Web browsing random delays; Chrome, IE, Firefox

Hi,

Resetting Winsock is one way to remove the Sophos LSP and any other LSPs that are installed. I wouldn't recommend that unless Winsock has been corrupted.  

Removing the LSP will render the following features useless as the LSP provides the hook used to access the traffic:

- Web Control

- Download scanning

- Ability to block malicious websites

These are the current 3 features that rely on an LSP on XP/2003/Vista/Windows7/2008.  Windows 8/2012 use a WFP callout driver, more info here: http://msdn.microsoft.com/en-gb/library/windows/hardware/ff571068%28v=vs.85%29.aspx

If you disable via, policy WebC, Download Scanning and malicious websites. Then the next time the computer restarts the LSP will be unloaded.  In effect, the next time the 'Sophos Web Intelligence Update' service starts this happens.  It is done in this way to minimise applications having a problem if its removed at startup.

I doubt "dowload" scanning feature is the cause for the delays you mention, that scanning is performed at the client.

Web Control and blocking of malicious websites both require a lookup to the Sophos SXL servers to make a classification.  You could disable this independantly to see which one is the problem, if you don't have Web Control enabled though it must be  block malicious websites.

This lookup is currently a HTTP request.  So it would be interesting to see the latency this lookup is adding as it should be minimal depending on where the computer is.  Is it in the US?

Out of interest, if you set:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Web Intelligence\WebControlAvailable DWORD to 0, this will cause the web intelligence service to perform DNS lookups rather than HTTP, that might be an interesting test.

Also, what version of SAV are you using as later version use parallel HTTP lookups rather than sequential ones?

Regards,

Jak

Hi,

Resetting Winsock is one way to remove the Sophos LSP and any other LSPs that are installed. I wouldn't recommend that unless Winsock has been corrupted.  

Removing the LSP will render the following features useless as the LSP provides the hook used to access the traffic:

- Web Control

- Download scanning

- Ability to block malicious websites

These are the current 3 features that rely on an LSP on XP/2003/Vista/Windows7/2008.  Windows 8/2012 use a WFP callout driver, more info here: http://msdn.microsoft.com/en-gb/library/windows/hardware/ff571068%28v=vs.85%29.aspx

If you disable via, policy WebC, Download Scanning and malicious websites. Then the next time the computer restarts the LSP will be unloaded.  In effect, the next time the 'Sophos Web Intelligence Update' service starts this happens.  It is done in this way to minimise applications having a problem if its removed at startup.

I doubt "dowload" scanning feature is the cause for the delays you mention, that scanning is performed at the client.

Web Control and blocking of malicious websites both require a lookup to the Sophos SXL servers to make a classification.  You could disable this independantly to see which one is the problem, if you don't have Web Control enabled though it must be  block malicious websites.

This lookup is currently a HTTP request.  So it would be interesting to see the latency this lookup is adding as it should be minimal depending on where the computer is.  Is it in the US?

Out of interest, if you set:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Web Intelligence\WebControlAvailable DWORD to 0, this will cause the web intelligence service to perform DNS lookups rather than HTTP, that might be an interesting test.

Also, what version of SAV are you using as later version use parallel HTTP lookups rather than sequential ones?

Regards,

Jak