Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Application Control slows down network performance in InterScan Web Security Virtual Appliance (IWSVA) 6.5

    • Updated:
    • 8 Nov 2018
    • Product/Version:
    • InterScan Web Security Virtual Appliance 6.5
    • Platform:
    • N/A N/A
Summary

When Application Control is enabled in IWSVA 6.5, this causes the network to slow down.

The appd process used by Application Control analyzes a packet data through IWSVA and then uses it for reports and logs.

Appd checks the packet data before the virus scan or the URL filtering HTTP service. This means that when appd is enabled, IWSVA takes more time than when it is disabled. Therefore, Trend Micro recommends to stop the appd process or (only if it is not needed by the company policies) to disable application control.

Details
Public

When appd is disabled:

  • Application Control Policy does not perform Allow or Block actions.
  • The following data will not appear on the web console.

    • System Status > Concurrent Connection > Application Connections
    • System Status > Bandwidth Control - Downstream
    • System Status > Bandwidth Control - Upstream
    • Dashboard > Application Bandwidth
    • Dashboard > The Blocked Applications
    • Dashboard > The Allowed Applications
    • Dashboard > Top Policy Enforcement - Application Control
    • Log > Log Analysis > Application bandwidth
    • Reports > Internet Access > Top N Applications Visited
    • Reports > Bandwidth > Top N Application by Bandwidth
    • Reports > Bandwidth > Top N Users by Bandwidth
    • Reports > Bandwidth > Top N Groups by Bandwidth
    • Reports > Policy Enforcement > Top N Applications Blocked
    • Reports > Policy Enforcement > Most Violation for Application Control Policy

There are two ways to resolve the issue:

  • By stopping the whole application control:

    This method stops the whole application control.

    1. Log in to the IWSVA WebUI.
    2. Go to Application Control > Policies.
    3. Uncheck Enabled Application Control.
    4. Go to the Bandwidth Control > Policies.
    5. Uncheck Enabled Bandwidth Control.
  • By stopping only the appd daemon:

    This method only stops the appd process. The Application Control policy still works even if appd is disabled.

     
    This requires IWSVA 6.5 SP2 Patch 1 (build 1707) or later.
    1. Create a backup copy of intscan.ini.

      # cp -ip /etc/iscan/intscan.ini /etc/iscan/intscan.ini.bak

    2. Edit intscan.ini.

      # vi /etc/iscan/intscan.ini

    3. Change enable_appd_daemon key under [app-control] section from "yes" to "no".

      ------------------------  [app-control]  enable_appd_daemon=no  ------------------------
    4. Save intscan.ini.
    5. Restart the appd daemon.

      # /etc/iscan/S99ISappd restart

Premium
Internal
Rating:
Category:
Configure; Troubleshoot
Solution Id:
1121144
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.