Video Screencast Help

Network connections to server fail when SEP is loading new virus defs

Created: 14 Mar 2008 • Updated: 23 May 2010 | 2 comments
All network connections to our server fail when SEP is loading new virus definitions and running a quick scan. 
Whenever this happens, no clients can connect to the internet, whether they are running SEP or any other anti-virus program.  They cannot ping the server or use the server in any other way during the 8 to 10 minutes it takes to complete the virus scan.  Once the scan is done, the event viewer logs an event "Secars started" and another one that says "Scan complete" and everything returns to normal.
This Microsoft Windows Server 2003 is running SEP and hosting SEPM for the domain.  It also runs VMWare Server with an instance of MS Server 2003 running Microsoft ISA 2006.  Basically, this computer is our only gateway to the internet.  We have updated the server to SEP 11, MR1.
We have tried to reschedule LiveUpdate to run in the middle of the night, but it still continues to run a couple of times per day at random times.  We also just today unchecked the option for running a quick scan every time a new definition file is received so hopefully that will help solve this problem too.  But, it doesn't make too much sense.
We appreciate any ideas or help with this issue!

Comments 2 CommentsJump to latest comment

Sandeep Cheema's picture
Is VMWare supported as a platform for Symantec Endpoint Protection?
Yes and no. VMWare is a supported platform for Symantec Endpoint Protection, but it is not an optimized experience. This will come in future releases as the Symantec Endpoint Protection team works with VMWare to provide better integration kits.
Okay, To narrow down, Try taking off the quick scan when the new defs arrive.
You can do this from the av policy > administrator defined scan > advanced.
If its the processing of the new defs or the scan.
Alright, coming to the liveupdate scheduling not doing it at the time when its scheduled to do so.
I think you havent set the control correctly.
Please be sure that its the SEPM that you have to configure and not the SEP client and through the liveupdate policy you would be scheduling the SEP client.
To schedule the SEPM
Admin > Local Site > Edit Site Properties > Liveupdate
For your original problem , Remove the netowrk scanning option from the file system auto protect under the av policy.

De facto when AV does something, it starts jumping up and down, waving its arms, and shouting...

"Hey!  I found a virus!  Look at me!  I'm soooo goooood!"

Matthew Yacoub's picture
Thanks for the help and information. 
I was able to change the LiveUpdate schedule as you instructed (in the Local Site properties).  That should fix the timing problem and effectively eliminate our concerns. 
I will reply if we still have issues, but I think this should be good.
Thanks again,