ZCM Login is very slow with Trend micro Office Scan Installed

  • 7003932
  • 21-Jul-2009
  • 24-Oct-2013

Environment

Novell ZENworks 10 Configuration Management with Support Pack 2 - 10.2
Novell ZENworks 10 Configuration Management with Support Pack 3 - 10.3
Novell ZENworks 11 Configuration Management
Novell ZENworks 11 Configuration Management Support Pack 1 - ZCM 11 SP1

Situation

If the ZCM Agent and the Trend Micro Agent are both installed on the same device, some devices take over 90 seconds before the Windows Desktop first appears.
If the Trend Micro Agent is removed, the desktop generally appears in under 10 seconds.
 
If using Trend Micro version 10.5, improving the performance using the OfficeScan delay also delays network connectivity by the time of the delay. If delaying for 2 minutes, then network connectivity will not be available for 2 minutes. On Windows XP workstations the login prompt may pop up before the network is available creating a login failure if the user logs in before the network is connected.

Resolution

Follow Trend Micro Solution ID: EN-1038051: "Improving the performance of OfficeScan clients or Client/Server Security Agents"

  • If running Trend Micro 10.5 on Windows XP workstations and experiencing the network connectivity delay, add a Windows Group policy to 'Wait on network at startup'. This will delay the login prompt the amount of time the OfficeScan delay is set for. However, users will login successfully because network connectivity will then be available.
  • Change the way Nalwin.exe is launched on login from a bundle to a registry entry at HKEY\Local Machine\Software\Microsoft\Windows\CurrentVersion\Run
  • Delay the Trend Micro real-time scanner from running for five minutes by modifying the following two registry keys:

  HKEY\Local Machine\Software\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration\NTRtScanInitSleep [DWORD=0]

 HKEY\Local Machine\Software\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration\PccNTMonInitSleep [DWORD=300000]

  •   Modify the workstation group policy by modifying
            Computer Configuration – Administrative Templates -  Windows Components – System – Logon -
              “Always wait for the network at computer startup and logon” to Enable
  • Update the ZENworks Agent to 10.3.3 or later
  • Remove all unnecessary bundle requirements
  • Remove Migrated bundles created by the ZEN Migration utility with more than 20 action items and redeploy as an MSI
  • Below were additional registry entries provided by Trend Micro Support

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TmFilter\Parameters]

"DisableCtProcCheck"=dword:00000001

"BypassSearchIdx"=dword:00000001

"DebugLogFlags"=dword:00000000

"LocalCH"=dword:00000001

"BypassZenworks"=dword:00000001

"AsyncCloseScan"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.]

"EnableProcessScanForStartUp_Enforcement"=dword:00000000

"EnableProcessScanWhenScan_Enforcement"=dword:00000000

Additional Information

The issue is caused by the "Real-Time Scan Service" (NTRTSCAN).
If this service is simply running, even if the Real-Time Scan Service is disabled via configuration and has a status of "Off", logins will be significantly delayed.
Disabling the service will restore logins to normal speed.
 
The Trend Micro Solution ID: EN-1038051 details how to configure this service so that it does not impact login performance when it is enabled.