Slow response from PCs when updating virus databases

J-C
Supporter

Slow response from PCs when updating virus databases

Hi,

 

One of my customers is complaining about slow performance on their "cash register" PCs. This seems to happen when F-secure is downloading updates from the server. All of them are running on Windows XP SP2 and Client Security 9.01

What happens is that during the updating, the cash register gets very slow and when they try to scan items to sell, it kind of freezes for a few seconds, up to about a minute, before the transaction is complete.

 

Could this be because of F-secure updating virus databases? Whenever this happens they get a call from the store to the servicedesk and they restart the PC and all is well until next time.

 

Previously the automatic update interval has been set to 12 hours to try and prevent F-secure from updating too often?


I have a theory that if set to 12 hours, F-secure downloads more data then if set to 1 hour e.g? This is the case for other stores with the same customer and it works fine. These are however located in a different country.

 

Could this be caused by slow connection to the server? I don´t know exactly the bandwith of the connections to the stores but I wonder if a proxy server / neighbour casting could help this situation?

 

See text below from the logfile.log on one PC that has this problem, can someone please explain a little bit of what happens during this update and why it seems to download and update som many databases, is it normal? :)

 

2  2012-06-06  09:27:39+02:00  XXXXXXXX  XXXXXXXX\User  F-Secure Anti-Virus  1.3.6.1.4.1.2213.12  Virus definition database(s) 01@aqua.pub 02@aqua.mf 02@aqua.ref 7zip.xmd access.xmd ace.xmd adsntfs.xmd alz.xmd aqu.index aquarius-update.ini aquarius-update.mf ar.xmd arc.xmd arj.xmd aspy_emu.cvd avxdisk.xmd bach.xmd bdcore.dll boot.xmd bzip2.xmd cab.xmd cache.000 cache.001 cache.002 cache.003 cache.004 cache.005 cache.006 cache.007 cache.008 cache.009 cache.010 cache.011 cache.012 cache.013 cache.014 cache.015 cache.016 cevakrnl.cvd cevakrnl.ivd cevakrnl.rv0 cevakrnl.rv1 cevakrnl.rv2 cevakrnl.rv3 cevakrnl.rv4 cevakrnl.rv5 cevakrnl.rv6 cevakrnl.rv7 cevakrnl.rv8 cevakrnl.rv9 cevakrnl.rvd cevakrnl.xmd ceva_dll.cvd ceva_emu.cvd ceva_vfs.cvd ceva_vfs.ivd chm.xmd cookie.cvd cookie.xmd cpio.xmd cran.cvd cran.ivd dalvik.cvd dalvik.xmd dbx.xmd disp.xmd docfile.xmd dummyarch.xmd dummyscan.xmd emalware.000 emalware.001 emalware.002 emalware.003 emalware.004 emalware.005 emalware.006 emalware.007 emalware.008 emalware.009 emalware.010 emalware.011 emalware.012 emalware.013 emalware.014 emalware.015 emalware.016 emalware.017 emalware.018 emalware.019 emalware.020 emalware.021 emalware.022 emalware.023 emalware.024 emalware.025 emalware.026 emalware.027 emalware.028 emalware.029 emalware.030 emalware.031 emalware.032 emalware.033 emalware.034 emalware.035 emalware.036 emalware.037 emalware.038 emalware.039 emalware.040 emalware.041 emalware.042 emalware.043 emalware.044 emalware.045 emalware.046 emalware.047 emalware.048 emalware.049 emalware.050 emalware.051 emalware.052 emalware.053 emalware.054 emalware.055 emalware.056 emalware.057 emalware.058 emalware.059 emalware.060 emalware.061 emalware.062 emalware.063 emalware.064 emalware.065 emalware.066 emalware.067 emalware.068 emalware.069 emalware.070 emalware.071 emalware.072 emalware.073 emalware.074 emalware.075 emalware.076 emalware.077 emalware.078 emalware.079 emalware.080 emalware.081 emalware.082 emalware.083 emalware.084 emalware.085 emalware.086 emalware.087 emalware.088 emalware.089 emalware.090 emalware.091 emalware.092 emalware.093 emalware.094 emalware.095 emalware.096 emalware.097 emalware.098 emalware.099 emalware.100 emalware.101 emalware.102 emalware.103 emalware.104 emalware.105 emalware.106 emalware.107 emalware.108 emalware.109 emalware.110 emalware.111 emalware.112 emalware.113 emalware.114 emalware.115 emalware.116 emalware.117 emalware.118 emalware.119 emalware.120 emalware.121 emalware.122 emalware.123 emalware.124 emalware.125 emalware.126 emalware.127 emalware.128 emalware.129 emalware.130 emalware.131 emalware.132 emalware.133 emalware.134 emalware.135 emalware.136 emalware.137 emalware.138 emalware.139 emalware.140 emalware.141 emalware.142 emalware.143 emalware.144 emalware.145 emalware.146 emalware.147 emalware.148 emalware.149 emalware.150 emalware.151 emalware.152 emalware.153 emalware.154 emalware.155 emalware.156 emalware.157 emalware.158 emalware.159 emalware.160 emalware.161 emalware.162 emalware.163 emalware.164 emalware.165 emalware.166 emalware.167 emalware.168 emalware.169 emalware.170 emalware.171 emalware.172 emalware.173 emalware.174 emalware.175 emalware.176 emalware.177 emalware.178 emalware.179 emalware.180 emalware.181 emalware.182 emalware.183 emalware.184 emalware.185 emalware.186 emalware.187 emalware.188 emalware.189 emalware.190 emalware.191 emalware.192 emalware.193 emalware.194 emalware.195 emalware.196 emalware.197 emalware.198 emalware.199 emalware.200 emalware.201 emalware.202 emalware.203 emalware.204 emalware.205 emalware.206 emalware.207 emalware.208 emalware.209 emalware.210 emalware.211 emalware.212 emalware.213 emalware.214 emalware.215 emalware.216 emalware.217 emalware.218 emalware.219 emalware.220 emalware.221 emalware.222 emalware.223 emalware.224 emalware.225 emalware.226 emalware.227 emalware.228 emalware.229 emalware.230 emalware.231 emalware.232 emalware.233 emalware.234 emalware.235 emalware.236 emalware.237 emalware.238 emalware.239 emalware.240 emalware.241 emalware.242 emalware.243 emalware.244 emalware.245 emalware.246 emalware.247 emalware.248 emalware.249 emalware.250 emalware.251 emalware.252 emalware.253 emalware.254 emalware.255 emalware.256 emalware.257 emalware.258 emalware.259 emalware.260 emalware.261 emalware.262 emalware.263 emalware.264 emalware.265 emalware.266 emalware.267 emalware.268 emalware.269 emalware.270 emalware.271 emalware.272 emalware.273 emalware.274 emalware.275 emalware.276 emalware.277 emalware.278 emalware.279 emalware.280 emalware.281 emalware.282 emalware.283 emalware.284 emalware.285 emalware.286 emalware.287 emalware.288 emalware.289 emalware.290 emalware.291 emalware.292 emalware.293 emalware.294 emalware.295 emalware.296 emalware.297 emalware.298 emalware.299 emalware.300 emalware.301 emalware.302 emalware.303 emalware.304 emalware.305 emalware.306 emalware.307 emalware.308 emalware.309 emalware.310 emalware.311 emalware.312 emalware.313 emalware.314 emalware.315 emalware.316 emalware.317 emalware.318 emalware.319 emalware.320 emalware.321 emalware.322 emalware.323 emalware.324 emalware.325 emalware.326 emalware.327 emalware.328 emalware.329 emalware.330 emalware.331 emalware.332 emalware.333 emalware.334 emalware.335 emalware.336 emalware.337 emalware.338 emalware.339 emalware.340 emalware.341 emalware.342 emalware.343 emalware.344 emalware.345 emalware.346 emalware.347 emalware.348 emalware.349 emalware.350 emalware.351 emalware.352 emalware.353 emalware.354 emalware.355 emalware.356 emalware.357 emalware.358 emalware.359 emalware.360 emalware.361 emalware.362 emalware.363 emalware.364 emalware.365 emalware.366 emalware.367 emalware.368 emalware.369 emalware.370 emalware.371 emalware.372 emalware.373 emalware.374 emalware.375 emalware.376 emalware.377 emalware.378 emalware.379 emalware.380 emalware.381 emalware.382 emalware.383 emalware.384 emalware.385 emalware.386 emalware.387 emalware.388 emalware.389 emalware.390 emalware.391 emalware.392 emalware.393 emalware.394 emalware.395 emalware.396 emalware.397 emalware.398 emalware.399 emalware.400 emalware.401 emalware.402 emalware.403 emalware.404 emalware.405 emalware.406 emalware.407 emalware.408 emalware.409 emalware.410 emalware.411 emalware.412 emalware.413 emalware.414 emalware.415 emalware.416 emalware.417 emalware.418 emalware.419 emalware.420 emalware.421 emalware.422 emalware.423 emalware.424 emalware.425 emalware.426 emalware.427 emalware.428 emalware.429 emalware.430 emalware.431 emalware.432 emalware.433 emalware.434 emalware.435 emalware.436 emalware.437 emalware.438 emalware.439 emalware.440 emalware.441 emalware.442 emalware.443 emalware.444 emalware.445 emalware.446 emalware.447 emalware.448 emalware.449 emalware.450 emalware.451 emalware.452 emalware.453 emalware.454 emalware.455 emalware.456 emalware.457 emalware.458 emalware.459 emalware.460 emalware.461 emalware.462 emalware.463 emalware.464 emalware.465 emalware.466 emalware.467 emalware.468 emalware.469 emalware.470 emalware.471 emalware.472 emalware.473 emalware.474 emalware.475 emalware.476 emalware.477 emalware.478 emalware.479 emalware.480 emalware.481 emalware.482 emalware.483 emalware.484 emalware.485 emalware.486 emalware.487 emalware.488 emalware.489 emalware.490 emalware.491 emalware.492 emalware.493 emalware.494 emalware.495 emalware.496 emalware.497 emalware.498 emalware.499 emalware.500 emalware.501 emalware.502 emalware.503 emalware.504 emalware.505 emalware.506 emalware.507 emalware.508 emalware.509 emalware.510 emalware.511 emalware.512 emalware.513 emalware.514 emalware.515 emalware.516 emalware.517 emalware.518 emalware.519 emalware.520 emalware.521 emalware.522 emalware.523 emalware.524 emalware.525 emalware.526 emalware.527 emalware.528 emalware.529 emalware.530 emalware.531 emalware.532 emalware.533 emalware.534 emalware.535 emalware.536 emalware.537 emalware.538 emalware.539 emalware.540 emalware.541 emalware.542 emalware.543 emalware.544 emalware.545 emalware.546 emalware.547 emalware.548 emalware.549 emalware.550 emalware.551 emalware.552 emalware.553 emalware.554 emalware.555 emalware.556 emalware.557 emalware.558 emalware.559 emalware.560 emalware.561 emalware.562 emalware.563 emalware.564 emalware.565 emalware.566 emalware.567 emalware.568 emalware.569 emalware.570 emalware.571 emalware.572 emalware.573 emalware.574 emalware.575 emalware.576 emalware.577 emalware.578 emalware.579 emalware.580 emalware.581 emalware.582 emalware.583 emalware.584 emalware.585 emalware.586 emalware.587 emalware.588 emalware.589 emalware.590 emalware.591 emalware.592 emalware.593 emalware.594 emalware.595 emalware.596 emalware.597 emalware.598 emalware.599 emalware.c00 emalware.c01 emalware.c02 emalware.c03 emalware.c04 emalware.c05 emalware.c06 emalware.c07 emalware.c08 emalware.c09 emalware.c10 emalware.c11 emalware.cvd emalware.i01 emalware.i02 emalware.i03 emalware.i04 emalware.i05 emalware.i06 emalware.i07 emalware.i08 emalware.i09 emalware.i10 emalware.i11 emalware.i12 emalware.i13 emalware.i14 emalware.i15 emalware.i16 emalware.i17 emalware.i18 emalware.i19 emalware.i20 emalware.i21 emalware.i22 emalware.i23 emalware.i24 emalware.i25 emalware.i26 emalware.i27 emalware.i28 emalware.i29 emalware.i30 emalware.i31 emalware.i32 emalware.i33 emalware.i34 emalware.i35 emalware.i36 emalware.i37 emalware.i38 emalware.i39 emalware.i40 emalware.i41 emalware.i42 emalware.i43 emalware.i44 emalware.i45 emalware.i46 emalware.i47 emalware.i48 emalware.i49 emalware.i50 emalware.i51 emalware.i52 emalware.i53 emalware.i54 emalware.i55 emalware.i56 emalware.i57 emalware.i58 emalware.i59 emalware.i60 emalware.i61 emalware.i62 emalware.i63 emalware.i64 emalware.i65 emalware.i66 emalware.i67 emalware.i68 emalware.i69 emalware.i70 emalware.i71 emalware.i72 emalware.i73 emalware.i74 emalware.i75 emalware.i76 emalware.i77 emalware.i78 emalware.i79 emalware.i80 emalware.i81 emalware.i82 emalware.i83 emalware.i84 emalware.i85 emalware.i86 emalware.i87 emalware.i88 emalware.i89 emalware.i90 emalware.i91 emalware.i92 emalware.i93 emalware.i94 emalware.i95 emalware.i96 emalware.i97 emalware.i98 emalware.i99 emalware.ivd engines.cvd epoc.xmd e_spyw.cvd e_spyw.i00 e_spyw.i01 e_spyw.i02 e_spyw.i03 e_spyw.i04 e_spyw.i05 e_spyw.i06 e_spyw.i07 e_spyw.i08 e_spyw.i09 e_spyw.i10 e_spyw.i11 e_spyw.i12 e_spyw.i13 e_spyw.i14 e_spyw.i15 e_spyw.i16 e_spyw.i17 e_spyw.i18 e_spyw.i19 e_spyw.i20 e_spyw.i21 e_spyw.i22 e_spyw.i23 e_spyw.i24 e_spyw.i25 e_spyw.i26 e_spyw.i27 e_spyw.i28 e_spyw.i29 e_spyw.i30 e_spyw.i31 e_spyw.i32 e_spyw.i33 e_spyw.i34 e_spyw.i35 e_spyw.i36 e_spyw.i37 e_spyw.i38 e_spyw.i39 e_spyw.i40 e_spyw.i41 e_spyw.i42 e_spyw.i43 e_spyw.i44 e_spyw.i45 e_spyw.i46 e_spyw.i47 e_spyw.i48 e_spyw.i49 e_spyw.ivd FS@aqua.ini gvmscripts.cvd gzip.xmd ha.xmd hlp.xmd hpe.cvd hqx.xmd html.xmd htmltok.cvd imp.xmd inno.xmd instyler.xmd iso.xmd java.cvd java.xmd jay.cvd jpeg.cvd jpeg.xmd lha.xmd lib.cvd lib.ivd lib.rvd lnk.xmd lyme.xmd mbox.xmd mbx.xmd mdx.xmd mdx_97.cvd mdx_97.ivd mdx_w95.cvd mdx_x95.cvd mdx_xf.cvd mime.xmd mobmalware.cvd mobmalware.xmd mso.xmd na.cvd nelf.cvd nelf.xmd nsis.xmd objd.xmd orice.rvd pdf.xmd pdftok.cvd proc.xmd pst.xmd quickbfc.xmd rar.xmd regarch.cvd regarch.xmd regscan.cvd regscan.xmd rpm.xmd rtf.xmd rup.cvd rup.xmd sdx.cvd sdx.ivd sdx.xmd sfx.xmd swf.xmd tar.xmd td0.xmd thebat.xmd tknscan.cvd tnef.xmd uif.xmd unpack.cvd unpack.ivd unpack.xmd update.txt uudecode.xmd variant.c00 variant.c01 variant.cvd ve.cvd ve.ivd ve.xmd vedata.cvd viza.xmd wim.xmd wise.xmd xar.xmd xcookies.xmd xishield.xmd xlmrd.cvd xlmrd.ivd yishield.xmd z.xmd zip.xmd zoo.xmd  updated successfully.

 

If I upgrade to CS 9.20, would this version e.g. download "less" updates? Also, I have plans for making at new package for installation of CS 9.20, if I "compile" it without e-mail scanning and browsing protection, (this is not necessary on cash registers), would this make it update less databases?

 

This has been going on for quite some time before I started working with this customer but no one has been able to solve.

 

Very long post and many questionis at the same time, but any help in how to troubleshoot this matter is much appreciated. :)

 

Thanks in advance!

 

Regards,
JC

1 ACCEPTED SOLUTION

Accepted Solutions
F-Secure
F-Secure

Re: Slow response from PCs when updating virus databases

Unfortunately, this scheduled task type is not supported in CS 9.xx versions.

 

Best regards,

Vad

8 REPLIES 8
F-Secure
F-Secure

Re: Slow response from PCs when updating virus databases

Hello JC,

 

I'll try to answer your questions.

> Could this be because of F-secure updating virus databases?

Yes, this is known problem, that during installation of aquarius update the system could be heavily loaded for some time.

If this "cash register" PCs have less then 1Gb of RAM, the aquarius update installation process can take several minutes.

Note, that we are talking only about installation. Downloading of updates shouldn't affect the performance much.

 

> Previously the automatic update interval has been set to 12 hours to try and prevent F-secure from updating too often?

Seems, that this was the reason. Maybe, it's possible for you to set this interval so, that the updates will be installed during the lowest activity of  "cash register" PCs.

 

> I have a theory that if set to 12 hours, F-secure downloads more data then if set to 1 hour e.g?

Total number of downloaded updates will be less if you chose 12 hours interval, as for some engines several updates can be published during 12 hours, while you will download only the latest one.

 

> Could this be caused by slow connection to the server?

Most likely no.

 

> what happens during this update and why it seems to download and update som many databases, is it normal?

Yes, this is normal. By the way, the downloading process is optimized, and only differences from installed databases are downloading.

 

> If I upgrade to CS 9.20, would this version e.g. download "less" updates?

No.

 

> Also, I have plans for making at new package for installation of CS 9.20, if I "compile" it without e-mail scanning and browsing protection, (this is not necessary on cash registers), would this make it update less databases?

Yes, but you'll still need the aquarius update.

 

For more detailed investigation I would propose you to contact support:

http://www.f-secure.com/en/web/business_global/support/contact/request

Please, provide to support the fsdiag from one of affected PCs, when it's in this slow performance condition.

 

Best regards,

Vad

 

Scholar

Re: Slow response from PCs when updating virus databases

That is right, the faster your unit and specifications, the faster it loads especially when it comes to installation process. 

Superuser

Re: Slow response from PCs when updating virus databases

Hello,

 

If Win XP SP2 is in use, trying to defend computers is a futile attempt. If the OS cannot be modernized, at least use SP3 plus the 111 winupdates that come after it. SP2 has more holes than a sieve and many of those gaps allow properly written malware to by-pass AV protections.

 

Do cash registers really need FSCS? Maybe FSAV WKS 9.31 would be enough, with less RAM footprint due to lack of a personal firewall. If the computers are protected by a gateway-level firewall and are not used in mobile fashion, only "desktop" style, then FSAVWKS 9.31 may be enough and things will be smoother.

 

FSC partner support told me it is not supported to turn off Aquarius and rely solely on pro-active defence (DeepGuard and heuristics).

 

Maybe automatic updates should be disabled and there should be only two updates per day, one in the dawn and one in the evening, when sales ops are not negatively affected.

 

A refined soultion could be to selectively disable the download of the Acquarius channel in the AUA / AUS config file, so mid-day automatic updates do not cause high-CPU situation. Then the non-work hour dawn and evening updates could be made in a manual / scripted manner, via running "fsdbupdate9.exe" on the PMS, so these times the big Aquarius database is also updated.

 

Sincerely: Tamas Feher, 2F 2000, Hungary.

J-C
Supporter

Re: Slow response from PCs when updating virus databases

Hi,

 

Thank you for your answers. All the clients (cash registers) have dual-core CPUs and at least 1,5 GB RAM installed so it should not be a HW issue. OS is actually XP SP3 + all additional patches. The problem still continues, tickets and complaints coming in almost every day.

 

I also sent in fsdiag files from clients which experience this problem, but got a message back saying they look fine.

 

I guess that the solution is to disable automatic updates and make clients update manually some how.

 

Instead of scripting this, could I use the scheduler found under F-secure Antivirus in advanced mode, there is a possibility to choose "poll for updates", would this work the way I want if I also disable automatic updates?

 

In addition to this I think I will create a new package where e-mail scanning + browsing protection are not included.

 

 

Pls let me know your thoughts on this, if it can be done in any different/better way?

 

Thanks and regards,

JC

F-Secure
F-Secure

Re: Slow response from PCs when updating virus databases

Hello J-C,

 

I'm afraid that the only way to manually update databases is to use fsdbupdate9.exe from

http://www.f-secure.com/en/web/labs_global/removal/databases

 

Best regards,

Vadim

 

J-C
Supporter

Re: Slow response from PCs when updating virus databases

Hi again,

 

Sorry to nag you about this! Smiley Happy Can´t I use the below setting for "scheduled updates"?

If not, what is it used for?

 

Capture.JPG

 

 

 

 

 

 

Regards,

JC

F-Secure
F-Secure

Re: Slow response from PCs when updating virus databases

Unfortunately, this scheduled task type is not supported in CS 9.xx versions.

 

Best regards,

Vad

Highlighted
Superuser

Re: Slow response from PCs when updating virus databases

Hello,

 

What I would unofficially recommend is to edit the \fsaua\program\fsauarep.cfg file on the PMS 10.01 Windows server computer and put a double-cross sign in front of the "subscribe aquawin32" line. This will leave automatic updates turned on (for Hydra engine quick reaction for example), but the most database-heavy item will NOT be fetched automatically and distributed to clients at inconvenient times of the day.

 

Next, the sysadmin could use the Windows OS's built-in task scheduler to download and run the "fsdbupdate9.exe" file on the FSPMS server at convenient times (for example twice-daily, in the dawn-morning and evening-night period). This would download and distribute the database-heavy Aquarius update item for continued full protection, but at an out-of-work time of the day, when normal business activity is not negatively affected by a few minutes of high CPU and RAM usage by F-Secure.

 

Sincerely: Tamas Feher, 2F 2000, Hungary.