Endpoint Protection

Hi All,

Good Day.

We are using Sep 12.1 RU1 MP1, Recently we have installed on Exchange 2010 and now we have noticed that Exchange server is Hanging because High utilization, and we have lookup the same case with Microsoft and they have guided " idsvia64.sys" is causing the issue ? (Got it from Memory Dump analysis)

We have installed following components on Exchange server and given recommended Exclusions as well

1. Virus, spyware and Basic download protection

• Advance download protection

2. PTP

• SONAR and ADC

3. NTP

• Intrusion Prevention

I need to confirm that  " idsvia64.sys" is the part of which component  on Protection ?

Regards

Ajin

Hi Ajin,

Please note: in SEP 12.1 and later versions, IPS kernel driver (idsxpx86.sys for 32-bit and idsvia64.sys for 64-bit systems) is installed and running with Advanced Download Protection feature (aka Download Insight).

For more information:

http://www.symantec.com/business/support/index?page=content&id=TECH162135&actp=search&viewlocale=en_US&searchid=1359464205914

Hello,

In SEP 12.1 and later versions, IPS kernel driver (idsxpx86.sys for 32-bit and idsvia64.sys for 64-bit systems) is installed and running with Advanced Download Protection feature (aka Download Insight).

In your case, I would request you to check these Articles below:

Best Practices for employing Intrusion Prevention System (IPS) to high-availability/high bandwidth servers.

http://www.symantec.com/docs/TECH162135

Windows Server 2008 x64 Crashes with Symantec Endpoint Protection 12.1 client installed with DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

http://www.symantec.com/docs/TECH199657

Secondly, 

I would request you to uninstall SEP 12.1 RU1 MP1 and then reinstall SEP 12.1 RU2 on it.

By reinstalling the SEP 12.1, it would then create exceptions for Exchange 2010 which may help eventually.

Hope that helps!!

Have a look at further recommendations for installing SEP on windows server systems:

http://www.symantec.com/business/support/index?page=content&id=TECH92440

...and about the automatic exclusions of SEP on Exchange 2010 machine:

http://www.symantec.com/docs/TECH102400

First thing I would do is remove all components except AV. See what the result is.

Also, make sure you have the necessary exclusions in place for Excahnge.

HI,

I agree above comments.

What happend when you have stop sep service?

If you have install exchange different drive automatic exclusions not work you can add manually.

Yes, we all want to see the result, as its know issue, but still.

Hi All,

Thanks for all Help.

We have run our exchange server with only AV and spyware component and it is working perfectly for the past 7 days :)

Regards

Ajin