Information about the "Fast Pathing" feature in SEP 12.1 RU4

Article:TECH212153  |  Created: 2013-11-01  |  Updated: 2013-11-08  |  Article URL http://www.symantec.com/docs/TECH212153
Article Type
Technical Solution


Issue



"Fast Pathing" is a feature that it allows an organization to set a relatively long heartbeat interval to minimize traffic without losing up to date information about the security of clients.

Without this, important events like viral infections would only be uploaded during a heartbeat. Waiting for a heartbeat to forward events to the SEP Manager could slow down an organizations response time to an emerging threat.


Environment



  With "Fast Pathing" enabled, the client checks if there are new detections (*) or new network security events every minute.  If one of these critical events is found, the SEP client uploads all threat-detection and network security related information for the events from the logs (AVMan.log and seclog.log) but not any other log information.

         * Excluding System Change events and Tracking Cookies

The “None” Damper:
Any SEPM notification with a damper of “None” is set to be checked for each minute.
The “None” damper setting allows notifications about priority event to happen  quickly.
 
Priority Heartbeat process flow:
Every minute, if applicable.
Connects - Uploads Security and AV logs (No commands, No OpState, No definition information, No updates).
Disconnects.

Cause



 Configuration:

Priority Upload Configuration.
-There is a checkbox to enable/disable this in the communications settings on SEPM
    This setting is per group and inheritable.
 
 
 
Immediate Notifications.
-There is a new option for the damper on security event related SEPM notifications: “None”.  
   Setting this causes this notification to be evaluated every minute, to ensure up-to-date information.
 
 
 

Solution



 -




Article URL http://www.symantec.com/docs/TECH212153


Terms of use for this information are found in Legal Notices