Endpoint Protection

 View Only

  • 1.  SEP possibly interfering with network installs?

    Posted Apr 07, 2011 02:52 PM

    We have a server running Windows Server 2008 R2, as the SEPM and clients running Windows 7 Pro 32-bit with SEP 11.

    We are seeing weird issues when trying to install apps onto the clients from the server. Things like botched or incomplete installs, updates to apps that take hours, or nothing happening when trying to launch software located on the server from the client PC.

    Are there any pointers to troubleshooting to rule out (or narrow down!) SEP as a culprit? Any settings to adjust or tools to use?



  • 2.  RE: SEP possibly interfering with network installs?

    Broadcom Employee
    Posted Apr 07, 2011 04:03 PM

    What version of SEP are you running?  It sounds like the SMB 2.0 issue which has been addressed in the latest build RU6MP3 where transfering files across the network would result in the transfer hanging and eventually failing.  You will want to try upgrading to RU6MP3 if you are not already on that build.

    www.symantec.com/docs/TECH139768

    RU6MP3 release notes www.symantec.com/docs/TECH103087



  • 3.  RE: SEP possibly interfering with network installs?

    Trusted Advisor
    Posted Apr 11, 2011 06:51 AM

    Hello,

    When there is an issue like this, there are lots of things which needs to look into.

    1) What and why does it make you think that this is happening because of SEP?

    2) Did you check the Application Logs (found under Event Viewer) on the client machine.

    3) What version of SEP are you running? It is always recommended to have a Latest version of SEP on the Machines.

    4) Did you try disabling SEP and check if the issue reoocurs?

    5) Do you have Network Scanning Feature turned ON the SEPM for SEP clients?

    6) Did you try disabling SEP's Network Threat Protection from the SEP machine at the server or at the client level?

     

    Check the above steps to reach to Narrow Down the issue.

     

    Again, there are some fixes in the Version 11.0.6300 (RU6 MP3) 

     

    Applications launch slowly over network shares
    Fix ID: 2141780
    Symptom: Applications running on a Windows 2008 server running Symantec Endpoint Protection are slow to load when file system Auto-Protect is enabled on the server and files on the server are encrypted.
    Solution: When files on the server are encrypted, file system Auto-Protect generates an extra create call to LSASS to get the encryption key. This results in degraded performance as well as a situation in which Symantec Endpoint Protection's access to the file is denied.
    An option has been added to allow Symantec Endpoint Protection to skip these scans, resulting in increased performance but decreased security. When the scans are skipped a machine not running Symantec Endpoint Protection will be able to copy a threat to the server. The threat will be detected by the server if it is accessed by any server application, by another client running Symantec Endpoint Protection, or by a manual scan on the server.
    Customers may obtain the tool via Symantec Technical Support.
    An alternative to the tool is to exclude encrypted files and folders using file system Auto-Protect exclusions.
     
     
    Reference: 
     
    Release notes for Endpoint Protection and Network Access Control 11
     
    http://www.symantec.com/business/support/index?page=content&id=TECH103087
     
     
     
     
    MAKE SURE YOU MIGRATE TO THE LATEST VERSION ----- > 11.0.6300 (RU6 MP3) 


  • 4.  RE: SEP possibly interfering with network installs?

    Posted Apr 11, 2011 07:25 AM

    Step 1:

    Install New version on Windows server 2008 .

     

    Step 2: export all policies from old server and save in new system .

     

    Step 3: Import all policies to new system /2008 .

     

    Step 4: with Sylink replace tool , replcae new sylink file in all clients .

    Then all clients will communicate to new system .

     

    Regards

    Santhosh