Announcement: New Knowledge Base

4 June 2020: We are pleased to announce the launch of a new Knowledge Base, Changelogs for Business Security Products, where you can find more details, such as bugfixes or new features, about the most recent releases of our business-related products.

PCs with fscs 8.01 generally slow + slow starting applications

Hi,

 

This is my first post and I recently started working with F-secure. I´m hoping to get som advice on troubleshooting. Tried to look in the old forum but the search function seems not to work?

 

My customer has many clients that experience this on the computers. I looked in action.log for problems but in the file there was a few "denies" for a couple of days, then all files/apps was allowed to connect in and out.

 

The settings in PMC 9.0 for application control is set to  allow/allow. 

Q1:  I see some of the impacted apps displayed in the "unknown apps reported by host", if the apps are displayed in this list, and the settings are allow/allow, are they affected by "performance issues" anyway, if I do not make a rule for them?

 

Also, I looked at fa.log from another PC with problems, this is how it looked like:

 

2     5357/65613     15       2011.10.20 23:52:36 \Device\HarddiskVolume1\WINDOWS\system32\cxEditorsVCLD6.bpl 
2     3153/25228     13       2011.10.20 23:52:36 \Device\HarddiskVolume1\WINDOWS\system32\dxThemeD6.bpl 
2     2600/32904     15       2011.10.20 23:52:36 \Device\HarddiskVolume1\WINDOWS\system32\cxExportVCLD6.bpl 
2     2669/34824     15       2011.10.20 23:52:36 \Device\HarddiskVolume1\WINDOWS\system32\cxExtEditorsVCLD6.bpl 
2     5641/57308     13       2011.10.20 23:52:36 \Device\HarddiskVolume1\WINDOWS\system32\cxGridVCLD6.bpl 

Could someone pls tell me how to "read" this file and what the 3 first "columns" mean? E.g. is the 3rd column how many times the file has been scanned?

 

As far as I can tell the impacted apps (exe-files) are excluded from RTS.

 

We are currently upgrading to a newer version but have thousands of PCs so I need to get the old ones to work better until they are ready for upgrade.


Any advice/tuning tips would be greatly appreciated! :)

 

Many thanks in advance!

Best Answer

  • MJ-perCompMJ-perComp Posts: 1,098
    Accepted Answer

    Again, FSCS 8.01 is out of support. All information we still give are only given because they are valid for later versions too!

     

    the one row was cretaed during boot, the other after logon.

     

    These issues have most likely been addressed by 9.20.

    While it is up to F-Secure to provide further answers I will not, unless the problem also shows with 9.20!

     

    Please update today!

     

    BR

Comments

  • MJ-perCompMJ-perComp Posts: 1,098

    Hi,

     

    FSCS 8 is no longer supported since 15. October 2011 and from 31.12.2011 it will no longer be updated with sigantures!

     

    As FSCS9.20 is alreday released you should start with a new setup (no upgrade) and confirm that the problem still exists, as application control and deepguard now share information.

     

    Anyway, you should NOT "scan all files" in realtime scanning!

    AFAIK "BPL" is not scanned by default.

     

    fa.log

    <engine> <max/sum scan time> <number of scans since boot>

     

    Best Regards

     

     

    J-C
  • jackmajackma Posts: 57

    Please upgrade to version 9, no tweaking will get you more performance as a simple upgrade of our software will. Big plus: current versions are supported, your installed version is not.

     

    J-C wrote:


    Q1:  I see some of the impacted apps displayed in the "unknown apps reported by host", if the apps are displayed in this list, and the settings are allow/allow, are they affected by "performance issues" anyway, if I do not make a rule for them?

     

    Answer: Absolutly not. There are no performance issues if they are displayed in " "unknown apps reported by host". Adding a rule for them will also not change the performance of the client systems.

    The rules refer to if they are allowed to communicate via the network. That is unrelated to file based scanning.

     

    Just make sure you do not have "scan all files" in the real-time scanning enabled and also do not scan achives in real-time. You can maximize the security in the options for scheduled scanning.

    J-C
  • J-CJ-C Posts: 46

    Hi,

     

    Thank u both for you answers. The setting for RTS is scan "files with these extensions", that´s why I can´t understand why the machines are so slow.

     

    One last question when/if you have time:

     

    What is the difference between the 2 rows from fa.log below, can/should I use both when configuring exclusions in RTS?

     

    C:\Program\RealVNC\VNC4\wm_hooks.dll

     

    \Device\HarddiskVolume1\Program\RealVNC\VNC4\wm_hooks.dll

     

     

    Regards,

    JC

  • jackmajackma Posts: 57
    Concerning the configuration of exclusions:
    If you do not use wildcards you can use the simple format "C:\...", but if you use wildcards then you use, depending on the circumstance,the "\Device\..." variant.

    Please read further:

    http://www.f-secure.com/de/web/business_de/support/article/kba/15193/k/wildcard/p/1

    J-C
  • J-CJ-C Posts: 46

    Hi,

     

    Thanks again for your answers. I really appreciate that you take the time to help me out answering my questions.

     

    Matthias: We are upgrading as fast as we can so I won´t ask any more about 8.x clients..:) 

     

     

    Regards,

     

    JC

  • MJ-perCompMJ-perComp Posts: 1,098

    @J-C wrote:

    Matthias: We are upgrading as fast as we can so I won´t ask any more about 8.x clients..:) 


     

    Puh, that gives me a good sleep tonight! Smiley Wink

     

     

This discussion has been closed.