Endpoint Protection

I hate "slowness" complaints, so ill start off with an appology.

We just migrated to SEP this week.  I received the random slowness reports. Most seemed to be on applications that accessed the network.  I attributed it to the install, and SEP being very busy cleaning our environment. (Forefront was useless)

*I* have been using SEP since September as we evaluated and have had no issues.  Until this week.

Whenever I RDP to my machine it is TERRIBLE.  I have to wait 10-90 seconds for a screen refresh, or it wont at all.  (it took me an hour to close stuff down and reboot it).  It then seemed fine.  It happened again this morning.  I removed SEP from my PC, and RDP instantly whent back to normal.

We have the full client installed, but have the firewall policy disabled because we are managing that through GPO currently.  I was wondering if that could cause issues.

My co-worker has no issues. 

Also what are the usual log files and locations Symantec looks at for troubleshooting.  We will be using this product for a while, so I better get used to how to gather information.

Is it possible to temporarily disable AV to see if that is the cause. If the firewall ia already off, it shouldn't be the problem.

You would need to do a pcap will reproducing the problem and also some advanced logging on the SEPM side.

How to use the advanced debug logging options for the Symantec Endpoint Protection client in SymHelp

This would be valuable for support

You can try to stop the ntp and check wheter it work normal or not?

Below is command to enable and disable

https://www-secure.symantec.com/connect/articles/sep-121-dos-commands

To disable SEP client firewall service

smc -disable –ntp

To enable client firewall service

smc -enable -ntp

If the SEP client UI is password protected:

smc -disable -ntp -p <password>