Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Multiple serious problems with symantec endpoint 11 - Please help

  • 1.  Multiple serious problems with symantec endpoint 11 - Please help

    Posted Oct 25, 2007 07:51 AM
    I have installed symantec endpoint 11 on a couple of 2003 servers with around 80 XP clients.
     
    These are the problems so far.
     
    On the server
     
    1. Shares being trashed after some hours.
     
    2. Could not uninstall client on fileshare server by add and remove programs. Had to do it manually.
     
    3. Installation size is HUGE with 5Gb data in this folder:
    "Symantec Endpoint Protection Manager\Inetpub\content"
    Trying to figure out where to truncate or remove these files is nearly impossible.
     
    4. Symantec Backupexec 11d cant take backup of the Symantec endpoint 11 database:
    \Symantec Endpoint Protection Manager\db\sem5.db - skipped.
     
    5. Really hard to make a basic setup as some options are enabled in some idiotic hidden settings. 
     
    On the clients:
     
    1. Giant filesize estimate in add and remove programs (2Gb+). Saying this is a bug in add and remove programs is not serious.
     
    2. Most clients experience that their system runs MUCH slower then with 10.2.
     
    Support
     
    Support is a joke. I have called you guys to open a case and i talked to 5!! different persons all taking the same notes and writing stuff down so you could check that we really was a paying costumer. I finally had a tech guy help me out with the manual uninstall of the client. This was after an hour of waiting on the phone.
     
    Now this is my final try for help. Im really unhappy about this not even NEARLY finished product.


    Message Edited by Unhappy Costumer on 10-25-2007 04:53 AM


  • 2.  RE: Multiple serious problems with symantec endpoint 11 - Please help

    Posted Oct 25, 2007 10:53 AM
    Many of us are in the same boat you are.
     
    Your issues 1 and 2 are being handled in the thread at https://forums.symantec.com/syment/board/message?board.id=endpointcust&thread.id=886.  I'm also experiencing your issue #4.  I've found that if I reboot the machine with the SEP/M database, then the next scheduled backup will succeed.  Temporarily, I'm running a scheduled task to reboot the system after production work hours, but before my scheduled backup begins.  I may also try migrating from the SEP/M proprietary Sybase Database to a SQL one instead to see if it resolves the issue.


  • 3.  RE: Multiple serious problems with symantec endpoint 11 - Please help

    Posted Oct 26, 2007 08:17 AM
    Hi Babscoole
     
    Let me know how that database migration turns out. Booting the server isnt an option in my setup.
     
    Thx


    Message Edited by Unhappy Costumer on 10-26-2007 05:21 AM


  • 4.  RE: Multiple serious problems with symantec endpoint 11 - Please help

    Posted Oct 26, 2007 10:35 AM
    If you are using sql database, you can make normal maintenance and backup.
    You can also run database backup from Symantec Endpoint Security Management menus.
    That way you can backup it up anyway.
     


  • 5.  RE: Multiple serious problems with symantec endpoint 11 - Please help

    Posted Oct 26, 2007 03:33 PM
    <---Babscoole.  That day I accidentally logged onto here with the wrong account.  :) 
     
    It may be a week or so before I'll do the DB changeover.  I need to get some more memory for my SEP/M server first.  I started with my SEP/M install using SQL Express 2005, but the memory usage was slowing the machine to a crawl, so I switched to the Sybase one, which although speedier has the side effect of this particular issue we're seeing with backups.


  • 6.  RE: Multiple serious problems with symantec endpoint 11 - Please help

    Posted Oct 26, 2007 10:56 PM
    I had the same question on number #3. Here's what I got from Symantec
     
    If you want to reduce the amount of content stored in the "Symantec Endpoint Protection Manager\Inetpub\content" folders, you can set a setting called "scm.lucontentcleanup.threshold" in the "..\Symantec Endpoint Protection Manager\tomcat\etc\conf.properties" file, then restart the SEPM service. This setting controls how many revisions SEPM retains of content (Virus Definitions, etc) for distribution and delta-ing. Reducing this value reduces the amount of disk space and database space that is used, but increases the likelyhood that clients that are not connected to the SEPM for extended periods of times (such as laptops) will download a whole virus definition set as opposed to a delta of the virus definition set, potentially increasing network utilization. Increasing the value of "scm.lucontentcleanup.threshold" will increase the disk and database space used, but clients that are not connecting to the SEPM can stay offline for longer and still recieve a delta of content, decreasing network utilization.
     
    The default value is 10.
     
     
     
     


  • 7.  RE: Multiple serious problems with symantec endpoint 11 - Please help

    Posted Oct 29, 2007 04:39 AM
    Hi Russ
     
    Thanks alot. This will solve a big problem for me and maybe alot of other people.
     
    /UC


  • 8.  RE: Multiple serious problems with symantec endpoint 11 - Please help

    Posted Nov 01, 2007 10:04 AM
    Hi Russ
     
    That didnt work at all. Have found another manual fix though. Stop services and delete the old files manually and start service again worked for us.
     
    /UC


  • 9.  RE: Multiple serious problems with symantec endpoint 11 - Please help

    Posted Nov 09, 2007 03:33 PM
    Sorry that it took so long to get back to you Unhappy.  I added an additional 2GB of memory to the machine, for a total of 3GB, then migrated from the Sybase DB to SQL and my BackUp Exec errors went away.  The solution could have been the added memory, the DB, or both combined.  Just happy that it's one less issue I'm having with SEP.


  • 10.  RE: Multiple serious problems with symantec endpoint 11 - Please help

    Posted Nov 12, 2007 03:48 PM
    This problem is getting out of hand, I have tried this solution and yet member servers are still getting clogged up with old defs and tmp files
     
    have a call logged with symantec but they are yet to get back to me. If anyone has found a solution that works PLEASE reply to this post, would appreciate it a lot :)


    Message Edited by Tim Burns on 11-12-2007 12:48 PM


  • 11.  RE: Multiple serious problems with symantec endpoint 11 - Please help

    Posted Nov 13, 2007 02:27 AM
    Hi Tim
     
    The only workaround i have found is that you stop all services and then you can delete the old ones. Start services again. This way you stop them from comming back. This is NOT a fix. Just something that saves your server.
     
    /UC


  • 12.  RE: Multiple serious problems with symantec endpoint 11 - Please help

    Posted Nov 24, 2007 10:39 PM
    Hi,
     
    We are having the same problems here.  The files in program files\common files\symantec shared\virusdef are keep growing, and it creates a lot of tmp folders.  It was first ok when i install SEP Manager on my server, however, after 10 days, the files under virusdef are growing.  Please help! My server is running out of space, is there any way to solve this problem?
     
    Besides that, I also have many users complaining that SEP11.0 have slow down their computer performance.  Majority of them are having Windows XP with 512 ram, and they are working fine with Symantec Corp. Edition 10.2.
     
     


  • 13.  RE: Multiple serious problems with symantec endpoint 11 - Please help

    Posted Nov 26, 2007 01:35 AM
    Hi
     
    You should not have those tmp folders either in VirusDefs or in data\inbox\content folder in SEPM directory.
    It seems that during update you got a corrupted update and system loops in digesting corrupted update file.
    Once we encounter this problem and solved it with this method:
     
    In SEPM goto policies and Liveupdate and edit Liveupdate CONTENT policy,
    then in security definitions where available choose a oldest revisition available in
    the list and your virus/firewall/... will be reverted to oldest possible, then update again
    it should solve the problem.


  • 14.  RE: Multiple serious problems with symantec endpoint 11 - Please help

    Posted Nov 26, 2007 12:57 PM

    It's a continual problem with us.  We can use the manual rollback...but inevitably the problem arises again and consumes all available space on the computer (server or workstation).  I had 4500 tmp folders this morning on my workstation.  I have written a script to run on all servers to delete these tmp folders every hour, but the workstations are not as easily corrected as there are hundreds more and I just don’t feel like manually adding every workstation name  to the script.

    Symantec, for the love of god, please fix this problem.  A ticket was open, and remains open...but thus far the rep has been anything but helpful.

    This obviously is not an isolated problem.  I am recommending an alternative to SAV if this problem isn't addressed soon.



  • 15.  RE: Multiple serious problems with symantec endpoint 11 - Please help

    Posted Nov 27, 2007 09:45 AM

    The following issues have been identified after the installation of Symantec Endpoint Protection antivirus software on approximately 20 client laptops running Windows XP SP2:

    After SEP installation on IBM ThinkPads, CPU and disk utilization increases dramatically resulting in serious system degradation. It was determined that the Tamper Protection component was reporting a conflict with Rtvscan.exe and ipssvc.exe (IPS Core Service) multiple times per second. Disabling the IPS Core Service eliminated the issue.

    After SEP installation you cannot launch SQL Server Profiler correctly. You receive a popup: PROFILER90.EXE – Application Error : The application failed to initialize properly (0xc0000005). Click on OK to terminate the application. Symantec has been investigating this issue since 10/11/2007 with no fix to date. Document ID 2007101113121548.

    After SEP installation .NET 2.0 Windows Forms applications no longer launch on two DELL laptops with the following error in the application eventlog: .NET Runtime version 2.0.50727.832 - Fatal Execution Engine Error (7A0592A2) (80131506).

    Poor performance when accessing a Microsoft Visual SourceSafe database over Cisco VPN.



    Message Edited by MMiller on 11-27-2007 06:47 AM


  • 16.  RE: Multiple serious problems with symantec endpoint 11 - Please help

    Posted Nov 27, 2007 10:45 AM
    Hello
     
    We also have some problems with our instalation:
     
    1.) huge disk utilisation for LiveUpdate greater 10GB on Disk
    2.) Clients are shown offline at management console - on client shown online (shield with green dot) --> this is a communication problem between server an client.
    3.) Virus definition update with SEPM does not work properly - with Live Update Admin it works (Inteligent updater did also not work)
    4.) Start of Phion VPN Client faild if Network modul is installed. The application failed to initialize properly (0xc0000005). ( if only Virusscan, proactive scan and mailware scan installed it works !!) - please also check this MMiller (one thread before) 
    5.) At client info tab a additional 0.0.0.0 network address (gateway 0.0.0.0) was displayed
    6.) Soe times right click on SEP symbol (taskbar) did not work (no context menu) - Start- > Programs ---- works


  • 17.  RE: Multiple serious problems with symantec endpoint 11 - Please help

    Posted Nov 29, 2007 01:41 PM
    Hey Tim,  I have had the very same issue with the enormus amount of tmp files and disk space usage, and this was on our production servers
    causing quite some havoc..
     
    I called Symantec and they had me download a file called Rx4Defs2.235.exe. It runs in a dos window and removes all the definitions and
    causes a download of new defs. The issue with this is you would have to run this on each and every machine with this problem.
    NOT A FIX, but a workaround. I still am concerned at the lack of testing on this product and releasing
    out to the users. I am so close to uninstalling (NO)END(TO ISSUES)POINTand reinstalling 10.1.6.6010.
     
     


    Message Edited by Proverbs on 11-29-2007 10:45 AM


  • 18.  RE: Multiple serious problems with symantec endpoint 11 - Please help

    Posted Dec 03, 2007 11:46 AM
    I have COMPLETLY fixed our issues with Symantec Endpoint Verson 11.
    I am in the process of uninstalling it on everything and reinstalling
    10.1.6.6000. So far no issues with 10.1.6.6000 at all.
    Not taking as much drive space either.


  • 19.  RE: Multiple serious problems with symantec endpoint 11 - Please help

    Posted Dec 03, 2007 03:15 PM
    LOL good on you mate
     
    I would love to go back to SAV10 but I stupidly deployed it to 200+ XP clients also, and there doesnt seem to be an easy way to uninstall it remotely.
     
    Would be VERY keen to get my hands on the .exe you were talking about, is there any chance you can post a link in here to it, or email it to me? Let me know and I'll PM you my address


  • 20.  RE: Multiple serious problems with symantec endpoint 11 - Please help

    Posted Dec 04, 2007 11:50 AM
    I just checked my SEPM server's directories, and I don't see any crazy amounts of disk space being used. But that is not to rule out i don't have any problems.
     
    I recently took off all my servers back to SAV10, and downgrading all 130 XP workstations to just the SEP AV portion with nothing else. This seems to temporarily save me. If i could I would downgrade them all back to SAV 10.
     
     


  • 21.  RE: Multiple serious problems with symantec endpoint 11 - Please help

    Posted Dec 04, 2007 11:57 PM
    HI

     

    I have same issue with IBM Lenovo laptop. IBM series R58, R60, R61. These laptop become very slow after installing SEP client. It taking 30- 40 min to starting the desktop. I turned off Tamper protection, customized the proactive scan, i put only antivirus & antispy package but problem is not resolved. If i am stop the SEP service it run faster. Other HCL laptop not having this problem. User get very frustrate  from this.

     

    :smileysad:

     

    Pls reply ASAP