When EMP feature is enabled, TMG will accumulate data downloaded by the client and scan all content for malware before transferring it to client. Accumulating entire file and scanning it, may take a significant time. During this, client doesn’t receive any data and as a result a software timeout can occur or user can even cancel download. Therefore, actions need to be taken to avoid this. There’re number of ways to deal with this problem collectively called “client comforting”. When downloading file from Internet through TMG a user can experience different comforting methods.
For more info on TMG comforting method read Configuring malware inspection content delivery at TechNet, that describes potential performance impact by changing default content delivery method from Standard Trickling to Fast Trickling.
Troubleshooting: When Fast Trickling is used as default method, you’ll notice that standard tricking is never used by monitoring following counters (for complete lists of Malware Inspection Counters see this article) on perfmon:
“To balance performance and user’s experience we recommend using Standard Tricking as default method and Fast Trickling for content types which’re streamed by the clients. This way you better balance performance with better user’s experience.”