In our software, we check the integrity of bundled git installation. We do that by calculating sha1 of each file and comparing it to ground truth. The problem is that when we access files to calculate their sha1, Windows Defender decides to check all files that we access, making things slower beyond what's tolerable. In my understanding, this is because git package has a lot of exe files (some 500).
Therefore, there are two questions:
- Is there some way to read file contents without triggering antivirus, specifically Windows Defender? I for example had a theory that maybe opening files with
FILE_FLAG_BACKUP_SEMANTICScan calm it down, but alas, it still rushes to check the files. - Is there some API to checksum files without triggering antivirus?
Currently I'm using this code and it triggers antivirus:
BYTE buffer[64*1024];
DWORD flags = 0;
// Alas, 'FILE_FLAG_BACKUP_SEMANTICS' doesn't prevent Windows Defender from slowing things down
// flags |= FILE_FLAG_BACKUP_SEMANTICS;
HANDLE file = CreateFile(a_FilePath, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, flags, 0);
if (INVALID_HANDLE_VALUE == file)
return;
DWORD bytesTotal = 0;
DWORD bytesDone = 0;
while (ReadFile(file, buffer, sizeof(buffer), &bytesDone, 0))
{
if (0 == bytesDone)
break;
bytesTotal += bytesDone;
}
CloseHandle(file);