SOLVED explorer.exe gobbling up bandwidth while idle

[Unis_Torvalds]

My primary workstation (Win7_64) connects to my local FreeNAS server via NFS share.

Shares and all else work just fine except that my "Local Area Connection" (eth0) idles at >80% traffic. I shut down the FreeNAS and this traffic drops to zero. Turn the FreeNAS back on and as soon as i access a share through any file browser the ethernet goes nuts again.
Resource Monitor indicates that process "explorer.exe" (tcp connecting to my local NAS address) is the hog, but as far as i can tell only port 951(local) - 2049 (remote) is open.
Virus scans (AVG) flag nothing and my other machines on LAN function fine (Linux and Mac).

I believe this began after upgrading from FreeNAS 8.x.x to 9.2.x (i have since upgraded to 9.3 but no change).

Has anyone else seen this?
Thx

 

[anodos]

Two thoughts:
1) Is your AV configured to scan your NAS?
2) NFS on Windows? Maybe that's your problem. :p

 

[Unis_Torvalds]

I realize NFS on Windows isn't optimal but Win7 Pro has an NFS client service built-in and it worked problem free with FreeNAS 8. Also like I mentioned I use other OSes on the LAN and I believe we can only have one share per dataset, so NFS wins :)
Re AV: Does BSD really get viruses/trojans? And in any event the chatter is only between my workstation and NAS. Bots that never try to find their gateways would make for a pretty pointless botnet :p

 

[anodos]

I realize NFS on Windows isn't optimal but Win7 Pro has an NFS client service built-in and it worked problem free with FreeNAS 8. Also like I mentioned I use other OSes on the LAN and I believe we can only have one share per dataset, so NFS wins :)
Re AV: Does BSD really get viruses/trojans? And in any event the chatter is only between my workstation and NAS. Bots that never try to find their gateways would make for a pretty pointless botnet :p

I wasn't insinuating that you have malware on your FreeNAS server. Your A/V by itself is enough to account for unexpected traffic to your shares.

You can use tcpdump and / or wireshark to view the traffic going between the two. Also checking logs on your FreeNAS server might be a good idea.

 

[Unis_Torvalds]

Good grief Anodos I think that's it! When I disable the background AV the traffic stops (how did I not think of that before)!

It's just weird that the activity is attributed to explorer.exe and not the processes specific to AVG.
Anyhow now I know.

Thank you!

 

[Ericloewe]

The CPU use might be the AV hook, not the AV proper, explaining the behavior.

 

[anodos]

Good grief Anodos I think that's it! When I disable the background AV the traffic stops (how did I not think of that before)!

It's just weird that the activity is attributed to explorer.exe and not the processes specific to AVG.
Anyhow now I know.

Thank you!

For those who've been around IT for a while this isn't surprising. A/V is the computer equivalent of a TSA employee giving out freedom-fondles at the airport: questionable utility, something you need to suffer through, and almost certainly to blame when things get held up. All the while you know it will never catch anything useful.

 

[Ericloewe]

For those who've been around IT for a while this isn't surprising. A/V is the computer equivalent of a TSA employee giving out freedom-fondles at the airport: questionable utility, something you need to suffer through, and almost certainly to blame when things get held up. All the while you know it will never catch anything useful.

I "fondly" remember that day when the morons at BitDefender pushed out a signature file that caused every installation of their piece of crap on Windows x64 to quarantine every. Single. File. Accessed. By. The. System.
Not even shutdown.exe ran long enough to work. Upon reboot, BSoD, due to half the Windows folder having been relocated.

Fortunately, I had backups, so was up and running the next day.
Others had to wait two days for a crummy utility that would dequarantine everything, which didn't seem to work very well. I pity those who only had x64 systems and installed BitDefender on all of them.