截屏视频帮助

Policies management

创建时间: 29 11 月 2013 • Updated: 06 12 月 2013 | 23 条评论
此问题已解决。 请查看解决方案。

Hy all,

I am running a SEP on a Windows 2008 R2 server. All serveurs client are in "servers" groupe. This group is configured as follow :

vpn18.jpg

On client (Windows 2003 / 2008), all virus definition are updated correctly. But the policy, not. The serial number on the server and the client is the same.

For exemple, I define some exceptions in the policy (SEP server side) but the policy does not apply on the client.

Any ideas?

评论 条评论跳转至最新评论

James007 的图片

HI,

Check this articles and verify exceptions in client end.

How to Verify if an Endpoint Client has Automatically Excluded an Application or Directory
Article:TECH105814 | Created: 2008-01-05 | Updated: 2011-03-02 | Article URL http://www.symantec.com/docs/TECH105814
pete_4u2002 的图片

is there any other location in the group?

check if the registry entry has the value for the exception list

http://www.symantec.com/business/support/index?pag...

Chetan Savade 的图片

Hi,

Thank you for posting in Symantec community.

Definitions are updated it means there is no issue in the connectivity, try to make changes in any other policy as well & Check.

In some case it may happen policy is corrupted and after creating new policy it starts working.

You can try by creating a new group and assign fresh new policy to it.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

GP Sante 的图片

Thank you for your response.

I see all exclusions I have defined.

Now, I have got another problem : why the server is very slow when the agent is running... I have to investigate !

Thank you

James007 的图片

Which process takes high memory ?What components do you have installed in SEP client?

Check some articles

Improving client and server performance
Article:HOWTO81048 | Created: 2012-10-24 | Updated: 2013-10-07 | Article URL http://www.symantec.com/docs/HOWTO81048
Adjusting scans to improve computer performance
Article:HOWTO80964 | Created: 2012-10-24 | Updated: 2013-10-07 | Article URL http://www.symantec.com/docs/HOWTO80964
Best practices to improve low performance.
Article:HOWTO55872 | Created: 2011-07-08 | Updated: 2012-04-17 | Article URL http://www.symantec.com/docs/HOWTO55872
GP Sante 的图片

Thank you for your links.

I make some changes on the policy. When i can enable again the agent, i will check new performance and tell you if it's better.

I think i will make the test today.

Olivier

GP Sante 的图片

Thank you James007

I'm going to read your links.

Olivier

Brɨan 的图片

What process is taking up memory/CPU?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

GP Sante 的图片

I don't know. All serveurs are in production, so it is difficult to enable again the agent to check the process.

I will ask when I can make this test and i tell you the result.

GP Sante 的图片

I can activate again the agent tomorrow morning. I will inform you if there is something new.

Thank you.

Olivier

AjinBabu 的图片

Hi, 

Which process is taking long time?

Do you have NTP installed on the systems?

Regards

Ajin

GP Sante 的图片

Hi all,

After modifications, servers are quiet better. I check processes and it appears that the ccSvcHst.exe is consuming more CPU than the normal.

I will check if new exclusions is needed or not.

Olivier

James007 的图片

Hi,

Try to reinstall sep client and check this articles

Symantec Endpoint Protection client shows high CPU usage immediately after virus definition updates.
Article:TECH170756 | Created: 2011-09-29 | Updated: 2011-10-17 | Article URL http://www.symantec.com/docs/TECH170756
GP Sante 的图片

Thank you for the link.

The patch is concerning Windows XP client. But I keep the link beacause all users computers are running Windows XP. So, it will very helpfull !

Olivier

GP Sante 的图片

Hi,

The problem seems to be caused by the network trafic. The trafic is scanned (in / out) and reduce performance.

I modify the "Application and Device Control policy" / "Device Control" to add Network Adapters in the Devices Excluded From Blocking.

Is it the best way to exclude network adapters ?

Thank you,

Olivier

James007 的图片

Hope that help you.

Symantec Endpoint Protection Manager 12.1 - Application and Device Control (ADC) - Policies explained
Article:TECH188597 | Created: 2012-05-11 | Updated: 2012-09-07 | Article URL http://www.symantec.com/docs/TECH188597
GP Sante 的图片
It doesn't helpfull, for me.
 
On the other hand, I found some option I desactivate : in the Intrusion Prevention, I uncheck Enable Network Intrusion Prevention.
 
I don't test yet the new configuration. I hope i can do it this afternoon.
GP Sante 的图片
The modification I've made is not bad. The performance is better but is still slow.
 
The end user is using Business Object to create reports. When I check, everything is low (about 4% CPU used) but the network is working like sawtooth. When I disable the agent, the trafic on the network is a continuous line.
 
Is there a tool I can use to have a better view on what happens ?
Brɨan 的图片

you need a packet capture tool such as wireshark to view the traffic

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

GP Sante 的图片
Thank you.
 
I monitored the trafic and I note that the Symantec Firewall blocked or slow down some requests. I disabled the Symantec Firewall and I use the Windows Firewall. Servers responses are good.
 
I'm waiting the results of the end users to confirm performance.
 
Olivier
解决方案
Brɨan 的图片

Good to know. Check back in with any updates you have.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

GP Sante 的图片

All users report that everything is working fine !

Thank you all for your help !

Olivier