0x4E4F@sh.itjust.works to linuxmemes@lemmy.worldEnglish · edit-28 months agoAnd that is why snapshots existsh.itjust.worksimagemessage-square46fedilinkarrow-up121arrow-down10file-text
arrow-up121arrow-down1imageAnd that is why snapshots existsh.itjust.works0x4E4F@sh.itjust.works to linuxmemes@lemmy.worldEnglish · edit-28 months agomessage-square46fedilinkfile-text
minus-square0x4E4F@sh.itjust.worksOPlinkfedilinkEnglisharrow-up1·edit-28 months agoNot just every file deleted, every file written to disk as well (downloaded, extracted from an archive, whatever). It’s also how most AV software works, except Defender is slow AF.
minus-square0x4E4F@sh.itjust.worksOPlinkfedilinkEnglisharrow-up0·8 months agoNo, it scans file headers when you do read/write operations on disk. Every AV works this way, except, as I said, Defender is slow AF.
minus-squareuis@lemm.eelinkfedilinkarrow-up0·8 months agoI can’t find talk I watched, but I found github issue it was based on. Short version: Defender is triggered not on open, not on read or write, but on CloseHandle.
minus-square0x4E4F@sh.itjust.worksOPlinkfedilinkEnglisharrow-up0·edit-28 months agoCloseHandle of what? Read/write operations?
Not just every file deleted, every file written to disk as well (downloaded, extracted from an archive, whatever).
It’s also how most AV software works, except Defender is slow AF.
I thought it checks every file closed
No, it scans file headers when you do read/write operations on disk. Every AV works this way, except, as I said, Defender is slow AF.
I can’t find talk I watched, but I found github issue it was based on.
Short version: Defender is triggered not on open, not on read or write, but on CloseHandle.
CloseHandle of what? Read/write operations?
Found! Even metadata chamge.