Forum Discussion
scooterb_87043
Nimbostratus
NimbostratusPre-login AV scan takes 5 minutes - doesn't affect all users
The issue seems to be very random and so far we are unable to find the combination, settings or fix for this issue.
I seen it in a few instances when we were running opswat 2.5.10. The of affected users has grown since we updated to opswat 2.5.12 but can not specifically say that is the cause.
The frustrating thing is it seems to randomly affect users and has been difficult to recreate.
The issue when it happens is in our pre-login checks we require a supported AV and a scan to get network connection. Since 2.5.12 majority of the users this takes less then 1 minute [very fast]. The affected users this scan takes exactly 5 minutes never more never less in our tests.
We have tried uninstalling the F5 components manually, with F5 troubleshooting utility and Add/remove programs with no change in the scan time if a user has this issue. Have had F5 support webex into an affected laptop and they so far can not offer a resolution either.
We have reports of it affecting the following so there doesn't seem to be any patterns yet:
1. Windows XP SP2 and SP3 with IE 6 or 7 and Symantec Antivirus 10.1.6000 and 10.1.7000
2. Windows XP SP2 and SP3 with IE 6 or 7 and Symantec Endpoint Protection 11 MR2 and MR3 both only running AV and antispyware.
3. Vista with either SAV or SEP.
If anyone has the same issue or has found a fix please share.
It is so frustrating because a machine that has the issue multiple times and we have tried to no avail to remove F5 components and reinstall AV. Then the next users with identical setup [cloned laptop] will not have the issue.
William_Bell_97We are running in to this issue as well. In our enterprise it is also highly random. This only started occurring after we upgraded to 6.0.3 and the latest OPSWAT. We are also running SEP, and we see this on both MR2 and MR3 machines. Anyone from F5 have an idea?
scooterb_87043I have been pushing F5 support for a fix on this and we had enough affected users that we temporarily turned off the pre-scan. thank you for your reply F5 support has been trying to tell me we were the only reported case. I would encourage you to put in a web case with them this will show it affects more then 1 company.
That is interesting that you are running 6.03 and opswat 2.5.12 and also have the issue. We are still running 6.02 and newest opswat and having the issue. This confirms it is an opswat issue.
We were going to roll back but the other issue we have is even using their troubleshooting utility and remove components or manual unable to remove all the components. It leaves behind under program files\f5 the following files : opswatavcommon.dll and msvpc60.dll and the f5 activex components in the browser. With these components not removed rolling back to 2.5.10 network connection option does not work.
Only way I found to remove all components is in safe mode. No way to pull off this fix on 50 + affected remote users.
I will update this when they provide a fix.
The only bright spot is on Monday I finally had an f5 support tech able to reproduce the issue and has escalated the case.- William_Bell_97We opened a case with support this morning, we have been in contact with an engineer. I have asked for escalation due to the fact that our firepass is currently the only method for RAS access to some sensitive systems. I hope that this will speed things a long. I will push through our business channels if I don't see any movement by tomorrow afternoon.
Mike_61719Cirrus
We have
Perform processes scan is disabled.
Scan type is quick.
Allow user to termine virus scan is disabled.
What are your settings in the pre-logon sequence?- Mike_61719Bump, any reply from F5 guys? I am in the need to upgrade so if if an issue exist let us know.
- William_Bell_97A bug has been created within OPSWAT to track this issue. Bug9641. F5 product development is also looking into the issue.
- scooterb_87043In my case F5 said they turned it over to opswat but so far no fix has been provided. I worked with Symantec support and have tested many different settings with SEP. In a few cases we thought we had resolved it but after a few logins the issue would return.
- Mike_61719Dang, well hopefully a fix comes shortly.
- scooterb_87043Have not tested this yet but opswat 2.5.15 is supposed to address this.
OPSWAT believes they have fixed the issue in their latest SDK. Our development team has made the updated OPSWAT (2.5.15) package available on https://downloads.f5.com/ .
I now have an issue that with 2.5.12 on the clients even though our firepass is running 2.5.15 the clients are not updating. So far to get this to work have to add/remove programs the opswat Av & firewall. Hoping they have a fix for this. 
Ethan_26556....Did opswat 2.5.15 work for anybody?