Jump to content
CCleaner Community Forums
nukecad

High fragmentation Defender log.

Recommended Posts

Just wondering.

Does anyone know why a Windows Defender scan leaves highly fragmented files behind?

When I do a weekly analyse and file defrag it always finds a file called 'MpWppTracing-{date and reference in hex}.bin' with 600+ fragments.
It's a tracing/diagnostic log created by Windows Defender, showing the location of all files scanned. But why is it always fragmented all over the place?
It looks like it's putting one or more fragment in almost every block. (Presumably relevant to the files in that block?)

I assume WD is designed to do this but does anyone know why?

Being a troubleshooting/logfile then it's not something you would normally access, so why does it need to be written all over the place instead of in one contiguous file?

And is it just being recreated all over the disc again because I defragged the previous one?
(Answer seems to be no, defragging it and scanning again gives only about 20 fragments).

 

I'll try to remember to keep an eye on it to see if it grows fragmented daily as files are opened and closed again.

Share this post


Link to post
Share on other sites

- Quite simple. It simply means that the file grows bit by bit and that it's being written to disk in bits and pieces as well, over a (comparatively) long time. How the bits and pieces are scattered is an indication of what spots on the drive the read/write head has visited during that write process.

- I see this happen with a lot of other files as well. E.g. large files that are being downloaded by a downloadmanager.

Share this post


Link to post
Share on other sites

Thanks,

I do understand the physical mechanism behind it, the question is more why Defender does this?

Think of other malware scanning software, eg. MalwareBytes, etc.

These also do relatively long scans and also make logfiles, but they save them in one place (or a few fragments) and not in hundreds of fragments all over the drive.

The difference will be that they compile the logs in memory and write them out after the scan has finished, whereas Defender seems to be writing them all over the disc as it goes along.

Maybe it's something to do with recovery- if the system crashes during a Defender scan and loses the volatile memory then when you reboot defender can read the file on disc and start from where it left off?

Share this post


Link to post
Share on other sites

- I assume that MB keeps the data in memory and writes the info to disk only after the scan has been completed.

Share this post


Link to post
Share on other sites

It's the same thing ClamWin does with the daily virus database file! Update the db and there's hundreds or thousands of fragments, so many fragments that Windows Defrag can't defragment it when it's at something like 1500 fragments - so a 3rd party defrag tool must be used.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...