• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

'**Bug** IPS device driver causes network slowdown

Hi all! 

I have struggled a while with low throughput from my WHS system. The system consists of two WDC 1TB green drives. The network is cabled gigabit and gigabit switch/router.  Using Ixia, I found that the throughput is 888,890Mbps. According to Ixia, Ixia's IxChariot can create throughput at up to 940 Mbps on a Gb Ethernet LAN. It seems that the network should be fast enough.


Nevertheless, I have noticed that file copy from my WHS is slow. I work with big photo files (Nikons NEF raw format, more than 10MB files), and browsing folder s with over 1000 of them could be slow. Copying a 683MB zip file takes approximately 20 seconds.
Then I faced some problem with my NIS 2009 security suite, and needed to uninstall/reinstall the NIS2010 version. After uninstalling/reboot, I needed another zip file from my WHS system. Surprisingly, the copying speed was very fast. I repeated the copying and clocked it to approximately 12 seconds!  

    
I now realized that NIS slowed down the transfer with a large amount. I then set up a test consisting off:

A ISO file, size 281MB
A ZIP file, size 683MB
A folder, 698MB (Consist 66 NEF files)

Then I start clocking the transfer speeds, performing the same copying two times.


Without NIS:

iso test 1 2,6
iso test 2 3,5
zip test 1 12,9 (over 109 MB/s troughput)
zip test 2 11,9
Folder test 1 15
Folder test 2 11,5

With NIS 2010:

Iso test 1 9,4 sec
Iso test 2 6,5
Zip test 1 25 seconds
Zip test 2 24 seconds
Folder test 1 40 seconds
Folder test 2 40 seconds

This is very annoying. Upgrading from 2009 to 2010 was done using the Norton removal tool. And I have put my WHS in the trusted zone in the NIS2010 network setting. Have anyone any clue?
Norton: please lock into this. For my use, NIS is not as I want. I love Norton/Symantec’s security packages and have used them for 10 years for my 5+ computers. I have also tested some others vendor’s product and they are a lot faster transferring data from my WHS.

Thanks and reagrds,

Ole Martin 

[edit: Changed subject for clarity.]

Message Edited by shannons on 09-20-2009 03:40 PM

Replies

Kudos0

Re: '**Bug** IPS device driver causes network slowdown

Hi all! 

I have struggled a while with low throughput from my WHS system. The system consists of two WDC 1TB green drives. The network is cabled gigabit and gigabit switch/router.  Using Ixia, I found that the throughput is 888,890Mbps. According to Ixia, Ixia's IxChariot can create throughput at up to 940 Mbps on a Gb Ethernet LAN. It seems that the network should be fast enough.


Nevertheless, I have noticed that file copy from my WHS is slow. I work with big photo files (Nikons NEF raw format, more than 10MB files), and browsing folder s with over 1000 of them could be slow. Copying a 683MB zip file takes approximately 20 seconds.
Then I faced some problem with my NIS 2009 security suite, and needed to uninstall/reinstall the NIS2010 version. After uninstalling/reboot, I needed another zip file from my WHS system. Surprisingly, the copying speed was very fast. I repeated the copying and clocked it to approximately 12 seconds!  

    
I now realized that NIS slowed down the transfer with a large amount. I then set up a test consisting off:

A ISO file, size 281MB
A ZIP file, size 683MB
A folder, 698MB (Consist 66 NEF files)

Then I start clocking the transfer speeds, performing the same copying two times.


Without NIS:

iso test 1 2,6
iso test 2 3,5
zip test 1 12,9 (over 109 MB/s troughput)
zip test 2 11,9
Folder test 1 15
Folder test 2 11,5

With NIS 2010:

Iso test 1 9,4 sec
Iso test 2 6,5
Zip test 1 25 seconds
Zip test 2 24 seconds
Folder test 1 40 seconds
Folder test 2 40 seconds

This is very annoying. Upgrading from 2009 to 2010 was done using the Norton removal tool. And I have put my WHS in the trusted zone in the NIS2010 network setting. Have anyone any clue?
Norton: please lock into this. For my use, NIS is not as I want. I love Norton/Symantec’s security packages and have used them for 10 years for my 5+ computers. I have also tested some others vendor’s product and they are a lot faster transferring data from my WHS.

Thanks and reagrds,

Ole Martin 

[edit: Changed subject for clarity.]

Message Edited by shannons on 09-20-2009 03:40 PM
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

I've also noticed slow file transfers across my network to my server (Windows 2008 R2 x64) since I installed NIS 2010 final.

I hadn't really investigated what was causing the slow transfers, but it makes sense to me that it could be NIS causing the problem.

I will do some investigating and post back.

_____________________________________________________________________Microsoft Security Essentials 1.0 - Windows 7 Ultimate x64 RTM (Build 7600)Uninstalled NIS 2010 due to the unfixed IPS driver issue - network has never been faster!
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

After some investigating, I can confirm this issue is definitely caused by NIS 2010.

There is a definite slowdown of approximately 30% with network transfers (particularly copies from server to client) when NIS is installed.

The below image show the same files being copied from and then back to my server shortly after a reboot. No programs were running except for NIS 2010 the second time round and the conditions and file were the same for each test. The server isn't the fastest in the world to begin with, it's write speed is quite poor for example, but as you can see, there is a noticable slowdown.

Also, worryingly, on the bottom image, when I started the file copy back to the server, there was a big spike which you can see, then nothing happened for about 15-20 seconds, then the copy continued. I could only replicate this issue with NIS installed and running, so therefore that issue is also being caused by NIS, I also noticed that yesterday whilst copying some videos across, but didn't think a lot of it.

The server is in 'Full Trust' mode.

Message Edited by metalhead82 on 09-20-2009 04:23 AM
_____________________________________________________________________Microsoft Security Essentials 1.0 - Windows 7 Ultimate x64 RTM (Build 7600)Uninstalled NIS 2010 due to the unfixed IPS driver issue - network has never been faster!
Kudos1 Stats

Re: '**Bug** IPS device driver causes network slowdown

After more investigating, the running of the Norton Removal Tool and the installation of NAV 2010, I found that the exact issue is also present in NAV 2010 (pic below), which would suggest that the component which is causing the issue is an active part of both.

The most likely cause of a network slowdown is something that is filtering the network packets, ie, a device driver. The most logical explanation is the IDS driver as that is present in both NIS 2010 and NAV 2010.

So, I used sc.exe to unload the IDSvia64.sys driver (sc stop IDSvia64) and guess what...network transfer speeds went back to normal.

Symantec staff, you really need to take a hard look at this driver and what it is doing, because a 30% network slowdown is not acceptable.

_____________________________________________________________________Microsoft Security Essentials 1.0 - Windows 7 Ultimate x64 RTM (Build 7600)Uninstalled NIS 2010 due to the unfixed IPS driver issue - network has never been faster!
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

Metalhead82;

I disabled the IDSvix86 driver in my system and could confirm that the network transfer was back to normal.

Symantec, please lock into this ASAP.

On my kids computers, I will continue to use NIS 2010 due to the new parental control.

But on my work PC, there is not other option than to run the Norton removal tool and find some other security option.

Thanks and regards,

Ole Martin 

Kudos0

Re: '**Bug** IPS device driver causes network slowdown

So it affects both the x86 and x64 IDS drivers, thats good to know...

I had actually uninstalled NIS and installed NAV because I initially believed it was the NIS firewall causing the problem and I was going to use NAV until it was fixed, but found that the issue was in NAV also, so I wasted an activation there.

But yes, this is a major bug and needs to be fixed, it seems to be easily reproducable and I already did the hard work and found out the driver that was causing it.

Edit: I must add, for clarity, that whilst I was beta testing NAV 2010, I did not notice this issue.

Message Edited by metalhead82 on 09-20-2009 06:31 AM
_____________________________________________________________________Microsoft Security Essentials 1.0 - Windows 7 Ultimate x64 RTM (Build 7600)Uninstalled NIS 2010 due to the unfixed IPS driver issue - network has never been faster!
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

Metalhead82;

where could we report this bug?

The "one click support" in NIS is not worth the click...

And thanks for your help and discovering of the "bugsy" driver!

Thanks and regards,

Ole Martin

Message Edited by Olex on 09-20-2009 04:03 PM
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

Well, perhaps if one of the more regular users of the forum could point this thread out to a mod or staff, I would appreciate it.

Perhaps you could edit the thread title to be more specific Olex, such as '**Bug** IPS device driver causes network slowdown' or something like that?

Cheers,

Will.

_____________________________________________________________________Microsoft Security Essentials 1.0 - Windows 7 Ultimate x64 RTM (Build 7600)Uninstalled NIS 2010 due to the unfixed IPS driver issue - network has never been faster!
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

I have flagged this thread for a mod - nice find!
"The fact that man knows right from wrong proves his intellectual superiority to other creatures; but the fact that he can do wrong proves his moral inferiority to any creature that cannot."- Mark Twain
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

Hi Will!

How do you change the thread title?

I can't find the option for this.. 

Thanks and regards,

Ole Martin

Kudos0

Re: '**Bug** IPS device driver causes network slowdown

test

I'll give up; it seems not possible to change the title of the thread :(

Mattsegers had anyway flagged this thread for a moderator

Message Edited by Olex on 09-20-2009 09:16 PM
Kudos1 Stats

Re: '**Bug** IPS device driver causes network slowdown

The title of the thread seems to have changed now, but nobody has responded acknowledging that there is an issue.
_____________________________________________________________________Microsoft Security Essentials 1.0 - Windows 7 Ultimate x64 RTM (Build 7600)Uninstalled NIS 2010 due to the unfixed IPS driver issue - network has never been faster!
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

I have tested this on two computers running NIS2010 (1x64bit, 1x32bit) as well as two computers running NIS2009 (2x32bit). The same issue is present for all of them. Maybe Symantec just won't discuss this?

Thanks and regards,

Ole Martin

Message Edited by Olex on 09-21-2009 07:36 PM
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

Interesting. The strange thing is, when I was beta testing NAV 2010, I didn't notice the issue. But, then again, I wasn't looking for it and I would only notice it in certain situations, such as large file copies to or from my server.

Disabling the IPS driver is a workaround to get the network speed back and stop the long pauses when you are writing to a network share, but, to be honest, I'd rather uninstall it than start performing ugly hacks to make it work correctly.

Hopefully this issue will be fixed soon and as always, I am available to do any testing required, because I'm like that.

_____________________________________________________________________Microsoft Security Essentials 1.0 - Windows 7 Ultimate x64 RTM (Build 7600)Uninstalled NIS 2010 due to the unfixed IPS driver issue - network has never been faster!
Kudos1 Stats

Re: '**Bug** IPS device driver causes network slowdown

Because the IPS feature must inspect all of your network traffic, there will be a hit to your network performance. For most users' regular Internet activity the impact should be negligible. For higher speed network traffic, the impact depends upon processor speed and characteristics of the data being copied. Symantec will continue to investigate ways to reduce the CPU and memory requirements of the various technologies, including IPS, but there will always be some impact.

Rather than disabling the driver, have you tried to disable Intrusion Prevention from the main product interface? This accomplish similar performance results as disabling the driver and will automatically re-enable after a few minutes.

Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

In my system, there was no gain in just disabling the intrusion prevention. With/without this feature, the transfer of a 683MB zip file was approximately 30-32MB/s. When disabling the IDSvix86 driver, the transfer was approximately 52-57MB/s. This is not acceptable.

Thanks and regards,

Ole Martin

Kudos0

Re: '**Bug** IPS device driver causes network slowdown

Disabling Intrusion Prevention from the main UI has absolutely no effect on the network slowdown, I just tried it several times.

The only action which makes a difference is running 'sc stop IDSvia64' from an elevated Command Prompt.

To put this in perspective, with the IDS driver enabled, I get 40 Megabytes / second from my server to my desktop. If I stop the driver as above, I get 65 Megabytes / second from my server to my desktop. This is a good 60% improvement.

My CPU speed is not an issue, I have 2 * Dual Core Xeons and the cpu usage whilst copying across the network is the same regardless if the IDS driver is running or stopped, so CPU usage is not an issue here.

If it was maxing out my cpu, I could understand, but it isn't.

The type of data that I have ran these tests with is HD .mvk video files, but I have also used Windows 7 .iso files with exactly the same result, so I do not believe that the data is the issue.

The most I can ever get through my network with IDS enabled is 40 Megabytes / Second, on a gigabit network I must add, that is with 2 concurrent transfers (which come from 2 separate disks on the server) that would normally hit 80 Megabytes / sec.

There is definitely an issue here which does need to be investigated.

_____________________________________________________________________Microsoft Security Essentials 1.0 - Windows 7 Ultimate x64 RTM (Build 7600)Uninstalled NIS 2010 due to the unfixed IPS driver issue - network has never been faster!
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

I confirmed this same behavior on NAV 2009 and 2010 (rolled back to 2009 because I was getting annoying system pauses with 2010).  Gigabit home network, get about 40 Megabytes/sec with ids on and 60+ with it off.  I wasn't seeing this kind of drain on network traffic a month or so ago (was pushing 60+ with it), so it must be related to the latest version of the driver included with the latest 2009 patch and the new 2010 edition.  I would concur with others who have posted about this, this definitely is an issue that needs attention.  Whacking 20+ Megabytes/sec bandwidth is way too much.
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

I have too realized, but most of the security suite slow down to little bit, and that is acceptable. Norton has least impact what i have come to know..
Genuine Windows 8.1 x64 Pro; NIS 2014; HP Pavallion G6 Notebook with AMD Core 2 Quad A10; 6 GB RAM; ; 1TB Western Digital HDD, AMD Radeon 2.5 GB Graphics Card
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

Having a 40 Megabyte / sec slowdown on my network isn't acceptable, there has to be a balance between performance and security and trashing a network connection is not a good balance.

It basically turns my gigabit ethernet into 400mbit ethernet, as that is the fastest I can get data through when the IDS driver is loaded. Plus, when I am writing files to my server, there is a big spike of network activity, then a 15-20 second pause, then it eventually transfers the file. This also does not occur with the IDS driver unloaded.

It really needs to be looked at. It almost seems like the IDS is capped at 400mbit because it will not go any quicker. Maybe it's a bug in the driver that is artificially capping the throughput?

Message Edited by metalhead82 on 09-21-2009 07:20 PM
_____________________________________________________________________Microsoft Security Essentials 1.0 - Windows 7 Ultimate x64 RTM (Build 7600)Uninstalled NIS 2010 due to the unfixed IPS driver issue - network has never been faster!
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

Silverhawk;
maybe Norton has the least OVERAL impact on the system. BUT, it is not acceptable that the driver drains 30%+ of the bandwidth! I have tested this with other suites and found that there is at least two other vendors that actually gives me 50+ MB/s from my server. For my daily work, I transfer thousands of NEF images (Nikon’s RAW format, 10+MB files) to/from my server. I have also noticed that transfer of big files, stops randomly and then continue again. Sorry Symantec, this is not god enough and has to be fixed ASAP. 

Without NIS/NAV installed, I also reach over 109MB/s with my 683MB test zip file!

 

 

Regards,

 

Ole Martin

 Message Edited by Olex on 09-22-2009 09:04 AMMessage Edited by Olex on 09-22-2009 09:18 AM
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

Silverhawk: this is not acceptable behaviour at all.

Running Windows 7 RTM x64 and NIS 2010. I was wondering why my HD movies streamed from my NAS were suddenly jerky and after some tests I can confirm this network slowdown problem.

NIS 2010 is turning into a bad release. Slow Windows startup. Slow IE8 tab close (resolved by disabling Norton addins). Slow network performance.

Looks like I will be uninstalling and going elsewhere.

Kudos0

Re: '**Bug** IPS device driver causes network slowdown

Ok OK OK baba..!! i have realized it.. but though it does affect, i have tested on heavy file transfer, Symantec gonna see this soon i hope.
Genuine Windows 8.1 x64 Pro; NIS 2014; HP Pavallion G6 Notebook with AMD Core 2 Quad A10; 6 GB RAM; ; 1TB Western Digital HDD, AMD Radeon 2.5 GB Graphics Card
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

Wow, this is a good find. I had to move files (>4GB) back and forth to really notice the difference with and without NIS2010 installed. I did find that if I add the mapped drive to the auto-protect/scan exclusions lists, performance improved a bit. Thankfully I am not getting performance hits like you guys are.
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

I cannot help but note that nobody from Symantec has posted and said, 'Yes, we are aware of this and we are looking at attempting a fix for it.'

It would be much appreciated by all affected users if a Symantec employee would take ownership of this issue and attempt to improve the performance of the IPS filter, which is an excellent layer of protection, but needs to be tamed in terms of network throughput hit.

We all await a reply on this issue.

_____________________________________________________________________Microsoft Security Essentials 1.0 - Windows 7 Ultimate x64 RTM (Build 7600)Uninstalled NIS 2010 due to the unfixed IPS driver issue - network has never been faster!
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

Metalhead; nothing could be more true! I should appreciate a clear response from Symantec, stating that “yes, we are aware of this and we are working on a fix for it”. But so far, we can only hear Art Garfunkel singing “as the sound of silence”…

I have confirmed this on a clean install, vista x86, and see exactly the same issue. My big folder, 698MB (Consist 66 NEF files), finished copying in 11 to 15 seconds before installing NIS. After installing, the same file was clocked to 40 seconds!
I write this on my work PC (for heavy imaging/video works), and sorry Symantec, your product is swapped for another where the same file is clocked to 16,6 seconds!

Kudos2 Stats

Re: '**Bug** IPS device driver causes network slowdown

An engineering team is working on this issue.  There are no solutions yet identified, though.

As one user mentioned, adding the remote mapped directory to the autoprotect exclusion lists will improve throughput somewhat by preventing additional AV scans, but use exclusions with caution. 

Kudos0

Re: '**Bug** IPS device driver causes network slowdown


bwoirhaye wrote:

An engineering team is working on this issue.  There are no solutions yet identified, though.

As one user mentioned, adding the remote mapped directory to the autoprotect exclusion lists will improve throughput somewhat by preventing additional AV scans, but use exclusions with caution. 


That doesn't make any difference from my tests and whatsmore, I don't use mapped network drives normally anyway and you cannot add a UNC path to the autoprotect exclusions so this wouldn't be a workable workaround for me even if it did make a difference. 

The issue is with the IPS component causing the slowdown as with the driver unloaded, normal network speeds are attainable.

I'm pleased that there is somebody working on the issue however, hopefully a solution will be forthcoming soon.

_____________________________________________________________________Microsoft Security Essentials 1.0 - Windows 7 Ultimate x64 RTM (Build 7600)Uninstalled NIS 2010 due to the unfixed IPS driver issue - network has never been faster!
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

As one of the earlier posts says, we are taking a look at the issue and we appreciate your patience.

In order to help us resolve it, we have asked for some environment details from some of you. It will help us expedite the investigation. Please respond to those Priovate Message so we can get some valuable information in isolating this.

Thanks,

-Ameya

Kudos0

Re: '**Bug** IPS device driver causes network slowdown

Is there any progress on this issue please as it is continuing to cause me issues with copying files to my server and it has been 2 weeks since the last update.

Cheers,

Will. 

_____________________________________________________________________Microsoft Security Essentials 1.0 - Windows 7 Ultimate x64 RTM (Build 7600)Uninstalled NIS 2010 due to the unfixed IPS driver issue - network has never been faster!
Kudos0

Re: '**Bug** IPS device driver causes network slowdown


metalhead82 wrote:

Is there any progress on this issue please as it is continuing to cause me issues with copying files to my server and it has been 2 weeks since the last update.

Cheers,

Will. 


Will,

We are still actively investigating this issue.  If you would be willing to help with information, send me a private message and I will reply with the sort of information that may help us resolve this.

-- Dave

---Sr. EngineerSecurity Technology and ResponseSymantec Corporation
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

I can now unequivocally confirm this issue. While transferring a 961MB .mov file to and from my QNAP TS-809, I get an average of 35MB per second transfer speed with NIS 2010 build 17.0.0.136 installed. With NIS 2010 uninstalled I get an average of 105MB per second transfer speed. At first I thought the new build (17.1.0.14) caused the slow down, but my speculations were incorrect.

Disabling services in NIS 2010 does not make a difference. I only get the full transfer speed if I uninstall NIS 2010 or boot into safe mode with networking.

What is the status of this issue?

Kudos0

Re: '**Bug** IPS device driver causes network slowdown

Let's hope that they will fix this soon. I have 55 days of subscription remaining. If this BUG isn't fixed by then, there will be no renewing of the subscription.

Regards,

Ole Martin

Kudos0

Re: '**Bug** IPS device driver causes network slowdown

I've gone to another product that doesn't interfere with my network throughput due to this issue. After having to put up with slow network speeds and after no update to this thread for a while, I decided that I'd had enough and uninstalled NIS.

If I could opt not to install the IPS component, I would use NIS again, but as it's all or nothing on the installation, I don't have that option.

Sadly, I find it unlikely that it will be fixed, as according to someone who posted earlier in the thread, it apparently existed in NIS 2009 also.

_____________________________________________________________________Microsoft Security Essentials 1.0 - Windows 7 Ultimate x64 RTM (Build 7600)Uninstalled NIS 2010 due to the unfixed IPS driver issue - network has never been faster!
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

Huh... didn't realize my NAS was this fast, since I acquired it NIS2010 has been installed. With NIS2010 installed I'm lucky if 65% of my LAN bandwidth is being used. Without NIS2010, well, a picture is worth a thousand words.

Message Edited by skypx on 11-02-2009 02:13 PM
Kudos2 Stats

Re: '**Bug** IPS device driver causes network slowdown

I want to assure you that we are committed to resolving this issue. We are dealing with a hard problem here and we need some time to get to the bottom of this.

Thanks for your patience,

-Ameya

Kudos0

Re: '**Bug** IPS device driver causes network slowdown


Ameya wrote:

I want to assure users that we are committed to resolving this issue. The solution may take a while or almost a new release to get to the field since we are dealing with a very hard problem.

Thanks for your patience,

-Ameya


I know this is the NIS/NA forum, but FYI 360 v4 beta exhibits the same issue.
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

Yes, that is expected. N360 currently has the same IPS engine as NIS/NAV 2010.

-Ameya

Kudos0

Re: '**Bug** IPS device driver causes network slowdown

I'll bet their driver can probably handle a megabit connection without much issue or degredation, but can't keep up with the bandwidth that a gigibit pipe demands. 

Kudos0

Re: '**Bug** IPS device driver causes network slowdown

I think it won't allow any more than about 400mbit/sec on a gigabit connection.

I'm not quite sure how the driver works, but it certainly doesn't work very well. Deep Packet inspection shouldn't have that much of a performance 'cost' so I'm not quite sure what they are doing with the packets.

Still....let me know when it's fixed and I might reinstall it. 

_____________________________________________________________________Microsoft Security Essentials 1.0 - Windows 7 Ultimate x64 RTM (Build 7600)Uninstalled NIS 2010 due to the unfixed IPS driver issue - network has never been faster!
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

Hi

A new IPS driver version was downloaded today via live update. I don't know if this will have any effect on your problem or not, but I did notice that the driver version is different while the number of definitions remained the same. It is possible that the driver was just changed and they left the same definitions or the change of definitions resulted in the number of definitions.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NS with BackUp 22.14.2.13 Core Firmware 237 I E 11
Kudos0

Re: '**Bug** IPS device driver causes network slowdown


floplot wrote:

Hi

A new IPS driver version was downloaded today via live update. I don't know if this will have any effect on your problem or not, but I did notice that the driver version is different while the number of definitions remained the same. It is possible that the driver was just changed and they left the same definitions or the change of definitions resulted in the number of definitions.


Can someone please verify this? Hopefully the new IPS driver has better performance.
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

Hi

 New one as of Nov 2 2009

Intrusion Prevention Engine version 4.5.0.67

Intrusion Prevention is monitoring 1482 signatures

Driver version 9.1.2.5


previous

Intrusion Prevention Engine version 4.5.0.67

Intrusion Prevention is monitoring 1482 signatures

Driver version 9.1.1.7

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NS with BackUp 22.14.2.13 Core Firmware 237 I E 11
Kudos0

Re: '**Bug** IPS device driver causes network slowdown


skypx wrote:

Huh... didn't realize my NAS was this fast, since I acquired it NIS2010 has been installed. With NIS2010 installed I'm lucky if 65% of my LAN bandwidth is being used. Without NIS2010, well, a picture is worth a thousand words.

Message Edited by skypx on 11-02-2009 02:13 PM

What concerns me about these pictures is that they are not consistent with timing data.  I've read through most of this thread again.  When people time throughput, the differential is on the order of 20%.  The graph suggests its on the order of 10000000%.  A file that takes 10 seconds to transfer would according to the graph take about 10 years to transfer.  Since we know that is not the case, let me suggest the possibility that the presence of NIS impinges on the data collection process so that you do not get accurate before-and-after pictures.  Personally, I would not be surprised if throughput time doubled or tripled for some files no matter what security system you have.  After all each bit has to be sidetracked, strings analyzed, then the bits put back into the flow to the other end of the transfer.  Essentially, one action per moment becomes three actions per moment.  There is no way this cannot have a significant impact on transfer speed, regardless of the analyzing product.

On the other hand, if the timings reflected the immense difference suggested by the graphs, then the throughput problem would be immense.

I think we need better data here.

mijN360 2013, v.20.1.0.24; Win7 Pro, SP1 (32 bit), IE 9, Firefox 14, No other active securityware
Kudos0

Re: '**Bug** IPS device driver causes network slowdown

The new IPS driver which was published today, does not have performance related fixes. It has some other updates that we had planned for a while.

-Ameya

Kudos0

Re: '**Bug** IPS device driver causes network slowdown


mijcar wrote:

skypx wrote:

Huh... didn't realize my NAS was this fast, since I acquired it NIS2010 has been installed. With NIS2010 installed I'm lucky if 65% of my LAN bandwidth is being used. Without NIS2010, well, a picture is worth a thousand words.

Message Edited by skypx on 11-02-2009 02:13 PM

What concerns me about these pictures is that they are not consistent with timing data.  I've read through most of this thread again.  When people time throughput, the differential is on the order of 20%.  The graph suggests its on the order of 10000000%.  A file that takes 10 seconds to transfer would according to the graph take about 10 years to transfer.  Since we know that is not the case, let me suggest the possibility that the presence of NIS impinges on the data collection process so that you do not get accurate before-and-after pictures.  Personally, I would not be surprised if throughput time doubled or tripled for some files no matter what security system you have.  After all each bit has to be sidetracked, strings analyzed, then the bits put back into the flow to the other end of the transfer.  Essentially, one action per moment becomes three actions per moment.  There is no way this cannot have a significant impact on transfer speed, regardless of the analyzing product.

On the other hand, if the timings reflected the immense difference suggested by the graphs, then the throughput problem would be immense.

I think we need better data here.


I agree with that picture I posted does not give an accurate measure of transfer speed, and I guess I should have posted another picture showing slowdowns incurred with NIS2010 installed; however, my intent was not to demonstrate transfer speed, but to quickly illustrate the average LAN bandwidth utilized during transfers with and without NIS2010 installed.

Your statement referring to "throughput time doubled or tripled for some files no matter what security system" is installed is a bit short sighted. I know of 2 security suites that do not incur such a penalty when transferring files to a NAS, but since this is a NIS/NA forum, I thought it best not to mention them.

Kudos0

Re: '**Bug** IPS device driver causes network slowdown


skypx wrote:

Your statement referring to "throughput time doubled or tripled for some files no matter what security system" is installed is a bit short sighted. I know of 2 security suites that do not incur such a penalty when transferring files to a NAS, but since this is a NIS/NA forum, I thought it best not to mention them.


I'm sorry, but I don't get it.  The only thing that would keep throughput time to a minimum would be to selectively not examine certain files.  Now that would make sense.  Certain files, based on their associations, could be eliminated as immediate threats.  For example, a file called "IMGOOD" without any extension cannot be an immediate threat and there would be every reason to release that file for immediate transfer.  On the other hand, if some other application were to search out IMGOOD and rename it to IMGOOD.reg, it could become a real problem.  I have no idea at all what Norton's strategy or logic is on this; I'm only mentioning it to show the problems of maintaining security.

On the other hand, having admitted to not knowing Norton's strategy here, it is possible that every file most pass through Norton's tube whether it is a threat or not.  That would mean Norton has to grab a byte, hand the byte on, release it, and have it sent on its way.  That's an engineering concern; and I need to stay out of that one, not knowing the real process.

But I will agree that it could severly crimp the works.  A slow-down of a factor of 4 or more has a real impact on any system that is constantly passing data on.  I'd be interested in what comes back to us.  Unfortunately, we get little information about the engineering logic, and that's what interests me the most.

mijN360 2013, v.20.1.0.24; Win7 Pro, SP1 (32 bit), IE 9, Firefox 14, No other active securityware
Kudos0

Re: '**Bug** IPS device driver causes network slowdown


mijcar wrote:
I'm sorry, but I don't get it.  The only thing that would keep throughput time to a minimum would be to selectively not examine certain files.  Now that would make sense.  Certain files, based on their associations, could be eliminated as immediate threats.  For example, a file called "IMGOOD" without any extension cannot be an immediate threat and there would be every reason to release that file for immediate transfer.  On the other hand, if some other application were to search out IMGOOD and rename it to IMGOOD.reg, it could become a real problem.  I have no idea at all what Norton's strategy or logic is on this; I'm only mentioning it to show the problems of maintaining security.

Ah... Excellent point! Obviously further testing is needed, more specifically is the transfer speed the same with the .mov file I mentioned earlier, after renaming the extension. I will post the results as soon as I'm finished. Thanks for the suggestion.

Kudos0

Re: '**Bug** IPS device driver causes network slowdown


skypx wrote:
... is the transfer speed the same with the .mov file I mentioned earlier, after renaming the extension. I will post the results as soon as I'm finished. Thanks for the suggestion.

I will look forward to the report.

The strategy reminds me of a host site I once used that wouldn't let me upload exe files, but allowed me to rename files after they been uploaded.  Well, that was a pointless restriction of theirs.

mijN360 2013, v.20.1.0.24; Win7 Pro, SP1 (32 bit), IE 9, Firefox 14, No other active securityware
Kudos1 Stats

Re: '**Bug** IPS device driver causes network slowdown


mijcar wrote:

I will look forward to the report.


My tests have been completed. For the tests I used a 961MB .mov file. The extension was renamed .old to complete the second half of the test. All tests were conducted twice, once with NIS2010 installed, and the other without. Screen shots were taken half way through the transfer.

With NIS2010 installed .mov file.

With NIS2010 installed .old file

Without NIS2010 installed .mov file

Without NIS2010 installed .old file

Based on my results I can infer the extension has no effect on the transfer speed. All LAN traffic is monitored although the NAS was added to the "Trusted" device list in NIS2010. 

This thread is closed from further comment. Please visit the forum to start a new thread.