We run a high-load terminal server for thin client access. We recently upgraded to 2008 from 2003 because of the increased stability of fewer kernel-mode drivers along with a few other improvements. Stability has been great, but Nod32 is causing problems. The first thing I ran in to was the Automatic startup file scan at user logon was causing problems when you have 30+ users all logging on at once when a shift starts. That is disabled and disk thrashing has stopped, but now I am left with massive network delays. There will be upwards of 30 seconds of delay before an HTTP session can be initiated and I'm fairly sure the delay is coming from everything being routed through the HTTP scanner. Any ideas on where to start or what to tweak? I've only had to tune real-time scan settings prior to this and this is a little outside my comfort area. e: I should have mentioned, ekrn private bytes was peaking out a 1.1gb, which seems a tad excessive.