Endpoint Protection

 View Only

  • 1.  SEP Virus Detection/Notification Time

    Posted Nov 20, 2015 09:29 AM

    Hi all,

    I'm running 4 SEPM with a separate SQL DB on 12.1.6.1.

     

    As far as I remember SEPM got notified about a virus detection on a client machine with its next heartbeat in 12.1.4

    Hence I would like to know if SEPM is getting notified immediately now besides the heartbeat.

     

    Another issue I have is that the connection to SEPM console is really slow where I thought it might help to increase the heartbeat time.

     

    -Simon



  • 2.  RE: SEP Virus Detection/Notification Time

    Posted Nov 20, 2015 09:32 AM

    As soon as the SEPM gets logs from the clients, and it meets the threshold, it will send out the proper alert. But yes, those logs get sent during the heartbeat process.

    Starting with 12.1.4 there is the "fast pathing" option, please read up on it at this link:

    Information about the "Fast Pathing" feature in SEP 12.1 RU4



  • 3.  RE: SEP Virus Detection/Notification Time

    Posted Nov 20, 2015 09:45 AM

    Security events virus detections are like password change or account lockouts in AD, they are Immediate and do not wait for anything.



  • 4.  RE: SEP Virus Detection/Notification Time

    Posted Nov 20, 2015 09:49 AM

    So we might increase the heartbeat time which wont affect a virus detection and might help with a possible hammered database and SEPM console loading time?



  • 5.  RE: SEP Virus Detection/Notification Time

    Posted Nov 20, 2015 09:55 AM

    Yes, per the fast pathing doc.



  • 6.  RE: SEP Virus Detection/Notification Time

    Posted Nov 20, 2015 09:59 AM

    Yes...