Hello gurus (I trust), I'm working in a corporate setting with around 13,000 XP clients and my job is to improve boot times. Sometimes we see boot times taking well over 10 minutes (even 20 in rare cases) particularly on a Monday morning. Please bear with me. I'm new to this product.
By boot in this case we mean from pressing the power button to being able to read email with Lotus Notes. We have analysed some of the components of the boot (multiple 3rd party processes run during start up) and find that removing Symantec improves boot by around 1 minute.
Why worse on a Monday morning ? Well we discovered that users switch off on a Friday afternoon/evening. Symantec distributes definitions over the weekend. We deploy at 08:30. User powers on after that time. Symantec client receives definitions, processes them, and performs a `quick scan`. A quick scan is a full scan of all currently running/loaded processes and code. This is unfortunate timing because at that time there are many processes running to prepare the environment and they are all slowed down.
Anybody had the same experience ? What action could you take ?
Secondly, I spoke with 2 supporters at Symantec technical support yesterday and learned something that surprised me.
Typically 3 but sometimes 4 times a day new definitions are pushed out by the vendor. They are received by our local management server. The local management server pushes them out 3 times a day by default. I understand this is configurable.
I've worked with different vendors in the past and today we would normally expect to see a tiny delta pushed out.
The supporter explained to me that the definitions arrive to
C:\Program Files\Common Files\Symantec Shared\VirusDefs\>DATE STAMP<
and are then processed by the client. 3 folders represent 3 days e.g. right now we have
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100608.032
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100609.022
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100610.048
Each folder is 125 MB.
Symantec support explained that in our default configuration the client receives 125MB 3 times per day to the date appropriate folder. The running client updates with whatever is new, presumably a tiny fraction of the 125MB.
Question: is this a correct of the process ?
Isn't there a delta method ? 125 MB * 3 * 13000 clients = 4875000 MB = 4760 GB = 4.7 TB of bandwidth burned per day. Please tell me this is wrong. I have it from 2 Symantec enterprise support people in India that this is the process but it just doesn't seem the right way to provide updates.
Thirdly ..... if we delete the folders listed above ... and restart the machine I trust the Symantec client will communicate with the Symantec local server and pull down and process what it is missing.
All comments very very warmly received.
THANKS