Skip to main content

 

Druva Documentation

Troubleshooting slow shutdown of Windows 7 client machines

This article applies to:
Operating System: Windows 7
Product Edition: inSync Cloud and On-Premise

Problem description

The slow shutdown of Windows 7 client machines had surfaced when security definitions were pushed by Microsoft on their AV applications " ForeFront, SCEP, Security Essentials, Intune". Due to this there was an impact on some third-party applications, which also includes inSync. On the tickets that were opened with Microsoft by a few of inSync customers, Microsoft has already acknowledged the issue and confirmed this has nothing to do with inSync. However, they do not have any fix at this point.

Cause

The issue occurs because Microsoft Antivirus does not honor the set process-level exclusions. The issue is observed not only with inSync but with other applications as well. One such application is Malwarebytes, where Windows 7 systems having this application also observe slow shutdown. The patch in question is KB3197868 but in some cases you will not find it as it might be a security definition pushed on the Antivirus servers. 

Due to this, traffic on these processes is continuously getting monitored. When a shutdown is initiated, there is a delay of more than 5 minutes after which the machine shuts down. 

Analysis

Stopping of inSync services or disabling monitoring at a global level, uninstalling inSync or Antivirus resolves the issue. However, this is not an ideal way to solve the problem.

The problem was identified with the configuration option of  "Monitor file and programs activity on your computer". The problem is seen when the option is set to "Monitor all files" or "Monitor only incoming files." When it is disabled or set to "Monitor only outgoing files," then the shutdown works fine. 

Workaround

For such scenarios, Microsoft suggests to kill the application processes monitored by their antivirus before shutdown. 

You can perform this workaround by pushing a script through the Group Policy using the steps specified below:

  1. Create the following bat file and link it to the shutdown script under the required Group Policy.

@echo off
tasklist /fi "imagename inSync*" | find ":" > nul
if errorlevel 1 taskkill /f /T /im "inSync*" 2> nul
exit

or

@echo off
taskkill /f /T /im inSync* | find ":" > nul
if errorlevel 1 taskkill /f /T /im "inSync*" 2> nul
exit

or 

@echo off
taskkill /T /im inSync* | find ":" > nul
if errorlevel 1 taskkill /T /im "inSync*" 2> nul
exit

You can use any of the above-mentioned script that suits your environment.
Note: You can refer the Microsoft Technet article for detailed steps from the following link:
https://technet.microsoft.com/en-us/library/dn789190(v=ws.11).aspx

 

  1. Run gpupdate/force from the command prompt to force the policy.

Note: Microsoft has acknowledged the presence of this issue in its latest update. You can download the fix (KB2461484) for this issue from the following links: