Endpoint Protection

 View Only

  • 1.  SEPM issues ... plz help me

    Posted Aug 27, 2009 02:40 PM
     Dear all, 
     
 I have installed a SEPM on my windows 2003 server r2 OS.I have configured all the
 policies and rules and generated new SEP client package of 32 bt,and
 installed on some of XP clients.But after installation in the client
 machine , i have run the latest sep client package in those machine . Now
 the client are reflecting in my SEPM. but we are facing so many issues
 like..
 
 1) As soon as installation on the machines Clients started downloading
 heavily and due to that all the systems at my branch (which has a Internet
 Line of Bandwidth 64kbps) becomes hang and when i checked in the Bandwidth
 monitoring tool i found that each clients downloading more than 40 mb per
 day(6-7 MB per hour on an avg), and due this the network has became very
 slow and we are unable to work.
 
 2)  As soon as i installed the client package in the systems i installed
 manually the latest updates , in order to reduce the Huge downloads at the
 initial time, but still the clients will start downloading heavily
 further.
 
 3) What are this clients were actually downloading? when there definitions
 are upto-date.
 
 4) Whether this download process continues daily, i mean it will consume
 the same definition size like 40-50 mb ?
 
 5) Is there any configurations or settings that has to be done so as to
 reduce the huge downloads by the clients? either in the SEPM or in the
 clients machine?
 
 6) whether any options available in SEPM to reduce the huge bandwidth
 consuming by the clients?
 
 7)Whether the clients which will download their definitions from SEPM will
 be always huge size or only INCREMENTAL UPDATES of MICRODEFS?
 
 8) How to overcome this bandwidth issues with our 64kbps leased line?
 
 9) Is there any option available where i can assign my client machines to
 download the definitions only at some particular time as we wish?
 
 Kindly guide us , we are unable to find a proper solutions for these
 issues, which i am looking for better solution from symantec from many
 days.
 
 Plz revert as early as possible.
 
 our production server details
 ----------------------------------------
 
 SEPM package is : 11.0.4202.75 MR4 MP2
 Operating system : Windows server 2003 r2
 clients are about 20-40 at present.
 hard disk allocated for the C drive is : 88 GB
 RAM of my server : 2 GB


  • 2.  RE: SEPM issues ... plz help me

    Posted Aug 27, 2009 02:41 PM
     


  • 3.  RE: SEPM issues ... plz help me

    Broadcom Employee
    Posted Aug 27, 2009 02:59 PM
    Hi,

    You may configure a GUP (Group Update Provider) at your branch office so that one of the clients there will download the definitions from SEPM and distribute them locally to all your branch office clients. This way only one client i.e the GUP will download the definitions from SEPM which will take care of your bandwidth issues. You may also configure the GUP throttling to suit your bandwidth.

    Please check the following articles

    Symantec Endpoint Protection 11.0 Group Update Provider (GUP)

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007092720522748

    How to configure GUP bandwidth throttling in Symantec Endpoint Protection 11.0 MR4?

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008121722041748

    Let me know if this helps :-) 


  • 4.  RE: SEPM issues ... plz help me

    Posted Aug 27, 2009 03:06 PM

    Symantec Endpoint Protection Client configuration changes for performance optimization
     

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007102311173048


  • 5.  RE: SEPM issues ... plz help me

    Posted Aug 27, 2009 04:54 PM
    I had many of the same issues as you. I have a SEPM at the location I'm at and then I have many remote locations with minimal bandwidth.

    As was alluded to already, the GRUPs are a big help. But what I did was set up groups (under Clients) for each of my locations. Then for each location I designated one of the PCs as a GRUP. This helps a lot on it's own. This way all the other clients are pulling updates internally as opposed to crossing over that small 64Kb line.

    Also, Under Admin > Servers > Local Site > Edit Site Properties:
    If I'm not mistaken, the default download schedule is set for every 4 hours. I changed mine to daily and checked the box for "Select download start time window" and made mine go between 2:30am and 3:30am because I know there's not much going on during that time.

    I'm sure there's more that can be done, but I know those two things helped me out a lot.

    Also, try to make sure all of your PCs are up the latest in SEP 11 (MR4MP2) because some of those past releases had some bugs in them that created A LOT of false-positives and all that data is put into the logs on the PC and that data is communicated directly to your SEPM (as opposed to the GRUP) which will kill your bandwidth (because the PCs log files are huge)


  • 6.  RE: SEPM issues ... plz help me

    Posted Aug 27, 2009 06:53 PM
    I think Cfisher440 has good point here.
    You can configure GUP & scheule the liveupdate on your SEPM at some time in the bight between 12 AM & 6 AM. that should help you.


  • 7.  RE: SEPM issues ... plz help me

    Posted Aug 27, 2009 07:48 PM
    Have you tried to set up the Liveupdate server before?


  • 8.  RE: SEPM issues ... plz help me

    Posted Aug 27, 2009 08:05 PM
    The GUP role in SEP is the way to go even for an organisation that has many thousands of pc's distributed across many different regions.

    Peterpan suggested Liveupdate server, but this would only be the case if you wanted to ultimately use it for more than AV definitions. If all you want is to update SEPs definitions, liveupdate and the product itself, use the GUP role to download from the main server to minimise bandwidth usage.

    Most of the sites I look after have anything from 2MB links to a dark fibre connection. So different setups have to be considered and planned before implementation of SEPM and SEP across an enterprise, even down to a small business as well.

    Regards,

    Jon.