Endpoint Protection

 View Only

  • 1.  Enabling Intrusion Prevention Policy lowers ping times????????

    Posted May 01, 2009 04:49 PM
    We had read the posts about long ping times with MR4 MP1a and saw that ours were consistently below 1 ms. We made one tiny change and our ping times went high and erratic.

    Low ping times:

    Policies - Intrusion Prevention Policy
    Overview - Enable This Policy - CHECKED
    Settings - Enable Intrusion Prevention - Un-checked
    Settings - Enable Denial of service prevention - Checked
    Settings - Enable port scan detection - Checked
    Settings - Enable excluded hosts - Checked and exclusions are set for ALL of our internal subnets
    Settings - Automatically block an attacker's IP address - Un-checked
    Exceptions - None set

    --------

    So we're looking at this and I said to myself "Self, why do I have this policy enabled if I have an "excluded hosts" entry for all of our internal subnets?" I couldn't think of any reason so I un-checked "Enable this policy" and updated my policy.

    -------

    As soon as the policy updated the ping times from my computer went through the roof, even to a computer on the same subnet that's about fifty  feet of wiring away. I then ran a continuous ping and re-checked "Enable this policy" and did an Update Policy. As soon as the policy updated, the ping times went from 80 - 500 ms to less than 1 ms.

    What's up with that?

    Ray


  • 2.  RE: Enabling Intrusion Prevention Policy lowers ping times????????

    Posted May 01, 2009 05:15 PM
    Not much idea as i have not tested it. You can try configuring in Ping pong rule of firewall policies.


  • 3.  RE: Enabling Intrusion Prevention Policy lowers ping times????????

    Posted May 01, 2009 06:03 PM
    We have been experiencing an issue with the increase in ping times with MR4 as you obviously know. It is also published here for anyone else that wants to take a look at the issue I am refering to.

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009012711494548

    Although your reported ping increase is ALOT higher than reporting ping increases before. Also they are very erratic like you said. You should call in and make a case out of this. Maybe one case has to do with the other? The more information we have on this issue the quicker we can solve it. If anyone else has any suggestions please post because the symptoms of this case don't match up exactly with the issue I am referring to.

    Cheers,
    Grant



  • 4.  RE: Enabling Intrusion Prevention Policy lowers ping times????????

    Posted May 01, 2009 10:12 PM
    It is XP SP3. We do have Network Threat Protection enabled but we're only using it only for Application and Device Control. The firewall policy is not enabled.

    Ray


  • 5.  RE: Enabling Intrusion Prevention Policy lowers ping times????????

    Posted May 05, 2009 11:48 PM
    Hii...averyone

    I have found a problem from my costomer, Before they are install SEP MR4 on the client, they test comunication the Computer with the server use the ping command (default), the result is "time <1 ms".
    Then they install the SEP MR4 client from the package install on that computer with all feature in SEP, after install the SEP client they are test again communication computer with the server use the ping command (default), the result is "time =15 ms".
    After that I try to disable NTP (Network threat protection) and then test ping again the result is "time <1ms"

    Does the Symantec Endpoint Protection (Network threat protection) droping
    the speed,......???

    Could you please give me the explanation about that.....??


    Iwan


  • 6.  RE: Enabling Intrusion Prevention Policy lowers ping times????????

    Posted May 05, 2009 11:55 PM
    Hi Iwanto, this is still unknown issue as to what is going on, but I think Symantec is investigating on it. Please refer to Grant's post. Please check the link he provided. Hopefully this will be fixed on mp2.