Video Screencast Help

SEP 12.1 RU2 Resets TCP Stack After Updating Definitions

Created: 13 Feb 2013 | 9 comments

I'm going to try and keep this short and sweet.

Basically, a user has a manufacturing system with two NIC's installed on a system. One is for a local infrastructure connecting to other manufacturing devices and the other is for the actual corporate infrastructure. Now, this tool requires a constant network connection (3-way handshake) at all times to remain connected and cannot be disrupted. Currently, SEP 12.1 RU2 is running on the system with Network Threat Protection (NTP-IPS). Each time virus definitions are updated on the device it appears to reset the active connection and cause it to drop offline and disconnect from the manufacturing systems.

I've confirmed the event log states that LiveUpdate kicked off at least 30 minutes prior before each network drop. I've talked to support about this and they've brushed me off stating this issue would be fixed with 12.1 RU2 (what a load of crap). Anyway, has anyone else encountered this issue? If so, please share some details. Keep in mind this isn't the only system I've encountered this with and disabling NTP has prevented this issue from happening again. Personally, I don't like keeping a critical system unprotected, but this might be the only solution.

Note: I think the next steps will be to take a packet capture and analyze them at the time of each liveupdate event.

Comments 9 CommentsJump to latest comment

.Brian's picture

Haven't seen or heard of this issue but this needs to be pushed past first level support and kicked over to back line engineering. Do you have an SE that can escalate this?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

mcmillions's picture

Yes, I had requested to push this above past the first level, but they routed me back to a first level guy. Then I requested again to have this escalated, still the same result. Have had nothing but terrible support from India.

mcmillions's picture

Sorry, as far as an SE, yes. I think this will be the next step.

.Brian's picture

Get your SE involved and also request to support to have the case escalated immediately.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

cus000's picture

You'll need an Advance Support.... you can request to talk with on-duty manager for further push your case.

Andy Scott's picture

Did you find a resolution for this issue?

Have a number of workstations/servers (Windows 7, 2008, 2008 R2) with this issue.

Andy Scott's picture

Refer here also, though the post marked as the solution did not work for me.

https://www-secure.symantec.com/connect/forums/upg...

Will try CleanWipe.