Enrico

@Marcos: did you had some time to analyze the logs? At the moment I'm using process exclusions in order to reduce complex apps/programs startup time, but it's not the most secure thing to do, also I suspect that all the 0xc0000005 CTD's I've had on both W7 and W10 are due to process scanning.

@Marcos: you have a PM. I've uploaded W10 logs with/without protection enabled, let me know if you need W7 logs. @itman: what I can tell you is that it's a really complex SW written in C++, it uses Sentinel HASP for licensing and Apache FOP for documentation, it constantly write to disk and with the latest version I see a lot of Buffer Overflow in file activity entries (procmon).

Smart optimization is enabled on both W7 and W10 machines, no threatsense options have been modified and folders containing relative executables and files are set in "performance exclusions". But this does not explain why with protection paused I have to add an exeption in real-time scanning and why under W10 1909 (Ryzen 7 3800X, 32GB, NVMe) real-time scanning cause program startup to become three times slower than on W7 (i7-6700, 16GB, RAID 0 7.2k RPM).

It's a program related issue, not system startup (boot time). The process added to exclusions in "real-time file system protection" is "C:\Program Files\Tebis_AG\Tebis V4.0 R8\program\tebis.exe". Usually when I encounter slow program loading first I scan for malware then pause protection to exclude Eset detection engine from the possible causes, but even if the popup says that real-time protection will be deactivated this time I needed to add the executable to exclusions in order to totally exclude Eset process scanning. The strange thing is that this behaviour doesn't happen under Win7: with/without process exclusion or pausing protection tebis.exe startup times are almost the same.

I've installed the latest version of my professional SW in both W7 and W10, but under W10 I've had long startup times (old version 6.5sec, new version 17sec) while under W7 they were almost the same (old 8sec, new 7.5sec), then under W10 I've paused protection to exclude Eset from the possible causes of the long startup, but startup times remained unchanged, clean-reinstalled the SW and nothing changed, so I've added a new process exclusion entry in real-time file sys protection and bam... New version started in 4.5sec! Is it possible that under W10 the "pause protection" doesn't disable some modules? Best regards.