Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Subscribers 5 subscribers
  • Views 18811 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Slow Boot Times

sacog

We are evaluating the Sophos Anti-virus software in our company.  So far, things have been running fairly smoothly.  Good scan times that don't impact computer usage.  Good virus detection.

The problem we are running in to is that after installing the End Point Protection on our test workstations, they now take two to three times as long to start up (even compared to our current anti-virus product).  Time to get to the Ctrl-Alt-Del screen is about normal.  After pressing Ctrl-Alt-Del, there is about a 15 - 30 second delay (depending on the workstation) before I can enter my login credentials.  Then, after entering the login credentials, there is another 30 second to up to 3 minute delay to bring the workstation to a working state (depending on the workstation again).

Has anyone else experienced these slow boot up times?

Has anyone found anything that can be done to help speed this up?

thanks,

david

:34335


This thread was automatically locked due to age.
  • 0

    Hello david,

    haven't seen this and can't say what could be the cause. If you wait, say, 5 minutes before pressing Ctrl-Alt-Del - do you encounter the same delays afterwards?

    Christian

    :34371
  • 0

    We're experiencing something pretty similar since we reimaged most of our PCs with Windows 7. This happens very intermittently, but after a successful login, users have expereinced drives not mapping for 2-5 minutes, IE, browsing their computer, oropening documents not responding, and explorer crashing. If the leave their PCs along for a few minutes after login, everything works fine. 

    I've opened a case with Microsoft, and the first thing they did was disable all non-Microsoft startup programs and services in MSCONFIG. I've slowly re-enabled services and programs, and it seems like it's either the auto-update program/service or the Antivirus service that are causing this. With these disabled from startup, everything works very smoothly.

    Microsoft also told me that they just worked with another customer that had this same issue. That's not really what I wanted to hear... I can't say I want to disable autoupdate and the antivirus services at startup.

    :34427
  • 0

    HI,

    Are you running 10.2?  If not can you try that, does it help?

    Also of note, have you tried setting for example setting:

    32-bit machines

    [HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate]

    "StartupDelay"=dword:00000258

    64bit machines

    [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Sophos\AutoUpdate]

    "StartupDelay"=dword:00000258

    With this set, the alupdate.exe Process would kick off 10 minutes (600 seconds) after the Sophos AutoUpdate service starts?

    You can imagine that the computer starts up, SAV has the previous virus data it had before, so starts building up a cache of clean files as the computer starts.  5 minutes later, by default, SAV updates, this refreshes the cache (as it can't assume anything is clean based on new data) and it has to scan again all the files it previously scanned as they are touched.  If you couple this with the actual update taking place, startup is a busy time.  Does delaying the initial update slighly make any improvement, also with 10.2?

    Regards,

    Jak

    :34435
  • 0

    Good morning,

    I have around 70 computers running sophos Endpoint protection base on Cloud and after the last updates all computers stayed very slow.

    The process SavService.exe take more than 300MB of RAM of our computers.

    I have tested disabled real-time scanning and the situation stayed betther, but we need this featur to protect our devices.

  • 0 in reply to Marope Algarve Hoteis de Portugal SA

    Hello,

    your question is about the Endpoint software so this forum is "correct".
    The Central managed Endpoint versions (and components) differ slightly from the (on-premise managed) ESC ones and your particular issue, as you've said after the last updates, might be version-specific. You should perhaps post in the Central forum.

    300MB is a little bit too high, is this only more or less shortly after boot or does it stay at this level? But anyway the slightly exaggerated memory usage shouldn't cause significant delays (unless your machines - which Windows version, BTW?) are memory-constrained. Did you try to delay AutoUpdate?

    Christian

  • 0 in reply to QC

    Thank you for your reply Christian.

     

    All most of machines are HP Elite Desk 800 g1 with 8GB of RAM with Corei5 running Windows 10 with the last updates.

    It is really strange because after the last updates of Windows (Windows Creatores) the computers staied very slow.

    Thank you

    Ricardo

  • 0 in reply to Marope Algarve Hoteis de Portugal SA

    One thing you could do that is quick is to capture a Process Monitor - docs.microsoft.com/.../procmon log of boot.

    Once captured, filter down to: "Duration" more than "0.1"and just file operations.

    Do any files stand out that you could try excluding from on-access scanning?

    Otherwise, it might be worth disabling (one by one) the features under the Runtime Protection section of the Threat Protection policy.

    Regards,

    Jak

Unfiltered HTML