Endpoint Protection

 View Only

  • 1.  SEP 12.1 configuration for MS cluster on 2008 R2

    Posted Jul 05, 2012 10:47 AM

    Based on what I have found on line the SEP client is not cluster aware. I have found a very limited  article TECH100479, but it doesn’t answer any of my questions related to how SEP should be configured to avoid  issues during fail over. It is recommended that real time scanning not be installed, but I believe the concern is with filter drivers.

    Given that we have a file share cluster, with many volumes and mount points, how should SEP be configured to  avoid file lock issues during fail over.  Microsoft KB240309 has one turning off the symevent driver, but this would probably just break Symantec. Is there a comprehensive white paper that reviews  file locking, real time scanning, exclusions. Basically a comprehensive guide to setup Symantec polices so that users file shares are protected without conflicts with cluster resources.

     



  • 2.  RE: SEP 12.1 configuration for MS cluster on 2008 R2



  • 3.  RE: SEP 12.1 configuration for MS cluster on 2008 R2

    Posted Jul 10, 2012 07:41 PM

    Thank you for the links, it sounds like Symantec can't follow reparse points on shared cluster volumes. My main concern would be the Quorum disk, where we have always excluded that volume to avoid cluster issues. Have others not had issues with file locking on 2008 R2. I don't think excluding all .exe's make sense, so how do you avoid issues on shared clustered volumes. Microsoft’s approach basically cripples the AV software so it doesn't work. If that’s the case, might not want to have SEP installed at all.



  • 4.  RE: SEP 12.1 configuration for MS cluster on 2008 R2