Endpoint Protection

 View Only

  • 1.  Endpoint Protection 12.1 on Terminal Servers

    Posted Aug 20, 2011 02:31 PM

    Hello,

     

    My organization has 5 terminal servers, to perform a test to see how the new 12.1 Endpoint protection performs I upgraded from 11.0 to 12.1. We had it setup so that SMCGUI would not show up in all of our users system trays as to save on performance. Now with 12.1 I can already see that SMCGUI will show up in all of our users system trays. 

     

    My question is, has anyone upgraded to 12.1 on they're terminal servers and what have they done to see an improvement in performance or has it been a nightmare. I have only installed it on one of the 5 for this reason. I will update this forum post with my findings and if need be will call Symantec to see a smooth transition to 12.1



  • 2.  RE: Endpoint Protection 12.1 on Terminal Servers

    Posted Aug 20, 2011 11:09 PM

    No problem here following the best practices for SEP and terminal server:

    http://www.symantec.com/business/support/index?page=content&id=TECH91070&locale=en_US



  • 3.  RE: Endpoint Protection 12.1 on Terminal Servers

    Posted Aug 20, 2011 11:56 PM

    This is for 11.0

     

    When I called Symantec and asked them if the multiple instances of smc per user on a terminal server they said it was fixed. So the managed but unmanaged aspect of the terminal server would go away. 

     

    I just want to know if anyone has seen any issues with they're terminal servers with 12.1 specifically. Did they have to do anything to "Hack" it make it perform better.

     

    Thanks



  • 4.  RE: Endpoint Protection 12.1 on Terminal Servers
    Best Answer

    Posted Aug 21, 2011 07:30 AM

    In SEP 11, we used to do this. Try and see if it works in SEP 12.1 ,I n my opnion it should work in SEP12.1

     

    SmcGui must be disabled (to avoid multiple instances of that process and the SEP tray icon) by adding the following DWORD registry value on the Terminal Server:
    HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\LaunchSmcGui = 0

    To further optimise memory, you can prevent ccApp from loading: Browse to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (for 64bit servers this is HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run), find the ccApp entry and delete it

    When disabling SmcGui, the following functionality is also disabled:

    • No SEP icon on the system tray
    • No ability to open the system logs from the client GUI
    • No ability to see the firewall or SNAC status from the GUI (most customers will not install a firewall on their Terminal Server)
    • No startup scans
    • No delayed threat detection notifications
    • No missing or out of date definition notifications
    • Clients do not display all information in the Help & Support > Troubleshooting > General Information (Server, Group, Location, Policy serial number, etc)
    • Clients locally show as Offline on the Help & Support > Troubleshooting > General Information view. In reality the client is still forwarding stateful information and log data to the Symantec Endpoint Protection Manager (SEPM).
    • Clients do not show the Logon Client status on the SEPM client status view.

    The following is a list of the features that are lost after disabling ccApp:

    • Internet Email Scanning


  • 5.  RE: Endpoint Protection 12.1 on Terminal Servers

    Posted Aug 22, 2011 07:03 AM

    The registry key still works, and is suggested for terminal servers.

    SEP12 only opens SmcGui when the UI is opened by the user, but ccSvcHost now has a per user component which takes over from SmcGui - its much more lightweight, but by using the LaunchSmcGui registry keys, you can prevent the per user instance from staying loaded in memory.

    We have also been able to bring a lot of functionality back to the client, versus using these features in 11.



  • 6.  RE: Endpoint Protection 12.1 on Terminal Servers

    Posted Sep 25, 2011 11:12 PM

    Paul, can you expand on what registry key to change to prevent ccSVCHOST.EXE from staying in memory on a terminal server please? We are find this application is okay when running a published desktop but when running when launched through a published app it is hanging at logout. We would like to stop it from loading per user.



  • 7.  RE: Endpoint Protection 12.1 on Terminal Servers

    Posted Sep 26, 2011 08:04 AM

    The LaunchSmcGui registry key does this



  • 8.  RE: Endpoint Protection 12.1 on Terminal Servers

    Posted Oct 26, 2011 10:52 AM

    When I tried this registry edit on a Windows 2003 terminal server (with smc stopped), it replied with unable to wrie to that key [paraphrased].

    HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\LaunchSmcGui = 0

    To prevent the users from being down, I simply uninstalled SEP for the time being. How do you make the registry edit?



  • 9.  RE: Endpoint Protection 12.1 on Terminal Servers

    Posted Oct 26, 2011 01:14 PM

    If the machine has 12.1 installed tamper protection in most likely preventing you from modifing that key. Try disabling tamper protection then changing the key.



  • 10.  RE: Endpoint Protection 12.1 on Terminal Servers

    Posted Nov 03, 2011 03:56 PM

    I changed this registry key to 0 - and successfully restarted the SEP services, all appeared ok.  However, following a reboot, all of my terminal servers now have the LanchSMCGui registry key as 1 again.

    Is there some additional step required to make this change stick?