Jump to content

High fragmentation Defender log.

nukecad

By nukecad
in Defraggler

 Share

Recommended Posts

  • Moderators
nukecad

nukecad

Posted
  • Moderators
Posted

Just wondering.

Does anyone know why a Windows Defender scan leaves highly fragmented files behind?

When I do a weekly analyse and file defrag it always finds a file called 'MpWppTracing-{date and reference in hex}.bin' with 600+ fragments.
It's a tracing/diagnostic log created by Windows Defender, showing the location of all files scanned. But why is it always fragmented all over the place?
It looks like it's putting one or more fragment in almost every block. (Presumably relevant to the files in that block?)

I assume WD is designed to do this but does anyone know why?

Being a troubleshooting/logfile then it's not something you would normally access, so why does it need to be written all over the place instead of in one contiguous file?

And is it just being recreated all over the disc again because I defragged the previous one?
(Answer seems to be no, defragging it and scanning again gives only about 20 fragments).

 

I'll try to remember to keep an eye on it to see if it grows fragmented daily as files are opened and closed again.

*** Out of Beer Error ->->-> Recovering Memory ***

Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:
https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043

 

Link to comment
Share on other sites
Willy2

Willy2

Posted
Posted

- Quite simple. It simply means that the file grows bit by bit and that it's being written to disk in bits and pieces as well, over a (comparatively) long time. How the bits and pieces are scattered is an indication of what spots on the drive the read/write head has visited during that write process.

- I see this happen with a lot of other files as well. E.g. large files that are being downloaded by a downloadmanager.

System setup: http://speccy.piriform.com/results/gcNzIPEjEb0B2khOOBVCHPc

 

A discussion always stimulates the braincells !!!

Link to comment
Share on other sites
  • Moderators
nukecad

nukecad

Posted
  • Author
  • Moderators
Posted

Thanks,

I do understand the physical mechanism behind it, the question is more why Defender does this?

Think of other malware scanning software, eg. MalwareBytes, etc.

These also do relatively long scans and also make logfiles, but they save them in one place (or a few fragments) and not in hundreds of fragments all over the drive.

The difference will be that they compile the logs in memory and write them out after the scan has finished, whereas Defender seems to be writing them all over the disc as it goes along.

Maybe it's something to do with recovery- if the system crashes during a Defender scan and loses the volatile memory then when you reboot defender can read the file on disc and start from where it left off?

*** Out of Beer Error ->->-> Recovering Memory ***

Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:
https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043

 

Link to comment
Share on other sites
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted

It's the same thing ClamWin does with the daily virus database file! Update the db and there's hundreds or thousands of fragments, so many fragments that Windows Defrag can't defragment it when it's at something like 1500 fragments - so a 3rd party defrag tool must be used.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept