An EndPoint Special config for thr the file server
Updated: 23 May 2010 | 5 comments
This issue has been solved. See solution.
Hello,
I Have many performance bottlenek when I install the Symantec EnPoint on my file server.
Can you tell me the best practices according to this type of installation ?
User report that they can not open file that are in the files serveurs.
Thank for your help.
discussion Filed Under:
Comments
File Server
For file servers it it recommened that you have only Antivirus and Antispyware installed...
If you are installing Network Threat Protection make sure all your firewall rules are well configured and IPS is set to only log and not block the access for 10 minutes or so.
The very Main configuration for File Server is Disable Network Scanning on File System Auto-Protect
Turn off Tamper Protection.
If you want to dig further more then you can also enable Netowrk Caching
File system Auto-Protect- Advanced-Network -Netowork Cache
Network cache
This option prevents Auto-Protect from scanning the same file more than once and may improve system performance. You can set the number of files (entries) that Auto-Protect scans and remembers. You can also set the timeout before the files are removed from the cache. After the timeout expires, Auto-Protect scans the network files again if the client requests them from the network server.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Hi, please, add the version
Hi,
please, add the version of SEP, the O.S. and if the SEP is self-managed or managed (double click in the yellow shield > help and support > troubleshooting, see the row "server:").
Regards,
Regards,
Giuseppe
Thats right
If you are using Network threat Protection on the file server and your SEP version is 11.0.4010.xx then it might cause a problem in this case you need to upgrade to the latest version of SEP MR4MP2
Also if you are using Windows 2008 then you have to upgrade to the Latest version of SEP MR4MP2.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Now I have insttaled symantec
Now I have insttaled symantec Endpoint on the server but without the IDS, the IPS and the Firewall
It is working better, I want you to tell me how i can configure the IPS to work as IDS only (just reporting).
IPS as IDS
Symantec Endpoint Protection has HIPS in the Network Threat Protection Component.
You can however use it as HIDs by changing the Action for all rules from block to Allow and LOG.
However whenever a new Definition ( IPS Rules ) will get downloaded you will have to change the Action for that rule.
Steps to do this:
Login to SEPM -Policies -Intrution Prevention-
Edit -Intrution Prevention policy ->
Exceptions -> Select All -> Next -> Change Action : Block to Allow Log : Log the Traffic
If you want to disable the Intrution Prevention Alert notification on the client that cab done from
SEPM -Clients- select the Group and Click the policy tab on the right hand side..
Location Specific settings - Server Control -Customise -Uncheck display Intrusion Prevention notification
In addition to this where it says to block attackers IP addres for 600 secs disable that as well.
www-secure.symantec.com/connect/forums/logging-hids-component
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Would you like to reply?
Login or Register to post your comment.