[bug/workaround] Performance issues with Endpoint Antivirus 5.0.2122.1 and XP

Discussion in 'ESET Endpoint Products' started by Geosoft, Jul 12, 2012.

Thread Status:
Not open for further replies.
  1. Geosoft

    Geosoft Registered Member

    Joined:
    Jan 7, 2009
    Posts:
    270
    Location:
    Toronto, Ontario, Canada
    Hi All,

    I just wanted to report a bug and a work around for issues with Windows XP, ESET Endpoint Antivirus 5.0.2122.1 and users logging with folder redirection. For some reason, any user who logs in with folder redirection suffers from extreme performance issues whenever files are being synchronized to between Folder Redirection and offline files.

    Browsing the redirected folder with Windows explorer almost always locks up the computer for brief periods.

    Steps to reproduce:

    1) Take any XP computer in a domain setup.
    2) Have a group policy for users accounts to redirect My Documents folder to a network drive
    3) Login with user that has several documents stored in the My Documents folder
    4) Make sure offline files is enabled

    Performance impact is noticed when:

    - Offline files attempts to synchronize redirected my documents folder
    - User attempts to browser my documents folder

    Please note that the performance impact does not affect users with local profiles stored on the computer, only users that have roaming profiles and offline files are enabled.

    Work around:

    - Setup an exclude for C:\Windows\CSC\*.*
    - I'm assuming disabling offline files will have the same impact, but I have not tested this.

    The performance impact does not exist for Windows Vista or Windows 7 users. We do not have any Windows 2000 workstations in our office, but there's a possibility since that the CSC would work the same way in 2000 that it does in XP that they too would be impacted.
     
  2. Geosoft

    Geosoft Registered Member

    Joined:
    Jan 7, 2009
    Posts:
    270
    Location:
    Toronto, Ontario, Canada
    Just wanted to add that the performance impact was not noticed until a reboot was finished after upgrading from v4. We had reverted all of our XP users back to v4 and didn't have time to investigate until today.
     
  3. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
    Thank you for the submission and our apologies on the delay. We've added this bug on the to-do list for the next service build. If you have any other questions or concerns, let me know and I'll pass it on ASAP.
     
  4. Mister Natural

    Mister Natural Registered Member

    Joined:
    May 10, 2007
    Posts:
    225
    Location:
    3rd density St. Louis
    Confirming what geosoft mentioned. Entering that exclusion under those conditions on Win XP systems will correct the boot problem with v5 for now until a new release comes out.
     
  5. splansing

    splansing Registered Member

    Joined:
    Jul 7, 2012
    Posts:
    13
    Location:
    USA
    Could you post a bit here about how to set up that exception exactly?
     
  6. Mister Natural

    Mister Natural Registered Member

    Joined:
    May 10, 2007
    Posts:
    225
    Location:
    3rd density St. Louis
    Go to advanced setup, click the plus sign next to Antivirus and Antispyware to expand the tree. Look for "exclusions by path" entry, click on it to highlight. Click the add button and enter C:\windows\csc\*.* and then click OK. Click OK again to close.
     
    Last edited: Jul 26, 2012
  7. splansing

    splansing Registered Member

    Joined:
    Jul 7, 2012
    Posts:
    13
    Location:
    USA
    Many thanks. Anybody on how to do that using the remote console, in the policies? I open the policy up for the firewall and it's a bit daunting, and about as clear as I've come to expect. I tried creating a rule for the CSC folder, but it doesn't seem to have corrected the issue, which is essentially a computer that seizes up over this offline files syncing.
     
  8. splansing

    splansing Registered Member

    Joined:
    Jul 7, 2012
    Posts:
    13
    Location:
    USA
    Got it figured, thanks a lot.
     
  9. methanol

    methanol Registered Member

    Joined:
    Jul 31, 2012
    Posts:
    1
    Location:
    Canada
    Ran into the same issue on v5.0.2126. Same config change fixes the problem.
     
  10. Mister Natural

    Mister Natural Registered Member

    Joined:
    May 10, 2007
    Posts:
    225
    Location:
    3rd density St. Louis
    Not sure how much I can say but I do know eset is working on the problem and making progress.
     
  11. Geosoft

    Geosoft Registered Member

    Joined:
    Jan 7, 2009
    Posts:
    270
    Location:
    Toronto, Ontario, Canada
    It's a possibility that this bug report didn't make it in time for patching in 5.0.21226.0 as the code base was already finalized and handed to QA for ratification and regression testing.

    Knowing ESET, they will turn out a new client in a month or two since this is performance impacting.
     
  12. Mister Natural

    Mister Natural Registered Member

    Joined:
    May 10, 2007
    Posts:
    225
    Location:
    3rd density St. Louis
    The current official release is 5.0.2126.0. I was given access to 5.0.2126.4 to test and I reported that there was significant improvement but still sporadically unresponsive for a minute or two. With previous versions the pc was completely unresponsive for 10 - 15 minutes or more at boot. In the version I was allowed to test the pc had a few periods of unresponsiveness at boot, then after a couple minutes the pc was fine. So like I said I know they are working on it and making progress.
     
  13. ADW

    ADW Registered Member

    Joined:
    Oct 6, 2009
    Posts:
    8
    I've just upgraded a client's network to 5.0.2126 (the latest available download) and they are having very similar issues to this. Immediately after the upgrade the first reboot of the workstations took ages, up to an hour in some cases, and thereafter was much slower than normal. I disabled the Startup Scan in the Default Profile and this improved the startup times of the PC's, but they are still much slower than before. Also, ever since the upgrade, all the PC's have become very slow at doing normal tasks like opening Word documents or Excel Spreadsheets, or using Outlook. I'll try the workaround suggested by Geosoft to see if that helps.

    ADW
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If you open documents on a remote computer, try disabling network drives in the real-time protection setup and let us know if it makes a difference.
     
  15. ADW

    ADW Registered Member

    Joined:
    Oct 6, 2009
    Posts:
    8
    I've just tried this with the client in question and it seems to have helped with the problem, so thanks to Geosoft for coming up with the workaround.

    I've been a long time User, Reseller & Supporter of ESET, but this issue has raised some doubts and I think there are some serious questions that need to be answered.

    1. Geosoft raised this issue on 12th July, which as far as I can tell was two weeks before the official launch date, yet it is now December and the bug has still not been fixed. Why not? Surely 6 months is enough time to fix something like this.

    2. ESET were aware of the issue on 18th July, (dwomack's post) yet I cannot find any mention of it anywhere on ESET's support pages or in the Knowledge base. If the issue is proving difficult to fix, as I guess it must be, then ESET should at least officially acknowledge the problem and issue a bulletin or have some info on their web site about it. Had that been the case, then I and possibly many others, wouldn't have wasted our time and annoyed our clients by installing an upgrade that had such a fundamental flaw.

    ADW
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Endpoint 5.0.2126 was released towards the end of July 2012. The issue with offline files was first reported and confirmed about that time and therefore a fix was scheduled for the next service build which should be available soon. I reckon that delaying the start of the real-time protection driver in the registry works as a temporary fix.
     
  17. ADW

    ADW Registered Member

    Joined:
    Oct 6, 2009
    Posts:
    8
    Thanks for the replies Marcos,

    Disable Network Drives - Is there a setting in the profile that does this or do I have to exclude the drives individually?

    Delay start of the real-time protection driver in the registry - Can this be done via a profile setting? If not, what is the registry key I need to modify?

    ADW
     
  18. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    In the Real-time protection setup, there's a box "Network drives". Does unticking it make a difference?
     
Thread Status:
Not open for further replies.