On an average, we see the login takes approx. 10-15 seconds. However, the login takes upto 30 secs when using DEM and App Volumes Appstack/Writable volume.
I used to get the same results you have with 1809 and older. Nothing have changed other than the OS in our environment but now we are getting 1 min login time. That’s why I am asking to see what everyone else is getting. Thanks
@sjesse That article does not list the FLX###.tmp files, which just based on their location and actions (appdata\local\temp and extracts to other folders in users appdata) should be flagged by any current security solution.
That is exactly what we are seeing. We currently have Carbon Black App Control (Former CB Protection) which adds roughly 25 seconds to our logon. Had multiple tickets opened with Support and they said that this is the best that they can do. However now we are also adding CB Defense (CB Cloud) and it just doubles our logon times to roughly 120 seconds as well. I have multiple tickets opened with CB/Vmware and so far there is no solution . I have an exclusion for FLX*.tmp in complete bypass mode and it just doesn't seem to work. Applying user Policy in logon log skyrockets to 40-60 seconds and we don't even use UEM very heavily as we are using Writable VOlumes Profile only to persist settings
Our normal logon times for average user with 1 appstack and writable:
@DEMdev any input on what to do the the FLX temp files with antivirus software, the one I use doesn't seem to choke on them too much. I'm only on 1809 still so I haven't been able to test 1909 yet.
I'm here. What do you mean to join there ? As for Windows version we are on 1809 LTSC. Planning on going to SAC at some point in time but didn't have a chance to build an image for it yet.
> any input on what to do the the FLX temp files with antivirus software
I can only speak to DEM itself, I'm afraid. If you can exclude FLX*.TMP from your antivirus scans that would be beneficial, as the files will get their "real" names shortly after (and can then be picked up by a scan, if so required.)
@DEMdev any discussion internally on changing the location/file extensions for that to be something less....scary? Asking security teams to exclude tmp files from appdata\local\temp location raises eyebrows.
It's not fully excluding tmp files. It was a solution recommended by CB support. THat's why I'm saying that usually it is done with support due to different codes. With the 2094975 code you are excluding CB looking into writes and reads but it is still fully monitoring executions. CB App Control is technically not an AV product so things work different with that
> any discussion internally on changing the location/file extensions for that to be something less....scary? > Asking security teams to exclude tmp files from appdata\local\temp location raises eyebrows.
AppData\Local\Temp\FLX*.tmp is "only" used for registry imports. All other files are extracted as FLX*.tmp into their real destination folder, and then renamed to their real name.
We could consider using another pattern/location/extension for the .REG import? I've also been debating an option to skip the intermediate FLX*.tmp files for non-.REG imports, and immediately write to the target file. Maybe that would help?
My standard optimized gold takes about 15 seconds. Adding Trend Micro increases it to 25 seconds. Attaching the writable pushes the boot to 45 seconds. If I add Teams to autostart, or enable our homemade bloated Novell printer and drive mapping script, it pushes past a minute.
