01-29-2014 10:42 PM - edited 01-29-2014 10:46 PM
I experienced a bizarre problem today and although I've resolved it now I thought I'd post it here just in case someone else experiences the same issue.
The issue was in regards to WiFi not working properly on my Lenovo ThinkPad Yoga S1. After a restart my computer's internet (with WiFi on) would work for a few minutes then it would stop. Long story short, I tried various things, and even uninstalled Norton and other software which I thought may have been a culprit but still the same issue. I also used a USB to Ethernet port (since there is no built in Ethernet port in the ThinkPad Yoga) and connected my computer with a cable and disabled the WiFi to see if it was the wireless hardware not working. Unfortunately still the same issue.
Finally I noticed in the Windows Task Manager a process called "Discover.exe". It turned out this was using some noticeable amount of CPU and wondered what this was doing as I hadn't seen that before. I found out that this was a piece of software bundled in with my computer called Lenovo EMC Storage Connector. I'm not sure why it was running but I ended this process.
Viola, suddenly my internet was working again! This time no problems.
I uninstalled this software utility to make sure this doesn't cause this issue again.
I can't understand why Lenovo bundles this software but this seems to have a serious defect and has cost me hours of trying to work out what was going wrong.
I hope this is helpful to someone else who might have this issue.
Solved! Go to Solution.
03-06-2014 10:31 AM - edited 03-06-2014 10:31 AM
I had tha same issue and noticed 'discovery.exe' was hosing my internet. Killed the process and then uninstalled and everything seems back to normal. Apparently LenovoEMC was iOmega...so this is no surprise that is sucks.
Thanks for the help!
03-10-2014 12:09 PM
We were struggling with the same issue. The EMC Storage Connector was DDOSing our firewalls. After several days, we were able to indentify the root cause being this program. Once we unistalled the program, it stopped DDOSing our firewall. We blamed viruses and all sorts of other things. Wish Lenovo would fix this.
04-01-2014 01:10 PM
Thank you for posting this issue. I experienced the same exact issue, which impacted my network to the extent that all router traffic was affected by this program. Once this program begins to go rogue, all other devices have connectivity issues, but once the task is cancelled, everything reverts to normal almost instantly. Oddly, this seemed to initially have had problems after a period of heavy downloading. I've got an identical second machine that hasn't had any problems with this program thus far. Neodymium, yes, you've saved me - thank you!
04-02-2014 04:13 PM - last edited on 04-03-2014 07:38 AM by andyP
Wanted to add to this thread as it's the only one that I actually found where others are seeing this issue - it's solved if you uninstall as others stated.
But here's a better insight on what EXACTLY is happening - hopefully maybe someone from Lenovo will see this and raise a flag (fat chance on a "Community" forum but you never know)
So.... Just worked on an issue that this piece of CrapWare/Bloatware called LenovoEMC Storage Connector AKA Discover.EXE was causing.
Stuff like this is great for my business but I feel sorry for those that don't know what the heck is going on.
In all honesty this has to be the worst (no joke, dead serious) piece of code that I have ever seen and I've been doing network enigeering for well over 25+ years.
I'll describe what this Discover.exe process is doing, though It's obvious by name what this service does, it goes about doing it in a truely amazing way. It must have been written by a half-witted, I have no idea what I'm doing programmer and how it got out of QA is beyone me. Some entity really needs to have their credentials checked.
It's an auto discovery process that I assume is supposed to go out and find any LenovoEMC Network Storage devices that MAYBE connected to your network.
But their seems to be a bug, or if that isn't the case, it's seriously flawed, if this was truely the intention of the programmers on how it was designed to do such.
The code seriously needs to be patched and it needed to be patched yesterday, especially since it's installed on new equipment without most users knowing what it's for or what it does. Vendors need to seriously stop installing their Bloatware, why is this installed on a new Lenovo Yoga Thinkpad? I can understand that if someone actually bought a LenovoEMC storage unit that this software would be included, but a Laptop? Why???
Well, a few days ago I get a call from a friend of mine that I have known for years who just started 6 months ago for a new company (Small 50+ person organization) where she is now managing a small group (3) internal IT folks and stated that her IT People are a wits end and that thier network for the past few weeks was having serious serious issues.
She stated it was obvious that it is something well above her staffs experince and beyond anything that they ever dealt with. She mentioned that prior to calling me, they did have a knowledgeable IT person that consulted for them for many years but sadly that person passed away and well it looked like he pretty much made it so he had job security. I have bailed her out many times in the past when we both worked for a larger organization, she knows that if it's going to get fixed and done right who to call.
First they thought their network issue was being caused byt their ISP but after working with them the ISP stated their end of the network is good, though they do see extreamly high bursts of outbound traffic followed by large bursts of inbound traffic. The ISP stated that perhaps some device within their network may have a virus but in general it's nothing to do with their physical connection to them.
My first line of approach, as anyone elses would be to resolve Network issues, is to place a packet sniffer (Wireshark.org) on the Network and capture everything. As stated her small IT staff had let a consultant do most of the work and they where never properly trained on how you setup a switch to mirror, or how a packet sniffer works.
For me, an easy task but I would had to travel to their business, but lucky for me I new I wouldn't have to be there for a long time as they stated that this event happens daily enough that If I just sat and waited I was sure to see it in action and that I did.
From what I saw this monitor.exe process will flood your network with Netbios Name Services (NBNS) packets not as a broadcast packet on your local network but as directed target packest to IP addresses off your network and it is an inordinate amount of IP Addresses at that.
Not only is the amount of targets that it's spamming large, the frames that are generated to do it are within milliseconds of each other. The application is Insatiable and Belegerent in trying to discover something.
If it's up and running it will be 98% of your traffic on the network, other devices can't get a packet in edgewise everything on your network will become unresponsive.
I witnessed their local router which normally responds to a ping within <1ms would sometimes never respond or if it actually did during this condition it would respond back >350ms or even higher.
Traceroutes to external IP's where even worse, DNS requests forwarded off their network to their ISP's DNS servers never where sent or recieved. To them it was the network is down, and we can't get to the internet.
Keep in mind what I said as well about the packets that are generated by this monitor.exe process because as I stated they are specifically directed to target IP's and not a local broadcast, unbelieavbly you may get a whole boat load of responses back if the other side didn't filter out MS Netbios Packets being directed to their network as well as ICMP unreachable/quleched/administratly filtered packets in response.
So let me post some screen shots with comments.
I'm sorry about the screen size but there is a size limit to attachments.
Here's the first screen shot of what was going on at the time they had network issues just to point out what I want you folks to look at.
Start taking note of the Frame No. the Time stamp as well as please Note the Destination Addresses - pay attention to the following screen shots after this and compare them to each other.
You'll be Shocked as much as I was - this process is sending Name Query NBSTAT frames over the internet to trageted IP ranges and big ranges at that and it appears to be sequential in order. I'll mask the IP's but you'll get the Idea.
Now look at the time and look at the destination address see the pattern.
Once again look below at the time and now look where we are for destination we have moved 1 second in time but it has pumped out a ton of Name Query NBSTAT frames. This is what you will see it's crazy! In general you will hardly see any other devices packets on the network as it's to busy catering to this piece of CrapWare.
Next screen shot - Again look at the time but pay particular attention to what happens to the destination when we reach out and hit x.x.255.255 you guessed it.
So when does it stop?? Look at this - Note the highligted entry and then look at what it does - seriously you have to be kidding me it's now going to throw ARP requests on the network because something responded. Granted when something does it actually stops what it's doing for a brief momement.
And, obvious that some networks on the internet respond to targeted NetBios frames - good idea to firewall these folks. It's also a good idea to stop them from leaving as well (more work for me here it looks like)
Some networks at least respond with ICMP unreachables
The Lenovo Yoga Here figured that what the heck since it's owning the network might as well try to get some of it's own packets out to do some work other then spam discovery requests.
Next note time again and destination for the next two screen shots - time moving along, range moving along faster.
Last, if you throw crap out on the internet I guess one should expect crap as a response.
Amazing Huh!! Seriously what is this discover.exe process trying to do!
Again why is Lenovo putting something like this on their laptops - my client didn't order a LenovoEMC Storage Unit with it. I can see this application LenovoEMC Storage Connector (monitor.exe) being supplied with one of their Storage units, but seriously it needs to be fixed PRONTO!
Hopefully me posting here will save someone a headache.
Personally my client ordered 40 more of these things, for all purposes I'm thinking about telling her to tell Lenovo thanks but no thanks.
I Recommend that you uninstall this application if you don't need it and if you do then you better have Lenovo take a look at it and fix it before it affects your own network.
Moderator note; picture(s) totalling >50K converted to link(s) Forum Rules
04-03-2014 12:50 AM
Add another victim of Lenovos little DOS service AKA LenovoEMCDiscovery to the list.
After about two weeks use of a brand new Lenovo Thinkpad Yoga, the LenovoEMC discovery service started to go crazy. Shortly after the computer is booted the service kicks in creating outbound connections. We are not talking a few, but massive amounts. Our firewall went from 50.000 to 6.000.000 connections in a matter of minutes in a controlled test.
I want detail what this does to a firewall and where i leaves the user on the network, but i guess you can imagine!!
How an application like this ended up beeing preinstalled on Lenovo Thinkpad Yoga's is simply choking. It's worse than any virus we have experienced for years in terms of damage!!
04-03-2014 01:41 PM
All - we experienced what appears to be the same issue and resolved Tuesday 4/1 by removing the suspect software.
Initially, the ThinkPad Yoga worked fine. It went to a home-office user where it crashed his home network connecting via wireless. Plugging it into a wired connection crashed it again. Being highly skeptical, we considered a myriad of likely causes including end user, malicious logic, bad drivers, or perhaps router firmware.
We made the mistake of bringing it back to the corporate office and connecting to the network. (Really….don’t do this) It caused basically a DoS internally and for external employees as well attempting to connect to the VPN. As soon as we took it off the network everything went back to normal operation. (This made a believer of me)
Since then, I contacted Lenovo support but the issue didn’t get anywhere nor did they seem overly concerned with the impact of this problem. I ended up escalating through the vendor I purchased the ThinkPad Yoga from. I’ve since talked with Lenovo out of NC and they are digging into this issue.
04-04-2014 06:48 AM - edited 04-04-2014 09:46 AM
Thanks for reporting this - will definitely look into it.
Edit - our teams are working on this. I expect that this will be addressed via some update to the application. In the interim, I would recommend un-installing this application. (As has already been suggested by others in this thread).
Many thanks for the detailed info shoretechservices!
04-04-2014 05:56 PM
Thanks everyone for pointing this out, and we're really sorry for the trouble this preloaded software has caused.
As was described above, the software is using a bad technique to scan for network storage devices, and in addition to this it was implemented incorrectly. Specifically, the discovery goes haywire on a a class B network (netmask < 255.255.255.0) or class A network (netmask < 255.255.0.0). We will fix this ASAP so that future systems don't cause this problem. In fact we are going to remove the NetBIOS discovery completely.
If you are experiencing this problem, the best way to deal with it is to uninstall the Lenovo EMC Storage Connector software from Control Panel -> Programs and Features. It may be necessary to first stop the LenovoEMC Discovery service, or kill the discovery.exe process.
Again, we are really sorry about this issue and for the inconvenience it has caused.
04-06-2014 12:48 PM
LoL - same strage problem here ...
Discovery.exe with 0.4% CPU Load non-stop was blocking my W-LAN Traffic...
Normal LAN worked but no W-LAN... strange.
After uninstalling LenovoEMC Storage Connector everything works well again !!!
Bul**bleep** Bug !# Crap ware... !###!!