Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Large Windows File server SEP client deployment best practice

Created: 19 Sep 2012 • Updated: 26 Nov 2012 | 8 comments
This issue has been solved. See solution.

Hi,

I got a Windows Server 2008 enterprise SP2 Virtual Machine on VMware ESXi clustered (MSCS) to serve as File Server (NTFS and DFS), so I wonder how it is supposed to be installed with SEP client V12.1 RU1 MP1 ?

Is there any caveats or best practice to implement for fileserver with drives greater than 4x 2 TB ?

 

Comments 8 CommentsJump to latest comment

pete_4u2002's picture

from thread

https://www-secure.symantec.com/connect/forums/sep-heavily-used-fileservers#comment-4787611

 

For example, the default setting for Auto-Protect is set to scan all files accessed or modified. By changing this to only scan files that have been modified you should be able to alleviate some of the performance issue since files on the server would only be scanned by Auto-Protect if there were changes made to the file.

You would also want to ensure that Auto-Protect is not configured to scan files when they are being backed up.

I've linked some documents below that should provide some assistance with configuration changes to assist with performance while still keeping Auto-Protect enabled.

http://www.symantec.com/business/support/index?page=content&id=TECH102711

http://www.symantec.com/business/support/index?page=content&id=TECH92440

 

 

Mick2009's picture

"Thumbs up" to Pete's advice.

One note, as well: if this is a file server with disks measured in several TB, SEP might not be the right product for the job.  SEP is great for desktops, laptops, most servers, etc,  Symantec also has a Scan Engine product which is designed for the fast, high-volume scanning of fiel servers.

https://www.symantec.com/scan-engine  

With thanks and best regards,

Mick

John Santana's picture

many thanks Pete, so in this case I was under the impression that SEP v12.1 RU1 MP1 have some new features for large drive scanning capabilities.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

pete_4u2002's picture

the performance will be keep on improving :-), however the settings needs to be configured properly if you think of having AV on desktop.

Ian_C.'s picture

Shared Insight Cache

Taken directly from the 'New features' blurb: Built for Virtual Environments: Integrates with VMware vShield Endpoint to offload critical scanning while providing the strongest protection for your virtual infrastructure. Symantec Endpoint Protection can white list baseline images, maintain a shared scan cache, randomize scans and updates, scan offline images and automatically identify and manage virtual clients.

& this: Utilizing a SIC server can reduce the impact of full scans by up to 80%, but does not significantly reduce the impact of Active scans.

& this (the above 80% refers to this paragraph): The Shared Insight Cache tool improves scan performance in virtualized environments by not scanning files that a Symantec Endpoint Protection client has determined are clean. When the client scans a file for threats and determines it is clean, the client submits information about the file to Shared Insight Cache. When any another client subsequently attempts to scan the same file, that client can query Shared Insight Cache to determine if the file is clean. If the file is clean, the client does not scan that particular file

Another tool to use is Virtual Image Exception Tool.

What's new in SEP 12 has a section specific for virtual environments.

How Insight Lookup works explains some ideas on not having to scan files over & over again.

Virtualisation best practices speaks for itself.

About Shared Insight Cache.

I know none of these specifically address your large volume question, but should go a long way in addressing your overall concerns.

 

 

Please mark the post that best solves your problem as the answer to this thread.
SOLUTION
John Santana's picture

Yes, that does make sense Ian !

thanks for the complete suggestion and explanation.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

Ian_C.'s picture

It's a pleasure.

Have you found a solution to your large volume scan problem?

We don't use SIC and our 2-3TB volume takes 7+ days to scan.

Please mark the post that best solves your problem as the answer to this thread.
John Santana's picture

Hi Ian,

I haven't found for the large volume scan solution yet, but at least for the Shared SAMBA network drive, I can use the custom scheduled scan from a client.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.