SEP 12.1 RU2 Resets TCP Stack After Updating Definitions
I'm going to try and keep this short and sweet.
Basically, a user has a manufacturing system with two NIC's installed on a system. One is for a local infrastructure connecting to other manufacturing devices and the other is for the actual corporate infrastructure. Now, this tool requires a constant network connection (3-way handshake) at all times to remain connected and cannot be disrupted. Currently, SEP 12.1 RU2 is running on the system with Network Threat Protection (NTP-IPS). Each time virus definitions are updated on the device it appears to reset the active connection and cause it to drop offline and disconnect from the manufacturing systems.
I've confirmed the event log states that LiveUpdate kicked off at least 30 minutes prior before each network drop. I've talked to support about this and they've brushed me off stating this issue would be fixed with 12.1 RU2 (what a load of crap). Anyway, has anyone else encountered this issue? If so, please share some details. Keep in mind this isn't the only system I've encountered this with and disabling NTP has prevented this issue from happening again. Personally, I don't like keeping a critical system unprotected, but this might be the only solution.
Note: I think the next steps will be to take a packet capture and analyze them at the time of each liveupdate event.