Symantec endpoint protection issue....

This issue has been solved. See solution.
nagendermca@gmail.com's picture
We have installed Symantec end point solution antivirus software in windows 2003 64 bit OS. where we are facing problem with the antivirus software. The software is using high memory due to some leakage. We have consulted microsoft people. Microsoft people have suggested to check with the below aspect.
 
It appears that pooltag NDCM belongs to wpshelper.sys from Symantec Intrusion Detection - WpsHelper and its taking most of the NPP.
Its required to get the application vendor to update the driver and check if it's a know issue with this driver.

The pool log analysis as below:

----------------------Pool Log Analysis---------------------------
------------------------------------------------------------------
Pool Tag: NDCM
Type: Pool_Non-Paged
Leaking?: *YES*
First/Average/Last/High Values: 499.68 MB / 1050.29 MB / 1743.44 MB / 1743.44 MB
Mapped Driver: Unknown Driver
------------------------------------------------------------------
Pool Tag: _Total Pool Non-Paged Bytes
Type: Pool_Non-Paged
Leaking?: *YES*
First/Average/Last/High Values: 14.96 MB / 1087.96 MB / 1786.27 MB / 1786.27 MB
Mapped Driver: N/A

Please suggest me on this.

Sincerely,
Nagender.

Kedar Mohile's picture

what version of SEP is this observed with ?

what version of SEP is this observed with ?

pete_4u2002's picture

uninstall NTP component of

uninstall NTP component of SEP on the server

brav's picture

Yeah , you should only have

Yeah , you should only have AV & AntiSpyware running on servers ... not the IPS or Firewall components.

m00

nagendermca@gmail.com's picture

I am using symantec endpoint

I am using symantec endpoint protection 11.0 and i am also using IPSec in the machine.

nagendermca@gmail.com's picture

What does this below lines

What does this below lines mean.

It appears that pooltag NDCM belongs to wpshelper.sys from Symantec Intrusion Detection - WpsHelper and its taking most of the NPP.

Its required to get the application vendor to update the driver and check if it's a know issue with this driver.

Vikram Kumar-SAV to SEP's picture

WpsHelper.sys is Intrusion

Solution

WpsHelper.sys is Intrusion prevention driver for NEtwork Threat Protection component of Symantec Endpoint Protection.
As Microsoft suggested make sure you are using the latest version of SEP 11.0.4202.xx.
If not upgrade it to this version and then check if it resolves your issue.

Celebrating 2 years as a community member....

nagendermca@gmail.com's picture

Thanks

Thanks Vikram,

                           I will upgrade the SEP and check it.

Sincerely,
Nagender.

anakorez's picture

We installed Norton Endpoint 11.0.4 , but PROACTIVE SUPPORT is

 It is my first time installing end point and here is a network of less than 15 Computers.

I jsut dun know what to sum this problem up as,

but
* The Proactive Threat Protection is disabled.
* Live update is nort working
very obvious that the server is at risk but I am in a deep distress as a result.

Any1 should pls help me and God bless.

kavin's picture

Proactive Threat Protection

Proactive Threat Protection will remain Off by default on any server OS or 64 bit OS.
So if its a server then its fine.
If its a 32 bit client OS then try to repair the SEP from add or remove program or Uninstall or reinstall the SEP.
Also if your Liveupdate is not working I would like to know first is it a managed client or unmanaged client?