Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

SEP 12.1.4: Extremely poor firewall performance

Created: 19 Nov 2013 • Updated: 20 Nov 2013 | 10 comments
MIXIT's picture
This issue has been solved. See solution.

Hi all,

Interesting issue I just discovered.  I'm not sure if this is new or not, or unique to 12.1.4 or not.  I've been having problems deploying SEP remotely to clients (whihc is posted to another thread I"ll reply to soon) but I wanted to get one PC up and running with SEP using any means necessary.  So I created the single exe packgae from SEPM with the intent of copying the file from the server (2008 R2) to the PC (Win 8.1 Pro). 

After testing serveral times, here are my conclusions:

- if SEP is ON, on the server, my file copy speed varies between 300KB/sec to 1.0MB/sec, absolutely terrible

if SEP is OFF (right-click system tray icon, choose Disable Symantec Endpoint Ptoection), my speed goes instantly to 100+MB/sec. 

I've done this a number of times and it is consistent.  The file can even be in mid-copy and as soon as I turned of SEP client on the server the network copy speed skyrockets. 

This is a default install of SEP, using the default features/package from SEPM.  I"m not sure if I've modified the firewall yet so I can check that but is my first step to determine if it is indeed the firewall, and not say, real time antivirus scanning? 

Has anybody seen this issue? 

Thank you. 

Operating Systems:

Comments 10 CommentsJump to latest comment

_Brian's picture

This was an issue back in 12.1 RU2 MP1 and fixed in RU3. I have seen other complaints on this forum about the same in 12.1.4

You will need to open a case and will be asked to provide packet traces as well as turn on advanced logging.

I went through this with 12.1.2 RU2 MP1

For the record, I've had no issues with 12.1.4 after upgrading from 12.1.3.

Which version did you upgrade from?

SOLUTION
MIXIT's picture

Well I'm glad it's a known issue.  I've actually never opened a ticket before - have always relied on the forums here :) I wonder if there's a way to do it online rather than phone.  I'll check after. 

It seems it's a mix in terms of upgrading and I can't recall clearly which versions I was giong from.  It's very possible and likely it's from both 12.1.2 and 12.1.3 because that is most of my client base, but I coulnd't say which MP they'd be at.  Unless a client keeps a log of it's upgrade history in some text file somewhere then I can check that. 

Actually that might not be a terrible feature for Symantec to introduce, if not already present, a report that highlights upgrade history for each client. - when upgrades were done, what versions, and any errors recorded by the installation code. 

 

 

 

Mithun Sanghavi's picture

Hello,

I would suggest you to contact Symantec Technical Support and create a case.

Check these Steps below:

How to create a new case in MySymantec

http://www.symantec.com/business/support/index?page=content&id=TECH58873

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:

  • United States: 800-342-0652 (407-357-7600 from outside the United States)
  • Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
  • United Kingdom: +44 (0) 870 606 6000

Additional contact numbers: http://www.symantec.com/business/support/contact_t...

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

MIXIT's picture

Just some feedback on that case submission page.  It needs some improvement.  The field's marked required I assume are the ones highlighted in red.  Yet I can't get past this screen to submit a ticket until I put something in the Prodct field, and the "Pre-Sales Support Product Version" field, whatever that's supposed to mean.  

I spent 5-10 minutes tryping things into there, clicking submit, over and over.  It kept replying to put valid info in those two fields, and yet things like SEP 12.1.4013.4013 or just Symantec Endpoint Protection and a bunch of varioations would not work.  It's kind of stupid to play guessing games with what the auto-search field will accept - either have a dropdown or let it just accept plain text without validations run on it.  It finally turned out to be just Endpoint Protection, then 12.1.4 in that "pre-sales" field, which if nothing else, needs to be renamed to something more applicable to tech support. 

Anyway, case submitted.  :)

boe1's picture

I have seen the issue on Virtual Machines that are using hyper-v.   I don't have any performance issues on the host machine /physical machine with the Symantec firewall installed however, on the VMs the performance with Symantece Endpoint takes a HUGE nose dive.   The performance with Symantec Endpoint Firewall is SLOW.   I'd suggest using Windows native firewall and just installing Symantec Endpoint basic at this point.   I'd also suggest making sure you have a good entry firewall such as a Sonicwall to protect your clients, using the Windows firewall more of a firewall for internal activity.

MIXIT's picture

Yeah VMs are apparently in need of design improvements in Hyper-V. 

However it's not really an option in my mind to not use the SEP firewall.  Windows Firewall is just that, a firewall but has no threat detection so you're screwed on your very first drive-by download.  A perimeter firewall without a full web security or content filter is only going to help against external attackers but again won't stop any of the web attacks or any other traffic type that is authorized to touch an internal system.  So I"m stuck :)

But having said that, if this is a known issue then I hope Symantec can fix it soon.  I don't see that I have a very uncommon setup here, in fact it's extremely basic so it's a bit troubling that QA didn't know about this, or that PM pushed the update out despite knowing about the bug. 

Well, I'll do a bit of testing.  I have 12.1.4 on all internal systems now, one XP, one W 8.1, and some 2008 R2 physical and virtual systems. So I'll do file copy tests between each system to each system and see if this is just something on the 2008 R2 physical machine.  If so I'll reinstall the client and see what comes of that. 

Umetri_ChJ's picture

We have updated to RU4 but are having this problem with extremly slow copy any way.

MIXIT's picture

I have been mostly away from this for almost two weeks.  As a Symantec partner I apparently have my own suppor team to contact so I'll do that.  I had already opened a support ticket but was unable to respond to their calls to my line. 

However this issue seems to be a little less clear as it used to be.  It seems it may occur for a while after an initial installation of SEP, but at some point later it appears to clear up and go to normal.  I could be wrong, as I haven't done a lot of testing - just that one dayw henb I expected things to be slow due to the firewall being on, it was fast and turning the fw on or off didn't change anything. 

Yet when this issue first began, the results were 100% consistent that every time I turned SEP off I'd get fast speeds, everytime it was on, super slow speeds. 

I'll contact Symantec and if we happen to find a solution or make progress I'll post here.