Kaspersky NDIS 6 Filter Causes Network Loss…..

We use Kaspersky for anti virus in the office. It’s an ok product, no better or worse than any others I have worked with. It did however turn out to be the cause of an issue that I was unable to figure out for a while now.

On x64 bit Vista systems, when moving large files across the network, the PC would suddenly loose it’s network connection. The network icon in the system tray would get a little yellow warning triangle on it and the status would indicate a connectivity issue.

It did not do this on systems that did not have kaspersky installed how ever. So I tried disabling the x2 Kaspersky services (anti virus and network agent). While this made the problem happen less, it did not go away completely, if I copied x3 or x4 large files (2gb+ in size each) at the same time, the network connection would drop again.

The problem was made even worse because there was no way to get the connection back without restarting the machine. Disabling and re-enabling the interface did not work, using netsh to reset the interface and winsock also did not work. The machine would become unstable and need a power cycle in the end.

I thought perhaps it was being caused by using bad network interface card drivers, so I downloaded the latest ones from the vendor web site but still the connection dropped under heavy load.

And then I spotted it. while checking the driver details for the network interface. kaspersky had added a protocol stack component that I knew nothing about, the ‘kaspersky NDIS 6 filter’.

kaspersky ndis 6 filter

kaspersky ndis 6 filter

Checking on the kaspersky site, it seems that this is a network level embedded packet interceptor. as packets arrive and leave the network card interface, the NDIS driver intercepts them for scanning to try to determin if the packet contains malicious content. It would seem that under heavy network load, the intercepts become too much and it trashes the network stack beyond repair.

Disabling this component by clearing it’s checkbox and unbinding it from the network stack seems to have fixed the issue and I was able to copy x8+ large files (2GB+) simultaneously without any connection issue. It also seems to have corrected a more minor issue I was experiencing with system pauses when network operations were happening.

I hope this helps anyone else having these issues.

Tags: , , ,

5 Responses to “Kaspersky NDIS 6 Filter Causes Network Loss…..”

  1. mikeatsg says:

    Same problem – different manifestation. Kaspersky installed on Win7. uninstalled it but this piece of crap hung around forever. I sorted it for myself but it took about 4 hours. I never want to hear the name Kaspersky again – ever!

  2. Dave says:

    If you have TREND WFS it will cause the same issues. You can unistall and reinstall without it. These anti virus programs are becoming a problem in themselves

  3. Windows 7 and M$ Security Essentials is the pair that works best for me. Not to mention, it’s 100 % free (apart from Windows 7 : ))

  4. makeijan says:

    It’s amazing how 3 years later a similar problem is affecting me. Just one week running Kaspersky and I already regretted having bought it!

  5. dan says:

    Same here. Old posts same issues. Windows 8 64bit and I noticed the filter too, so researching it and it goes along with my connectivity issues. I don’t agree with disabling it because of security issues that go hand in hand, so now that I know this the real question is should I stick with this brand.

Leave a Reply