When Application Control is enabled in IWSVA 6.5, this causes the network to slow down.
The Appd process used by Application Control, analyzes a packet data through IWSVA and then uses it for reports and logs.
Appd checks the packet data before a virus scan or URL filtering HTTP service. This means when appd is enabled, IWSVA takes more time than when it is disabled. Therefore, Trend Micro recommends to disable appd if it is not needed.
When appd is disabled:
- Application Control Policy does not perform Allow or Block actions.
The following data will not appear on the web console.
- System Status > Concurrent Connection > Application Connections
- System Status > Bandwidth Control - Downstream
- System Status > Bandwidth Control - Upstream
- Dashboard > Application Bandwidth
- Dashboard > The Blocked Applications
- Dashboard > The Allowed Applications
- Dashboard > Top Policy Enforcement - Application Control
- Log > Log Analysis > Application bandwidth
- Reports > Internet Access > Top N Applications Visited
- Reports > Bandwidth > Top N Application by Bandwidth
- Reports > Bandwidth > Top N Users by Bandwidth
- Reports > Bandwidth > Top N Groups by Bandwidth
- Reports > Policy Enforcement > Top N Applications Blocked
- Reports > Policy Enforcement > Most Violation for Application Control Policy
There are two ways to resolve the issue:
By stopping the whole application control:
This method stops the whole application control.
- Log in to the IWSVA WebUI.
- Go to Application Control > Policies.
- Uncheck Enabled Application Control.
- Go to the Bandwidth Control > Policies.
- Uncheck Enabled Bandwidth Control.
By stopping only appd process:
This method only stops the appd process. The Application Control policy still works even if appd is disabled.
Create a backup copy of intscan.ini.
# cp -ip /etc/iscan/intscan.ini /etc/iscan/intscan.ini.bak
# vi /etc/iscan/intscan.ini
Change enable_appd_daemon key under [app-control] section from "yes" to "no".
------------------------ [app-control] enable_appd_daemon=no ------------------------
- Save intscan.ini.
Restart appd daemon.
# /etc/iscan/S99ISappd restart