[boondaburrah]

They fixed it with an update this month, but CrowdStrike was hooking /every/ single call to NtCreateUserProcess on my work machine last month, and you /know/ how electron-based apps work. VSCode took so long to launch its sub processes it would pop up a crash reporter. "Hello World" compiled from C++ would take a minute to launch sometimes. WSL straight up could not be started because the TTY timed out waiting for it.

For some reason java.exe startup was A-OK though so I started using JEdit again.

Aggravatingly, it would occasionally disappear my builds and then flag me to IT. My dude, I am hired as a developer of native windows C++ applications why the hell is this trash on my would-be workstation-class machine?

[politician]

Your organization and your IT department expect you to work around these issues by doing development on your personal machine, and then copying it to your work machine while pretending like you never tunneled to your personal machine from the office.

That's what it feels like with some of these policies.

[conioh]

> They fixed it with an update this month, but CrowdStrike was hooking /every/ single call to NtCreateUserProcess on my work machine last month, and you /know/ how electron-based apps work. VSCode took so long to launch its sub processes it would pop up a crash reporter. "Hello World" compiled from C++ would take a minute to launch sometimes. WSL straight up could not be started because the TTY timed out waiting for it.

There's nothing wrong in hooking ~EvErY~ call to NtCreateUserProcess or even a thousand other functions in and of itself. The issue is what they're doing inside those hooks.

We have installed another product that also hooks +@EvErY sInglE@+ call to NtCreateUserProcess and to couple dozen other functions and you know what? VSCode works just fine. WSL too. Edge and Chrome too.

Sure there's a measurable effect on performance but nothing like you're describing.

[nikanj]

Because your organization's customers demanded your employer get some security certificate, and part of that certification is hoisting that BS on all users

[jupp0r]

java.exe was probably excluded.

[wyldfire]

I know what I'm calling my next exploit ;)

[jupp0r]

These are usually hash-based so you'll need to actually write it in Java or something more modern running on the JVM. Good thing is you'll only need to write it once and it will run anywhere!