从备份脚本关闭 Microsoft Security Essentials
我有一个小的 dos bat 文件,我正在使用 cwRsync 定期运行 rsync 一堆数据到 USB 驱动器,这样我就可以在更换部件到达时放心地进行迁移。我注意到 MsMpEng.exe 会降低传输速度,因此我希望在 rsync 之前关闭 MSE 的实时保护,然后立即重新打开。
有什么办法可以做到这一点吗?终止任务,轻拂注册表中的某些内容然后将其删除或通过 Sc 命令?我注意到 MsMpEng.exe 没有该功能,并且我意识到这并不是一件容易的事情,因为如果以管理员身份运行,恶意脚本也可以做到这一点。
我已经以管理员身份运行 .bat 文件,所以这不是问题。该脚本几乎是这样的:
@ECHO OFF
SETLOCAL
SET CWRSYNCHOME="c:\Program Files (x86)\cwRsync"
SET CYGWIN=nontsec
SET HOME=%HOMEDRIVE%%HOMEPATH%
SET CWOLDPATH=%PATH%
SET PATH=%CWRSYNCHOME%\BIN;%PATH%
rsync --delete -rvP /cygdrive/d/games /cygdrive/f/
REM --SNIP--
如果我能弄清楚这一点,我可能会优先使用它而不是 Windows 备份。
I have a small dos bat file I'm running to rsync a bunch of data, using cwRsync, over to a USB drive on a regular basis so I can migrate when replacement parts arrive without worry. I've noticed that MsMpEng.exe kills the transfer speed so I'm looking to turn off MSE's real time protection before the rsync, and back on immediately afterwards.
Is there any way to do this? Kill the task, flick something in the registry then remove it or via the Sc command? I notice that MsMpEng.exe doesn't have the facility, and I appreciate that this wouldn't be something easy as a malicious script could do it just as well if running as Administrator.
I am running the .bat file as Administrator already so that's not a problem. The script is pretty much this:
@ECHO OFF
SETLOCAL
SET CWRSYNCHOME="c:\Program Files (x86)\cwRsync"
SET CYGWIN=nontsec
SET HOME=%HOMEDRIVE%%HOMEPATH%
SET CWOLDPATH=%PATH%
SET PATH=%CWRSYNCHOME%\BIN;%PATH%
rsync --delete -rvP /cygdrive/d/games /cygdrive/f/
REM --SNIP--
If I can figure that out I may well use this in preference to windows backup for ever more.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
您可以尝试
net stop nameofservice,尽管这一次只能停止一个服务。如果 MSSE 有多个服务并且它们互相监视,那么在幸存的服务再次启动早期受害者之前,您可能无法阻止所有服务。You could try
net stop nameofservice, though that only stops a single service at a time. If MSSE has multiple services and they watchdog each other, you may not be able to stop them all before the surviving ones start up the early victims again.您甚至可能不需要关闭安全要素。您可以将“rsync.exe”添加到异常程序列表中,MSE 会更快。
我注意到它使用了大量的处理器,而 rsync 正在传输,当我将 rsync.exe 添加到例外列表时,它下降到 0%,并且 rsync 将再次加速。
You may not even need to tun the security essentials off. You can add "rsync.exe" to the exception program list and MSE will be much faster.
I noticed it using a ton of processor while rsync was transfering the moment I added rsync.exe to the exception list it dropped to 0% and rsync will speed up again.
我认为您正在寻找以下信息:
http://www.addictivetips.com/windows-tips/command-line-utility-mpcmdrun-exe-microsoft-security-essentials/
安全要素通常不允许从命令中禁用自身行 - 最多,您可以运行扫描或更新。
I think you're looking for this info:
http://www.addictivetips.com/windows-tips/command-line-utility-mpcmdrun-exe-microsoft-security-essentials/
the security essentials do not normally allow themselves to be disabled from the command line - at best, you can run a scan, or an update.
只是为了澄清,因为我对已接受的答案所做的评论可能会被未来的访问者迷失。
如果脚本以管理员身份运行,则执行起来非常简单:
如果您打开了其他 Security Essentials 窗口/任务,例如通过使用系统托盘中的图标,它可能会自动重新启动服务。因此,根据您的系统,您可能需要杀死其他可执行文件。 Security Essentials 只有一项主要服务,因此启动该服务似乎会恢复所有其他系统。
当然,在很多系统上,MSE 不会以任何明显的方式干扰,但我的硬件目前遇到了严重的问题,USB 驱动器的备份速度大大减慢。鉴于此,在新系统上完全有可能不需要这些步骤。
Just to clarify as the comment I made to the accepted answer might be lost in the ether to future visitors.
It is quite simple to do if the script runs as administrator:
If you have other Security Essentials window/tasks open, for example by using the icon in the system tray, it may automagically restart the services. Depending on your system you may therefore need to taskkill other exes. There is only one main service for Security Essentials so starting that appears to restore all other systems.
Of course, on a lot of systems MSE doesn't interfere in any noticeable fashion but my hardware is currently suffering a serious problem and backups to the USB drive were being drastically slowed. In light of that it's entirely possible that these steps will be unnecessary on a new system.
我确实从我的电脑上删除了它。空闲时我的 cpu 使用率达到 25-30。
这就是我所做的:
幸运的是,我已经安装了 ubuntu 的双启动。我刚刚登录到 Ubuntu 操作系统并寻找这个应用程序和 tadaa.. 它已经消失了 :D
如果您可以使用 USB 或 DVD 实时运行 Linux 操作系统,那么删除这个文件很容易。现在查看我的任务管理,还有 CPU
I actually did delete that from my pc. It takes my cpu usage to 25-30 in idle.
Here is what I did :
Luckily I already had a dual boot installed with ubuntu. I just logged in to the Ubuntu OS and looked for this app and tadaa.. It's gone :D
If you can run a linux os live using a USB or DVD, its easy to delete this file.See my task manage now, also CPU