Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

Endpoint Activity During Vista Network Login

Updated: 22 May 2010 | 2 comments
Bob Wenzlau's picture
Bob Wenzlau
0 0 Votes
Login to vote
This issue has been solved. See solution.

I am troubleshooting an issue with a mobile computer that has a docked-mode on a LAN that has the end point protection, and a mobile mode.  When I dock, and logon to the network, the desktop does not reveal and a high-level of disk activity is occurring.  I believe I have diagnosed it to the endpoint process, but do not know how to manage the endpoint service such that it will allow the login to complete before enacting a scan or whatever activity the software is choosing to complete.  Is this a reasonable diagnosis of a problem, and how might I resolve this? 

Discussion Filed Under:
, ,

Comments

Prachand's picture
17
Aug
2009
0 Votes 0
Login to vote
Prachand
Trusted Advisor

Change Auto Protect to  SEP

Change Auto Protect to  SEP start
imagebrowser image

Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)

SOLUTION
Cass's picture
17
Aug
2009
0 Votes 0
Login to vote
Cass
Symantec Employee
Accredited

Without having more

Without having more information it is hard to say what is at the root of this issue. It could be many things but a process of elimination may be in order to help eliminate possibilities.

First I would disable Tamper Protection to rule it out.

     To Disable Tamper Protection

  1. Log into the Symantec Endpoint Protection Manager
  2. Click on the Clients page
  3. Select the group 
  4. Click on the Policies tab
  5. Click on General Settings ( Note: If this group is inheriting settings you will need to highlight the top level group)
  6. Click on the Tamper Protection tab
  7. Uncheck Protect Symantec security software from being tampered with or shut down
  8. Apply the update
  9. Reboot the client

    Note: You can also disable the SPBBCDRv driver in the device manager
    Note: If this resolves the issue you could also try to set exclusions for tamper protection

     

If that does not resolve the issue, next I would disable a single portion of the product one by one, testing each time, to determine which piece is the cause. For example I would first start by disabling (or uninstalling) Network Threat Protection and rebooting to test, if the issue persists then I would disable Proactive Threat Protection and test, and finally I would disable AutoProtect and test.

     To Disable Network Threat Protection

  1. Log into the Symantec Endpoint Protection Manager
  2. Click on the Clients page
  3. Right-click on the desired group 
  4. Choose Run Command on Group
  5. Select Disable Network Threat Protection
     

     To Disable Proactive Threat Protection

  1. Log into the Symantec Endpoint Protection Manager
  2. Click on the Clients page
  3. Select the group 
  4. Click on the Policies tab
  5. Click on Tasks and then Edit Policy across from the Antivirus and Antispyware policy
  6. Click on TruScan Proactive Threat Scans on the left-hand side
  7. Uncheck Scan for trojans and worms
  8. Uncheck Scan for keyloggers
  9. Click OK
     

     To Disable AutoProtect

  1. On the local client right-click on the shielt in the taskbar
  2. Choose Disable Symantec Endpoint Protection

Once you know what piece of the product is at cause you can hone in your sights to know what settings need to be adjusted.

Cass Averill

Install and Migration Docs for SEP 12.1
Install and Migration Docs for SEP 11

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,010