Loading Profile...
SPFW slow/killing file copying across windows network - please help
I have Sunbelt PFW installed on 4 PCs (along with VIPRE) on an internal gigabit switched network and am seeing *very* slow file transfer and file transfers that suddenly drop without warning due to SPFW on the receiving PC treating the file transfer as an attack.
More info:
The PCs are 2 x WinXP SP3, 2 x WinVista32, and they all have the correct "trusted" network properties set up in SPFW.
Copying small files across the network is slow - Windows Explorer in Vista on the host PC reports file copy across the network at 5 mb/sec when SPFW is running, but this jumps to 13 MB/sec when SPFW it is disabled on the recipient PC and 20 mb/sec when disabled on the host PC as well.
Worse than this are the random dropouts - file transfers suddenly drop without warning, seemingly due to SPFW on the recipient PC believing the file transfer to be suspicious network activity.
The log on the recipient PC shows the following "[denied]" activity at the time the network connections are silently dropped:
NETBIOS SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt
NETBIOS SMB DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt
(I have VIPRE installed with latest updates on all 4 PCs, so would hope this is not actually suspicious activity, but rather SPFW thinking the file transfer is a false positive).
Please advise how to set up the SPFW and VIPRE on all 4 PCs so as to achieve the best functioning internal network - right now these PCs can't talk to each other.
Thanks for your help
More info:
The PCs are 2 x WinXP SP3, 2 x WinVista32, and they all have the correct "trusted" network properties set up in SPFW.
Copying small files across the network is slow - Windows Explorer in Vista on the host PC reports file copy across the network at 5 mb/sec when SPFW is running, but this jumps to 13 MB/sec when SPFW it is disabled on the recipient PC and 20 mb/sec when disabled on the host PC as well.
Worse than this are the random dropouts - file transfers suddenly drop without warning, seemingly due to SPFW on the recipient PC believing the file transfer to be suspicious network activity.
The log on the recipient PC shows the following "[denied]" activity at the time the network connections are silently dropped:
NETBIOS SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt
NETBIOS SMB DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt
(I have VIPRE installed with latest updates on all 4 PCs, so would hope this is not actually suspicious activity, but rather SPFW thinking the file transfer is a false positive).
Please advise how to set up the SPFW and VIPRE on all 4 PCs so as to achieve the best functioning internal network - right now these PCs can't talk to each other.
Thanks for your help
I’m frustrated
1
person has this problem
I have this problem, too!
Tell me when someone solves it.
The more people who report this problem, the more it gets noticed.
The more people who report this problem, the more it gets noticed.
Create a customer community for your own organization
Plans starting at $19/month
-
Inappropriate?Hello Crobin,
Follow the below instructions to make sure SPF is set up for Home Networking. Under Network Security, Under Applications, make sure you have Any Other Applications set to ask for both Trusted and Internet in, and permit for both Trusted and Internet out.
Also under Network security, under applications, make sure Windows File and Printer Sharing Trusted In and Trusted Out are set to Permit.
Under Predefined, change other ICMP packets set to permit for trusted and Internet. Also Broadcast,those need to be set to permit as well. Under the trusted area tab, make sure you have a check mark in all of the available options. Under Advanced tab, make sure you have Gateway Mode enabled.
If you are still having problems after making these changes, just let us know.
Regards,
Jason Layman -
Inappropriate?Hi Jason, I went through all your suggestions and they don't affect the network speed:
With SPF on, Windows Vista still reports file copy across the network at 5 mb/s, but setting SPF to "Disable Firewall" sees a jump to 10 mb/s when copying from a linux fileserver or Windows XP box also with SPF installed. When disabling SPF on the XP box I then get 20 mb/s.
I already have the subnet defined as trusted - Is there any way to specifically define IP blocks as allowed to punch a hole in the firewall?
I’m frustrated
-
Inappropriate?ps. If I uncheck the NIPS module it has the same effect of doubling speed ( I guess it's pretty much the same as disabling the firewall)
I’m frustrated
-
Inappropriate?Crobin,
Under the Logs & Alerts section, go to the NIPS tab at the bottom. Is anything being logged as blocked?
Regards,
Jason Layman -
Inappropriate?Hi Jason,
There are some inbound ICMP L3retriever ping requests being denied by boxes on the local subnet which are classified as medium/denied (even though "Ping/Tracert" and "Other ICMP" packets are both set to permit for Trusted networks under Predefined tab.
I tried a manual update over the weekend (was previously running v4.6.1845) which has resuled in slightly faster networking copying to/from a linux box (Buffalo Terasation) on the same subnet - (it was strange that the auto update checking didn't pick up a newer version was available)
My Component versions are now:
System service: 4.6.1861.0
User interface: 4.6.1861.0
Translations: 4.3.100
Rules: 4.3.225.0
Driver: 4.6.1860
SFE API: 4.6.1861
HIPS Driver: 4.6.1827
Advanced mode.
Are these all the latest packages?
I will now try manually updating the WinXP machine (if it is running v4.6.1845 also) and report back.
I’m undecided
-
Inappropriate?Crobin,
SPF 4.6.1861 is the current version. After updating, are you still receiving the same problem? If so, can you send me this file; (C:\Program Files\Sunbelt Software\Personal Firewall\Config\IDSRules\icmp.rlk)
Sent it to support@sunbelt-software.com. Reference ticket number 001-00-258930 in the subject line of the email.
Regards,
Jason Layman
