Jump to content

ESET drastically slows the connection speed under a VPN

Paolo Pichierri
 Share

Recommended Posts

Paolo Pichierri

Paolo Pichierri 1

Posted
Posted

Hello,
I have done many tests to verify that it is not a coincidence.
This is situation with ESET installed:
2.png.72b69561fa03ee9a57a4d820ac3b7580.png
This is situation without ESET installed (Windows Defender or Norton Antivirus):
1.png.d37a988dbb1c4c3fc7e2c8bcc646c122.png
I can't solve the problem just disabling ESET protection & ESET Firewall, I am forced to uninstall ESET to solve it.
NOTE 1: this problem occurs only with a VPN connection;
NOTE 2: VPN connection speed is OK immediately after ESET installation, I have to reboot the system to encounter the problem.
Please, do You have any advice?

Here is some useful information:
OS: Windows 10 PRO (1903), 64 bit;
ESET: ESET Internet Security 13.0.22.0;
VPN Providers I have tested: Mullvad, Surfshark;
Web browsers where I have done speed test: Google Chrome, Mozilla Firefox;
Speed Test website: https://www.speedtest.net/

Thank You

Link to comment
Share on other sites
  • Most Valued Members
cyberhash

cyberhash 188

Posted
  • Most Valued Members
Posted

Seen other people mention that they have issues when using a vpn but have never encountered any issues myself. I use "Windscribe".

Very little difference for me between the connections.

Screenshot_2019-11-20 Speedtest by Ookla - The Global Broadband Speed Test(1).png

Screenshot_2019-11-20 Speedtest by Ookla - The Global Broadband Speed Test.png

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

Does temporarily disabling protocol filtering make a difference?

Please reproduce the issue with advanced oper. system logging enabled under Tools -> Diagnostics. After reproducing the issue, disable logging and provide the etl log from the "C:\ProgramData\ESET\ESET Security\Diagnostics" folder as well as ELC logs for perusal.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

No Procmon log is needed. Please enable advanced OS logging, reproduce the issue, then stop logging, compress the file "C:\ProgramData\ESET\ESET Security\Diagnostics\EsetPerf.etl"  and provide it to us.

For instructions how to collect logs with ELC, please read https://support.eset.com/en/how-do-i-use-eset-log-collector.

image.png

Link to comment
Share on other sites
Paolo Pichierri

Paolo Pichierri 1

Posted
  • Author
Posted

Thanks for your help, You are right, I did not disable the correct parameter I disabled it just now, so I performed the speed-test again. Unfortunately, as You can see, disabling it does not lead to a significant improvement:

2.png.b1da6cd5833ad1ec77185c5a6de83051.png

 

 

 

               3.png.611804a34196e41e38a6cf5a3d6d4628.png

 

Link to comment
Share on other sites
SRT

SRT 1

Posted
Posted

Does not slow my connection down at all. In fact it is faster with EIS than all the other firewall I have used.

Using PrivateVPN , with AES-256-GCM encryption.

Use to use Windscribe (life-time license), but do not trust or like it at all in my opinion.

 

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

Please try the following:
- reboot Windows to safe mode
- rename "C:\Program Files\ESET\ESET Security\Drivers" to drivers_bak for instance
- rename C:\Windows\System32\drivers\epfwwfp.sys, e.g. to C:\Windows\System32\drivers\epfwwfp.bak
- start Windows in normal mode.

Does the issue still persist or it's gone?

Link to comment
Share on other sites
Paolo Pichierri

Paolo Pichierri 1

Posted
  • Author
Posted

I followed your advice (now there are some red security warnings on ESET window), but unfortunately the connection speed is always about 7,5 Mbps.
NOTE: I performed a lot of tests (with the same web-browser, the same server, the same speed-test) and I noticed that sometimes at the end of the test (the last 1-2 seconds) the connection speed increases rapidly towards the correct value (after a long period of constant 7,5 Mbps)

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

If renaming the driver didn't make any difference, then the issue seems to be in Windows Filtering Platform that is a part of Windows and simply registering a callout to WFP without doing anything with the traffic causes the issues. I'm gonna send you instructions how to unregister ESET from WFP soon which should confirm my assumption.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

Please try unregistering ESET from Windows Filtering Platform (WFP) as follows:

1, Download EpfwWfpRegV10.10-64.exe from https://drive.google.com/file/d/12NA8G4j_YUUhTe5zvvWFTlrUuIoa3LR6/

2, Run "EpfwWfpRegV10.10-64.exe /unreg" with elevated administrator rights. You should get something like this:
Unregistering callouts and filters through BFE.
Removed 56 (0) filters, 28 callouts, 2 sublayers, 1 providers.
Exit status 0x0: OK                                             

3, Check if the issue is gone. After a computer restart, ESET will re-register to WFP so do not restart the machine while testing.

Link to comment
Share on other sites
Paolo Pichierri

Paolo Pichierri 1

Posted
  • Author
Posted

First of all, Thanks for your professional technical support.
I took your advice & got your same result:
Removed 56 (0) filters, 28 callouts, 2 sublayers, 1 providers.
Exit status 0x0: OK
Unfortunately this did not solve the problem (I ran cmd as administrator and I did not restart my PC).

However I have an update, until now I performed speedtests through "Single Connection Mode",  because I have read "Single Connection Mode is ideal for testing a vpn or downloading a file".  But if I switch to "Multi Connection Mode"  the indicated connection speed is approx 18 Mbps.  I don't know technically the difference between one mode and another, anyway the correct speed is 18 Mbps because it is consistent with the effective download speed which I reach in some applications like utorrent.  The strange thing is that only with ESET i get  so different values from the two modes, this does not happen with all the others security suites I have tested.

Thanks again

1.png.c871d4f7b73c6d11c79df15f8be59643.png

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

Please try the following but now rename all ESET drivers:
- in normal mode disable Webcam protection:

image.png
- reboot Windows to safe mode
- rename "C:\Program Files\ESET\ESET Security\Drivers" to drivers_bak for instance
- rename the following drivers:
C:\Windows\System32\drivers\epfwwfp.sys (e.g. to C:\Windows\System32\drivers\epfwwfp.bak)
C:\Windows\System32\drivers\eamonm.sys
C:\Windows\System32\drivers\ehdrv.sys
- start Windows in normal mode
- if that doesn't make any difference either, try renaming ekrn.exe in safe mode ("C:\Program Files\ESET\ESET Security\ekrn.exe" )

 

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

Please provide logs collected with ESET Log Collector when all drivers and ekrn are renamed and ESET is not registered in WFP. It's virtually impossible that after doing that ESET would have any effect on the OS and applications whatsoever.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

It seems that epfw.sys is running, please rename it as well.

If that doesn't help, the only thing that we can think of to try is changing the value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\<Interface GUID>\TcpAckFrequency from 1 to 2 (https://support.microsoft.com/en-us/help/328890/new-registry-entry-for-controlling-the-tcp-acknowledgment-ack-behavior).

Link to comment
Share on other sites
Paolo Pichierri

Paolo Pichierri 1

Posted
  • Author
Posted

Renaming all the drivers & ekrn and unregistering ESET from WFP did not solve the problem.
But changing the value TcpAckFrequency from 1 to 2 solved the problem!
This is the situation now (all ESET drivers activated, ie not renamed) :
 
2022671273_Screenshot2019-11-2818_56_43.png.c14db924ed6ee1bada690f0e8f4e139b.png

NOTE: as You can see, following the path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ I found a lot of sub-folders, so I changed the value TcpAckFrequency from 1 to 2 for for each of them. Can this  affect my PC performance/security? What does it have to do with ESET?

1575695408_Screenshot2019-11-2819_08_31.png.c31407ab73722357f0dc73134cc4c4c0.png

Thanks for your help.

Link to comment
Share on other sites
  • Most Valued Members
peteyt

peteyt 393

Posted
  • Most Valued Members
Posted
1 hour ago, Paolo Pichierri said:

Renaming all the drivers & ekrn and unregistering ESET from WFP did not solve the problem.
But changing the value TcpAckFrequency from 1 to 2 solved the problem!
This is the situation now (all ESET drivers activated, ie not renamed) :
 
2022671273_Screenshot2019-11-2818_56_43.png.c14db924ed6ee1bada690f0e8f4e139b.png

NOTE: as You can see, following the path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ I found a lot of sub-folders, so I changed the value TcpAckFrequency from 1 to 2 for for each of them. Can this  affect my PC performance/security? What does it have to do with ESET?

1575695408_Screenshot2019-11-2819_08_31.png.c31407ab73722357f0dc73134cc4c4c0.png

Thanks for your help.

Good to see you found a fix - Wonder what this means though ha

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...