I used the portable version release.zip and I didn't have any issue with Microsoft Defender, indeed.
Defender Hardening Console Executable
- Thread starter Trident
- Start date
The CPU usage of msedgewebview2.exe is noticeable lower than with the previous version.
Now
Before
Now
Before
RoboMan
Level 38
Verified
Honorary Member
Top Poster
Content Creator
Well-known
High Reputation
Forum Veteran
Tried both files, nothing at all, sadly. I tried disabling CyberLock too, with no luck.
Yeah, there are spikes on the C++ side so these spikes will have to be eliminated before it becomes a background service.
The spikes of about 10% are caused by the scoring engine, so I am exploring various optimisations that don’t compromise the functionality, mainly with hashing and pre-computed tables.
For now it’s ok to have them.
Btw this is very close to the behavioural airlock, only the hooking is missing.
But it’s also time to think of digital signature because these false positives are driving me mad.
If the World map isn't visible (i.e I scroll down the Defender Hardening Console's window to hide it) the msedgewebview2.exe disk usage drops from about 1020 K / s to 20 K / s.
It means WebView is caching something but I am not sure what exactly it deems worthy of caching. I will need to investigate and potentially disable caching for this component.
The map should live entirely in RAM.
I can say that if I scroll up the Defender Hardening Console's window to show again the World map, the msedgewebview2.exe disk usage raises to about 1200 K / s, currently.
It is likely the disk shader cache.
I will shortly send you a modified version, see if the disk activity persists.
On my system I can see 0.1 mb activity.
The CPU usage of msedgewebview2.exe, even with the World Map not visible, is back to 5-6 %. I don't know why, some time ago it was only 0.6% 
*edited* The CPU usage of msedgewebview2.exe raises to 5-6 % if I enable the "History" switch / button. If I disable it, the CPU usage is back to 0.6 %, max 1.5 %. I tried 2 times in a row and I can confirm this behavior, compared to the previous post, when History was enabled and CPU usage raised to 6.8 %.
World Map visible, History disabled
*edited* The CPU usage of msedgewebview2.exe raises to 5-6 % if I enable the "History" switch / button. If I disable it, the CPU usage is back to 0.6 %, max 1.5 %. I tried 2 times in a row and I can confirm this behavior, compared to the previous post, when History was enabled and CPU usage raised to 6.8 %.
World Map visible, History disabled
Last edited:
The CPU usage of msedgewebview2.exe, even with the World Map not visible, is back to 5-6 %. I don't know why, some time ago it was only 0.6%
*edited* The CPU usage of msedgewebview2.exe raises to 5-6 % if I enable the "History" switch / button. If I disable it, the CPU usage is back to 0.6 %, max 1.5 %. I tried 2 times in a row and I can confirm this behavior, compared to the previous post, when History was enabled and CPU usage raised to 6.8 %.
World Map visible, History disabled
View attachment 296739
Try this modified version
I will look at the repaints when history is enabled. Technically they should be the same, but I will check.
Could be just a side effect of having more data.
I found the issue that causes history to use more CPU and it is the map again. The 2 issues are related.
I tested the modified version. About msedgewebview2.exe disk usage, when the World Map is visible, the values are similar to the previous version but they were already negligible, according to Windows Task Manager. The big improvement is on the CPU usage because now, even with History enabled, it has reached max 2.2 % but most of the time it stays at 1.0 % or lower.
Nice work, in so brief time.
Process Lasso Task manager (World map visible, History enabled)
Nice work, in so brief time.
Process Lasso Task manager (World map visible, History enabled)
The moving colored dots on the World map are much slower now, compared to the previous version 
But in the previous version, the animation for the world map was the stunning 60 fps and the disk usage is likely the result of caching 20 composite layers (which the map consists of) x 60 times a second. I will find a balance between performance and experience in the next few versions.
The history adds more lines - these can be disabled.
The map is designed for real time overview.
It's very important the CPU usage reduction because before, with History enabled, I clearly distinguished the CPU fan's noise, now it's silent.
Yeah, maybe I will leave it at around 24 fps.
Or else I will see what I can offload to the GPU.
I've a question: the connection history is saved end encrypted in C:\ProgramData\Hawk Eye Analysis\DHC\DynaTune\DTCache.bin . I guess the connection history is always recorded, even if the History button is disabled so pressing the button just shows it. Or is it saved only if the History button is enabled (i.e yellow colored button) ?
The history button just controls the display, as long as the monitor is running, it records in history.
The World Map shows a Firefox connection to Toronto and indeed it is so but also CyberLock is connecting to the same node and The World map doesn't show it. Am I missing something ? Moreover Firefox has 5 connections to Toronto, to different IP addresses, but the World map just shows "1 connection" The map shows the current connections as the "History" button isn't enabled.
Last edited:
You may also like...
-
Defender Hardening Console (part of Hawk Eye Analysis Platform)- Started by Trident
- Replies: 62
-
Microsoft Defender Antivirus feat AI Defender- Started by Shadowra
- Replies: 13
-
Deep Research: Trend Micro VSAPI and ATSE Release History and Modus Operandi
- Started by Trident
- Replies: 7
-
The Necessity of Simulating the Full Malware Infection Chain for Security Suite Testing- Started by harlan4096
- Replies: 3
-
Pre-execution vs post-execution protections explained
- Started by Trident
- Replies: 6