При копировании файлов, когда попадаются подписанные ЭЦП, drweb что то с ними делает.
Из лога видно, что идёт на них задержка, но бывает по разному.
Один и тот же файл проскакивает быстро, а бывает на нём тупит.
Почему такое происходит и можно ли это исправить?
Spoiler
медленно
2019-Oct-12 10:01:58.238385 [ 2752] [INF] [arkdll] [2208] id: 1781, timestamp: 10:01:53.582, type: FileExecModify (55), flags: 1 (wait: 1) sid: S-1-5-21-2247325963-1566756874-3285073620-1000, cid: 1960/416:\Device\HarddiskVolume2\totalcmd\TOTALCMD.EXE context: start addr: 0x403648, image: 0x400000:\Device\HarddiskVolume2\totalcmd\TOTALCMD.EXE flags: 0x5, create/modify/delete executable: \Device\HarddiskVolume2\disk\Opera\opera.dll fileinfo: size: 63846920, easize: 39, attr: 0x20, buildtime: 19.07.2016 08:48:18.000, ctime: 12.10.2019 10:01:52.722, atime: 12.10.2019 10:01:52.722, mtime: 05.08.2016 17:29:18.305, descr: , ver: , company: , oname: signer: SERIALNUMBER=974 529 459|C=NO|ST=Oslo|L=Oslo|O=Opera Software ASA|CN=Opera Software ASA, timestamp: 05.08.2016 17:29:08.000, thumbprint: e20bbc7f8d5c46740e35db701bd1aea97dfffa71 file sha1: 7a136e34786355b87d563c6ea732d0e41bd3abde file sha256: b4623e51e13cc93f1dc370a050f43a1cc43b1bfefc96dec140f17d58b2a02483 status: db_cert_white_list, signed, pe32, dll, db_cert_protected / signed / unknown / unknown create executable: \Device\HarddiskVolume2\disk\Opera\opera.dll id: 1781 ==> undefined [1], time: 4642.230786 ms
быстрее
2019-Oct-12 10:00:36.046979 [ 2772] [INF] [arkdll] [2208] id: 1518, timestamp: 10:00:34.718, type: FileExecModify (55), flags: 1 (wait: 1) sid: S-1-5-21-2247325963-1566756874-3285073620-1000, cid: 1140/1644:\Device\HarddiskVolume2\totalcmd\TOTALCMD.EXE context: start addr: 0x403648, image: 0x400000:\Device\HarddiskVolume2\totalcmd\TOTALCMD.EXE flags: 0x5, create/modify/delete executable: \Device\HarddiskVolume2\disk\opera.dll fileinfo: size: 63846920, easize: 39, attr: 0x20, buildtime: 19.07.2016 08:48:18.000, ctime: 12.10.2019 10:00:34.062, atime: 12.10.2019 10:00:34.062, mtime: 05.08.2016 17:29:18.305, descr: , ver: , company: , oname: signer: SERIALNUMBER=974 529 459|C=NO|ST=Oslo|L=Oslo|O=Opera Software ASA|CN=Opera Software ASA, timestamp: 05.08.2016 17:29:08.000, thumbprint: e20bbc7f8d5c46740e35db701bd1aea97dfffa71 file sha1: 7a136e34786355b87d563c6ea732d0e41bd3abde file sha256: b4623e51e13cc93f1dc370a050f43a1cc43b1bfefc96dec140f17d58b2a02483 status: db_cert_white_list, signed, pe32, dll, db_cert_protected / signed / unknown / unknown create executable: \Device\HarddiskVolume2\disk\opera.dll id: 1518 ==> undefined [1], time: 1314.034046 ms
медленно
id: 3943, timestamp: 18:57:54.790, type: FileExecModify (55), flags: 1 (wait: 1) sid: S-1-5-21-3672516553-1178732497-3861729990-1000, cid: 1436/3340:\Device\HarddiskVolume2\Programms\tc\TOTALCMD.EXE context: start addr: 0x403648, image: 0x400000:\Device\HarddiskVolume2\Programms\tc\TOTALCMD.EXE flags: 0x5, create/modify/delete executable: \Device\HarddiskVolume1\2\Bin\AccessibleHandler.dll fileinfo: size: 145872, easize: 39, attr: 0x20, buildtime: 27.03.2019 00:03:08.000, ctime: 11.10.2019 18:57:54.727, atime: 11.10.2019 18:57:54.727, mtime: 27.03.2019 02:56:46.000, descr: , ver: 66.0.2, company: Mozilla Foundation, oname: AccessibleHandler.dll signer: C=US|ST=California|L=Mountain View|O=Mozilla Corporation|CN=Mozilla Corporation, timestamp: 27.03.2019 00:29:52.000, thumbprint: b6b24aea9e983ed6bda9586a145a7ddd7e220196 file sha1: 3bd8fde8f338b9b01060acc5fe718baae6279469 file sha256: 0817f949d7f630c67f67462f5473b029a047327d4b1f7913d078f4b3a018b10a status: db_cert_white_list, signed, pe32, dll, db_cert_protected / signed / unknown / unknown create executable: \Device\HarddiskVolume1\2\Bin\AccessibleHandler.dll id: 3943 ==> undefined [1], time: 2281.197191 ms
быстро
id: 3946, timestamp: 18:58:36.071, type: FileExecModify (55), flags: 1 (wait: 1) sid: S-1-5-21-3672516553-1178732497-3861729990-1000, cid: 1436/3364:\Device\HarddiskVolume2\Programms\tc\TOTALCMD.EXE context: start addr: 0x403648, image: 0x400000:\Device\HarddiskVolume2\Programms\tc\TOTALCMD.EXE flags: 0x5, create/modify/delete executable: \Device\HarddiskVolume1\2\Bin\AccessibleHandler.dll fileinfo: size: 145872, easize: 39, attr: 0x20, buildtime: 27.03.2019 00:03:08.000, ctime: 11.10.2019 18:57:54.727, atime: 11.10.2019 18:58:36.024, mtime: 27.03.2019 02:56:46.000, descr: , ver: 66.0.2, company: Mozilla Foundation, oname: AccessibleHandler.dll signer: C=US|ST=California|L=Mountain View|O=Mozilla Corporation|CN=Mozilla Corporation, timestamp: 27.03.2019 00:29:52.000, thumbprint: b6b24aea9e983ed6bda9586a145a7ddd7e220196 file sha1: 3bd8fde8f338b9b01060acc5fe718baae6279469 file sha256: 0817f949d7f630c67f67462f5473b029a047327d4b1f7913d078f4b3a018b10a status: db_cert_white_list, signed, pe32, dll, db_cert_protected / signed / unknown / unknown create executable: \Device\HarddiskVolume1\2\Bin\AccessibleHandler.dll id: 3946 ==> undefined [1], time: 8.902807 ms