Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Policies management

Created: 29 Nov 2013 • Updated: 06 Dec 2013 | 23 comments
This issue has been solved. See solution.

Hy all,

I am running a SEP on a Windows 2008 R2 server. All serveurs client are in "servers" groupe. This group is configured as follow :

 

vpn18.jpg

On client (Windows 2003 / 2008), all virus definition are updated correctly. But the policy, not. The serial number on the server and the client is the same.

For exemple, I define some exceptions in the policy (SEP server side) but the policy does not apply on the client.

Any ideas?

Operating Systems:

Comments 23 CommentsJump to latest comment

James007's picture

HI,

Check this articles and verify exceptions in client end.

How to Verify if an Endpoint Client has Automatically Excluded an Application or Directory

 

Article:TECH105814 | Created: 2008-01-05 | Updated: 2011-03-02 | Article URL http://www.symantec.com/docs/TECH105814

 

pete_4u2002's picture

is there any other location in the group?

check if the registry entry has the value for the exception list

http://www.symantec.com/business/support/index?pag...

 

Chetan Savade's picture

Hi,

Thank you for posting in Symantec community.

Definitions are updated it means there is no issue in the connectivity, try to make changes in any other policy as well & Check.

In some case it may happen policy is corrupted and after creating new policy it starts working.

You can try by creating a new group and assign fresh new policy to it.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

GP Sante's picture

Thank you for your response.

I see all exclusions I have defined.

Now, I have got another problem : why the server is very slow when the agent is running... I have to investigate !

Thank you

James007's picture

Which process takes high memory ?What components do you have installed in SEP client?

Check some articles

Improving client and server performance

 

Article:HOWTO81048 | Created: 2012-10-24 | Updated: 2013-10-07 | Article URL http://www.symantec.com/docs/HOWTO81048

Adjusting scans to improve computer performance

 

Article:HOWTO80964 | Created: 2012-10-24 | Updated: 2013-10-07 | Article URL http://www.symantec.com/docs/HOWTO80964

Best practices to improve low performance.

 

Article:HOWTO55872 | Created: 2011-07-08 | Updated: 2012-04-17 | Article URL http://www.symantec.com/docs/HOWTO55872

 

GP Sante's picture

Thank you for your links.

I make some changes on the policy. When i can enable again the agent, i will check new performance and tell you if it's better.

I think i will make the test today.

Olivier

GP Sante's picture

Thank you James007

I'm going to read your links.

Olivier

.Brian's picture

What process is taking up memory/CPU?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

GP Sante's picture

I don't know. All serveurs are in production, so it is difficult to enable again the agent to check the process.

I will ask when I can make this test and i tell you the result.

GP Sante's picture

I can activate again the agent tomorrow morning. I will inform you if there is something new.

 

Thank you.

 

Olivier

AjinBabu's picture

Hi, 

Which process is taking long time?

Do you have NTP installed on the systems?

Regards

Ajin

 

GP Sante's picture

Hi all,

After modifications, servers are quiet better. I check processes and it appears that the ccSvcHst.exe is consuming more CPU than the normal.

I will check if new exclusions is needed or not.

Olivier

James007's picture

Hi,

Try to reinstall sep client and check this articles

Symantec Endpoint Protection client shows high CPU usage immediately after virus definition updates.

 

Article:TECH170756 | Created: 2011-09-29 | Updated: 2011-10-17 | Article URL http://www.symantec.com/docs/TECH170756

 

GP Sante's picture

Thank you for the link.

The patch is concerning Windows XP client. But I keep the link beacause all users computers are running Windows XP. So, it will very helpfull !

Olivier

GP Sante's picture

Hi,

The problem seems to be caused by the network trafic. The trafic is scanned (in / out) and reduce performance.

I modify the "Application and Device Control policy" / "Device Control" to add Network Adapters in the Devices Excluded From Blocking.

Is it the best way to exclude network adapters ?

Thank you,

Olivier

James007's picture

Hope that help you.

Symantec Endpoint Protection Manager 12.1 - Application and Device Control (ADC) - Policies explained

 

Article:TECH188597 | Created: 2012-05-11 | Updated: 2012-09-07 | Article URL http://www.symantec.com/docs/TECH188597

 

GP Sante's picture
It doesn't helpfull, for me.
 
On the other hand, I found some option I desactivate : in the Intrusion Prevention, I uncheck Enable Network Intrusion Prevention.
 
I don't test yet the new configuration. I hope i can do it this afternoon.
GP Sante's picture
The modification I've made is not bad. The performance is better but is still slow.
 
The end user is using Business Object to create reports. When I check, everything is low (about 4% CPU used) but the network is working like sawtooth. When I disable the agent, the trafic on the network is a continuous line.
 
Is there a tool I can use to have a better view on what happens ?
.Brian's picture

you need a packet capture tool such as wireshark to view the traffic

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

GP Sante's picture
Thank you.
 
I monitored the trafic and I note that the Symantec Firewall blocked or slow down some requests. I disabled the Symantec Firewall and I use the Windows Firewall. Servers responses are good.
 
I'm waiting the results of the end users to confirm performance.
 
Olivier
SOLUTION
.Brian's picture

Good to know. Check back in with any updates you have.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

GP Sante's picture

All users report that everything is working fine !

Thank you all for your help !

Olivier