We recently switched our ISP over to a 10Mbps Fiber ring from 2 bonded T1s (3Mbps) and I was running some basic speed tests and noticed a discrepancy in our upstream. I troubleshot the router for about a week, our new managed switches for about a week, and finally came to the realization that NOD32 was the culprit. Specifically the HTTP scanner. All of the workstations on our Network are Windows XP Pro SP3. We do not utilize a web-proxy. I have tested this with NOD 3, 4, and 4 Beta all with the same results. This does not affect SMTP or FTP outbound connections, only HTTP. This has been tested with Internet Explorer and Firefox. We have used Speedtest.net, Speakeasy.net, and even utilized cPanel from a web host and uploaded a 100MB file and it shows the throughput during the upload. With NOD32 uninstalled or with NOD32 installed and HTTP scanning disabled we are able to cap our bandwidth as would be expected. With HTTP Scanning enabled, it reduces our upstream to a mere 30%-45% of total capacity. I understand HTTP Scanning will affect the speed of the connection, but why would it only affect the upstream? and why to such an extreme while the affect to the downstream is barely noticeable. One more thing just to make it extremely confusing. I have a laptop with Windows 7 Ultimate 64bit, and I have NOD 4 64bit, using the SAME configuration file, HTTP scanning does not affect the upstream. I know the Windows 7 Network topology is different, but an interesting fact nonetheless. I'd love to hear feedback from people having similar issues, or those of you who may have educated theories. If there is a TCP/IP guru around, I can prepare a Wireshark dump of a before and after speedtest.