Windows server shares VERY slow

Discussion in 'ESET NOD32 Antivirus' started by redboot, Dec 3, 2010.

Thread Status:
Not open for further replies.
  1. redboot

    redboot Registered Member

    Joined:
    Mar 14, 2008
    Posts:
    3
    Summary: On two clients, server share writes slow to a crawl with NOD32 real-time protection. When file system protection is disabled or the share excluded, speeds resume to normal. NOD32 updated to latest version and definitions updated.

    Detail: Beginning on 18th November, a client reported a significant slowdown in their line-of-business application which stores data on a SBS 2003 server using a standard Windows (SMB) share, that is, not using a client-server database. Application software support personnel indicated it was due to "network communications problems." I conducted extensive analysis and found no problems, though I noticed copying a sample folder with large files from a PC-to-Server was noticeably slower than copying Server-to-PC. Application software support was contacted again and they were not able to find much, except that some improvement could be made by running the workstation in Safe Mode w/ Network. I ran another copy test and found even further PC-to-Server slowness (8x slower).
    At this point, I experimented with disabling all NOD32 protection. Disabling NOD32 on the PC helped very little, but disabling it on the server made copying almost as fast, that is a 1000% improvement.
    I then found I could go into NOD32 setup and configure an exception to File System protection to exclude a sub-folder of the share used for the application data files. This provided the same improvement.
    The client reports that the issue appears to be resolved. This of course is just a workaround.
    About 10 days later, a different client had performance issues that, short story, were alleviated by excluding the data share.

    Data:
    Test and time files copy.
    J:\a-test folder copied on acctg2 PC, from server share to acctg2 folder 139MB in 168 files, 10 folders
    0:11.5 - Copy from server to acctg2
    1:32.1 - Copy from acctg2 to server

    Turned off ESET on PC
    0:05.7 - Copy from server to acctg2
    1:31.4 - Copy from acctg2 to server

    Turned off ESET on server and PC
    0:06.7 - Copy from server to acctg2
    0:07.4 - Copy from acctg2 to server

    Turned ON ESET on server and PC, with exclusion on File System protection for ACI and ACI32 folders
    0:08.4 - Copy from server to acctg2
    0:09.2 - Copy from acctg2 to server
    92.1 seconds / 9.2 seconds = 10.1 or about 10x speed improvement.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Just to make sure, are they using the most current version 4.2.67?
     
  3. raze

    raze Registered Member

    Joined:
    Dec 3, 2010
    Posts:
    1
    Same here. I already had this a few times ago (with a 4.0.x and even before with some 3.x) !

    This time :
    The share is on XP
    Client is XP or Linux (mount.cifs)
    nod32 BusEd 4.2.67.10 / db 5672
    Enabled => 200/300 kbits/s
    Disabled => 150.000/200.000 kbits/s

    Valuable data :
    If I uninstall current nod32 and I reinstall same version (4.6.27.10) but PREVENT updating virus db (db installed with my package is 5591) => problem solved
    If I update virus db, i get v5672 and problem is back.

    So something looks wrong between those db versions.

    Again, I already experienced this kind of problems several times in less than 2 years : I'm a reseller and from today I'll definitively stop using/distributing it. This is not possible to use/support it in network environnement.
     
  4. redboot

    redboot Registered Member

    Joined:
    Mar 14, 2008
    Posts:
    3
    Yep, I updated all PCs to 4.2.67.10 yesterday and retested.
    When I quit excluding the shares, the slowness immediately returned.

    I have an article from an ESET rep that I am following now and will report back if it helps.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I assume that the problem does not occur with real-time protection disabled on the server with the share. What type of files are copied there? (executables/dlls, archives, documents, data files, etc.)
    Do you use default real-time protection settings? If so, try disabling all options for newly created and modified files and let us know if it makes a difference. You can also try setting real-time protection to scan files with extensions listed in the default extension set (ie. those that are known potentially to carry malware).
     
Thread Status:
Not open for further replies.