Endpoint Protection

 View Only

  • 1.  Endpoint Activity During Vista Network Login

    Posted Aug 17, 2009 02:26 PM
    I am troubleshooting an issue with a mobile computer that has a docked-mode on a LAN that has the end point protection, and a mobile mode.  When I dock, and logon to the network, the desktop does not reveal and a high-level of disk activity is occurring.  I believe I have diagnosed it to the endpoint process, but do not know how to manage the endpoint service such that it will allow the login to complete before enacting a scan or whatever activity the software is choosing to complete.  Is this a reasonable diagnosis of a problem, and how might I resolve this? 


  • 2.  RE: Endpoint Activity During Vista Network Login
    Best Answer

    Posted Aug 17, 2009 03:00 PM
    Change Auto Protect to  SEP start
    imagebrowser image


  • 3.  RE: Endpoint Activity During Vista Network Login

    Posted Aug 17, 2009 07:40 PM

    Without having more information it is hard to say what is at the root of this issue. It could be many things but a process of elimination may be in order to help eliminate possibilities.

    First I would disable Tamper Protection to rule it out.

         To Disable Tamper Protection

    1. Log into the Symantec Endpoint Protection Manager
    2. Click on the Clients page
    3. Select the group 
    4. Click on the Policies tab
    5. Click on General Settings ( Note: If this group is inheriting settings you will need to highlight the top level group)
    6. Click on the Tamper Protection tab
    7. Uncheck Protect Symantec security software from being tampered with or shut down
    8. Apply the update
    9. Reboot the client

      Note: You can also disable the SPBBCDRv driver in the device manager
      Note: If this resolves the issue you could also try to set exclusions for tamper protection

       

    If that does not resolve the issue, next I would disable a single portion of the product one by one, testing each time, to determine which piece is the cause. For example I would first start by disabling (or uninstalling) Network Threat Protection and rebooting to test, if the issue persists then I would disable Proactive Threat Protection and test, and finally I would disable AutoProtect and test.



         To Disable Network Threat Protection

    1. Log into the Symantec Endpoint Protection Manager
    2. Click on the Clients page
    3. Right-click on the desired group 
    4. Choose Run Command on Group
    5. Select Disable Network Threat Protection
       

         To Disable Proactive Threat Protection

    1. Log into the Symantec Endpoint Protection Manager
    2. Click on the Clients page
    3. Select the group 
    4. Click on the Policies tab
    5. Click on Tasks and then Edit Policy across from the Antivirus and Antispyware policy
    6. Click on TruScan Proactive Threat Scans on the left-hand side
    7. Uncheck Scan for trojans and worms
    8. Uncheck Scan for keyloggers
    9. Click OK
       

         To Disable AutoProtect

    1. On the local client right-click on the shielt in the taskbar
    2. Choose Disable Symantec Endpoint Protection


    Once you know what piece of the product is at cause you can hone in your sights to know what settings need to be adjusted.