Showing results for 
Search instead for 
Did you mean: 

Host Checker Slow


Host Checker Slow

I don't have much experience with Host Checker and I don't know if I'm simply asking it to do too much, or if I'm overlooking something. My problem is that it is taking minutes for HC to perform the assessment on the client. I've also noticed that HC is quite CPU intensive, often maxing out the processing time for moderate periods.

On IVE version 7.0R1, I have HC configured with the following policies:

1) require any supported antivirus product, successful system scan within the last 7 days, definitions not older than 4 updates, monitor changes

2) scan for specific patches, with a small number of selected critical patches added to the criteria, SMS patch update disabled

3) check the values of various registry settings, using a custom requirement of Setting 1 AND (Setting 2 OR Setting 3 OR Setting 4 OR Setting 5)

4) check for a specific firewall product from one vendor.

Rules 1 & 2 are required at the realm level, rules 3 & 4 are required at the role level for 3 roles.

On a Windows XP SP 3 client, it takes anywhere from 1minute 22 seconds to up to 3 minutes for the sign-on page to display. Windows 7 seems faster, with the time be about 35 seconds to under a minute.

I've got a case open with JTAC and the technician has viewed the configuration, but so far no immediate solutions. Have any of you experienced this and can you offer any suggestions? Thanks in advance!


Re: Host Checker Slow

I have made an experience which was caused by security settingsin IE 7 or IE 8 and our clinte firewall which prohibts direct access to the internet.

i found out that HC tries to validate the certificate which is used on the SA.

When the communication to validate the certificate is blocked, it takes a very long time to start HC.

You can try to disable the setting in IE for

"Check for publisher's certificate revication" and

"Check for server certificate revication"

when you have a local firewall installed or grant access to the necessary websites directly.

Regular Contributor

Re: Host Checker Slow



1. Does the delay occur only the first time a new user logs in on every time a user logs in?

2. I doubt if any of the other checks are causing issues, however checking for patches can be slower than other policy checks. Can you disable the below check to isolate if its the cause  of slowness?

>>> scan for specific patches, with a small number of selected critical patches added to the criteria, SMS patch update disabled


Re: Host Checker Slow


The delay occurs every time.

JTAC suggested isolating and timing each policy; I forwarded the results to them along with the client-side HC logs. The policy for patch level is checking for just 3 patches: MS08-067, MS10-042, and MS10-046. HC took anywhere from 0:33 to 2:44 depending on XP SP3, Windows 7, or non-domain machine; on or off the network.

But even the policies enabled at the role level such as registry settings and verifying if firewall is on for our own devices, range between 0:17 and 1:21 depending on OS and hardware.


Re: Host Checker Slow

I am also seeing this, but only on our MAC based computers. Any news from JTAC on the issue

Respected Contributor

Re: Host Checker Slow

Enabling the Shavlik (patch checks) will make Host Checke take 3-5+ minutes to launch.

If you want to speed up the checks, you will need to disable the patch checking.