Endpoint Protection Small Business Edition

 View Only

  • 1.  Slow PC after definition update

    Posted Mar 16, 2015 10:30 AM

    Hello everyone,

    I've found a few discussions about my problem, but so far no solution. About twice a day, when new definitions arrive, a few PCs of our company get highly irresponsive. After about 30 minutes everything is OK. During this period hdd is running at 100%. According to symantec logs, it looks like the "problem" lies in Defwatch. From what I found in other discussions it could be the functionality of Auto-protect that is rescanning my file cache. Problem is that I cannot disable it as there is no Advanced button under Auto-protect tab, where, according to other discussions, I could tweek a file cache settings. 

    My PC is managed by SEPM. I checked the settings in SEPM, but problem is that there is no Advanced button under Policies settings either. It looks like there are registry entries concerning the file cache settings, but when I change the values, they get overwriten by SEPM after next restart. But it looks like I cannot set them in SEPM. 

    I tried to reinstall whole system without success. There are no files in quarantine. 

    Maybe the problem could be in one of the many applications I use. I don't know how to properly set up debug logs to get any meaningful information about what it is actually doing during this 30 min period. When I run active scan it takes only 20 seconds. The only way out of the irresponsive state is "smc -stop" followed by "smc -start" which I use quite frequently lately.

    Please let me know if you have any suggestions.



  • 2.  RE: Slow PC after definition update

    Posted Mar 16, 2015 10:41 AM

    See below articles

    How to turn off Active Scan when new definitions arrive

    http://www.symantec.com/business/support/index?page=content&id=TECH106098

    About the file cache

    http://www.symantec.com/business/support/index?page=content&id=HOWTO27136



  • 3.  RE: Slow PC after definition update

    Posted Mar 16, 2015 10:42 AM

    Exact SEP version?

    Do you have the option checked to Run an active scan when new definitions arrive?

    Do you also have the option checked to automatically repair and restore files in Quarantine when new definitions arrive?



  • 4.  RE: Slow PC after definition update

    Posted Mar 16, 2015 11:18 AM

    Sounds similar to this thread https://www-secure.symantec.com/connect/forums/sep-scheduled-deliver-new-definitions-set-time-day

    The solution appeared to be disabling the defwatch scan from the console, see the first post from Mithun Sanghavi for a screen shot

    https://www-secure.symantec.com/connect/forums/how-disable-sep-121-defwatch-quickscan



  • 5.  RE: Slow PC after definition update

    Posted Mar 16, 2015 12:06 PM

    SEP 12.1.4100.4126

    Run an active scan when new definitions arrive - Disabled.

    Filecache settings not available - i think its because of Small Business edition.

     

    Ed_A: Right now I set DefwatchMode = 3. I will let you know tomorrow morning after reboot of PC and new definitions.



  • 6.  RE: Slow PC after definition update

    Posted Mar 17, 2015 04:04 AM

    After reboot of my PC (restart of symantec), DefwatchMode is back at value 0 and after definition's update disk activity back at 100% for 30 minutes. I seems to be overwriten from SEPM. Question is if its possible to set this in SEPM Small business edition?

    I'm not totally sure if this is a problem, but its good for start.



  • 7.  RE: Slow PC after definition update

    Posted Mar 18, 2015 07:56 AM

    From what i found on other discussions it seems that setting of DefwatchMode in unmanaged client or in Small business edition is possible only via registry entry. I have managed SEP small business editon. Problem is that when I change DefwatchMode setting in registry on my client pc, it gets overwritten back to 0 when I restart my SEP client (pc reboot or smc stop-start).

    Who is doing this overwrite? SEPM or my SEP client?