Hi Holger,
> Bei der Installation von TrendMicro WFBS wurde extra auf den oben
> genannten KB-Eintrag hingewiesen. Danach kann es es bei Anwendungen, die
> den TDI-Driver verwenden (Virenscanner), zu sehr langsamer
> Netzwerkperformance kommen. Der Artikel verweist auf KB 2028827, das
> Problem kann bei Win7 und 2008R2 generell auftreten.
>
> Laden kann ich den Hotfix über den KB-Artikel nicht. Also habe ich 01805
> / 672255 angerufen, dort sagte man mir aber, daß der Hotfix gesperrt
> sei. Weitere Infos hatte man nicht.
>
> Braucht man den Hotfix nun oder gibt es einen Nachfolger?
Anders herum wird ein Schuh draus.
Der Hersteller, der immer noch TDI-Filtertreiber für Windows 7 bzw. Windows
Server 2008 R2 einsetzt, sollte schläunigst umstellen.
Viele der neueren Versionen namhafter Hersteller haben Dies auch schon
gemacht. Bitte erkundige Dich bei Deinen jeweiligen Liefereanten nach den
neuesten Versionen oder such Dir einen Hersteller, der dieses ohne
TDI-Filtertreiber liefern kann (z.B. Symantec Endpoint Protection ab 11.0
Release Update 7 (RU7) 11.0.7000.42)
Hintergrundinformationen seitens Microsoft zu TDI-Filtertreiber:
“TDI filter driver are on the path to deprecation, WFP APIs are strongly
recommended instead. Firewall hooks no longer supported”
Windows Filtering Platform
[..]
Why You Should Convert Your Components to WFP
Windows Vista includes a new architecture for the TCP/IP protocol stack.
This architecture is an integrated implementation of both IPv4 and IPv6 and
is known as a dual IP layer architecture. The methods of directly accessing
the TCP/IP protocol stack for packet processing in Windows XP and Windows
Server 2003 have changed significantly. These methods include the firewall
hook, the filter hook, and other methods that involve custom solutions such
as Transport Driver Interface (TDI) filter drivers. For correct operation
and to perform the equivalent function in Windows Vista and Windows Server
2008, generally you must change your application, service, or driver.
Note: Windows Vista and Windows Server 2008 continue to support TDI filter
drivers and Windows Sockets layered service providers (LSPs).
[..]
Existing method in Windows XP and Windows Server 2003 New method in Windows
Vista and Windows Server 2008
Transport Driver Interface (TDI) filter driver for simple packet filtering.
User-mode application or service that uses WFP Win32 APIs.
TDI filter driver for deep packet or stream inspection or modification. ALE
callout driver and optional user-mode application or service that uses WFP
Win32 APIs.
TDI filter driver for TCP connection or User Datagram Protocol (UDP)
traffic management. Stream/Datagram Data layer callout driver and optional
user-mode application or service that uses WFP Win32 APIs. TDI filter
drivers performing advanced TCP connection management-such as proxying,
duplicating, or cloning connections-should continue to use a TDI filter
driver.
[..]
Note: TDI is supported in Windows Vista and Windows Server 2008. However,
Microsoft is considering removing TDI in future versions of Windows.
[..]
TDI
[..]
The Transport Driver Interface (TDI) specification in Windows describes the
set of primitive functions by which transport drivers, TDI clients, and the
network file and print redirector communicate. The TDI specification also
discusses the call mechanisms used to access transport drivers, TDI
clients, and the network file and print redirector.
All Windows transport providers expose TDI, which operates in kernel mode
only at the upper edge of the transport protocol stack. In other words, it
sits above all other transport stack components and is the primary
interface used by higher-level components, such as Windows Sockets 2, to
communicate with the transport stack.
Because the programmer must determine the format and meaning of messages,
TDI can be complicated to use. Application programmers generally program to
the Application Programming Interface (API) of a TDI client, such as
Windows Sockets 2 or NetBIOS, rather than to TDI itself. Occasionally, such
as when needing to change fields in the TCP packet header, the programmer
might require lower-level access to raw packet data than is provided by
interfaces such as Windows Sockets 2. In those cases, TDI can be accessed
directly to achieve the desired functionality.
[..]
Note TDI will not be available in Microsoft Windows versions after Windows
Vista. Use Windows Filtering Platform or Winsock Kernel instead.
Weitere Informationen:
An application may receive the "10054" error when the application receives
data from a connection on a computer that is running Windows 7 or Windows
Server 2008 R2 if a TDI filter driver is installed
[..]
Note This hotfix temporarily resolves this issue for application vendors
before they migrate their implementation to Windows Filtering Platform
(WFP). These application vendors use the TDI filter driver or the TDI
extension driver (TDX) on a computer that is running Windows 7 or Windows
Server 2008 R2.
[..]
--
Tobias Redelberger
StarNET Services (HomeOffice)
Frankfurter Allee 193
D-10365 Berlin
Tel: +49 (30) 86 87 02 678
Mobil: +49 (163) 84 74 421
Email: T.Redelberger@starnet-services.net
