We run a high-load terminal server for thin client access. We recently upgraded to 2008 from 2003 because of the increased stability of fewer kernel-mode drivers along with a few other improvements. Stability has been great, but Nod32 is causing problems. The first thing I ran in to was the Automatic startup file scan at user logon was causing problems when you have 30+ users all logging on at once when a shift starts. That is disabled and disk thrashing has stopped, but now I am left with massive network delays. There will be upwards of 30 seconds of delay before an HTTP session can be initiated and I'm fairly sure the delay is coming from everything being routed through the HTTP scanner. Any ideas on where to start or what to tweak? I've only had to tune real-time scan settings prior to this and this is a little outside my comfort area.

e: I should have mentioned, ekrn private bytes was peaking out a 1.1gb, which seems a tad excessive.

Hey Smacky,

Have you applied the following recommended server settings:
http://kb.eset.com/esetkb/index?page=content&id=SOLN2144

Also check out Microsoft's virus scanning recommendation for a server:
http://support.microsoft.com/kb/822158

All those recommended settings are applied through a default system policy that I put together during the initial rollout. I figured out that what was happening was all the startup scans that were initialized whenever a user logged on got backedlogged to the point that I likely had 100+ of them either queued or attempting to run at once, which destroyed performance. A reboot cleared that out and things have stabilized since last week, though I am still see a steady and consistent growth of the ekrn process (~50mb to 315mb in 1.5 weeks), but that is likely the memory leak that others have reported and it isn't fast enough to cause major issues.

As a suggestion, detecting for the terminal services component being installed on the OS and disabling the scheduled tasks triggered at user logon would be really helpful to others running terminal service environments.