1、虚拟内存一般勾选系统自动管理
SystemPropertiesPerformance.exe /pagefile
也可以设置min,max范围
为了方便收集fulldump,我设置的最小值是物理内存 257,参考https://cloud.tencent.com/developer/article/1883616
2、关闭defender
防火墙和defender是紧密相连的2个名词,但实际是2个东西,二者区别参考http://t.zoukankan.com/catherinezyr-p-6690183.html。防火墙侧重如出入站规则拦截,defender侧重主动防御,简单理解defender就是充当杀毒防护软件的角色。
defender的特点就是敏感度很高,存在一定的误报率,如果没有业务漏洞、系统没有弱密码并且及时打补丁,一般来说很难从系统层面攻破。
windows系统本来就有defender相关的计划任务,并非一定有访问才会主动扫描对抗,有时候即便没有外部访问,defender相关的计划任务也会不定期扫描系统。
defender跑起来时CPU利用率升高符合预期,如果不需要业务程序被扫描,可以从defender里信任过滤,参考https://www.87com.com/post-6.html
defender相关计划任务,运行taskschd.msc 循着这个路径能找到,不需要的话可以手动禁用
MicrosoftWindowsWindows Defender
简单点的话,下载禁用defender的.reg文件
http://windows-1251783334.cos.ap-shanghai.myzijiebao.com/2016+2019forbid_defender.reg
执行reg import filename.reg
3、禁用系统自带的部分计划任务
【获取】
以Administrator身份运行powershell命令获取可能影响渲染的计划任务列表:
Get-ScheduledTask -TaskPath "MicrosoftWindowsData Integrity Scan","MicrosoftWindowsApplicationData","MicrosoftWindowsDefrag","MicrosoftWindowsDiskCleanup","MicrosoftWindowsDiskDiagnostic","MicrosoftWindowsDiskFootprint","MicrosoftWindowsWindows Defender" ,"MicrosoftWindowsMaintenance" ,"MicrosoftWindowsWindows Defender" 2>$null
获取到的计划任务,部分可能需要system权限才能禁用,需要提权
【提权】如果是Administrator,一般不需要,如果Administrator都执行不了,那还是得提权,如果提权报错找不到网络名,可参考https://cloud.tencent.com/developer/article/2018160
下载psexec
https://live.sysinternals.com/PsExec.exe
https://live.sysinternals.com/PsExec64.exe
下载后放到服务器C:WindowsSystem32目录下
然后以Administrator身份在cmd命令行执行
psexec.exe -accepteula -nobanner -i -s powershell
psexec.exe -accepteula -nobanner -i -s cmd
或
PsExec64.exe -accepteula -nobanner -i -s powershell
PsExec64.exe -accepteula -nobanner -i -s cmd
会打开一个有system权限(比Administrator权限大)的powershell窗口来执行如下禁用可能影响渲染的计划任务的命令
【禁用】
在psexec打开的powershell窗口里执行如下代码
Get-ScheduledTask -TaskPath "MicrosoftWindowsData Integrity Scan","MicrosoftWindowsApplicationData","MicrosoftWindowsDefrag","MicrosoftWindowsDiskCleanup","MicrosoftWindowsDiskDiagnostic","MicrosoftWindowsDiskFootprint","MicrosoftWindowsWindows Defender","MicrosoftWindowsMaintenance" 2>$null | Disable-ScheduledTask 2>$null
4、DirectX runtime libraries from the legacy DirectX SDK for some games that use D3DX9, D3DX10, D3DX11, XAudio 2.7, XInput 1.3, XACT, and/or Managed DirectX 1.1.
参考https://cloud.tencent.com/developer/article/1929052
5、微软VB/VC运行库合集
https://github.com/abbodi1406/vcredist/releases
6、清理日志,参考https://cloud.tencent.com/developer/article/2007127
"SAN Policy=OnlineAll" | diskpart
""
winrm quickconfig -force
Set-Item WSMan:localhostclienttrustedhosts -value * -Force
powercfg -s 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
powercfg -x -monitor-timeout-dc 0
powercfg -x -monitor-timeout-ac 0
stop-service BaradAgentSvc 2>&1 > $null
stop-service StargateSvc 2>&1 > $null
stop-service YDLive 2>&1 > $null
stop-service YDService 2>&1 > $null
stop-service tatsvc 2>&1 > $null
del "C:Program FilesCloudbase SolutionsCloudbase-Initlog*" 2>&1 > $null
del "C:Program FilesQCloudLogs*" 2>&1 > $null
del "C:Program FilesQCloudMonitorBaradlogs*" 2>&1 > $null
del "C:Program FilesQCloudStargatelogs*" 2>&1 > $null
del "C:Program FilesQCloudYunJinglog*" 2>&1 > $null
del "C:WindowsSystem32SysprepPanther*.log" 2>&1 > $null
del "C:WindowsPanther*.log" 2>&1 > $null
del "C:WindowsPantherUnattendGC*.log" 2>&1 > $null
del "C:cvm_init.log" 2>&1 > $null
del "C:WindowsLogsWindowsUpdate*" 2>&1 > $null
del "C:WindowsINFsetupapi.dev.log" 2>&1 > $null
del "C:WindowsINFsetupapi.setup.log" 2>&1 > $null
wevtutil el | Foreach-Object {wevtutil cl "$_" 2>$null}
wevtutil cl security 2>$null
wevtutil cl system 2>$null
reg add "HKLMSYSTEMCurrentControlSetControlNetworkNewNetworkWindowOff" /f 2>&1 > $null
reg delete "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionNetworkListProfiles" /f 2>&1 > $null
cd "C:UsersAdministratorAppDataRoamingMicrosoftWindowsRecentAutomaticDestinations"
del *.automaticDestinations-ms
cmd.exe /c del /F /Q C:UsersAdministratorAppDataRoamingMicrosoftWindowsRecent* 2>$null
cd c:
Remove-Item (Get-PSReadlineOption).HistorySavePath
cmd.exe /c "echo.>%userprofile%AppDataRoamingMicrosoftWindowsPowerShellPSReadlineConsoleHost_history.txt"
clear-history
wevtutil el | Foreach-Object {wevtutil cl "$_" 2>$null}
wevtutil cl security 2>$null
wevtutil cl system 2>$null
