Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

My experiences with endpoint protection for those who are interested

Created: 26 Dec 2007 • Updated: 21 May 2010 | 2 comments
First off, we have been a Symantec customer for 7+ years on antivirus and backup exec. 
 
  1. Endpoint protection manager is slow.  It takes quite some time to refresh some of the screens.
  2. Use SQL for database if at all possible.  We started out in testing phase with a local DB and it was consuming the entire server as far as CPU and memory usage.
  3. We started noticing that our IIS logs on the management server are 200+mb/day.  After contacting symantec support to help the problem, it is no better off than it was before.  IIS creating log files this large has to making a performance impact on the server.
  4. Network threat protection was useless to us.  With network threat protection installed and configured, we had a hard time getting a system to run properly.
  5. We still see symantec endpoint protection hammering client systems using filemon to monitor.  I understand there is that need for protection, but it literally beats the snot out of systems all day.
  6. We have noticed a ram usage and cpu usage benefit from going with endpoint protection vs. 10.x.  This is promising for us.
Take it for what it is worth.  This is just our observations. 

 

Comments 2 CommentsJump to latest comment

Paul Murgatroyd's picture

thanks Jesse, my comments below relate to your numbered list:

1. We have seen some slowdown with the SEPM, there are many reasons for this - there are quite a few related fixes in MR1, available externally very soon
2. Our embedded database works great for small deployments, and we are working on optimising it for the SMB environment, however when asked we will always recommend MS SQL
3. How many clients do you have and what is your checkin interval? Every time a client checks in you will see an event in the IIS logs as it talks to secars, uploads its logs and downloads content and policies
4. Can you give me any details of your NTP problems (via PM is fine if you prefer), I'd like to understand some of the difficulties our customers are having with NTP and how we can assist
5. Any details of what is being "hammered"? again, via PM if you prefer
6. Sounds good, we worked hard to optimise CPU and memory usage with SEP 11.0, so far the vast majority of comments have been positive

thanks again for the info

p.

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Jesse Mitchell's picture

Thanks for your reply.  Below is the answer to some of your questions.  I will have to get you the rest when I get into work tomorrow.

  1. We are anxiously awaiting MR1.  Any idea on an exact date?
  2. That was my point exactly.  It is nice to include a solution for those without SQL, but SQL is always the way to go.
  3. Right now we have only deployed to 75 clients.  I called support and we set the clients to pull only and set the interval to 12 hours.  We are still getting enormous iis log files.
  4. I will elaborate further tomorrow.
  5. I will elaborate further tomorrow.
  6. You guys are heading in the right direction.  The client hit is very minimal from what we have been used to in past releases.  We have no plans to change AV providers and we see endpoint security as a step in the right direction.