Endpoint Protection

 View Only

  • 1.  Client computer slow when SEP client is managed

    Posted Mar 17, 2019 09:03 AM

    Hi everyone

    We are experiencing weird issue and I was wondering if we are alone.
    Situation is, single domain, single SEPM (v14.2.1.1031.0100) on Windows Server 2012 with about 80 clients. Some clients are  v14.2.1.1031.0100, most of them v14.2.1.1015.0100, about 50/50 32:64-bit, predominantly Windows 7 Pro, the rest Windows 10 Pro.

    About 2 weeks ago my computer (32-bit Win 7, SEP client v14.2.1.1031.0100) started being very slow. Slow meaning every operation took much longer then usual, any user input delayed, system response slugish, lots of "(not responding)" windows, especially if application performed anything network related. Symptoms like when you have HD bad sectors or failing optical drive so it takes a while for the computer to respond, but without frantic HD LED activity or anything in Windows logs. As I had no other user complaints I started hardware diagnostics and after few days had to give up, everything seems to be in order HW-wise.
    I've made some internal DNS changes round about that time so the next couple of days I've spent playing with those. But when I reverted to the original setting issue remained.

    I then CleanWiped my computer and issue was gone! Reinstalled SEP Client, issue returned.
    Then I tried custom installing SEP client, removing component by component to determine which one was responsible. That took me couple of days again, as issue does not happen immediately after reboot. Sometimes among all that slugishness you get half an hour of uninterrupted operation, but this is rare. Usually when this behaviour starts computer is pretty much unusable.
    Custom, component by component, installation did not point to the cause. Even with firewall component only computer was unusable after a while.

    I then tried unmanaged client. Typical installation, everything there and with unmanaged client computer was running the whole day like it was brand new! As soon as I SylinkDrop it and connect to SEPM, responsiveness drops dramatically.
    I then thought there may be something wrong with my rules, but the problem happens even when client is connected to the group with default rules only. Nothing out of the ordinary in SEP client logs.

    Few days after I started troubleshooting procedure other users started complaining as well. As these were all 32-bit Win 7 users I thought that was something to look at, but then complaints started to come from some others as well. Worst affected was brand new Dell laptop with 64-bit Win 10 (identical laptop, bought at the same time, with installed identical software runs pretty much unaffected!?). 

    At the moment I'm running 5-6 worst affected computers, including my own, as unmanaged with some -importconfig (half)solution.

    Anyone have any idea what could cause such behaviour?
    Where do I look?

    Regards



  • 2.  RE: Client computer slow when SEP client is managed

    Posted Mar 17, 2019 09:26 AM

    Same issue with us for Windows 10 but we haven't blamed SEP fully just yet. Best case would be to run a full SymDiag while the issue is occurring and get the logs over to support for review.



  • 3.  RE: Client computer slow when SEP client is managed

    Posted Mar 17, 2019 12:47 PM

    Thanks Brian
    I was hoping to avoid that as it would mean I would need to keep at least one computer (probably mine) in described unusable state, but I'm running out of options.
    If I may ask, what are the other things you are investigating? I haven't mentioned this in my first post, but I went through complete LAN infrastructure/settings to find anything that could cause this. With SEP uninstalled (or unmanaged) things are really flying.
    Also, symptoms appeared before this months Windows Updates and well after last months.



  • 4.  RE: Client computer slow when SEP client is managed

    Posted Mar 17, 2019 04:19 PM

    Our DE team is reviewing currently.



  • 5.  RE: Client computer slow when SEP client is managed

    Trusted Advisor
    Posted Mar 17, 2019 04:33 PM

    We've narrowed down to the timing of Windows Update, but have not been able to pinpoint the exact issue yet.



  • 6.  RE: Client computer slow when SEP client is managed

    Posted Mar 17, 2019 05:25 PM

    Thanks guys
    If there is any new development please report it here.



  • 7.  RE: Client computer slow when SEP client is managed

    Posted Mar 21, 2019 05:06 AM

    Just a quick bump. Brian, Tony... anyone... any news?

    I still have no answer to this situation. Just adding new machines to unmanaged population.
    Noticed, though, that it is not enough to just plant "blank" Sylink.xml. Computer remains partially "stunned". It has to be CleanWipe-ed to restore normal operation.

    Regards



  • 8.  RE: Client computer slow when SEP client is managed

    Posted Jul 14, 2019 01:17 PM

    Hi,

    I´m suffering the same issue after upgrading to 14.2 RU1 build 3335, but at that time I didn´t know what the problem was and reinstalled the computer.

    After some days I suffered the same issue againg and after hours of testing I found out, that SEP was the root cause when using more than 4 GB RAM. If addressing less than 4 GB everything runs normal, but as soon as I use more memory, the computer is not useable anymore.

    I uninstalled SEP and everything ran smooth until I reinstalled the SEP client with full client protection mode.

    Running SymDiag claimed, that SEP "Hardening CAF Service" is not configured and operating properly.

    I would appreciate any idea to solve this issue!

    regards

    Bernhard



  • 9.  RE: Client computer slow when SEP client is managed
    Best Answer

    Posted Aug 08, 2019 03:15 AM

    4th day of testing 14.2 RU1 MP1 today.
    Issue seems to be resolved.

    Regards