Outlook stops responding or performance issues are seen after EmailScan plug-in is loaded

Technical Articles ID: KB77573
Last Modified: 6/9/2022

Environment

VirusScan Enterprise (VSE) 8.8 with or without patches

Microsoft Outlook 2010, 2013, 2016

Summary

Recent updates to this article

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

Date	Update
June 9, 2022	Minor formatting changes; no content changes.

Problem

Users report any of the following symptoms:

Outlook temporarily stops responding.
Performance lags when receiving emails.
Performance lags when receiving emails with attachments.
Performance lags when receiving calendar invitations.
Latency when emails are being opened.

Cause

When a new email arrives, it triggers action from the EmailScan plug-in. The Outlook client is locked (to the user this might seem as unresponsive) while steps are taken to determine whether the new email object is safe, after which the client is released. The symptom of Outlook being locked (unresponsive) is intentional to avoid users accessing potentially infected mail. But, an unreasonable delay isn't intentional and is typically a result of an issue highlighting the incurred pause.

Email scan process

When the Outlook client receives a new mail notification, the EmailScan plug-in is given an opportunity to scan the object.
The add-in initiates a process of locating the item in the Exchange mail stores and downloading it locally for scanning.
While this process occurs, you're prevented from interacting with the Outlook client. This can give the appearance that the system has stopped responding.
After the scanning process completes, access to Outlook is restored.

The prolonged scan duration where Outlook remains paused can be influenced by multiple external factors to which VirusScan is subject, including the following:

Users being remote or roaming and not on the LAN or local to the mail server.
Configuration resulting in an Outlook PST file residing on a remote drive.
The size of mail messages and attachments.
The type of mail item and, so, which store the Exchange copies it to.
The size of the user's mailbox, specifically the number of items in the calendar (if the lag occurs when receiving an invite).
Incorrectly configured Autodiscovery for Exchange feature. For details, see KB86832 - Slow performance with Microsoft Outlook when Opening emails or switching between folders.

The duration of the pause can be influenced by features and settings native to VirusScan Enterprise, which include the following:

VSE Patch installed.
DAT content and Engine version.
On delivery email scan policy setting. For example, Scan configuration - Attachments to scan.
GTI connectivity and Artemis (Heuristic network check for suspicious files) settings.

Solution 1

The underlying behavior of locking the Outlook client while the scanning process occurs is expected behavior. It secures against users starting mail or attachments before they can be scanned.

Excessive delays aren't desired and improvements have been made within the VSE product releases for the following:

Issue	Solution
Where lag occurs in direct response to calendar invites being received.	Optimized with VSE 8.8 Patch 4 and later.
Where there's a prolonged scan duration of email attachments. Example: Office documents	Improvements made in VSE 8.8 Patch 10 (up to 80% reduction of scan duration).

See "Solution 2" for assistance with minimizing the delay.

Patches are cumulative; we recommend that you install the latest one.

VSE 8.8 Patch 16 is the latest patch available from the Downloads tab on the ServicePortal.

NOTE: VSE 8.8 Patch 16 supports all supported Windows operating systems.

Our product software, upgrades, maintenance releases, and documentation are available on the Product Downloads site.

NOTE: You need a valid Grant Number for access. See KB56057 - How to download Enterprise product updates and documentation for more information about the Product Downloads site, and alternate locations for some products.

Solution 2

Best practices to minimize the delay:

Install the latest VSE Patch.
Use the latest DAT and Engine.
Use Default + other file types, specified in the Scan Configuration for On Delivery Email Scan policy.
Restrict the size of the user mailbox.
Restrict the size of attachments users can send or receive.
Locate Outlook PST files on the local disk. For a documented issue, see KB59974 - Outlook stops responding when you open .PST files on a remote share.
Verify that Autodiscover for Exchange is properly configured. For details, see KB86832 - Slow performance with Microsoft Outlook when Opening emails or switching between folders.
Ensure GTI connectivity. For how to verify that GTI File Reputation is installed correctly and that endpoints can communicate with the GTI server, see KB53733 - Verify that GTI File Reputation is installed and endpoints can communicate with the GTI server.

NOTES:
- If GTI is absent, disable the Heuristic network check for suspicious files. For details, see KB70130 - How to enable Global Threat Intelligence in McAfee products.
- To see a known issue where Outlook pauses for an extended period when receiving attachments due to DNS query timeouts, see KB75933 - Outlook pauses for an extended period when receiving attachments.
Turn on Cached Exchange Mode. For details, see the "Solution" section in KB75933 - Outlook pauses for an extended period when receiving attachments.

Workaround

Disable the EmailScan feature via policy.

NOTE: This can be an effective workaround when the main cause for the underlying performance issue is unavoidable, such as a roaming user profile resulting in a PST on a remote share. It's advised that you evaluate whether you can safely disable the EmailScan feature in your environment (for example, when the Exchange server is already protected).

Or, remove the On-Delivery Email Scanner component from the installation.
For how to remove or prevent installation of the VirusScan Enterprise On Delivery Email Scanner, see KB69030 - How to remove or prevent installation of the VirusScan Enterprise On Delivery Email Scanner.

Related Information

Also, see KB79673 - Performance improvement tips for VirusScan Enterprise 8.8.

Affected Products

Best Practices
Known Issue/Product Defect
VirusScan Enterprise 8.8 (EOL)

Languages:

This article is available in the following languages:

English United States
Spanish Spain
French
Italian
Japanese
Portuguese Brasileiro

Knowledge Center

Outlook stops responding or performance issues are seen after EmailScan plug-in is loaded

Environment

Summary

Problem

Cause

Solution 1

Solution 2

Workaround

Related Information

Affected Products

Languages:

Title

Title

Knowledge Center

Outlook stops responding or performance issues are seen after EmailScan plug-in is loaded

Environment

Summary

Problem

Cause

Solution 1

Solution 2

Workaround

Related Information

Affected Products

Languages:

Choose your region

Title

Title