Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: All TCP/IP Connections unuseably slow

  1. #1
    drmartin Guest

    Default All TCP/IP Connections unuseably slow

    To start, I need to say that I have been a computer programmer for almost 30 years so I have some experience with these kinds of issues. And, no, DR doesn't mean Doctor, it's the initials of my first and middle name ( Daniel R ) :-)

    Anyway, starting a few days ago ( I'm not sure exactly when ), it appears that ALL TCP/IP connections have been so badly slowed by ZA that it's no longer usable. I've been using ZA for about 5 years and have had the security suite installed for about a year. All of a sudden, it started doing this. It might have done an automatic update in the last few days, but I didn't really notice. I have searched this forum for many hours and tried every suggestion I've seen to no avail.

    When I terminate ZA, everything works fine. When it's running, every TCP/IP connection including FTP, Email and HTTP takes about 10 to 30 seconds. As you can imagine, a web page that requires 20 TCP/IP connections can take as long as 10 minutes. That's obviously unusably slow. The download speed also appears to be a bit slower but I haven't done extensive testing.

    I have Comcast cable with a Linksys wireless router and a 5 mbs connection.

    Other computers on the router, without ZA, do fine with both an Ethernet cable connection and wireless connection. I've switched cables, router ports, etc. so it's definitely none of those. Besides, when I terminate ZA, even this computer works fine. The only thing I've installed recently is Second Life and I've since uninstalled it and done a system restore to a few days ago when it was working fine. I have also ended every startup program, everything in the system tray and used Task Manager to terminate every process that it's possible to terminate without forcing a reboot. Nothing haa helped. I've even started ZA and turned off EVERY single protection including the anti-virus, anti-spam, firewall, etc.

    I've followed all the suggestions in all the forums that I could find including adding my DHCP, DNS and 127.0.0.1 TCP/IP addresses manually as "trusted", looked for an lspconflict.txt file (it wasn't there), run the majorgeeks TCP/IP and (I forget the other one) repair programs, rebooted many times, etc. When I looked at task manager, vsmon.exe is using 50% (exactly...every time) of the CPU but it also massively interferes without everything I do from switching windows, to loading other programs, to bringing up the start menu, etc. Basically, everything slows to a crawl while it's trying to make a TCP/IP connection.

    I'm stumped. Any ideas?

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:7.0

  2. #2
    Join Date
    Mar 2004
    Location
    Brisbane, Australia
    Posts
    645

    Default Re: All TCP/IP Connections unuseably slow

    It might be Windows doing the slowing down. As a start, open Task Manager and see if any one program or process is hogging the CPU time.

    Although this doesn't fit all the symptoms, you might be low on free disk space, or the hard disk might be too fragmented making memory swapping very slow. Try defragmenting it. One other thing that can slow things down is a program trying access a network resource (like drive on another PC) that is not available.

    Check these first.

  3. #3
    alphabeta Guest

    Default Re: All TCP/IP Connections unuseably slow

    Process Explorer from http://www.sysinternals.com is a useful free tool for performance analysis.

    Processes and threads utilities

    Download and run processexplorer to view running processes.

    right click on any running process > properties > to inspect

    Go to View > System information to see CPU usage .. click on CPU Usage History graph and move cursor over graph to see processes eating CPU cycles.

    ...

    For defrag use Contig tool here ..

    Contig

  4. #4
    smallwonder Guest

    Default Re: All TCP/IP Connections unuseably slow

    I'm having the same problem, and it isn't a windows issue. I've updated Zone Alarm on two computers in my house and it's made my wireless access totally unuseable and made the original broadband connection so slow that it's ridiculous. It's not a Windows issue--I've checked task manager and done every diagnostic my co-workers and I can think of. (I work in an IT department.) This is really frustrating and I'm thinking seriously of dumping Zone Alarm in favor of another product. The forum on CNet is full of people who are frustrated with the latest update and I was hoping that someone here had some idea what the problem might be.

  5. #5
    alphabeta Guest

    Default Re: All TCP/IP Connections unuseably slow

    Well you could try process explorer as suggested further down this thread and inspect the running zlclient.exe process .. right click .. properties .. inspect Performance Graph for that process.

    I have a sub-process running .. mantispm.exe (spam filter).

    Worth a try .. might give some insights.

    Do you have other security products installed (Norton)?

  6. #6
    drmartin Guest

    Default Re: All TCP/IP Connections unuseably slow


    <blockquote><hr>FrereOP wrote:
    It might be Windows doing the slowing down. As a start, open Task Manager and see if any one program or process is hogging the CPU time.

    Although this doesn't fit all the symptoms, you might be low on free disk space, or the hard disk might be too fragmented making memory swapping very slow. Try defragmenting it. One other thing that can slow things down is a program trying access a network resource (like drive on another PC) that is not available.

    Check these first.
    <hr></blockquote>

    As I mentioned in my original post, I have been programming computers for almost 30 years so I know a fair bit about checking task manager, defragging, low disk space, etc.

    It's none of those. I have plenty of disk space, I've defragged recently, I don't have any other security products installed etc. In fact, as I mentioned in the original post, I've used Task Manager to kill EVERYTHING else that can possibly be killed and it hasn't helped. Besides, none of that would come close to explaining 10 to 30 seconds to make a TCP/IP connection.

    I'll try process explorer but I think there's little chance it will do any good since I've used Task Manager to kill ALL other processes that can possibly be killed. The only process that shows any appreciable CPU usage is vsmon.exe itself (for those who don't know, that's a ZA process).

    The idea about it's trying to access a network resource that is not available is a good one. I've seen that happen before with Windows Explorer but MS has sinced fixed that BUG. If ZA is doing something similar, then they need to fix that BUG as well. It shouldn't be trying to access any network resources, much less one that isn't there anymore, every time it makes a TCP/IP connection. Besides, I'm pretty sure I've had all computers that share drives turned on at the time I was experiencing the problems and I don't have any other shared network resources. In addition, I believe doing a system restore to a time when it was working properly would have solved it if that were the case. I'll try some stuff out when I get home though, just in case.

    I suppose there is also a theoretical possibility that it's still trying to access a USB drive that isn't turned on. That would also be a BUG. I thought of those things on the way to work today so I'll try them out when I get home. I do have a lot of USB drives, thumb drives etc.

    The only other option I can see at this point is to try un-installing ZA and re-installing it or re-installing a previous version. I'll have to do some searching to find my product key (or whatever it needs) though.

  7. #7
    alphabeta Guest

    Default Re: All TCP/IP Connections unuseably slow

    If you do try Process Explorer note that VSMON is a system process .. there are system processes and user processes which all show up in Task Manager list .. but with little information on individual performance footprint.

    ...

    In Process Explorer I can inspect VSMON like this ..

    Toolbar &gt; View &gt; Show processes from all users

    Expand System in process tree

    go down to VSMON.EXE

    there might be sub-processes

    ScanningProcess.exe
    Monitor.exe

    Right click on VSMON

    Set priority (my setting is normal 8)

    Open properties &gt; switch through properties tabs ..

    Message Edited by alphabeta on 04-18-200710:29 PM

  8. #8
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: All TCP/IP Connections unuseably slow

    DRMartin

    Several points and perhaps you have checked these already...

    Svchost.exe or Generic Host Process has Trusted Server Rights?

    Program Control slider is at Medium?

    Trusted Security Zone slider is at Medium?

    OSFirewall tab has the startup and host file set at allow or two flat bars?

    Email clients and the browsers have three green bars?

    Open the C\WINDOWS\Internet Logs and look for a lspconflict.txt. Open it if exists. There will be one or two items listed and these will help determine any conflics. Alternatively try the LSP Fix to inspect the LSP to see if there are any trojans injected or LSP conflicts on the system.

    ZA products are designed to be used only with the Winsock file that ships with all current Windows versions. If you find multiple copies of the WSOCK32.DLL, right-click on each filename, select Properties, then Version. The official version should be found in your SYSTEM or SYSTEM32 folder. Try renaming the unofficial versions found elsewhere to WSOCK32.OLD (don't delete them until you are certain that all of your programs work properly!).

    IM or Google Desk-top searches could be running and causing issues. Alternatively, additional spyscanners or email anti-spammer could be proxying and doing site blocking, cookie control, web filtering, IM control, email control. All of these could be causing a conflict. Plus any application with Internet Server rights will be a possible source. Disable all other filters and Internet Server rights and reboot and see what happens.

    Any recent uninstall of other antiviruses or firewalls or antispyware applications? There could be the possibility of remaining drivers or files that could be the cause.


    You have tried resetting the TCP/IP with netsh command and seen if there is any differences?

    All drivers have been updated?

    Last but not leat, the ZA database reset has been attempted?

    Oldsod
    Best regards.
    oldsod

  9. #9
    drmartin Guest

    Default Re: All TCP/IP Connections unuseably slow


    <blockquote><hr>alphabeta wrote:
    If you do try Process Explorer note that VSMON is a system process .. there are system processes and user processes which all show up in Task Manager list .. but with little information on individual performance footprint.

    ...

    In Process Explorer I can inspect VSMON like this ..

    Toolbar &gt; View &gt; Show processes from all users

    Expand System in process tree

    go down to VSMON.EXE

    there might be sub-processes

    ScanningProcess.exe
    Monitor.exe

    Right click on VSMON

    Set priority (my setting is normal 8)

    Open properties &gt; switch through properties tabs ..

    Message Edited by alphabeta on 04-18-200710:29 PM
    <hr></blockquote>


    Ok, I downloaded Process Explorer and checked out vsmon.exe. I don't know exactly what all this means but the number of &quot;reads&quot; looks extraordinarily high. If that's the number of disk reads then ZA is definitely going crazy. After accessing perhaps 20 web sites with Firefox, the number of reads is over 400,000,000. When I'm actually trying to access a web page, the &quot;Read Delta&quot; is in the 120 MB to 130 MB range. I don't know exactly what that means either but it looks extremely high. It also has 34 Threads running which seems a bit excessive. Also, after having booted up about 2 hours ago, most of my time has been spent watching TV and I've probably only visited abou 20 web sites yet the Kernel time is 19:07.062. That seems extremely excessive for just a few web pages as well.

  10. #10
    drmartin Guest

    Default Re: All TCP/IP Connections unuseably slow


    <blockquote><hr>Oldsod wrote:
    DRMartin

    Several points and perhaps you have checked these already...

    Svchost.exe or Generic Host Process has Trusted Server Rights?

    Program Control slider is at Medium?

    Trusted Security Zone slider is at Medium?

    OSFirewall tab has the startup and host file set at allow or two flat bars?

    Email clients and the browsers have three green bars?

    Open the C\WINDOWS\Internet Logs and look for a lspconflict.txt. Open it if exists. There will be one or two items listed and these will help determine any conflics. Alternatively try the LSP Fix to inspect the LSP to see if there are any trojans injected or LSP conflicts on the system.

    ZA products are designed to be used only with the Winsock file that ships with all current Windows versions. If you find multiple copies of the WSOCK32.DLL, right-click on each filename, select Properties, then Version. The official version should be found in your SYSTEM or SYSTEM32 folder. Try renaming the unofficial versions found elsewhere to WSOCK32.OLD (don't delete them until you are certain that all of your programs work properly!).

    IM or Google Desk-top searches could be running and causing issues. Alternatively, additional spyscanners or email anti-spammer could be proxying and doing site blocking, cookie control, web filtering, IM control, email control. All of these could be causing a conflict. Plus any application with Internet Server rights will be a possible source. Disable all other filters and Internet Server rights and reboot and see what happens.

    Any recent uninstall of other antiviruses or firewalls or antispyware applications? There could be the possibility of remaining drivers or files that could be the cause.


    You have tried resetting the TCP/IP with netsh command and seen if there is any differences?

    All drivers have been updated?

    Last but not leat, the ZA database reset has been attempted?

    Oldsod
    <hr></blockquote>


    I've read most of these points in other posts so I've done the following:

    1. Made sure Generic Host Process has trusted server rights - it did.
    2. Program control slider is at max because I'm a little paranoid about trojans but even when I turned it off, it made no difference.
    3. All email, FTP, browser etc. have three green bars.
    4. There is no lspconflict.txt file
    5. Trusted Security Zone slider is at Medium.
    6. I've run the LSP fix.
    7. I've also run several security tests on several different web sites to scan for open ports and have run a complete virus check using Zone Alarm itself and run Trend Micro's Office Scan free online scan although I've been &quot;online&quot; in one form or another for about 25 years and I'm very knowledgeable and careful about that kind of stuff and have never been infected with a virus or trojan.
    8. I don't have multiple copies of WSOCK32.
    9. I am not running ANY other spam blocking, web filtering, IM control, email control or anything remotely similar to that. In fact, I killed every process I could possibly kill, disabled all my Firefox plugins, tried Internet explorer which has no plugins and turned off every protection that Zone Alarm has and it made no difference. And email and FTP were also extremely slow making the connections. Also, if I terminate ZA, everything works fine. If I then re-start it, it slows to a crawl again.
    10. Google and other desktop searches don't cause TCP/IP connections to take 10 to 30 seconds to establish but it's a moot point anyway because I killed ALL other processes that could be killed.
    11. I don't use IM.
    12. No recent install or uninstall of any programs except Second Life which I subsequently uninstalled and then did a system restore from several days ago, before Second Life was installed and when I know it was running ok.



    I'm not familiar with the netsh TCP/IP reset or ZA database reset so if you could explain those to me, I would appreciate it.

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •