Jump to content
Paolo Pichierri

ESET drastically slows the connection speed under a VPN

Recommended Posts

Hello,
I have done many tests to verify that it is not a coincidence.
This is situation with ESET installed:

2.png.72b69561fa03ee9a57a4d820ac3b7580.png
This is situation without ESET installed (Windows Defender or Norton Antivirus):
1.png.d37a988dbb1c4c3fc7e2c8bcc646c122.png
I can't solve the problem just disabling ESET protection & ESET Firewall, I am forced to uninstall ESET to solve it.
NOTE 1: this problem occurs only with a VPN connection;
NOTE 2: VPN connection speed is OK immediately after ESET installation, I have to reboot the system to encounter the problem.
Please, do You have any advice?

Here is some useful information:
OS: Windows 10 PRO (1903), 64 bit;
ESET: ESET Internet Security 13.0.22.0;
VPN Providers I have tested: Mullvad, Surfshark;
Web browsers where I have done speed test: Google Chrome, Mozilla Firefox;
Speed Test website:
https://www.speedtest.net/

Thank You

Share this post


Link to post
Share on other sites

Seen other people mention that they have issues when using a vpn but have never encountered any issues myself. I use "Windscribe".

Very little difference for me between the connections.

Screenshot_2019-11-20 Speedtest by Ookla - The Global Broadband Speed Test(1).png

Screenshot_2019-11-20 Speedtest by Ookla - The Global Broadband Speed Test.png

Share this post


Link to post
Share on other sites

Does temporarily disabling protocol filtering make a difference?

Please reproduce the issue with advanced oper. system logging enabled under Tools -> Diagnostics. After reproducing the issue, disable logging and provide the etl log from the "C:\ProgramData\ESET\ESET Security\Diagnostics" folder as well as ELC logs for perusal.

Share this post


Link to post
Share on other sites

Disabling SSL/TLS protocol filtering makes no difference .
The attached Logfile.zip is obtained with Procmon (ESET Log Collector doesn't work - Error 404 Page not found).
Thank You

 

Share this post


Link to post
Share on other sites

No Procmon log is needed. Please enable advanced OS logging, reproduce the issue, then stop logging, compress the file "C:\ProgramData\ESET\ESET Security\Diagnostics\EsetPerf.etl"  and provide it to us.

For instructions how to collect logs with ELC, please read https://support.eset.com/en/how-do-i-use-eset-log-collector.

image.png

Share this post


Link to post
Share on other sites

You wrote: Disabling SSL/TLS protocol filtering makes no difference

Does it mean you also disabled protocol filtering as follows?

image.png

Share this post


Link to post
Share on other sites

Thanks for your help, You are right, I did not disable the correct parameter I disabled it just now, so I performed the speed-test again. Unfortunately, as You can see, disabling it does not lead to a significant improvement:

2.png.b1da6cd5833ad1ec77185c5a6de83051.png

 

 

 

               3.png.611804a34196e41e38a6cf5a3d6d4628.png

 

Share this post


Link to post
Share on other sites

Does not slow my connection down at all. In fact it is faster with EIS than all the other firewall I have used.

Using PrivateVPN , with AES-256-GCM encryption.

Use to use Windscribe (life-time license), but do not trust or like it at all in my opinion.

 

Share this post


Link to post
Share on other sites

Please try the following:
- reboot Windows to safe mode
- rename "C:\Program Files\ESET\ESET Security\Drivers" to drivers_bak for instance
- rename C:\Windows\System32\drivers\epfwwfp.sys, e.g. to C:\Windows\System32\drivers\epfwwfp.bak
- start Windows in normal mode.

Does the issue still persist or it's gone?

Share this post


Link to post
Share on other sites

I followed your advice (now there are some red security warnings on ESET window), but unfortunately the connection speed is always about 7,5 Mbps.
NOTE: I performed a lot of tests (with the same web-browser, the same server, the same speed-test) and
I noticed that sometimes at the end of the test (the last 1-2 seconds) the connection speed increases rapidly towards the correct value (after a long period of constant 7,5 Mbps)

Share this post


Link to post
Share on other sites

If renaming the driver didn't make any difference, then the issue seems to be in Windows Filtering Platform that is a part of Windows and simply registering a callout to WFP without doing anything with the traffic causes the issues. I'm gonna send you instructions how to unregister ESET from WFP soon which should confirm my assumption.

Share this post


Link to post
Share on other sites

Please try unregistering ESET from Windows Filtering Platform (WFP) as follows:

1, Download EpfwWfpRegV10.10-64.exe from https://drive.google.com/file/d/12NA8G4j_YUUhTe5zvvWFTlrUuIoa3LR6/

2, Run "EpfwWfpRegV10.10-64.exe /unreg" with elevated administrator rights. You should get something like this:
Unregistering callouts and filters through BFE.
Removed 56 (0) filters, 28 callouts, 2 sublayers, 1 providers.
Exit status 0x0: OK                                             

3, Check if the issue is gone. After a computer restart, ESET will re-register to WFP so do not restart the machine while testing.

Share this post


Link to post
Share on other sites

First of all, Thanks for your professional technical support.
I took your advice & got your same result:
Removed 56 (0) filters, 28 callouts, 2 sublayers, 1 providers.
Exit status 0x0: OK
Unfortunately this did not solve the problem (I ran cmd as administrator and I did not restart my PC).

However I have an update, until now I performed speedtests through "Single Connection Mode",  because I have read "Single Connection Mode is ideal for testing a vpn or downloading a file".  But if I switch to "Multi Connection Mode"  the indicated connection speed is approx 18 Mbps.  I don't know technically the difference between one mode and another, anyway the correct speed is 18 Mbps because it is consistent with the effective download speed which I reach in some applications like utorrent.  The strange thing is that only with ESET i get  so different values from the two modes, this does not happen with all the others security suites I have tested.

Thanks again

1.png.c871d4f7b73c6d11c79df15f8be59643.png

Share this post


Link to post
Share on other sites

Please try the following but now rename all ESET drivers:
- in normal mode disable Webcam protection:

image.png
- reboot Windows to safe mode
- rename "C:\Program Files\ESET\ESET Security\Drivers" to drivers_bak for instance
- rename the following drivers:
C:\Windows\System32\drivers\epfwwfp.sys (e.g. to C:\Windows\System32\drivers\epfwwfp.bak)
C:\Windows\System32\drivers\eamonm.sys
C:\Windows\System32\drivers\ehdrv.sys
- start Windows in normal mode
- if that doesn't make any difference either, try renaming ekrn.exe in safe mode ("C:\Program Files\ESET\ESET Security\ekrn.exe" )

 

Share this post


Link to post
Share on other sites

Please provide logs collected with ESET Log Collector when all drivers and ekrn are renamed and ESET is not registered in WFP. It's virtually impossible that after doing that ESET would have any effect on the OS and applications whatsoever.

Share this post


Link to post
Share on other sites

It seems that epfw.sys is running, please rename it as well.

If that doesn't help, the only thing that we can think of to try is changing the value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\<Interface GUID>\TcpAckFrequency from 1 to 2 (https://support.microsoft.com/en-us/help/328890/new-registry-entry-for-controlling-the-tcp-acknowledgment-ack-behavior).

Share this post


Link to post
Share on other sites

Renaming all the drivers & ekrn and unregistering ESET from WFP did not solve the problem.
But changing the value TcpAckFrequency from 1 to 2 solved the problem!
This is the situation now (all ESET drivers activated, ie not renamed) :
 
2022671273_Screenshot2019-11-2818_56_43.png.c14db924ed6ee1bada690f0e8f4e139b.png

NOTE: as You can see, following the path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ I found a lot of sub-folders, so I changed the value TcpAckFrequency from 1 to 2 for for each of them. Can this  affect my PC performance/security? What does it have to do with ESET?

1575695408_Screenshot2019-11-2819_08_31.png.c31407ab73722357f0dc73134cc4c4c0.png

Thanks for your help.

Share this post


Link to post
Share on other sites
1 hour ago, Paolo Pichierri said:

Renaming all the drivers & ekrn and unregistering ESET from WFP did not solve the problem.
But changing the value TcpAckFrequency from 1 to 2 solved the problem!
This is the situation now (all ESET drivers activated, ie not renamed) :
 
2022671273_Screenshot2019-11-2818_56_43.png.c14db924ed6ee1bada690f0e8f4e139b.png

NOTE: as You can see, following the path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ I found a lot of sub-folders, so I changed the value TcpAckFrequency from 1 to 2 for for each of them. Can this  affect my PC performance/security? What does it have to do with ESET?

1575695408_Screenshot2019-11-2819_08_31.png.c31407ab73722357f0dc73134cc4c4c0.png

Thanks for your help.

Good to see you found a fix - Wonder what this means though ha

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...