Hi All,

I need some help here, how to diagnose slowness on Thin Client which is using SEP for XPe 5.1?

So far from network side, there is no particular issue... no congestion detected.

We're suspecting it's either Thin Client itself having problem or SEP for XPe 5.1....

Hope somebody can advice on this. Thanks!

p/s: sry if i post in wrong section, didnt see any for XPe

regards

Hi,

Stop all Symantec services & then monitor the performance to isolate the issue.

Use latest SEP version i.e RU6 MP3.

If you installed all the features, you may want to try with just AV/AS installed to see if that makes a difference or not.  There also is a product specifically for xp embedded.  You may want to look into that as well.

http://www.symantec.com/business/endpoint-protection-for-windows-xp-embedded

What is the exact build version of SSEP 5.1 that you are using. You should be using the latest, I believe that is 5.1.9 MP5.

Yes... we're using this product.

I spend the whole day checking those Thin Clients... guess what?

The AVS library didn't managed to detect and clean W32.SillyFDC.BDP.... we're using version 5.1.3979 of SEP for XPe and latest AVS library definition 3/5/2011..

My big question is..  is there site where i can download 'Rapid Release' for this product?

I googled but Symantec AVS library doesnt seem to mean anything.to Google.... FYI SAV/SEP managed to detect and clean this virus.... but not SEP for XPe....

Looks like a 'ghost' product for Symantec? O o

regards

It looks like that threat was dicovered after 3/5/11.

W32.SillyFDC.BDP

Discovered:

March 10, 2011

Updated:

March 11, 2011 8:31:31 AM

Type:

Worm

Infection Length:

63,488 bytes

 

http://bit.ly/iPvfqw

 

The definitions for SEP XPe are provided be a third party. Let me do some research on this and get back to you.

If this infection is spreading, I recommend you open a case with Support ASAP.

I see... no wonder i can't find any information about the AVS library... another concern is for IPS library... i don't we can find any info on this neither...

We do have another concern on this product, do we have to manually 'commit' each time after virus is found and quarantined?

FYI after i restart the system with EWF enabled, the risk log is gone and the virus come back to normal...

this is so weird... i suppose the virus cleanup use the same technology as virus definition update?

refer to here:

Note: Embedded clients have a unique feature that prevents the space used on
the storage device from growing too large. The Enhanced Write Filter keeps
changes from being written to the client. It stores changes in a virtual disk and
deletes the changes when the client is restarted. This becomes a problem when
you want to write the latest virus definitions and policies to the client. The XP
Embedded agent has technology that enables the Antivirus Signature Library and
policies to be committed to the storage device through the Enhanced Write Filter
without requiring a restart of the system. This capability enables you to apply
and update the Antivirus Signature Library and policies without losing your
changes when the client restarts.

ftp://ftp.symantec.com/public/english_us_canada/products/symantec_endpoint_protection/for_windows_xp_embedded_5.1/manuals/Symantec_Endpoint_Protection_for_Windows_XP_Embedded_Administration_Guide_Addendum.pdf

Do we have to manually 'commit' each time after virus is found and quarantined? I am not sure about that, I cannot find anything that mentions manually commiting files.

For submitting threats for analysis, you can submit the virus files to Authentium at virus@authentium.com. Please include "Symantec" in the subject line.

Please note that it is very possible that the AV engine you are running will not detect this threat. You really need to get support involved on this ASAP.

Hi,

Does anybody know about the commit thing?

I've raised a case last week and now waiting for their reply...

Hi Cycletech,

I didn't find any instruction on manual commit neither but like i said whenever i run full scan with EWF enabled, if SEP detected and quarantine a threat.. those action will be reverted back once the Thin Client got restarted..

This really making headache... theoricaly if that happened means either manual commit is needed or SEP itself is broken (bug)...

regards

I can't seem to get in touch with Symantec Tech... i was keep waiting 30mins on the phone with nobody picking up the case..

Anybody know how to get in touch with the Support Manager?

Hi Cuz000, Sorry I did not see your reply from the 15th before now. Opening a support case is the best way to get this resolved, but you will not be able to call a Support Manager directly.

Once you get the TSE on the phone, you may request to bump this case up in priority.

Support Online - https://mysupport.symantec.com/

Phone - http://www.symantec.com/business/support/contact_techsupp_static.jsp