Endpoint Protection

 View Only

  • 1.  How to disable Symantec endpoint scanning in machine memory?

    Posted Mar 28, 2017 09:04 AM


  • 2.  RE: How to disable Symantec endpoint scanning in machine memory?

    Posted Mar 28, 2017 09:05 AM

    What exactly is the issue? SEP scans everything on the machine. Are you talking about the scheduled scan? You can uncheck this in the schedule scan section of the AV policy:

    Capture_180.JPG

     

    Setting up scheduled scans that run on Windows computers



  • 3.  RE: How to disable Symantec endpoint scanning in machine memory?

    Posted Apr 18, 2017 06:54 AM

    We have a major customer that has reported freezes when the in-memory scan takes place periodically, so not part of a scheduled scan, the memory scan causes a freeze to our real time applications and this in turn leads to on-air outages (we supply real-time systems for TV channel playout). We have written a freeze detector test application which can log when the freezes occur, we did this to prove that the freezes were "machine" related rather than an issue with our applications. We concluded that the .net garbage collection was been disrupted/delayed during the in memory scan process. Is there a way of disabling memory scan completely, maybe this is what the original reporter was also trying to find out? Our customer has 2 sites, one runs 12.1.4112.4156 and the other 12.1.2015.2015



  • 4.  RE: How to disable Symantec endpoint scanning in machine memory?

    Posted Apr 18, 2017 07:18 AM
    Sep client is of older version try sep 14 mp1


  • 5.  RE: How to disable Symantec endpoint scanning in machine memory?

    Posted Apr 18, 2017 07:23 AM

    How do I access the release notes for sep mp1 to see what was changed in this version? Are you aware of a specifc change that went into this version that adresses this issue?



  • 6.  RE: How to disable Symantec endpoint scanning in machine memory?

    Posted Apr 18, 2017 07:35 AM

    Here:

    http://www.symantec.com/docs/INFO4193

    Only one auto compile fix though



  • 7.  RE: How to disable Symantec endpoint scanning in machine memory?

    Posted Apr 18, 2017 11:41 AM

    Hi Brian, thanks for the link, I reviewed the changes but I ouldn't see anything that looked to be related to my issue. The client is looking at ideally having a solution that just pre-checks executables before they run and either let's them run if they are allready known of and have been previously checked and approved, or quarantines them pending a check being carried out if they have not been previously checked and approved. Is there a configuration option that disables the memory check or an alternative product offering that does not perform this type of check? 



  • 8.  RE: How to disable Symantec endpoint scanning in machine memory?

    Posted Apr 18, 2017 11:45 AM

    You're talking about whitelisting, correct? SEP offers system lockdown:

    Configuring system lockdown

    Running system lockdown in whitelist mode



  • 9.  RE: How to disable Symantec endpoint scanning in machine memory?

    Posted Apr 18, 2017 12:03 PM

    Hi Brian, yes whitelisting/blacklisting mode looks like it could support what we are trying to achieve, I will email the client to see if they would be prepared to change their configuration to use this mode. Thanks for the quick response.



  • 10.  RE: How to disable Symantec endpoint scanning in machine memory?

    Posted Apr 18, 2017 12:04 PM

    Sounds good. Let me know if you have additional questions.