I am in the process of trying to optimize the boot process of our 700 Windows XP workstations, we regularly have complaints about the start-up and login times on site workstations.
Looking at this in two parts, part one using BootVis to monitor and inspect the boot process; part two using Process Monitor to monitor the login process. Using BootVis' "Boot Done" way point as the metric, I utilized a VMWare workstation virtual machine that has been used for about 18 months as a general purpose testing machine (thus fairly typical of on site machines). I used a snapshot to return the Virtual Machine to the initial state before each test.
From the logs and report that BootVis created the most obvious delay was from Sophos Anti-Virus on access scanner, followed at some distance by mrxsmb. I tweaked with the policies for the machine (ensuring I forced Sophos to update twice each time) and came up with the following numbers:
- Scan All Files, On Read: 260 seconds
- Scan All Files, On Write: 160 seconds
- Scan Executables, On Read and On Write: 111 seconds
- Scan Executables, On Read: 99 seconds
- Scan Executables, On Write: 95 seconds
- On-Access Scanning Disabled: 102 seconds
The above tends to suggest that Scanning All Files, On Read is by far the most expensive operation (and probably totally unnecessary). I can't quite comprehend why disabling on-access scanning actually slows down the boot sequence however fractionally fractionally. The final three results are pretty much the same, which means I must use other factors to influence my decision as to selecting Scan Executables, On Read or On Write.
Update:
I did some more tests, on the same virtual machine (at a different time of day, so they can not be compared directly with the above results:
- Sophos Not Installed: 67.4 seconds (average over 5 tests)
- Scan Executables, On Read: 84.5 seconds (average over 5 tests)
- Scan Executables, On Write: 85 seconds (average over 5 tests)
The averaging causes the values for On Read and On Write to converge further, it is interesting to see that using Sophos scan Executable Files only adds a 21% performance overhead over Sophos not being installed.
So what other considerations should I make when configuring On-Access scanning to improve the boot time?
We are currently investigating SOPHOS speed issues and I have come up with the following suggestions which in our winxp sp3 environment has made a fair bit of difference:
Exclude these files at within the On-Access section:
The second thing to do is turn off checking for updates at startup. This is a tiny bit risky as thats a key point for new viruses can attack, but you can combat this by have regular 30 min checks for updates meaning you are never more than half an hour out. To turn of checking for updates do this:
alt text http://www.sophos.com/images/common/misc/27646.gif
After implementing these changes there was a noteable speed increase from power on to desktop.
I hope this helps.
Kip
I have not used Sophos so I am not sure if there is something similar, but in Symantec there is a registry change you can make that disables the full system scan on startup. Without this, Symantec will scan everything when the system first starts potentially making things very slow for the first little while after the system boots up. There might be a similar setting in Sophos.
Of course disabling this is potentially a slight downgrade in security. There is a reason why they have a startup scan.
We had the same problem with McAfee on our older machines. These machines don't have access to the internet, so I wrote a boot script to delay the start of the services a few minutes.
This might not be practical for your situation, but the solution worked well for us.