Windows Defender Bug Fills Windows 10 Boot Drive With Thousands of Files (bleepingcomputer.com) 64
A Windows Defender bug creates thousands of small files that waste gigabytes of storage space on Windows 10 hard drives. BleepingComputer reports: The bug started with Windows Defender antivirus engine 1.1.18100.5 and will cause the C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store folder to be filled up with thousands of files with names that appear to be MD5 hashes. From a system seen by BleepingComputer, the created files range in size from 600 bytes to a little over 1KB. While the system we looked at only had approximately 1MB of files, other Windows 10 users report that their systems have been filled up with hundreds of thousands of files, which in one case, used up 30GB of storage space. On smaller SSD system drives (C:), this can be a considerable amount of storage space to waste on unnecessary files. According to Deskmodder, who first reported on this issue, the bug has now been fixed in the latest Windows Defender engine, version 1.1.18100.6.
1 file (Score:2)
Definitely fixed, I have 1 file in that folder. It's tiny and has yesterday's date.
Re: (Score:2)
Definitely fixed, I have 1 file in that folder. It's tiny and has yesterday's date.
I have 790 all from between 7:20 and 7:32. No idea what it should look like just providing a data point
Re: (Score:2)
I have about 100 or so hash files in that directory, all about 1kb with similar timestamps. The Defender engine version number is the buggy one, 1.1.18100.5. I'm trying right now to download and install the recommended update but it keeps failing with error code 0x80070643. It may just be that the update servers are overloaded at the moment, I'll try again later.
At the moment my C: drive is reporting 400GB free.
Re: (Score:2)
3mb of files here.
It's worth noting that folder is blocked from user access by default, which could make it difficult to track down the source of the disappearing disk space if you're not running search tools as administrator.
How did this get to the front? (Score:3)
Seriously. I'd like to know.
Re: (Score:2)
Re: (Score:2)
"Some other folks checked the firehose and upvoted the submission."
That's the part I don't understand.
Re: (Score:3)
A Windows bug? This is Slashdot. Stories about a bug caused by Microsoft give people here an erection more powerful than swallowing all the blue pills at once. Slashdot lives for these stories, it's like a fetish.
Re:How did this get to the front? (Score:5, Informative)
Microsoft fired most of the QA team. They rely on slowly rolling out updates and waiting to see if lots of crash reports come back now. Same with Windows Update.
Re: (Score:2)
WTF (Score:4, Insightful)
The filesystem is not a database. If all you making is a bunch of small files with an MD5 hash as the filename, that is exactly what you are doing, with all the waste of minimum cluster sizes. Don't do that!
On the other hand, if they hadn't done that, it wouldn't have been so easy to notice it going wild storing way more than it should have.
Yeah! The file system is not a database! (Score:2)
...What do mean my process is already running? It clearly is not...
Re:WTF (Score:4, Insightful)
Actually the filesystem is a type of database. It's used to store.... files.
Anyway the files have some amount of data in them. My guess is data on file scans. They were probably not getting cleared out properly when Defender was done with them.
Re: (Score:1)
I first noticed this back on 4/22.
It creates around ten thousand files in a couple seconds time, every 15 or so minutes.
The first server I saw it on was a WSUS server, where C: had a 16k block allocation size.
Within a weeks time there was over ten million files, and despite having under 1k of data, they each took up 16k on disk, and that folder grew to 120 GB in that time and ran out of space
.
That's what prompted me to check the storage history reports for the other servers, and they had the same defender p
Re: (Score:2)
that's a rate of deletion in the order of one hundred/s
sounds quite low. Even on spinning rust it should be higher. Am i missing something?
Re: (Score:2)
Funny thing, BSD ufs and NTFS support sub-block allocations. A modern disk ha
Re: (Score:2)
Sure, but if you're generating a lot of hashes there's certainly much better ways to temporarily store those that doesn't involve creating thousands of tiny files and wasting a ton of slack space.
Re: (Score:1)
Re: WTF (Score:2)
Not true.
First, the file system is a database; it just depends on your use case if it's good fir that.
Second, there are fairly well established file systems that store small files directly in the inodes of the directory above, e.g. the (fir varoius reasons out-of-vogue) ReiserFS. This is specifically for this kind of usage.
I don't know NTFS internals good enough ti know if it does anything similar, but the use case here is not by default a bad one. If anything, it reduces dependencies and code footprint, re
Re: (Score:2)
Wow, that's a blast from the past, I haven't heard ReiserFS mentioned for years, it used to be a constant drum beat on /. from the anti-MS crowd.
Re: WTF (Score:2)
I don't think anyone is using it these days. My point is: the tech was there decades ago.
I'd be massively surprised if newer filesystems don't have anything similar.
But meomrizing filesystem features by heart is not my hobby these days, so can't tell yiu uf a particular FS has it or not. Any anyway, MS is doing its own thing - always has. So whether NTFS has it... dunno.
Re: (Score:2)
The filesystem is not a database.
Thanks for that, I'm going to feel smart all day
Windows = Job Security (Score:1, Interesting)
Re: Windows = Job Security (Score:2)
Re: (Score:2)
Re: (Score:2)
Or just remove the disk and put it into another system to backup the data...
It's intentional (Score:2)
Otherwise they are just morons at MS.
In either case, do you still trust them?
It's a feature (Score:2)
doesn't matter (Score:2)
I think this might have costed me $1000 :-( (Score:3)
My family backup server recently run up against the capacity of backups, causing me to spend $1000 to upgrade backup storage. Then, out of nowhere, in a span of about a week the backup utilization dropped on average about about 142GB per Windows Machine, which would have kept backup drives from having to be upsized. This could be the explanation - all the PC's updated (as per Group Policy). I probably could have ran for a couple more years before having to upgrade, but what's done is done. I was too lazy to look into what was causing the backups to increase, since they increased over time, so I assumed with all the work/school from home data usage was just growing.
PS> Yes, I backup (almost) the entire PC's (not 100% of each drive, but enough to create a system restore using windows backup). This allows me to restore any of them in case they are lost, stolen, or the HDD just dies, without having to nag each family member to save their files into a designated folder or else they will not be backed up. Only ever performed this restore in one live scenario, but it sure was convenient not to worry about ANY lost content.
Not just Windows 10, I think... (Score:3)
Since last week I've noticed 3 of my windows server 2019 VMs started showing high cpu. When checking it was splitting the cpu between msmpeng.exe (windows defender) and my sophos AV. This week I also noted low free disk space on all 3 servers as well.
Checking on c:\programdata\microsoft\windows defender\scans\history\store I found there were1,043,201 files using just over 1gb. The other two servers I'm still waiting on the folder examination to complete.
Hmm, Only for the limited few that is. (Score:1)
Nope, Not For Me (Score:2)
Five files, 16Kb, only 1 or 2 per year. Not an issue. But then this system isn't a server.
shrug - fixed already? (Score:2)
Mine shows 0k.
Then again, WD updated yesterday.