Video Screencast Help

Symantec DLP and Symantec AntiVirus

Created: 27 May 2013 | 9 comments

I have both Syamnetc DLP and AV endpoint protection, we are using Lotus Notes as client for Domino. I have a big delay when sending any mail that contains attachment.

I have configured VM for testing, and I have done the below trials in sending mail with PDF file with size of 4 MB and 124 pages:

1- VM without both DLP & AV: managed to send the mail in 5 seconds.

2- VM with AV only: managed to send it in 6 seconds.

3- VM with DLP only: managed to send in 20 seconds.

4- VM with both DLP and AV: sending the same mail takes more than 2 minutes

 

Seems that a confusion is existing between both the DLP and AV, although I have putted the DLP files in the exclude list of the AV (DLP folder, kvoop.exe, edp.exe and wdp.exe).

 

Appreciate if you can help in this Issue.

 

Many Thanks in advance.

 

Operating Systems:

Comments 9 CommentsJump to latest comment

.Brian's picture

Do you mean SAV or SEP?

If SAV, it is end of life and I would suggest upgrading to SEP as soon as possible.

If SEP, do you have the Notes email scanning plugin enabled?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

MElanany's picture

Thanks Brian81

 

I mean SEP 11, and Notes mail scannin plugin is disabled.

.Brian's picture

What is the exact version of SEP 11.x? What components do you have enabled for SEP?

Can you try your test again with only the AV component enabled? I'm assuming your also using PTP and NTP...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

MElanany's picture

SEP ver 11.0.5002.333, when testing sending with AV only it takes only 5 seconds and when sending with DLP only takes 20 seconds, but when both DLP and AV are active takes more than 2 minutes.

 

what is PTP and NTP ?

 

We are using PTP, but NTP is not enabled.

.Brian's picture

Any chance you can upgrade to either SEP 11.x RU7 MP3 or SEP  12.1 RU2?

Thats a very old and buggy version you're on.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

I agree with the suggestion above.

The Symantec Endpoint Protection 11.0.5002 was released in September' 2009.

It is recommended to maintain consistency of software versions in SEP 11.x, check this Article below:

About Maintaining Consistency of Software Versions throughout a SEP 11 Organization

http://www.symantec.com/business/support/index?page=content&id=TECH131660

Once the SEP client is migrated to the Latest version, you may also check this Article below:

Create DLP Policy to Add Exception to Ignore Emails Send to Internal Users

https://www-secure.symantec.com/connect/articles/create-dlp-policy-add-exception-ignore-emails-send-internal-users

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

AjinBabu's picture

Hi, 

Please upgrade the SEP client version and perform the same test.

Regards

Ajin

MElanany's picture

Hi All,

 

Many thanks for your concern, Im downloading now the latest version and I'll feed you back after testing.

 

Thanks