08-04-2010 04:11 PM - edited 08-04-2010 04:15 PM
The odd thing with this client is that if I remove the WFBS client agent, it works fine, and if I re-install WFBS, it works fine...for a time. After a while, possibly about a week, it gets so slow that it can barely be used.
I would agree with you that 6.0 is the problem, except that five other locations, and my own network, do not have that slowness.
Are you using Conventional Scan or SmartScan?
Have you installed the 3154 and 3100 hotfies, in that order? How much memory do your systems have?
You do know that the WFBS 7 beta starts on Friday, right? https://www.trendbeta.com/index.php?get=356&conten t=579
08-04-2010 06:27 PM - edited 08-04-2010 06:30 PM
As far as the runtime speed is has finally gotten better but man what you had to go through to get there! The hot fixes you mentioned have been installed in the proper order. I did miss one of the other change to make it run faster. I use conventional scanning. So I guess it would be... turn off behavior monitoring, use conventional scanning, only scan files that have been modified, disable TSC at startup, delay Trend services start for two minutes.. there are probably more I have just forgot them.
What a total disaster. I guess the "only" complaint my customers have now is that it takes anywhere from 3 to 10 minutes after logging in to get to the desktop. It sits at the "Applying Computer Settings" the whole time. It is a sad state of affairs when you spend big bucks on a software package like WFBS and the price of the software is minimal compared to the vast amount of time you have to put in to it patching, changing INIs, changing registry entries and everything else just to keep it running right. Then there is the fact that it doesn't seem to catch much...
I started beta testing at the SMB 3.5 level. It was missing so malware I was begging for a new release in hopes it would catch more. I quit beta testing at the 6.0 level because it didn't matter. The product was just as buggy and missed just as much malware at the final release so I figured I might as well not dump a lot of time in beta testing when I am still going to have to dump a lot of time in it after it was fully released.
You don't know how many times I have gotton service calls on badly infected computers only to see Trend sitting there fat and happy, fully updated. About the only time it would pop up and catch anything was when I was cleaning the infected computer with Malwarebytes or Superantispyware and as they picked up the infections Trend finally woke up and said "wait... I think I found something" LOL.
You can tell I am not too pleased with Trend. I sure hope V7 knocks my socks off. I came from Symantec Corporate because of all the problems I had with it. Now I'm not sure that I didn't jump out of the frying pan and in to the fire
Any idea why little mom and pop shops like Malwarebytes and Superantispyware seem to put the big boys like Symantec, McAfee and Trend to shame?
08-05-2010 06:41 AM
"The usual "cure" for the Broadcom NICs is to update the drivers, then edit the registry to add EnableRSS=0 to disable TCP/IP Receive Side Scaling and add DisableTaskOffload=1 to disable offloading network tasks to network card driver."
The laptop I am testing is a Dell with a Broadcom NIC and I have updated the driver to the latest which is still pretty old. Can you direct me to the details on these registry hacks so I can try them? Perhaps my common thread is Dell/Broadcom - will have to investigate further.
08-05-2010 08:14 AM
I tried them here with no success:
is that the right location for this fix?
08-05-2010 11:07 AM
disable Receive Side Scaling when the computer is configured as an Internet Connection Sharing gateway. To do this, follow these steps:
To work around this problem, turn off checksum offloading on the network adapter. To do this, follow these steps:
A reboot is required to make this value go in to effect.
08-05-2010 11:45 AM
Thanks Gregg but I have too many different types on NICS out there and too many different types of workstations to even think about it NOT being a Trend problem. This boot problem is happening to all of them. One customer clocked it this morning. 18 minutes to get to the Desktop! I uninstalled Trend and it was instantaneous. But there is a bright side. I re-installed Trend and it was down to 7 minutes! Yahoo!
I just noticed they release WFBS 6.0 SP3 so I guess I have three choices:
1) Try SP3
2) Beta 7
3) Lose Trend and try something else.
After suffering with Trend every step of the way since SMB 3.6 and not really seeing anything good coming from it #3 is looking pretty good....
08-05-2010 12:08 PM
Same here...it does it with Intel NICs as well. I am downloading WFBS 6.0 SP3 right now. I emailed Tri Nguyen asking if it has any speed improvements.
At this same client, I had a MASSIVE network-wide slowdown when moving from WFBS 5.0 to 5.1 and had to revert the entire network to 5.0 again. During that testing, I determined that the problem had to be the firewall driver, but they never confirmed it. I have yet to use the global setting to remove the firewall driver.
During that testing for the 5.1 problem, the reason that I figured it had to be the firewall driver, was because even unloading the agent and stopping/disabling all services had no effect. ONLY a complete removal of the agent would bring back the speed. The only thing left when the agent is unloaded and services disabled is the firewall driver that remains bound to the NIC. It even did it when disconnected from the LAN.
I once had a tool that would remove only the local firewall driver and prevent its re-installation, but I cannot find it. I want to use that tool on a couple of their systems to confirm if the firewall driver problem has reared its ugly head again.
08-05-2010 03:01 PM
Well here we go. I must be an idiot. I downloaded SP3 and am going to try in on this one particular customer's network what is experiencing 5-20 minutes login times. I am not "upgrading" the server. I un-installed everything on the server and deleted the Trend Micro directory. Building the server from ground zero. The only things I have changed on the client computers from the default server installation are:
1) Disabled the firewall driver (and unisntalled it), disabled scaning for cookies and disabled Behavior Monitoring on all Desktops and Servers
2) This time I let the workstations go Smart Scan
Those are the only two changes from the default server installation. While waiting for the results to come in I would like to confirm something I was told by Tech Support not more then 15 minutes ago. I was told I could leave autopcc in the login script 24/7/365. That it does not re-install the client agent. It simply updates it if it is already installed or installs it if it isn't already installed. Can anyone confirm what I was told as being accurate?
The reason I ask... if you watch a workstation log in the login script takes a good 3 to 4 minutes to execute during which time the Trend icon by the clock disappears. It does not reappear until about 4 to 5 minutes after logging back in. Tech support said this isn't a problem. Can anyone confirm that as being accurate?
I remember trying to leave autopcc in the login script a while back. At that point I could not leave autopcc in the login script because it either re-installed the Trend network firewall driver or updated it. Either way it broke the workstation's connection to the network momentarily. Just long enough to disrupt what the user was doing and make life miserable for them. I am not having that problem this time because I have disabled the firewall driver and told Trend not to install it but it still makes me wonder if running autopcc in the login script isn't actually reinstalling the client agent... thoughts or comments?
I'll post the speed changes (if any) as soon as I start getting results back from this customer.