Endpoint Protection

I recently upgraded my test client's AV from 12.1.4100.1426 to 12.1.4112.1456, no change in features or policies, system stayed in the same group and shows the same policy serial as the others in the group. System updates accordingly and Realtime Scanning is disabled as recommended for a virtual client.

the test client is Win7 32bit on a Hyper-V host, in place upgrade was completed using the deploy feature of SEPM (Install package assigned to group)

When I have Network Threat Protection active, the PC becomes unresponsive through a remote sessions, such as Remote Desktop Protocol (RDP). I can correct the issue by stopping SMC on the client or turning off Network Threat Protection.

Are there any recommendations for enabling Network Threat Protection without hindering network traffic on a virtual client? It was working fine in the prior version. I would prefer to get all of the features I'm paying for if at all possible.

At this point I cannot complete the rollout as the network performance is a deal-breaker and I trust Network Threat Protection to address malicious traffic. 

thanks for any help.

Anything showing in the traffic log? Did you narrow it down to just the firewall and not IPS?

Best to call support since this is the latest client version. Theyw ill want packet captures and some advanced logging which you can enable via symhelp. They will walk u thru it

under Network Threat Protection I currently have Firewall disabled, Network Intrusion Prevention is checked, as is Enable Browser Intrusion Prevention.

Looking at the logs it shows logs from when it was enabled:

blocked traffic is ipv6 - matching my policy

no RDP traffic is shown, my remote client is not noted at all in the log.

If I have time today I'll try to get in touch with support.... I've not had good luck with that route in the past though.

And still issues with fw disabled?

If they've gotten any others calls about this issue, it may be a known issue...but since it's the latest version they will need to look at pcaps mostly. Assuming it's easy to reproduce, it shouldn't be that difficult for them.

No issues while firewall is disabled, If I get time I'll contact support and see what they say, still hoping for an easier solution though. I've never had a support call take under 30 minutes....

Only for Hyper-V? Have you seen it on any physical machines?

I'm on this version (physical though) as well but haven't seen any problems, however, I can test it out more if needed...

I have a win8.1 64bit physical machine on the latest version with no problems.   I'll probably upgrade another VM to see if it follows... If it does I'll have to roll it back to the prior version though.