New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AMSI logging implemented on Linux #21492
Comments
AMSI is called in |
What the system is doing for every .NET invocation on Linux and macOS is linearising all the string arguments then throwing the result away. For every .NET invocation. Perhaps you don't think it is an issue when casually typing away at a terminal, but when you are using scripts to automate operations in a server environment it is a pointless overhead. Case in point, calling the
but when using a cmdlet calling exactly the same .NET API
it took just over a second. So that was a 500% slowdown all caused by the serialisation which was thrown away. |
@iSazonov, I agree with @rhubarb-geek-nz that there's no good reason to saddle user on Unix-like platform not only with unnecessary runtime overhead, but - as noted - in the case of passing large strings also with significant memory overhead. It would be simple to execute the code in question only if env var. That is, the following code: PowerShell/src/System.Management.Automation/engine/runtime/Binding/Binders.cs Lines 6938 to 6950 in c19b651
could be guarded by a preceding #if UNIX
bool callAMSI = Environment.GetEnvironmentVariable("__PSDumpAMSILogContent")?.Trim() == "1";
#else
bool callAMSI = true;
#endif
if (callAMSI)
{
// ... code above
} Note: The above illustrates the concept, but the value of |
For performance there is another issue. You can ask MSFT team today on monthly community call if you want to get answer quickly about #21473 performance. |
|
@iSazonov, in light of the above:
|
Although this was marked as answered, it was neither a solution or an acknowledgment that there is any kind of problem. |
WG reviewed this and agreed that the .NET method invocation logging for AMSI should only apply to Windows. The change should be separate and not dependent on the env var. |
Prerequisites
Steps to reproduce
The AMSI logging is still being performed on Linux even though there are no AMSI modules installed.
As demonstrated in #21473 this can lead to excessive heap usage
Expected behavior
Actual behavior
Error details
No actual error other than incorrect behaviour
Environment data
Visuals
No response
The text was updated successfully, but these errors were encountered: