CPM/Trend - Long Boot Wait Time

(imported topic written by Vern91)

He have some developers that are seeing a very slow boot time, 3 minutes to boot. It hangs at boot at the “updating configuration”. Typically this will fly by at boot and is hardly noticed. Turning off Trend’s “Real-Time” scan, the machine boots normally. Turning back on “Real-Time” scan and the machine stalls at boot.

I am thinking that this is due to the excludes that we are using for this team. The exclude is ;

Target: Scan Exclusions (Directories, Files, File Extensions)

C:\CCViews|C:\CCViewsStorage|C:\ClearCase|C:\Eclipse|C:\NoScan|C:\VirtualMachines|C:\Workspaces|

D:\CCViews|D:\CCViewsStorage|D:\ClearCase|D:\Eclipse|D:\NoScan|D:\VirtualMachines|D:\Workspaces|

E:\CCViews|E:\CCViewsStorage|E:\ClearCase|E:\Eclipse|E:\NoScan|E:\VirtualMachines|E:\Workspaces|

F:\CCViews|F:\CCViewsStorage|F:\ClearCase|F:\Eclipse|F:\NoScan|F:\VirtualMachines|F:\Workspaces|

G:\CCViews|G:\CCViewsStorage|G:\ClearCase|G:\Eclipse|G:\NoScan|G:\VirtualMachines|G:\Workspaces|

C:\Program Files\BigFix Enterprise\BES Client__BESData|C:\Program Files\BigFix Enterprise\BES Relay|C:\Program Files\BigFix Enterprise\BES ServerExcludedFile =|, ,

( would be nice if there was a global, exclude everything that appears in this directory where ever it appears on the machine)

My thought are the machine is reading the Trend configuration. Looking for the G drive on the machine(s) and discovering that there is no G drive, erroring out and them waiting for the OS to process the error before continuing to run the start-up at boot.

Thought are welcomed.

Cheers

Vern

(imported comment written by SystemAdmin)

Hello,

The real time scan only kicks in when there is a read/write action happening. If the drive does not exist - and no file is being loaded from it - I should think the scanner will be quiet. By looking at your exclusions - it appears they are for virtual machines. I know VMWare loads into memory at boot up these days - so maybe excluding the VMWare directory (or if using Microsoft). That might help. Any big taxing app that spins up with a boot up could potentially go slower with the real time scanner. Big SQl connections also could take a hit.

Cheers,

Mike

(imported comment written by BenKus)

Hi Vern,

Here is some info I got from our Trend contacts:

  • Under HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-CillinNTCorp\CurrentVersion\Misc.
  • modify registry key “dtas” value to 1
  • verify if problem is resolved.
  • If the issue persists, delay the RealTimeScan process from starting at startup. Do the following:
  • Go to the HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration\ hive.
  • Change/Add the value of the registry key “NTRtScanInitSleep” to “6000” (DWORD, Decimal).
  • verify if the problem is resolved.

If you continue to have an issue, please contact BigFix support and they can help you (or they will work directly with the Trend engineers to help you).

Ben