To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

PCs with fscs 8.01 generally slow + slow starting applications

J-C
J-C Posts: 44 Security Scout
in Business Suite

Hi,

 

This is my first post and I recently started working with F-secure. I´m hoping to get som advice on troubleshooting. Tried to look in the old forum but the search function seems not to work?

 

My customer has many clients that experience this on the computers. I looked in action.log for problems but in the file there was a few "denies" for a couple of days, then all files/apps was allowed to connect in and out.

 

The settings in PMC 9.0 for application control is set to  allow/allow. 

Q1:  I see some of the impacted apps displayed in the "unknown apps reported by host", if the apps are displayed in this list, and the settings are allow/allow, are they affected by "performance issues" anyway, if I do not make a rule for them?

 

Also, I looked at fa.log from another PC with problems, this is how it looked like:

 

2     5357/65613     15       2011.10.20 23:52:36 \Device\HarddiskVolume1\WINDOWS\system32\cxEditorsVCLD6.bpl 
2     3153/25228     13       2011.10.20 23:52:36 \Device\HarddiskVolume1\WINDOWS\system32\dxThemeD6.bpl 
2     2600/32904     15       2011.10.20 23:52:36 \Device\HarddiskVolume1\WINDOWS\system32\cxExportVCLD6.bpl 
2     2669/34824     15       2011.10.20 23:52:36 \Device\HarddiskVolume1\WINDOWS\system32\cxExtEditorsVCLD6.bpl 
2     5641/57308     13       2011.10.20 23:52:36 \Device\HarddiskVolume1\WINDOWS\system32\cxGridVCLD6.bpl 

Could someone pls tell me how to "read" this file and what the 3 first "columns" mean? E.g. is the 3rd column how many times the file has been scanned?

 

As far as I can tell the impacted apps (exe-files) are excluded from RTS.

 

We are currently upgrading to a newer version but have thousands of PCs so I need to get the old ones to work better until they are ready for upgrade.


Any advice/tuning tips would be greatly appreciated! :)

 

Many thanks in advance!

Comments

  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master

    Hi,

     

    FSCS 8 is no longer supported since 15. October 2011 and from 31.12.2011 it will no longer be updated with sigantures!

     

    As FSCS9.20 is alreday released you should start with a new setup (no upgrade) and confirm that the problem still exists, as application control and deepguard now share information.

     

    Anyway, you should NOT "scan all files" in realtime scanning!

    AFAIK "BPL" is not scanned by default.

     

    fa.log

    <engine> <max/sum scan time> <number of scans since boot>

     

    Best Regards

     

     

  • jackma
    jackma Posts: 25 Cyber Knight

    Please upgrade to version 9, no tweaking will get you more performance as a simple upgrade of our software will. Big plus: current versions are supported, your installed version is not.

     

    J-C wrote:


    Q1:  I see some of the impacted apps displayed in the "unknown apps reported by host", if the apps are displayed in this list, and the settings are allow/allow, are they affected by "performance issues" anyway, if I do not make a rule for them?

     

    Answer: Absolutly not. There are no performance issues if they are displayed in " "unknown apps reported by host". Adding a rule for them will also not change the performance of the client systems.

    The rules refer to if they are allowed to communicate via the network. That is unrelated to file based scanning.

     

    Just make sure you do not have "scan all files" in the real-time scanning enabled and also do not scan achives in real-time. You can maximize the security in the options for scheduled scanning.

  • J-C
    J-C Posts: 44 Security Scout

    Hi,

     

    Thank u both for you answers. The setting for RTS is scan "files with these extensions", that´s why I can´t understand why the machines are so slow.

     

    One last question when/if you have time:

     

    What is the difference between the 2 rows from fa.log below, can/should I use both when configuring exclusions in RTS?

     

    C:\Program\RealVNC\VNC4\wm_hooks.dll

     

    \Device\HarddiskVolume1\Program\RealVNC\VNC4\wm_hooks.dll

     

     

    Regards,

    JC

  • jackma
    jackma Posts: 25 Cyber Knight
    Concerning the configuration of exclusions:
    If you do not use wildcards you can use the simple format "C:\...", but if you use wildcards then you use, depending on the circumstance,the "\Device\..." variant.

    Please read further:

    http://www.f-secure.com/de/web/business_de/support/article/kba/15193/k/wildcard/p/1

  • J-C
    J-C Posts: 44 Security Scout

    Hi,

     

    Thanks again for your answers. I really appreciate that you take the time to help me out answering my questions.

     

    Matthias: We are upgrading as fast as we can so I won´t ask any more about 8.x clients..:) 

     

     

    Regards,

     

    JC

  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master
    @J-C wrote:

    Matthias: We are upgrading as fast as we can so I won´t ask any more about 8.x clients..:) 

     

    Puh, that gives me a good sleep tonight! Smiley Wink

     

     

This discussion has been closed.

Categories