Endpoint Protection

 View Only

  • 1.  windwos 2003 server, XP CLIENTS and OFFLINE FILES

    Posted Sep 24, 2009 09:50 AM
    Just had a strange error I hope someone can help with.  We run a domain with WINDOWS 2003 servers and have the MY DOCUMENTS redirected to a share on one of the 2003 servers.  we run XP PRO CLIENTS that all have the full endpoint protection on them while the servers ONLY have anti-virus.  in the past few days, we have been getting the OFFLINE FILES message for their documents on one of the servers.  I removed ENDPOINT and the error seems to have gone away and the staff can login correctly and the speed is good (before it was taking over 20 minutes and the offline files error would come up or something about not being able to load the romaing profile).. Is there something that would be causing this? it has been working for months fine.. did some kind of update cause this to happen? right now I am running on of the servers without it...

    -- Dave




  • 2.  RE: windwos 2003 server, XP CLIENTS and OFFLINE FILES

    Posted Sep 24, 2009 09:59 AM
    Greetings Dave Hauss,

    What version of SEP are you using? I know we have fixed a lot of network issues in the 11.0.4202.x version, if you are not at least that version try jumping to it or the 11.0.5002 version and see if the issue is resolved.


  • 3.  RE: windwos 2003 server, XP CLIENTS and OFFLINE FILES

    Posted Sep 24, 2009 10:01 AM
    Hi,

           One of the possible reason is that during the load process the user profiles are scanned by both the sending server and the recieving client.

    Try adding an exception on the server to exclude the folder and  subfolders were the user profiles are stored.

    This is not a security risk, as the files are scanned on the client.

    This way we prevent the files from beeing scanned twice during the logon process.



  • 4.  RE: windwos 2003 server, XP CLIENTS and OFFLINE FILES

    Posted Sep 24, 2009 11:51 AM
    Exactly.  You only want them scanned once.  You can decide which side you want to do the scanning on.  Either have the clients not scan network shares (or that specific network share) or exclude the folder(s) of the document store on the server.

    I used to manage a file server that hosted well over 5 million files that were redirected from desktops.  I found performace was best when the scanning was done on the client-side, but if your file server is robust enough to handle it, it could be done server-side.


  • 5.  RE: windwos 2003 server, XP CLIENTS and OFFLINE FILES

    Posted Sep 25, 2009 02:05 PM
    Hwo do I set it to only scan on the client side??



  • 6.  RE: windwos 2003 server, XP CLIENTS and OFFLINE FILES

    Posted Sep 25, 2009 06:04 PM
    You'll want to make sure you're file server gets its own SEPM policy, then use the centralized exceptions to exclude the file shares on the file server.  To do so go to Policies/Centralized Exceptions/Edit/Click "Centralized Exceptions"/Add/Security Risk Exceptions/Folder.

    On the policy for you clients, make sure that scanning of network shares is enabled.

    Network Drive Scanning:
      1. Click the Policies Tab.
      2. Click Antivirus and Antispyware.
      3. Click the policy you would like to modify and then click Edit the Policy.
      4. Click File System Auto-Protect.
      5. Under Network Settings, make sure Network is checked.
      6. Click OK.
      7. Assign the policy by clicking Assign the Policy, then check each group to which the policy should apply.
      8. Click Assign, then click Yes.

    You could also use the suggestion here to exclude real-time scanning on the server, but still do regular scans.  https://www-secure.symantec.com/connect/idea/sep-client-needs-separate-exclusions-real-time-and-scheduled-scans