Performance issue while running EXE file stored on Linux server remotely using Windows machine with SEP 12.1
|Article:TECH165128|||||Created: 2011-07-21|||||Updated: 2012-07-28|||||Article URL http://www.symantec.com/docs/TECH165128|
There is a Linux server with Samba that host internal application (EXE file). From a remote Windows machine with Symantec Endpoint Protection (SEP) 12.1, it will take about 2 minutes to launch the application and be able to use it. Bigger the application file is, longer it takes to run it.
If SEP 12.1 is disabled, the problem stays the same. If SEP 12.1 is uninstalled, the application is working immediately. This was not happening with SEP 11.0.6.
RedHat Enterprise 5 with Samba.
This is related to a change in SEP 12.1 regarding Auto-protect and the way it's acting against executable files. Once a executable is coming onto a machine (either in disk or memory) protected by SEP 12.1, and the client does not know if the file has been scanned on remote machine, SEP 12.1 will scan the file, even if Network Scan feature is not enable in Antivirus/Antispyware policy. This is an improvement made in order to avoid specific threats from being only stored in memory and bypassing Antivirus analysis.
This is working as designed. If you want to workaround the performance problem, you may follow one of these steps:
- Store the application on Windows machine, enable Network Scan and the rule to trust files hosted on remote machine which is protected by SEP 12.1
- Increase Network Scan cache size and cache timeout values in order to avoid multiple scan attempt on that file
Article URL http://www.symantec.com/docs/TECH165128