I see about a 100x slowdown on some applications[0] and IO heavy operations with defender in win11. It's unbelieveable how slow it is. I was a huge proponent of it in Win10, but I'm finding it hard to do so now.
[0] The software I'm using does a scan over a few hundred thousand files to read file headers. Without windows defender it takes about 30 seconds, but with defender it takes about 300.
The answer in this scenario is to exempt that application and/or folder. Don’t throw the baby out with the bath water.
In my environment we have to add exceptions for Developers git folders for the realtime scanning for a similar reason. Apps with large numbers of small files or high frequency writes of smalls files, like temp files during the build process, need to be exempted unless you’re willing to pay the performance penalty for the security.
I don’t understand why, but I have an exemption for that folder and I’ve disabled real time scanning. It still shows the slowdown on first launch. The only thing that works is disabling windows defender entirely. I’ve been through the troubleshooting loop a few times with this.
We're seeing the same thing - our compilation times literally double because of Defender activity, you can go into resource manager and see defender using like 50% of the CPU, it takes our project from about 12 minutes for a full rebuild to 25 minutes. And the thing is - you can add whatever exceptions you want, they work for a while and then it breaks again with updates, I literally keep having to re-add and fix exceptions in Defender every month or our compilation times slow down to a crawl.
JetBrains IDEs actually tell you to exclude some directories from Defender (and will even do it for you in some instances) because of performance issues. DevDrive[1] fixes that since it's excluded from defender by default.
I'm generally in favor of Defender, but it can definitely cause performance issues, especially in relationship to other windows processes like windows update.
If you keep your system regularly updated, it's less of a problem, but I often help people who basically never update or leave their computer on long enough for Defender to do complete scans. After a certain point it basically becomes impossible to update because defender fights update and chrome and discord and etc etc etc, for access to the files and you end up with the cpu and harddrive maxed out for a couple of days before everything completes.
You can set exclusions of course, but it does get tedious because every time you have a new project you need to add exclusions for its folder and the toolchain. Then every time a toolchain is updated (eg .../gcc/11.5 changes to gcc/11.5.2 you have to enter the 20 new exe exclusions and of course windows won't let you mass delete the old ones so it's click->confirm->click->confirm x50).
I might not do it myself but I can see why someone would just say "enough is enough".
You can use the powershell command Add-MPPreference -ExclusionPath[0] and ship a script with your app if you want. I do the same for Terraform providers - whenever a new version comes out, for a time the process can be randomly killed as I suppose a process that spawns a child process that starts talking to lots of endpoints looks somewhat suspicious.
[0] The software I'm using does a scan over a few hundred thousand files to read file headers. Without windows defender it takes about 30 seconds, but with defender it takes about 300.