Best practices to improve low performance.
| Article:HOWTO55872 | | | Created: 2011-07-08 | | | Updated: 2012-04-17 | | | Article URL http://www.symantec.com/docs/HOWTO55872 |
If you have performance issues, please verify and correct the following settings:
1. Disable Network Scanning from the Symantec Endpoint Protection Manager:
a. Under the Policies Tab, select Antivirus and Antispyware.
b. Click the policy you would like to modify and select Edit the Policy.
c. Click File System Auto-Protect.
d. Under Network Settings, disable Network.
e. Click OK.
f. Assign the policy by clicking Assign the Policy, then check each group to which the policy should apply.
g. Click Assign, then click YES.
2. Enable trust in remote versions of Auto-Protect:
a. In the client, in the sidebar, click Change settings.
b. Next to Antivirus and Antispyware Protection, click Configure Settings.
c. On the File System Auto-Protect tab, click Advanced.
d. In the Auto-Protect Advanced Options dialog box, under Additional Advanced Options, click Network.
e. Under Network scanning settings, uncheck Trust files on remote computers running Auto-Protect.
f. Click OK until you return to the main window.
3. Modify the default communication settings between the Endpoint Client and Manager:
a. Click the Clients tab.
b. Select the client group you would like to modify.
c. Click the Policies tab.
d. If this is not the Global group, uncheck Inherit policies and settings from parent group. Ensure that Policy inheritance is OFF.
e. Under Location-independent Policies and Settings, with in the Settings box, click Communications Settings.
f. In the Download box select Pull mode.
g. Modify the default Heartbeat Interval from "5 minutes" to fit your needs (higher time means less network workload). This modifies how often clients check-in with the manager to receive policies, settings, and content (definition) updates.
h. Click OK to save settings.
4. Modify the default weekly scan:
a. Click the Policies Tab.
b. Click Antivirus and Antispyware.
c. Click the policy you would like to modify and then click Edit the Policy.
d. Click Administrator-defined Scans.
e. Select Weekly Scheduled Scan and click Edit...
f. Modify this scan so that it will run at the least intrusive time.
*There are no randomization options for this scan so all Endpoint Protection Clients in this group will run the scan at the same time.
*There are no randomization options for this scan so all Endpoint Protection Clients in this group will run the scan at the same time.
5. Configure IIS Performance Options:
a. Click Start, point to Administrative Tools, then click Internet Information Services (IIS) Manager.
b. Click to expand Server Name, then click to expand Web Sites.
c. Right-click the web site that is hosting the Endpoint Protection Manager content (either Default Web Site or Symantec Web Server), then click Properties.
d. Click the Performance tab.
e. Limit bandwidth usage in one of two ways:
i. Adjust Bandwidth throttling.
a) Click to select the Limit the network bandwidth available to this Web site check-box.
b) Adjust the Maximum bandwidth setting to total less than the slowest network link.
c) Click Apply to save changes.
ii. Modify the total number of web site connections.
a) Click Connections limited to.
b) Adjust the total number of connections allowed to this website to alleviate bandwidth usage issues while still maintaining functionality.
c) Click Apply to save changes.
Note: when setting max connections for the site make sure to include enough connections to allow the manager to function as well (The SEPM-Console uses 3 connections when open).
Note: If the SEPM is installed to the default web site it is possible that connectivity to other content within that site will become unavailable until a connection is released for use.
Verify if Windows Firewall and Symantec Endpoint Protection's NTP settings:
It is best practice that only one software firewall should be run on a computer. Two firewalls that run on one computer at the same time can drain resources, and the firewalls might have rules that conflict with each other. Enabling more than one firewall program is likely to result in conflicts and poor performance.
Verify if Windows Firewall and Symantec Endpoint Protection's NTP settings:
It is best practice that only one software firewall should be run on a computer. Two firewalls that run on one computer at the same time can drain resources, and the firewalls might have rules that conflict with each other. Enabling more than one firewall program is likely to result in conflicts and poor performance.
To prevent this situation, SEP's installer automatically detects and disables Windows firewalls that are enabled. (The exception is, of course, if a custom install package is created which does not include NTP. If this Symantec firewall is not included in the install, an active Windows Firewall will not be disabled during install.)
Using Windows Firewall with SEP's IPS or ADC Features:
It is acceptable to have both Windows Firewall and SEP's NTP component installed on one computer, so long as only one of the firewalls is enabled and acting on the network traffic. One circumstance in which customers may wish to implement such a solution is if Windows Firewall is being used for firewall protection and the IPS (Intrusion Prevention System) components of SEP are desired. (To use IDS/IPS, NTP must be installed but NTP does not need to be monitoring traffic.) This is also the case for SEP's Application and Device Control (ADC): to use ADC, NTP must be installed, though it does not need to be monitoring traffic.
In these cases, NTP's Firewall policy must be completely withdrawn so that it is in pass-through mode.
To withdraw the firewall policy:
To withdraw the firewall policy:
a. In the console, click Policies.
b. On the Policies page, under View Policies, click Firewall Policies.
c. In the Firewall Policies pane, click the specific policy that you want to withdraw.
d. On the Policies page, under Tasks, click Withdraw the Policy.
e. In the Withdraw Policy dialog box, check the groups and locations from which you want to withdraw the policy.
f. Click Withdraw.
g. When you are prompted to confirm the withdrawal of the policy from the groups and locations, click Yes.
|
|
Article URL http://www.symantec.com/docs/HOWTO55872
Terms of use for this information are found in Legal Notices
Thank you.