0

I have a small dos bat file I'm running to rsync a bunch of data, using cwRsync, over to a USB drive on a regular basis so I can migrate when replacement parts arrive without worry. I've noticed that MsMpEng.exe kills the transfer speed so I'm looking to turn off MSE's real time protection before the rsync, and back on immediately afterwards.

Is there any way to do this? Kill the task, flick something in the registry then remove it or via the Sc command? I notice that MsMpEng.exe doesn't have the facility, and I appreciate that this wouldn't be something easy as a malicious script could do it just as well if running as Administrator.

I am running the .bat file as Administrator already so that's not a problem. The script is pretty much this:

@ECHO OFF

SETLOCAL
SET CWRSYNCHOME="c:\Program Files (x86)\cwRsync"
SET CYGWIN=nontsec
SET HOME=%HOMEDRIVE%%HOMEPATH%
SET CWOLDPATH=%PATH%
SET PATH=%CWRSYNCHOME%\BIN;%PATH%

rsync --delete -rvP /cygdrive/d/games /cygdrive/f/
REM --SNIP--

If I can figure that out I may well use this in preference to windows backup for ever more.

Paolo Moretti
  • 54,162
  • 23
  • 101
  • 92
Diziet
  • 2,397
  • 1
  • 26
  • 34
  • 1
    If you could turn off MSSE that from a script, then so could malware. For this reason, I am pretty sure you won't find what you're looking for. – kindall Feb 04 '11 at 01:05
  • I actually included that statement in my question: "and I appreciate that this wouldn't be something easy as a malicious script could do it just as well if running as Administrator." It is actually quite easy to do. – Diziet Feb 05 '11 at 08:29

5 Answers5

3

You could try net stop nameofservice, though that only stops a single service at a time. If MSSE has multiple services and they watchdog each other, you may not be able to stop them all before the surviving ones start up the early victims again.

Marc B
  • 356,200
  • 43
  • 426
  • 500
  • That's essentially what I did. `sc stop MsMpSvc` then `taskkill /f /im msmpeng.exe`. If you have the security manager open as a window at the time it will restart the services. To restart `sc start MsMpSvc`. Now I just need to figure out shadow volumes in Win7. – Diziet Feb 04 '11 at 18:34
2

You may not even need to tun the security essentials off. You can add "rsync.exe" to the exception program list and MSE will be much faster.

I noticed it using a ton of processor while rsync was transfering the moment I added rsync.exe to the exception list it dropped to 0% and rsync will speed up again.

user2021920
  • 21
  • 1
0

I think you're looking for this info:

http://www.addictivetips.com/windows-tips/command-line-utility-mpcmdrun-exe-microsoft-security-essentials/

the security essentials do not normally allow themselves to be disabled from the command line - at best, you can run a scan, or an update.

blueberryfields
  • 45,910
  • 28
  • 89
  • 168
0

Just to clarify as the comment I made to the accepted answer might be lost in the ether to future visitors.

It is quite simple to do if the script runs as administrator:

sc stop MsMpSvc
taskkill /f /im msmpeng.exe
rsync --delete -rvP /cygdrive/d/games/steam /cygdrive/f/games
sc start MsMpSvc

If you have other Security Essentials window/tasks open, for example by using the icon in the system tray, it may automagically restart the services. Depending on your system you may therefore need to taskkill other exes. There is only one main service for Security Essentials so starting that appears to restore all other systems.

Of course, on a lot of systems MSE doesn't interfere in any noticeable fashion but my hardware is currently suffering a serious problem and backups to the USB drive were being drastically slowed. In light of that it's entirely possible that these steps will be unnecessary on a new system.

Diziet
  • 2,397
  • 1
  • 26
  • 34
0

I actually did delete that from my pc. It takes my cpu usage to 25-30 in idle.

Here is what I did :

Luckily I already had a dual boot installed with ubuntu. I just logged in to the Ubuntu OS and looked for this app and tadaa.. It's gone :D

If you can run a linux os live using a USB or DVD, its easy to delete this file.See my task manage now, also CPU

starball
  • 20,030
  • 7
  • 43
  • 238
Libin Rahman
  • 1