Endpoint Protection Small Business Edition

 View Only
  • 1.  LUCOMS unexplained network traffic on SEPM server 2003

    Posted Apr 18, 2013 06:11 AM

    I have observed very spikey network traffic in our organisation and after further investigation have found it to be the LUCOMS process on the endpoint protection manager server.

    The spikey behaviour seems to occur every 20 minutes ~ and eats up approximately 1.5MB for 3-5 minutes.

     

    I checked the Policies --> Live Update policies (on the SEPM) and found that updates were being scheduled 'Continuously'... I changed this to 4 hours however this made no change.

    I am not sure what else could be causing this issue as I would only expect bytes received to be caused by live updates.

     

    SEPM version is 12.1.2015.2015



  • 2.  RE: LUCOMS unexplained network traffic on SEPM server 2003

    Posted Apr 18, 2013 08:17 AM

    Its the liveupdate component which downloads the daily definition.

    Check if you have Symantec liveupdate administrator installed. That might pull the updates for different products of Symantec.

    In SEPM check if you have selected product updates to be downloaded. new patch might have been released today.

    Just uncheck whatever you dont need..that should slow down



  • 3.  RE: LUCOMS unexplained network traffic on SEPM server 2003

    Posted Apr 18, 2013 08:29 AM

    I think you're right about the live update administration utility.

    I am 'retrieving' updates manually and it ran for a few minutes, consuming 1.5MB/s.

    I am unsure as to whether we actually require the liveupdate administration utility or not, and if we do, which products need to be selected for SEP 12.1?

    We currently have selected:

    • LiveUpdate (should this be unselected?)
    • Norton AntiVirus Product Updates
    • Norton AntiVirus Virus Definitions
    • Symantec AntiVirus Corporate Edition

     

    Is it safe to unselect these? Would it effect the SEPM or clients ability to download virus definitions?



  • 4.  RE: LUCOMS unexplained network traffic on SEPM server 2003

    Posted Apr 18, 2013 09:46 AM

    Weird - I unchecked all of the products but network utilisation is still spikey.

    Checked event viewer and saw that the SEPM is still downloading updates every 15 minutes ~


    Event 7210 : Scheduled LiveUpdate session started.

    Event 7211 : LiveUpdate session completed. Total time elapsed: 3 minute(s).

     

    Update: Ahh, I found another live update setting within the SEPM console. It is hidden away in the 'Admin --> Local Site (My Site) --> Edit Site Properties --> LiveUpdate

    This was set to 'Continuously' - I have now changed to every 4 hours and will update this post if this fixes it



  • 5.  RE: LUCOMS unexplained network traffic on SEPM server 2003

    Posted Apr 18, 2013 09:52 AM

    I checked the Policies --> Live Update policies (on the SEPM) and found that updates were being scheduled 'Continuously'... I changed this to 4 hours however this made no change.

    ....this was the setting for the updates of clients from liveupdate - so not applying here

     

    Update: Ahh, I found another live update setting within the SEPM console. It is hidden away in the 'Admin --> Local Site (My Site) --> Edit Site Properties --> LiveUpdate

    - yes, this is the correct settings for SEPM updates from Liveupdate Servers



  • 6.  RE: LUCOMS unexplained network traffic on SEPM server 2003

    Posted Apr 19, 2013 03:26 AM

    Please keep us posted with the results. I hope by this time the network usage might have come down