Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 4760 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Slow boot up

Finton

Hi,

Has anyone expierenced slow boot up times since upgrading to version 9?

When booting up the PC sits at "Applying computer settings"  for up to 4 minutes.  I have checked my DC's and DNS servers. 

I have also logged a case with Sophos technical support who advised me to try the following.

Exclude remote files.

Exclude the following from On access scanning

%windir%\system32\netwin32\netwin32.dll
%windir%\security\templates\policies\gpt00000.dom (hidden file)
%windir%\system32\drivers\fips.sys
%windir%\system32\drivers\srv.sys
%windir%\system32\TxfAux.dll
%windir%\system32\mswsock.dll
%windir%\system32\sp3res.dll
%windir%\system32\rnr20.dll
%windir%\system32\rpcss.dll
%windir%\system32\authz.dll
%windir%\system32\es.dll
%windir%\system32\netman.dll
%windir%\system32\oakley.dll
%windir%\system32\pstorsvc.dll
%windir%\system32\rasadhlp.dll
%windir%\system32\regsvc.dll
%windir%\system32\winipsec.dll

Disable the Auto update service.

None of these have worked.  Additionaly I disabled HIPS.

The only thing that makes a difference is if I disable on access scanning.  The the PC boots up as normal.

Like I said I have logged a case with Tech support and I'm waiting for them to get back to me.

Thanks

Graeme

:5878


This thread was automatically locked due to age.
  • 0

    Try process monitor boot logging:

    http://www.ghacks.net/2009/10/09/use-process-monitor-to-optimize-the-windows-boot-process/

    If it is just on-access, remember SAV will only scan what the system requests.  So if SAV scans a file, something else has requested access to it.

    But maybe it is having a problem with a file.

    Are you using default scan settings ?

    Does changing the scan settings help ?

    OD

    :5881
  • 0

    Hi,

    It is worth noting that the exclusion in that form will not be excluded. You can't use %windir%, it would need to be expanded.

    Having limited it to on-access scanning and returned the scanning setting to default.  I would perhaps be more brutal with exclusions to speed up the testing. E.g.

    1. Exclude: drive C: restart, any better?  If so, at least we know it's scanning something that slows things down.

    2. If excluding "C:" helped, remove that exclusion and exclude: "C:\windows\"

    Note the trailing backslash to denote a directory.  Does that help?

    If not try "C:\Program files\" and "C:\progra~1\", etc..

    Hopefully you can narrow it down to at least a top level directory.

    I would then as OD suggests, log boot using Process Monitor, you can filter on:

    Show only "File" operations, and adjust the filter based on the exclusions tests.

    Process Monitor gives good overall stats regarding most read files etc..

    It can be quite sow progress to narrow it down but it can also be an interesting challenge :)

    Thanks,

    Jak

    :5883
  • 0

    Thanks for replying guys!

    Using Process Monitor I have managed to narrow it to file access in the system32 folder and hope to narrow it down further.  Which I've excluded on a test policy I have.  Boot up times are back to what they were.  Hopefully I will get this cracked!

    Your help is really appreciated and thanks again!

    Graeme

    :5910
  • 0
    God, why not use a software to fix this problem,try to google tuneup360, this will be easier.
    :6163
  • 0

    Any closer on tracking down which directories are the culprits? We are having the same problem with our XP computers, along with some crazy RAM usage that I haven't been seeing in our Windows 7 clients.

    I'd love to hear what you come up with.

    Thanks

    :19097
  • 0

    I would suggest if you can easily reproduce the slowness and you've narrowed it down to on-access scanning (you've already ruled out suspicious behaviour, data control, on-write, restored SAV to the defaults, etc) just exclude a very high level directory for example:

    "C:\windows\"

    does that help?  If it does at least you're getting warner if you like.

    I would think that: "C:\windows\CSC\" if you have a lot off offline files could be a contender during a sync? Or maybe: "C:\Windows\SoftwareDistribution \" during Windows Update activity.  

    Process Monitor would be the obvious tool of choice to see exactly what's going on in order to make informed decisions rather than guessing. :)

    Note: When making directory exclusions, do remember the trailing slash, otherwise you're just making a file exclusion for a non existant file :).

    Regards,

    Jak

    :19103