Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 8202 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Renaming files on remote shares taking up to a minute

Jorel Cartier

Hi folks,

 

I the last two-three weeks we've being experiencing an issue when saving or renaming files on our NAS. It taking from 15 seconds to a full minute. Yes, this is new behavior.

The Sophos end-point is not configured to scan on rename.

 

I discovered that by disabling "write" in the "scanning - On-access scanning for this computer" setting, it completely resolves the issue and saving and renaming takes less than a second again.

But disabling "write" is horrible idea for obvious reasons.

I tested with a vanilla install of windows 8.1 with no updates (Joined the domain and installed Sophos).

Looks like this option here (Picture above), is the one causing the latency.

 

Is there any chance this could be caused by the latest update of the anti-virus definition? This is causing people a great deal of frustration.

 

A solution would be greatly appreciated, at this point the Sophos end-point functionality is no longer acceptable.

 

Regards,

 

Jorel 



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Is it all file types or just certain ones? For example, if you rename a .txt file, does that happen immediately but a Word/Excel document does not?

    Are you running 10.6.3 or 10.6.4 of Sophos? Was it fine with 10.3.15?  Do you know what changed between it working and now?  A major version of just virus data version?

    The ShowFixedPackages DWORD mentioned in this article - https://community.sophos.com/kb/en-us/12561 might allow you to create a subscription to 10.3.15 to perform a test with the previous version.

    The best logging for such an issue would be a Process Monitor log file (PML - all events including the system process which by default is excluded) with a network capture (Wireshark) at the same time when renaming the file.  I would then send them to Support for analysis.  It must be the scan of the file as the file is closed that is adding the delay. Maybe inspection of the the SMB | SMB2 traffic would highlight the issue.

    Is it all shares on the storage device?  If there are multiple shares, do you get the same issue in all locations, e.g. \\ip\share1\  and \\IP\share2\ etc..?

    I would imagine creating an exclusions for remote files would also "fix" it or perhaps more specifically \\ip\share1\

    Regards,

    Jak

  • 0 in reply to jak

    Hi Jak,

    To answer your questions:

    • This is happening on all file types and folders.
    • Our version is 10.6.3. We updated yesterday to see if it would fix our issue(but no luck). The previous version (10.3.x) had the same delay issue.
    • The Device is a Synology RS2414rp+ with a couple dozen shares. All shares are showing the same behaviour
    • Creating an exclusion on the remote files fixes this issue. Also removing “write” from on-access fixes the issue. This sadly isn't an option as the delay on save/rename is happening across the entire NAS.

    We have the logs from the Wireshark and Procmon zipped up and ready to go. 

    Who would be the best person to send it to?

    Regards,

    Jorel

  • 0 in reply to Jorel Cartier

    Hi,

    Email Support@Sophos.com is probably your easiest way to kick off a case.  

    I would request requesting FTP access to upload:

    1. An SDU zip from the client - community.sophos.com/.../33533

    2. The PML file.

    3. The Network capture.

    Referencing this forum post will give most of the information required I would think. 

    One question, I assume the problem is just with that device and the shares on it, shares on a Window server are fine for example?

    Regards,

    Jak

Reply
  • 0 in reply to Jorel Cartier

    Hi,

    Email Support@Sophos.com is probably your easiest way to kick off a case.  

    I would request requesting FTP access to upload:

    1. An SDU zip from the client - community.sophos.com/.../33533

    2. The PML file.

    3. The Network capture.

    Referencing this forum post will give most of the information required I would think. 

    One question, I assume the problem is just with that device and the shares on it, shares on a Window server are fine for example?

    Regards,

    Jak

Children
  • 0 in reply to jak

    Thanks again Jak,

     

    I've sent through a support request to Support@Sophos.com.

     

    Yes, it appears to be only the Synology NAS that is experiencing the latency issue when accessed from a workstation running the Sophos end-point.

    We've been running Sophos for the last two years with the same NAS without issue.

    It appears to be an latest Sophos update but this is going to be a process of elimination. I've opened a support request with Synology but the fact that the NAS works flawlessly without the Sophos end-point running leads them to believe it's not an issue with the NAS itself but I'll be asking them to look at the Procmon and Wireshark log files too. 

     

    Regards,

    Jorel

     

  • 0 in reply to Jorel Cartier

    Hi Jorrel , 

    Could you private message me the Service Request so I may check the issue . 

    Thanks and Regards

    Aditya Patel 

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

Unfiltered HTML