config causing 35 second delay opening modern MS Office file formats (.docx & .xlsx etc)

[Guyver1wales]

I applied the sysmon-config successfully to approx. 285 windows servers in out estate without issue.

However, one file server (Server 2012 R2) out of our 4 identical file servers developed an issue whereby ONLY .docx, .xlsx file would have an explicit delay of 35 seconds before it would open. After approx. 30+ full work hours tearing the server apart I resolved the issue by detaching the sysmon filter driver from the D:\ where all the servers shares were: fltMC.exe detach SysmonDrv D:

You can see this on this reddit thread - https://www.reddit.com/r/sysadmin/comments/yis8fi/network_share_word_and_excel_files_take_35/

I believe you have something in the configuration that under certain circumstances is causing CANNOT BREAK OPLOCK issues on these specific file types.

I can provide PROCMON output if required.