This isn't seeking answers, unless someone has them, it's just sort of a list of issues we still have with the VERY VERY latest issue of SEP (MR4, MP1a)
* LU process ties up server, and slows clients a LOT. Takes up memory and CPU and at times, won't release until after a reboot. That bit is rare, but it happens.
* Firewall ignores DNS option, only uses IP. You can't plug in a *.symantec.com like the documents state and like the wizard tells you that you can do. Put in an IP address and the world is great, works fine, use that DNS bit, no dice. I'd much prefer to use the DNS name, such as eBay.com or *.eBay.com instead of plugging in 6 IP addresses to monitor or block ebay, or youtube, or whatever the target is. That way if the IP changes, or it's on a rotating or load-balancing situation, the site will ALWAYS be logged or blocked or whatever. I don't know why it's in the documents and the wizard and is even on the screen when you configure or build a rule, but it simply doesn't work!
Firewall SLOWS the browser to a crawl loading pages if you setup a rule using the HOST GROUP. Go into Policies, then Policy componants and create a HOST GROUP. Ideally you can set those up in this central place, and they are usable in any firewall rule with the click of a box. NIFTY! Except - if you plug in the list of IP addresses, a range or even a single IP address, then go create a rule, and use that host group as the trigger, the browser crawls! Go back to that firewall rule, uncheck that host group and instead plug the numbers directly into the firewall rule, the browser is MUCH faster. For some reason, the use of those centrallly managed host groups, while a GREAT idea, slows the firewall down. Loading ANY page is several times slower if you have a rule that logs or blocks, for example, and uses the host group for the target. But that same rule dosn't slow things down at all if that rule doesn't use the host group. Proven by a FULL DAY worth of testing - 8 hours worth - I have stats and numbers to show it.
Will add more as I find 'em.