Endpoint Protection

One of my SEP group client creating high network traffic causing network clogging only to that group.

any help?

tnx

It is creating traffic to SEPM?

are you trying to highlight high network traffic on SEPM or GUP ( on WAN) ?

it is creating traffic to SEPM

Whether it is your GUP PC?

Which is the version of that client?

I have no GUP on that group.

client- RU5

SEPM-RU6a MP1

is the client not updated with the latest signature?

What is the HeartBeat set for this client group? try incresing the HeartBeat and see if it reduces the traffic.

What is the source to know the specific client is generating the traffic? Check if it for configurede port on SEPM?

Whether the client is up to date? If no update it manually one with intelligent updater ....

all updated...

tnx

Chenk to which port in SEPM it is communicating?

If it is to 80/8014 it may be due to virus def corruption in that client.

Clear the defs and update manually and observe

How to clear out corrupted definitions for a Symantec Endpoint Protection Client

port 8014...this problem exist on 1 group(500 clients).

tnx

You mean all 500 clients are together creating traffic?

What is the appropriate band with usage of each client?

Create a new group and move all clients to that group and see...

yes..512 MB

What is the HeartBeat set for this client group?

try increasing the HeartBeat and see if it reduces the traffic.

Is this group of clients running the latest definitions? 

Is this a constant drain on traffic or does it happen at various intervals? 

Is your group in push or pull communication?

Can you provide a screenshot of the communication settings for this group?

set to every 4 hrs..

any improvemnt in bandwidth?

try restricting the IIS connection on the IIS manager

IIS Throtteling can help you.

If you are having 500 clients in a location it is better to assign one PC/2-3 PC as GUP there.This can reduce the traffic.Because in the client traffic ,the traffic created by virus defs will be more always .SO a GUP can reduce the traffic.

yes we will try this one...

thank you

We use Citrix Branch Repeaters at all our locatoins.   Using the monitoring tools in Citrix, we disovered a bug in Symantec Endpoint where clients download part of an update, which fails.  Then the clients attempt re-download this same update over and over non stop.   Because client updates do not use the GUP but go to the SEPM, the bandwidth limiting specified for the GUP does not apply.

I have a thread in this forum about it.   The fix was to delete the failed download of the SEP update from the Symantec folder on the client PCs.  

Another alternative is to remove the client update package from the groups in SEPM.   Or move these clients into their own group as previously mentioned, and create a new install package for them.

Not sure if that is what you are seeing, however that bug was causing a constant 40Mbps avg of traffic to the SEPM.  80Mbps bursts.

If you can upgrade your clients to RU6 MP1 then the below is fixed:

Here's an article on tips for Installing SEP in a low bandwidth environment that might prove useful: click here

Although it doesn't say much in deploying clients. Only updating and setting heartbeat intervals.

What is the path where the failed download would be located? I am also experiencing a high network traffic recently, and all Symantec has to say so far is to throttle my IIS bandwidth.

For SEPM:

https://www-secure.symantec.com/connect/articles/how-clear-corrupt-virus-definitions-sepm

For Clients:

http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/691fb01f62f2a700882573c2006d6de7?OpenDocument

I started a new post yesterday and I'm hoping someone involved in this thread could shed some light.  Thanks!

https://www-secure.symantec.com/connect/forums/sepm-liveupdate-spike