Endpoint Protection

I have both Syamnetc DLP and AV endpoint protection, we are using Lotus Notes as client for Domino. I have a big delay when sending any mail that contains attachment.

I have configured VM for testing, and I have done the below trials in sending mail with PDF file with size of 4 MB and 124 pages:

1- VM without both DLP & AV: managed to send the mail in 5 seconds.

2- VM with AV only: managed to send it in 6 seconds.

3- VM with DLP only: managed to send in 20 seconds.

4- VM with both DLP and AV: sending the same mail takes more than 2 minutes

Seems that a confusion is existing between both the DLP and AV, although I have putted the DLP files in the exclude list of the AV (DLP folder, kvoop.exe, edp.exe and wdp.exe).

Appreciate if you can help in this Issue.

Many Thanks in advance.

Do you mean SAV or SEP?

If SAV, it is end of life and I would suggest upgrading to SEP as soon as possible.

If SEP, do you have the Notes email scanning plugin enabled?

Thanks Brian81

I mean SEP 11, and Notes mail scannin plugin is disabled.

What is the exact version of SEP 11.x? What components do you have enabled for SEP?

Can you try your test again with only the AV component enabled? I'm assuming your also using PTP and NTP...

SEP ver 11.0.5002.333, when testing sending with AV only it takes only 5 seconds and when sending with DLP only takes 20 seconds, but when both DLP and AV are active takes more than 2 minutes.

what is PTP and NTP ?

We are using PTP, but NTP is not enabled.

11.0.5 is a very old version. You can restart your testing by using  12.1 RU2.

https://www-secure.symantec.com/connect/blogs/latest-symantec-endpoint-protection-released-sep-121-ru2-mp1

Any chance you can upgrade to either SEP 11.x RU7 MP3 or SEP  12.1 RU2?

Thats a very old and buggy version you're on.

Hello,

I agree with the suggestion above.

The Symantec Endpoint Protection 11.0.5002 was released in September' 2009.

It is recommended to maintain consistency of software versions in SEP 11.x, check this Article below:

About Maintaining Consistency of Software Versions throughout a SEP 11 Organization

http://www.symantec.com/business/support/index?page=content&id=TECH131660

Once the SEP client is migrated to the Latest version, you may also check this Article below:

Create DLP Policy to Add Exception to Ignore Emails Send to Internal Users

https://www-secure.symantec.com/connect/articles/create-dlp-policy-add-exception-ignore-emails-send-internal-users

Hope that helps!!

Hi, 

Please upgrade the SEP client version and perform the same test.

Regards

Ajin

Hi All,

Many thanks for your concern, Im downloading now the latest version and I'll feed you back after testing.

Thanks