Symantec endpoint protection issue....

This issue has been solved. See solution.
nagendermca@gmail.com's picture
nagendermca@gmail.com
September 21st, 2009
We have installed Symantec end point solution antivirus software in windows 2003 64 bit OS. where we are facing problem with the antivirus software. The software is using high memory due to some leakage. We have consulted microsoft people. Microsoft people have suggested to check with the below aspect.
 
It appears that pooltag NDCM belongs to wpshelper.sys from Symantec Intrusion Detection - WpsHelper and its taking most of the NPP.
Its required to get the application vendor to update the driver and check if it's a know issue with this driver.

The pool log analysis as below:

----------------------Pool Log Analysis---------------------------
------------------------------------------------------------------
Pool Tag: NDCM
Type: Pool_Non-Paged
Leaking?: *YES*
First/Average/Last/High Values: 499.68 MB / 1050.29 MB / 1743.44 MB / 1743.44 MB
Mapped Driver: Unknown Driver
------------------------------------------------------------------
Pool Tag: _Total Pool Non-Paged Bytes
Type: Pool_Non-Paged
Leaking?: *YES*
First/Average/Last/High Values: 14.96 MB / 1087.96 MB / 1786.27 MB / 1786.27 MB
Mapped Driver: N/A

Please suggest me on this.

Sincerely,
Nagender.

Filed under: , , , ,
0 votes
Kedar Mohile's picture
Kedar Mohile
9 weeks 2 days ago

what version of SEP is this observed with ?

what version of SEP is this observed with ?

Kedar Mohile
http://kedarmohile.blogspot.com

+1 (1 vote)
pete_4u2002's picture
pete_4u2002
9 weeks 2 days ago

uninstall NTP component of

uninstall NTP component of SEP on the server

0 votes
brav's picture
brav
9 weeks 2 days ago

Yeah , you should only have

Yeah , you should only have AV & AntiSpyware running on servers ... not the IPS or Firewall components.

m00

0 votes
nagendermca@gmail.com's picture
nagendermca@gmail.com
9 weeks 2 days ago

I am using symantec endpoint

I am using symantec endpoint protection 11.0 and i am also using IPSec in the machine.

0 votes
nagendermca@gmail.com's picture
nagendermca@gmail.com
9 weeks 2 days ago

What does this below lines

What does this below lines mean.

It appears that pooltag NDCM belongs to wpshelper.sys from Symantec Intrusion Detection - WpsHelper and its taking most of the NPP.

Its required to get the application vendor to update the driver and check if it's a know issue with this driver.

0 votes
Vikram Kumar-SAV to SEP's picture
Vikram Kumar-SAV to SEP
9 weeks 2 days ago

WpsHelper.sys is Intrusion

Solution

WpsHelper.sys is Intrusion prevention driver for NEtwork Threat Protection component of Symantec Endpoint Protection.
As Microsoft suggested make sure you are using the latest version of SEP 11.0.4202.xx.
If not upgrade it to this version and then check if it resolves your issue.

Celebrating 2 years as a community member....

+1 (1 vote)
SOLUTION
nagendermca@gmail.com's picture
nagendermca@gmail.com
9 weeks 2 days ago

Thanks

Thanks Vikram,

                           I will upgrade the SEP and check it.

Sincerely,
Nagender.

0 votes
anakorez's picture
anakorez
9 weeks 2 days ago

We installed Norton Endpoint 11.0.4 , but PROACTIVE SUPPORT is

 It is my first time installing end point and here is a network of less than 15 Computers.

I jsut dun know what to sum this problem up as,

but
* The Proactive Threat Protection is disabled.
* Live update is nort working
very obvious that the server is at risk but I am in a deep distress as a result.

Any1 should pls help me and God bless.

0 votes
kavin's picture
kavin
9 weeks 2 days ago

Proactive Threat Protection

Proactive Threat Protection will remain Off by default on any server OS or 64 bit OS.
So if its a server then its fine.
If its a 32 bit client OS then try to repair the SEP from add or remove program or Uninstall or reinstall the SEP.
Also if your Liveupdate is not working I would like to know first is it a managed client or unmanaged client?

0 votes