Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

SEP on heavily used Fileservers

Updated: 27 Sep 2011 | 6 comments
StephanK's picture
StephanK
0 0 Votes
Login to vote
This issue has been solved. See solution.

Hi all,

we are currently switching all our Antivirus-software to SEP. Although we were told that it is possible to use SEP on fileservers with very high IO, it seems to be no good choice.

The SEP-clients Real-time Scan-Engine seems to choke down the server's performance A LOT.

So the question is:

Ist there a product better suited for this, or are there any settings I can switch to improve performance (disabling real-time-scanning is no option ;-)) ?

If another product is recommended, will it be manageable via the Endpoint Protection Manager?

 

Thanks in advance for your answers.

Best regards

Stephan

Discussion Filed Under:
, ,

Comments

Brian81's picture
10
Nov
2010
0 Votes 0
Login to vote
Brian81

We have SEP installed on all

We have SEP installed on all our fileservers, however, we only use the Antivirus component. No PTP or NTP and everything works fine. Keep in mind this is only scanning the C: drive, not the shares.

To do that, you can use the SAV for NAS product for your filers/cifs. It is a separate product and not manageable from SEPM.

Endpoint Knowledge Base

Security Best Practices

Kurt G.'s picture
11
Nov
2010
3 Votes +3
Login to vote
Kurt G.
Symantec Employee
Accredited

You may want to reconfigure the AntiVirus policy for fileservers

For example, the default setting for Auto-Protect is set to scan all files accessed or modified. By changing this to only scan files that have been modified you should be able to alleviate some of the performance issue since files on the server would only be scanned by Auto-Protect if there were changes made to the file.

You would also want to ensure that Auto-Protect is not configured to scan files when they are being backed up.

I've linked some documents below that should provide some assistance with configuration changes to assist with performance while still keeping Auto-Protect enabled.

http://www.symantec.com/business/support/index?pag...

http://www.symantec.com/business/support/index?pag...

Kurt G.
Symantec Technical Specialist: Endpoint Security Advanced Team

Symantec Corporation www.symantec.com

Symantec Enterprise Support: (800) 342 0652 

SOLUTION
Mithun Sanghavi's picture
11
Nov
2010
3 Votes +3
Login to vote
Mithun Sanghavi
Technical Support
Accredited

Correct.

Hello,

Believe me , Kurt is correct.

Let me get things right, you want to improve performance as well as keep the scan Enabled...

We see that you are very much interested in having your scans more of Performance based and should use as much as less CPU usage.

Check these documents as below:

1) Enabling multithreaded scans

http://www.symantec.com/business/support/index?pag...

2) Symantec Endpoint Protection scan tuning options

http://www.symantec.com/business/support/index?pag...

 

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3

Follow me on Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo

zer0's picture
11
Nov
2010
3 Votes +3
Login to vote
zer0

Typical high performance settings I use

LOCK ALL SETTINGS!!!

Administrator defined scan

  • It is recommended that a monthly scan should be configured to occur in a maintenance window when the server is not under a heavy load
  • File type scanning can be limited to high risk extensions to increase scanning speed
  • Scan times should be randomized on virtual machines to avoid resource usage issues
  • Turn off retry interval to ensure missed scans do not run during business hours
  • Set first action to Quarantine for all detection types
  • Set second action to Delete for all detection types
  • Enable – Terminate processes automatically
  • Enable – Stop services automatically

File System Auto-Protect

  • Scan only selected extensions
  • Determine file types by examining file contents (turn off for even better performance)
  • Do not scan when a file is backed up
  • Disable Network scanning of remote computers
  • Do not check for boot record viruses
  • Set first action to Quarantine for all detection types
  • Set second action to Delete for all detection types
  • Lock all override actions so that end users can’t modify
  • Enable – Terminate processes automatically
  • Enable – Stop services automatically
  • Disable notifications to end users
  • Load auto protect when SEP starts
  • Do not scan floppies on computer shutdown
  • Enable Risk Tracer (disable for more performance)

Disable and Lock Internet Email Auto-Protect
Disable and Lock Microsoft Outlook Email Auto-Protect
Disable and Lock Lotus Notes Auto-Protect
Disable TruScan Proactive Threat Scans

Quarantine

  • Do Nothing when new definitions arrive
  • Delete oldest files to limit folder size to 500MB for all files
StephanK's picture
22
Nov
2010
0 Votes 0
Login to vote
StephanK

Thank you all for your

Thank you all for your answers,

 

I will have a look at the Documentation and keep your Settings as a "baseline", zer0.

I'll come back to this, should I encounter more problems :-)

postechgeek's picture
22
Nov
2010
0 Votes 0
Login to vote
postechgeek

This also may

This also may help:

 

Symantec Endpoint Protection Client configuration changes for performance optimization

http://www.symantec.com/business/support/index?pag...

 

From the list of bookmarks that I normally use.

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,017