Endpoint Protection Small Business Edition

Reposting this, as it appears my first attempt never made it...

We are having problems accessing some sites with Symantec Endpoint Protection active. freescale.com is one site we always have problems with. The site takes a LONG time to load (minutes). When SEP is off, the site loads fine, so I know the problem isn't with the site. For example, I can access the site from home just fine (incidentally, I'm running Norton at home as offered by Comcast). It does not matter what browser is used to access the site. It does not matter what OS is used to access the site. Clearing the browser cache/cookies/etc makes no difference. I've checked the client logs, and nothing appears as being blocked when the site is being accessed.

We are running SEP Small Business Edition 12.1.2015.2015, using the default policies. All clients are up do date with their signatures and synced to the server.

Anyone have any suggestions as to what to look for, or what the problem might be?

Thanks...

Is there anything showing in Security logs on the client? anything coming up in the SEPM Risk logs?

I mentioned in my post that nothing shows up in the logs on the client. I've looked at all of the logs.

To clarify: The logs do contain "regular" entries, but nothing shows up in the logs that say "hey! here's the problem! This is what's being blocked."

It would show in the risk log the name of the site being blocked

In the Exception policy, add an exception for trusted domain

Excluding a trusted Web domain from scans

Article:HOWTO80926

|

Created: 2012-10-24

|

Updated: 2013-01-30

|

Article URL http://www.symantec.com/docs/HOWTO80926

 

Thank you for the response.

However, as I have pointed out, nothing shows up in the logs. The site is not being blocked. It's just taking a long time to load when SEP is active.

I neglected to mention that I already tried adding an exception. No difference. Correct me if I'm wrong, but from I read of the documentation, I understood that the exception only applies to files being downloaded from the site, not to http access.

tried disabling download insight?

Yes. No difference. As I asked with the exceptions, based on my reading of the documentation, Download Insight applies to files being downloaded. I'm not trying to download a file. True, it's getting other items, like style sheets and images, but do those fall in the realm covered by Download Insight or the Exceptions? Even if that were being triggered, I should get a log entry. I don't. I've tried disabling things one by one. Nothing seems to make a difference. The only thing that makes a difference is turning SEP off completely. Do you have SEP SBE 12.1? Can you access the site I mentioned without problem?

running sep enterprise but I am able to access the site and I have everything enabled.

Hi,

Try to make website entry in the host file to check whether it makes any difference.

I did test on my production machine & it opened within few seconds. But I have SEP 12.1.2015.2015 Enterprise Edition.

Adding the entry in the hosts file made no difference. Can someone with SEP Small Business Edition 12.1 please test this?

Hi,

I did test with SBE 12.1 RU2 version & it was installed on Server 2012 machine.

Site http://www.freescale.com/ opened within few seconds.

 

Well, I don't know what else to try or do. There's clearly a problem with that site, and there is no information to be gleaned from logs to indicate what the problem might be.

Hi,

You face this problem across all the machines installed in the network? Do you have your own firewall at the network boundry?

 

Yes, I see this on all computers, but then that's because SEP is installed on all of them. We do have an RV082 router sitting between the DSL modem and the network switches. I've looked at the logs on the RV082 router, and they do not show any errors or blocked connections. I'm beginning to suspect that SEP is simply making our god-awful slow DSL virtually useless with this site (and probably others). We have a cable connection that we set up for limited use to one computer for a specific project with a customer. The employee who uses it wasn't in today so I connected a laptop that has SEP onto it. The freescale site came up just fine. Tomorrow morning before everybody comes in I will connect our internal network to the cable connection (rather than the DSL) so I can test the full path through our router as well (though as I noted I did not see any blocked connections in the router logs, so I don't think there's an issue there).

I got a chance to try access to that site using the cable connection. No other network changes were made - the router's DNS entries remained the same (Google's DNS servers), and all of the internal computers use a Windows Server 2003 server as the DNS server, which has Google's DNS servers as forwarding entries. Thus, theoretically, the only thing that should have changed from our perspective is the speed of the connection (about 15x faster). I cleared out my cache from my test browsers (Firefox and IE) and then tried to access the Freescale site, and the site came up quite quickly.

At this point I'm not really sure whether this is an SEP issue or an external network issue. I know that in repeated tests having SEP off did indeed improve access to that site (always making sure to clear the browser cache so it would be forced to refetch everything). I'm somewhat confused as to why SEP would be a factor in how easily/hard that particular site is accessed when we are using the DSL connection. Clearly it's not the only factor, nor the biggest factor, as even with it off access to the site was not that great, whereas access to other sites worked fine, for the most part. I know that we will eventually be switching to the cable connection, so any inherent issues that may (or may not) be there won't matter too much. Still, it seems strange to me, yet I cannot argue with what I've seen.

Hi,

Do you have any update on this?