Windows server shares VERY slow

Discussion in 'ESET NOD32 Antivirus' started by redboot, Dec 3, 2010.

Thread Status:
Not open for further replies.
  1. redboot

    redboot Registered Member

    Joined:
    Mar 14, 2008
    Posts:
    3
    Summary: On two clients, server share writes slow to a crawl with NOD32 real-time protection. When file system protection is disabled or the share excluded, speeds resume to normal. NOD32 updated to latest version and definitions updated.

    Detail: Beginning on 18th November, a client reported a significant slowdown in their line-of-business application which stores data on a SBS 2003 server using a standard Windows (SMB) share, that is, not using a client-server database. Application software support personnel indicated it was due to "network communications problems." I conducted extensive analysis and found no problems, though I noticed copying a sample folder with large files from a PC-to-Server was noticeably slower than copying Server-to-PC. Application software support was contacted again and they were not able to find much, except that some improvement could be made by running the workstation in Safe Mode w/ Network. I ran another copy test and found even further PC-to-Server slowness (8x slower).
    At this point, I experimented with disabling all NOD32 protection. Disabling NOD32 on the PC helped very little, but disabling it on the server made copying almost as fast, that is a 1000% improvement.
    I then found I could go into NOD32 setup and configure an exception to File System protection to exclude a sub-folder of the share used for the application data files. This provided the same improvement.
    The client reports that the issue appears to be resolved. This of course is just a workaround.
    About 10 days later, a different client had performance issues that, short story, were alleviated by excluding the data share.

    Data:
    Test and time files copy.
    J:\a-test folder copied on acctg2 PC, from server share to acctg2 folder 139MB in 168 files, 10 folders
    0:11.5 - Copy from server to acctg2
    1:32.1 - Copy from acctg2 to server

    Turned off ESET on PC
    0:05.7 - Copy from server to acctg2
    1:31.4 - Copy from acctg2 to server

    Turned off ESET on server and PC
    0:06.7 - Copy from server to acctg2
    0:07.4 - Copy from acctg2 to server

    Turned ON ESET on server and PC, with exclusion on File System protection for ACI and ACI32 folders
    0:08.4 - Copy from server to acctg2
    0:09.2 - Copy from acctg2 to server
    92.1 seconds / 9.2 seconds = 10.1 or about 10x speed improvement.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    Just to make sure, are they using the most current version 4.2.67?
     
  3. raze

    raze Registered Member

    Joined:
    Dec 3, 2010
    Posts:
    1
    Same here. I already had this a few times ago (with a 4.0.x and even before with some 3.x) !

    This time :
    The share is on XP
    Client is XP or Linux (mount.cifs)
    nod32 BusEd 4.2.67.10 / db 5672
    Enabled => 200/300 kbits/s
    Disabled => 150.000/200.000 kbits/s

    Valuable data :
    If I uninstall current nod32 and I reinstall same version (4.6.27.10) but PREVENT updating virus db (db installed with my package is 5591) => problem solved
    If I update virus db, i get v5672 and problem is back.

    So something looks wrong between those db versions.

    Again, I already experienced this kind of problems several times in less than 2 years : I'm a reseller and from today I'll definitively stop using/distributing it. This is not possible to use/support it in network environnement.
     
  4. redboot

    redboot Registered Member

    Joined:
    Mar 14, 2008
    Posts:
    3
    Yep, I updated all PCs to 4.2.67.10 yesterday and retested.
    When I quit excluding the shares, the slowness immediately returned.

    I have an article from an ESET rep that I am following now and will report back if it helps.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    I assume that the problem does not occur with real-time protection disabled on the server with the share. What type of files are copied there? (executables/dlls, archives, documents, data files, etc.)
    Do you use default real-time protection settings? If so, try disabling all options for newly created and modified files and let us know if it makes a difference. You can also try setting real-time protection to scan files with extensions listed in the default extension set (ie. those that are known potentially to carry malware).
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.