Performance issues caused from DeepGuard

Performance issues caused from DeepGuard - F-Secure Community

Issue:

We use different ERP applications that are installed on different servers, where F-Secure Server Security 14.xx is running.End users starts these applications from network shares. This means the network shares can be differently, and appilcations as well. Now, we have noticed that are lot of delays, and everything seems to be slow, when accessing these applications. We have been excluding the network shares, but nothing has changes so far. Disabling DeepGuard helps.

Resolution:

Note: Before digging into the problem, there are two prerequisites that F-Secure demands from customers using our products.

URL addresses for F-Secure update services: https://community.f-secure.com/discussion/11407/url-addresses-for-f-secure-update-services This means that *.f-secure.com and *.fsapi.com needs to be allowed from your Firewall in addition for services to work correctly.
You need to have Security Cloud enabled for all of your Clients, unless its some isolated Host. You may find more information about the Security Cloud here:
https://www.f-secure.com/en/web/legal_global/privacy/security-cloud

Security Cloud can be enabled using Policy Manager Console. The option is located under advanced settings, Client for the F-Secure Security Cloud. Object identifier: 1.3.6.1.4.1.2213.57

Regarding the performance issues cased from DeepGuard
There are always two levels. The obvious one is if DeepGuard that knows if the application is whitelisted, if it is, DG doesn't monitor it, so less performance hit.
If DG doesn't know it's clean, it will monitor it and that can cause performance issues. Excluding will obviously also work to "fix" the performance issues since DG again doesn't monitor the excluded applications. Whitelisting is just a safer way to reduce the monitoring level that DG does.

For applications running from network shared there's the additional performance hit coming from the SHA1 calculation of the application. Since the binary is on a network share, we can't assume anything about it or cache the results so DG driver will always compute the SHA1 when it see the process launching. Whitelisting doesn't affect this in any way and exclusion is the only way to avoid this performance problem

The latter problem mainly affects cases where the application is being launched a lot as in like several times a minute. It also depends on the network speed and file server load and many things.
Usually whitelisting the application is sufficient to avoid performance issues.
So, you can add example application.exe to excluded processes to optimize disk performance using Policy Manager Console, but you can also add the whole path to excluded applications under real-time scan.
If you are not sure, if the application is clean and can be excluded, you can always submit the executable of that application to us for further analyses. To do so, please use the SaaS Service: https://www.f-secure.com/en/business/support-and-downloads/submit-a-sample

Article no: 000023249