I have noticed a very slow first execution of my EXE on my PC. This was extreme when I copied the new EXE and DLLs into another directory (e.g. real data) and then executed the EXE. The waiting times were sometimes 8 seconds or longer. There was no more waiting time during the subsequent execution.
After suspecting the virus scanner, I have now finally found the cause of these waiting times, it is the SmartScreen filter from Microsoft. More precisely, it is the Microsoft Defender PUA Protection.
However, this can be configured or switched off.
->Security
->App & Browser control
->Reputation based protection
→ Potentially unwanted Apps blocking - Switch OFF
→ Phishing protection - Switch OFF
Everyone has to decide for themselves about the possible loss of security. But I find the waiting times when starting the programme annoying and I trust my AV software.
Hi Don,
thanks for the hint, but this is about the daily work with possibly 50 program changes or more, i.e. the 50 x 8 seconds for a slowed down first start of the EXE. I don’t think that 50 x code signing can save time here.
Weird, I haven’t ran into that on my dev machine. Might be a permissions problem.
FYI, more info on code signing (see number 7):
Digitally signing Windows executables offers several key benefits, particularly related to security, trust, and integrity. Here are some of the primary advantages:
Authenticity Verification: A digital signature confirms the identity of the software publisher or developer. When users download or install a digitally signed executable, they can be assured that the software comes from a trusted source and has not been altered by unauthorized parties.
Integrity Assurance: Digital signatures provide a way to ensure that the executable has not been tampered with since it was signed. If the executable is modified after being signed, the digital signature will be invalidated, alerting users to potential security risks.
Enhanced User Trust: Users are more likely to trust and install software that is digitally signed. Windows displays warnings when attempting to install unsigned executables, which can deter users from installing the software. Signed executables give users confidence that the software is legitimate and safe to use.
Compliance with Security Policies: Many organizations have security policies that require software to be digitally signed before it can be installed on their systems. This helps organizations prevent the installation of unverified or potentially malicious software.
Mitigation of Malware Risks: Malware often spreads through unsigned or tampered executables. By digitally signing executables, developers can reduce the risk of their software being used to distribute malware. Users and security software can more easily identify and block unsigned or suspicious executables.
Support for Code Signing Certificates: Digital signatures leverage code signing certificates, which are issued by trusted Certificate Authorities (CAs). These certificates provide an additional layer of trust, as CAs thoroughly vet the identity of the entity requesting the certificate.
Improved Compatibility with Windows SmartScreen: Windows SmartScreen, a security feature in Windows, uses digital signatures to help determine the reputation of an executable. Unsigned or newly signed executables may trigger warnings or be blocked by SmartScreen, while signed executables with established reputations are more likely to pass through without issue.
Legal and Regulatory Compliance: In some industries, digital signatures are required to comply with legal and regulatory standards. Digitally signing executables can help developers meet these requirements and avoid legal complications.
Overall, digitally signing Windows executables enhances security, builds trust with users, and ensures compliance with industry standards, making it an essential practice for software distribution.
Thanks for the tip about code signing, but that really wouldn’t change my problem.
Rick has clearly recognised this: it´s on my development machine and it’s the EXE I´m creating after compiling that is slow to load on the first run.
I didn’t have this problem on my previous PC, but now I do on the new super-fast PC with a whopping 24 CPUs the 50 x 8 second waits for the PUA check are annoying and I have found a solution for myself and I would be happy if it helps any other Clarion developer with the same problem to save time and nerves.
Btw: However, it is also possible that this time-consuming PUA check only takes place for newly installed Windows 11 versions, as is the case with my new hardware.
Finally, it turned out that PUA is not responsible for the waiting times during the first EXE execution, but my Bitdefender Antivieren software.
Obviously Bitdefender changed something at some point, and that is what most AV programmes now do - they send questionable files to their server to check them there!!!
Unfortunately, Bitdefender does not inform you about this, but you sit waiting in front of your PC and do not even have an increased CPU load, of course, because data transfer does not cause any load.
Even when I temporarily deactivated Bitdefender for my tests, nothing changed in this online check. Since Bitdefender was the last remaining culprit, I uninstalled it and suddenly the spook was over.
I then tested Norton Security. It does the same thing, but at least it displays a message that the AV test may take 15-30 seconds. As this happens every time after the EXE or a DLL has been regenerated, I uninstalled Norton again.
I then installed AVAST Premium Security. This also sends everything to their server after every EXE/DLL change and it also displays a message with the waiting time for this, but here you can easily switch off this functionality. I have done this and since then there are no more waiting times for the initial execution of new/changed EXE/DLL files.
