Endpoint Protection

 View Only

  • 1.  Disabling SEP 12.1

    Posted Jan 26, 2013 10:25 PM

    We are running through a reindex of our DMS, and they say it's running slower than it should. I have kept being asked to make sure certain folders are excluded from scanning, which they were. I (partly to make a point) ran smc -stop on the relevent servers, and verified that all Symantec services were stopped. The indexing performance has not changed.

    Am I right that with all SEP services stopped that all AV functionality is completely disabled, and that the lack of any improvement in performance means that it could not be caused by SEP?



  • 2.  RE: Disabling SEP 12.1

    Posted Jan 26, 2013 10:31 PM

    smc -stop will not disable SEP. Otherwise you can stop the SEP service from services.msc. This should disable it.

    If you have NTP installed, you can right click the SEP icon in the task tray and select "Disable", this will disable the NTP component.

    You can check this as well:

    Disabling the Symantec Endpoint Protection client Network Threat Protection and Intrusion Detection System components

    Article:HOWTO59111  |  Created: 2011-08-31  |  Updated: 2012-07-20  |  Article URL http://www.symantec.com/docs/HOWTO59111

     



  • 3.  RE: Disabling SEP 12.1

    Posted Jan 26, 2013 11:18 PM

    smc -stop was the first thing I did. I went into services and made sure all Symantec services were stopped. So currently no Symantec services are running, including the SEP service and SMC.



  • 4.  RE: Disabling SEP 12.1

    Broadcom Employee
    Posted Jan 26, 2013 11:27 PM
    what version of SEP? is the "Symantec Endpoint Protection" stopped too?


  • 5.  RE: Disabling SEP 12.1

    Posted Jan 26, 2013 11:40 PM

    12.1 RU1 MP1

    Yes, the Symantec Endpoint Protection service is stopped. Symantec Management Client service is off. 

    I feel the issue is elsewhere, but whenever there's a problem it seems like they always say "It's Symantec". I turned everything off so that it couldn't be seen as that the exclusions weren't working. The vendor's documentation actually says to disable real time protection in any AV program running on one of these servers, permanently.



  • 6.  RE: Disabling SEP 12.1

    Broadcom Employee
    Posted Jan 27, 2013 12:02 AM
    yes exclusions are the correct way to check. it should be stopped, can you check this registry entry to know if AP is off or on HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan\OnOff


  • 7.  RE: Disabling SEP 12.1

    Posted Jan 27, 2013 12:34 AM

    That's set to one (under wow6432node). Does that mean that Realtime Protection is currently running, or just that it would be if the services were started?



  • 8.  RE: Disabling SEP 12.1

    Broadcom Employee
    Posted Jan 27, 2013 01:50 AM
    yes, 1 represents on, change it o in registry and check the reindex. also suggest to open a support ticket.


  • 9.  RE: Disabling SEP 12.1

    Posted Jan 27, 2013 07:33 AM

    Easiest way to be 100% sure of SEP is the cause is to deinstall it from this machine for test and check if the problem still occurs.