Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog

Shared Inside Cache with SEP 12.1

Created: 12 Aug 2011 • Updated: 23 Oct 2012 • 6 comments
Chetan Savade's picture
+7 7 Votes
Login to vote

Updated on 23rd Oct'12

Hi,

Shared Insight Cache (SIC) is a server application which caches known clean files in order to optimize scan performances.SIC server is mainly designed for virtual environment but usage on physical system is supported given that network latency is kept at an absolute low.SIC server keeps a record in memory (ram) of files which are voted clean by system performing scans 

First SEP client needs to scan a file.  Queries SIC and finds no record.  SEP scans the file and sends the results to the SIC.

Subsequent SEP clients need to scan the same file.  They query the cache server and find the file has already been scanned with the same version of defs and the file is clean.  SEP client skips scanning the file.

When a second client run the scan it goes though the same process and since the file is cached on the SIC therefore will skip the scan. 

Shared Insight Cache is only available for the clients that perform scheduled scans and manual scans. 

Shared Insight Cache runs independently of Symantec Endpoint Protection. However, you must configure Symantec Endpoint Protection Manager to specify the location of Shared Insight Cache so that your clients can communicate with Shared Insight Cache. No special license is required to install or run Shared Insight Cache.

The tool is located on SEP 12.1 DVD under 
\Tools\SharedInsightCache
 
Helpful Links:

Symantec Endpoint Protection Shared Insight Cache User Guide 12.1

http://www.symantec.com/docs/DOC4334

Shared Insight Cache - Best Practices and Sizing guide

http://www.symantec.com/business/support/index?page=content&id=TECH174123

Installation and Configuration of SEP Shared Insight Cache

http://www.symantec.com/docs/TECH185897

Viewing Shared Insight Cache events in the Cache Server log

http://www.symantec.com/docs/HOWTO55316

How Shared Insight Cache works

http://www.symantec.com/docs/HOWTO55318

About the Symantec Endpoint Protection Shared Insight Cache tool

http://www.symantec.com/docs/HOWTO55311

Customizing Shared Insight Cache settings

http://www.symantec.com/docs/HOWTO55314

Comments 6 CommentsJump to latest comment

DanC@BYU's picture

How can I tell if my SEP client has contacted the SIC Server? I'm running this in a test environment fopreparing for rollout to Production and I know to look at perfmon for items in the cache and hits etc. I have gone through the steps to enable this in the policy and configure the server, but is there a way to tell on the client machine if it is talking to the SIC Server?

-4
Login to vote
TallTech's picture

I am going to post the exact same question from the exact same situation.

How can I tell if my SEP client has contacted the SIC Server? I'm running this in a test environment fopreparing for rollout to Production and I know to look at perfmon for items in the cache and hits etc. I have gone through the steps to enable this in the policy and configure the server, but is there a way to tell on the client machine if it is talking to the SIC Server?

+2
Login to vote
ThaveshinP's picture

Same question:

How can I tell if my SEP client has contacted the SIC Server? I'm running this in a test environment fopreparing for rollout to Production . I have gone through the steps to enable this in the policy and configure the server, but is there a way to tell on the client machine if it is talking to the SIC Server? How and what should I look for using Perfmon?

+4
Login to vote
ThaveshinP's picture

Why is there no built-in utility to report on SIC?

+1
Login to vote
DanC@BYU's picture

I would love to see a report in the SEPM showing me how many clients are using the SIC. Showing number of cache submits, requests, trusted files etc...

-4
Login to vote
Chetan Savade's picture

Hello Everyone,

SIC server counters are availables as a part of the windows performance monitor.

You can add counter in text form.

 

Review of SIC counters

Go to the detail of the first scan

 

Go to the details of Second Scan

You can monitor the difference here.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote