Video Screencast Help

SEP 12.1 configuration for MS cluster on 2008 R2

Created: 05 Jul 2012 • Updated: 05 Jul 2012 | 3 comments

Based on what I have found on line the SEP client is not cluster aware. I have found a very limited  article TECH100479, but it doesn’t answer any of my questions related to how SEP should be configured to avoid  issues during fail over. It is recommended that real time scanning not be installed, but I believe the concern is with filter drivers.

Given that we have a file share cluster, with many volumes and mount points, how should SEP be configured to  avoid file lock issues during fail over.  Microsoft KB240309 has one turning off the symevent driver, but this would probably just break Symantec. Is there a comprehensive white paper that reviews  file locking, real time scanning, exclusions. Basically a comprehensive guide to setup Symantec polices so that users file shares are protected without conflicts with cluster resources.

 

Comments 3 CommentsJump to latest comment

AravindKM's picture

Have a look at this KB article

How to exclude 2008 R2 Cluster Shared Volumes from Symantec Endpoint Protection

Have a look at this KB as well.

What scan exclusions should be applied to all Windows clustered server nodes

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

VenturaJim's picture

Thank you for the links, it sounds like Symantec can't follow reparse points on shared cluster volumes. My main concern would be the Quorum disk, where we have always excluded that volume to avoid cluster issues. Have others not had issues with file locking on 2008 R2. I don't think excluding all .exe's make sense, so how do you avoid issues on shared clustered volumes. Microsoft’s approach basically cripples the AV software so it doesn't work. If that’s the case, might not want to have SEP installed at all.