Endpoint Protection

I thought I read somewhere before installing Endpoint that it's not recommended to install Symantec Endpoint protection manager on a server that's running the Exchange server but I can't seem to find the documentation on it.  I got into a.....discussion with my boss about this before installation (which he insisted it won't be a problem).  He doesn't seem to think it has anything to do with occational performance issues with the server.  Am I crazy or did I in fact read the above information somewhere??  

Thanks,
D.


 

I ınstall SEP Client on 4 exchange server (all of them exchange 2003 ) there is no problem and they will work good. but as you well know only network threat protection is not work. because not support all server OS. Is is working normal like another clients.

 

thank you for your reply, but I apparently didn't make my question clear.  It's the Endpoint management server I'm questioning being installed on the same server that running our Microsoft Exchange server.

D

 Oh i am sorry my mistake. I didn't install SepManager on exchange server .as you well know exchange is very important :) I am not sure it is good choice?
but i am sure this, I install GUP and LUA exchange server and its work fine. but didn't install SEP Manager.
why you choice exchange server? haven't got another server?

SEPM can be resource-intensive, especially if it’s handling several clients. Exchange can be as well. The machine will need to be “strong” enough to run both, and run them well…simply having the minimum system requirements for one (or the other) really is a bad idea.

Other programs (including Backup Exec) that may be present on the machine could cause conflicts with the SEPM, which, in turn, could lead to clients not being managed properly…however, there’s nothing specific to Exchange itself that would cause issues.

Do you intend to install SEPM on an SQL server or using the embeded database? 
The Exchange server will be/is using what ports for communication?

You will need to take a few things into consideration.  I seem to recall as well that there were documents on this, however, seemingly the only ones I am able to find now all involve the client and not the server itself.

I would say in theory it should work.  Might be some wrinkles to iron out though

I have SEPM installed on two Windows 2003 32 bit Exchange 2003 Enterprise servers that are replicated using the embedded database.  Dual processors and 4GB RAM.  No problems so far (since MR2).  When I eventually replace these servers, I'll convert one of them to a GUP instead of installing SEPM but will keep the other as replicated for disaster recovery.

we've installed it using the embeded database. 

Everything works.  but the server seems to take some serious performance hits - especially Exchange - every once in awhile. 

thanks for all the input folks,
D.

 There were issues with SEPM and exchange but was before MR3 and too only on SBS 2003 as it had conflict with the IIS website.
Since then it has been fixed.
The performance hits you are getting because of the liveupdate that runs every 4 hours and that is resource hungry that will slow down the Server for a while.
Other than that there is no issue installing SEPM on exchange.

I'm also having the problems with the exchanges server not running properly due to SEP. It's MS Exchange 2k3 on  a Windows 2k3 server cluster. They went back to SAV at the moment. They say that SAV works as is and SEP messed it all up.

 Symantec recommends that you exclude the quorum disk, the %Winnt%\Cluster folder, and the file share witness which is located on another server in the environment, typically on the Hub Transport server.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007072619121148?Open&docid=2007090220241148&nsf=ent-security.nsf&view=docid


this is for exchange 2007 but might work in your case.

We tried it and it didn't work. We're disabling the SEP on this one and see what happens. We have already tried disabling the features such as File System Autoprotect and Proactive Threat Scan and this still doesn't work, disabled the service and it still doesn't work. This was working before with SAV. Now I'm thinking that therre could be something that went wrong during migration. :(

Hi Guys!!!

It is possible to install SEPm on Exchange server but it is not recommende. U can install SEP on any Win platefom which is supported. Though Exchange sever is a mailing hub so u need to keep it seperate, if ur SEP goes down and y need to restart it how will u do that cuz u have exchange running and ur organization cannot  afford to restart exchange server. What if ur server crashes due to Spyware/Viruses waht then?? IF u install SEP on exchange server it will not scan the pop3 and smtp mails because its not compitable with exchange. So installing SEP on Excvhange server is of not use.

Ajit

I beg to differ that the SEP client is of use.  How will you protect the OS from viruses that exploit security holes in the OS if the OS is not patched properly (and for that matter, when an exploit is determined to the amount of time it takes Microsoft to develop an update)? 

If SEP goes down (assuming you mean SEPM), you can edit your management server list to fail over to another server.  If your server crashes due to Spyware/Viruses, then I would think having the SEP client installed is one more layer of protection to prevent that scenario.

SEP is not designed to scan Exchange POP3/SMTP emails, that's what other products are for.  SEP is there to protect the OS, it's absolutely of use!

We uninstalled SEP. It had all the bells and whistles. Created a package that is only AV (only one box is checked) and installed that.

 You can try disabling tamper protection as well...if you face the issue...i dont think so you will but still...

The server running so far, with only AV installed. Although I think I messed up the package.
On the SEP desktop it says "Your computer is protected. No problems detected"
Then
Protection Technologies "No Symantec protection technologies are installed.

And the button "Scan for threats" and View quarantine" is greyed out.

 I have seen that frustrating screen a lot since MR2...The only way out would be manual removal

all -- thanks for the information as it is helpful. However -- does Symantec have any official whitepapers/FAQ's/guides on their site as to whether they support/reccomend SEP on Exchange 2003? I can't seem to find it. But then again...the web is a big place.

thanks...