Endpoint Protection

This isn't seeking answers, unless someone has them, it's just sort of a list of issues we still have with the VERY VERY latest issue of SEP (MR4, MP1a)

* LU process ties up server, and slows clients a LOT. Takes up memory and CPU and at times, won't release until after a reboot. That bit is rare, but it happens.

* Firewall ignores DNS option, only uses IP. You can't plug in a *.symantec.com like the documents state and like the wizard tells you that you can do. Put in an IP address and the world is great, works fine, use that DNS bit, no dice. I'd much prefer to use the DNS name, such as eBay.com or *.eBay.com instead of plugging in 6 IP addresses to monitor or block ebay, or youtube, or whatever the target is. That way if the IP changes, or it's on a rotating or load-balancing situation, the site will ALWAYS be logged or blocked or whatever. I don't know why it's in the documents and the wizard and is even on the screen when you configure or build a rule, but it simply doesn't work!

Firewall SLOWS the browser to a crawl loading pages if you setup a rule using the HOST GROUP. Go into Policies, then Policy componants and create a HOST GROUP. Ideally you can set those up in this central place, and they are usable in any firewall rule with the click of a box. NIFTY! Except - if you plug in the list of IP addresses, a range or even a single IP address, then go create a rule, and use that host group as the trigger, the browser crawls! Go back to that firewall rule, uncheck that host group and instead plug the numbers directly into the firewall rule, the browser is MUCH faster. For some reason, the use of those centrallly managed host groups, while a GREAT idea, slows the firewall down. Loading ANY page is several times slower if you have a rule that logs or blocks, for example, and uses the host group for the target. But that same rule dosn't slow things down at all if that rule doesn't use the host group. Proven by a FULL DAY worth of testing - 8 hours worth - I have stats and numbers to show it.

Will add more as I find 'em.

Hi ShadowsPapa,

We certainly appreciate the information and issues you've pointed out in your post.  Throughout the day, I am perusing the forums and attempting to identify issues that have not been resolved or go unanswered by other users.

I noted your post in particular, and sent it to a few folks internally.  Not more than 5 minutes later, I received emails from other folks within the organization asking if I/we noticed your post!

I can say with conviction, there are many people within Symantec that review the contributions that you and other users make to this community.  On behalf of everyone here, thank you!  We are listening, and these threads are escalated to the appropriate folks within the organization.

Best,

Eric

 Hi ShadowsPapa,

We understand the issue that LiveUpdate has caused our customers. I need to check internally on where we are with the mitigation strategy. I am currently thinking that we have something in MR4 MP2, but I need to check on that.

Jim

Thanks Jim2 for the response, I'll look forward to hearing what's planned and working with your team to communicate the information to the community.

Eric

 Hi guys,

We have some LU improvements in MR4MP2. The fixes should ensure that LU does not conflict as much with other activity going on. I think we still peg the CPU for periods, but we are more cooperative with other activities. I certainly will be interested to hear feedback once released.

JimBr

There's something going on internally at Symantec. Much more communication, more interaction, more response. I can't help but say I've noticed a change in the last few weeks........ more to what I remember from the late 90s and prior to 2002. Sometimes going backwards is good.

Thanks for the updates.

As I see anything or IF I see anything more  I'll try to be more "scientific" about it and add what tests have been done, etc.

Believe me, we'll take note :)

 Looking forward (or dreading) the feedback ... depending on which way it goes :-) In either case, feedback is always good.