Endpoint Protection

 View Only

  • 1.  Do we need to Change IPV6 SEP Blocks to Increase Windows boot time

    Posted Jul 16, 2013 11:40 AM

    IN the SEPM, no need for a image capture as we all know what this is, are 3 rules to block IPV6 traffic. As stated, Symantec says that SEP doesnt support IPV6, at least thats what I was able to pull from older threads (Please correct me if im mis-spoken). MY question is something we all love, BOOT TIME.

    In a netsh trace, its seen something (I believe through good old svchost) is talking through IPV6, and no we dont disable it in our builds. If we keep the defaults, and windows turns it on out of the door, and through a image build, will the SEP block and the Windows setting add to boot time?

     

    Does anyone in the community have any realtime feedback on this, very much appreciate any data to suport if my this might add to boot time

     

     

    I know Brian will hop on this Thread im guessing in less than 15minutes :)

     

    as always, thanks for any advice up front, its very much appreciated gang

     



  • 2.  RE: Do we need to Change IPV6 SEP Blocks to Increase Windows boot time

    Posted Jul 16, 2013 11:42 AM

    It's supported but with limitations:

    http://www.symantec.com/docs/TECH174897

    Default FW policy does not block IPv6 (disabled)

    but IPv6 over IPv4 (Teredo and ISATAP) are blocked by default.



  • 3.  RE: Do we need to Change IPV6 SEP Blocks to Increase Windows boot time

    Posted Jul 16, 2013 11:49 AM

    What version of SEP are you now running?  In recent versions (I forget which ones in particular, but definitely 12.1RU3) Symantec have updated the default set of firewall rules to no longer block IPv6 straight out of the box.

    So it should fine for the most part (unless it matches Rules 2, 3, or 4 which are still enabled for blocking)



  • 4.  RE: Do we need to Change IPV6 SEP Blocks to Increase Windows boot time

    Broadcom Employee
    Posted Jul 17, 2013 12:02 PM

    Hi,

    Thank you for posting in Symantec community.

    This is the public KB TECH174897 already shared by Brian81.

    What's the SEP client version? Do you face  this issue with Windows 7 machine only?

    Examining the Windows System and Application Event Logs will also reveal much information about what is occuring during a boot. Are there any errors which consistently appear afterward? Perhaps about services or minifilters that are attempting to load, but fail? Is SEP dependent on those?  

    Windows' User Environmnet log (C:\WINDOWS\Debug\UserMode\userenv.log) is an excellent source of information about slow boot-ups, group policy application and profile loading

    Where enabling Userenv logging is necessary to see exactly what is happening with group policy and profile loading.... One thing to remember is that if the logging is not enabled then do not try and interpret the log since very minimal logging is enabled by default!" (http://www.ditii.com/2008/11/12/how-to-read-a-userenv-log-in-vista-or-windows-server-2008-part-1/ ) Debug info for non-Vista: 221833 How to enable user environment debug logging in retail builds of Windows http://support.microsoft.com/kb/221833

    Understanding How to Read a Userenv Log – Part 1http://blogs.technet.com/askds/archive/2008/11/11/understanding-how-to-read-a-userenv-log-part-1.aspx
    Understanding How to Read a Userenv Log – Part 2http://blogs.technet.com/askds/archive/2008/11/11/understanding-how-to-read-a-userenv-log-part-2.aspx
    Interpreting Userenv log files http://technet.microsoft.com/en-us/library/cc786775(WS.10).aspx

    Reference thread: https://www-secure.symantec.com/connect/forums/sep-1212-pcs-very-slow-after-first-logon-morning#comment-8951201