C:\Program Files\syncthing-windows-amd64-v1.27.9\syncthing.exe” The directory name reflects my original installation version on this machine; I auto-update to the current release.

I haven’t had scan performance problems, so I can’t tell you how well this would work, but I do agree it’s worth trying.

For testing purposes, I would suggest to simply disable Windows Defender’s real-time protection altogether. This way, you will be sure that it has no impact on the scanning process (either on Syncthing itself or on other files when they’re being accessed).

2 Likes

Sincere respect to you, @tomasz86, but I suspect that I come at this issue from a different perspective. My full time job is in cybersecurity and I have been involved with a large number of incident response efforts. I’ve also been a pentester. For the record I’ve never engaged in offensive cyber without a signed letter from the target, my client.

I respectfully urge literally everyone ever to not run Windows without realtime antivirus running except under the following very limited circumstances:

  • Disconnected from the Internet and all other potential sources of malware
  • After having been fully scanned online and offline first with excellent AV (Defender counts)

I am actually more conservative — paranoid, if you prefer — than this, it’s just what I advise to others.

1 Like

Yeah, I understand, but I’ve got a feeling that excluding just syncthing.exe won’t really have any effect, because Windows Defender will still slow down access to all the other files that Syncthing be going through when scanning.

I can also confirm, from my own experience, that Windows Defender does massively slow scanning down on weak hardware, but the difference should be less noticeable on decent one.

2 Likes

I am not an expert on Defender, but I believe excluding a process in Defender actually excludes all disk activity by that process.

Thank you all for the tips. I have added syncthing.exe path to Defender exclusions, but that did not seem to help. And the real time protection setting is locked by my org. So I guess I will have stick with the current speeds, it’s doable with the fs watcher.