Endpoint Protection

 View Only
  • 1.  Large Windows File server SEP client deployment best practice

    Posted Sep 19, 2012 04:16 AM

    Hi,

    I got a Windows Server 2008 enterprise SP2 Virtual Machine on VMware ESXi clustered (MSCS) to serve as File Server (NTFS and DFS), so I wonder how it is supposed to be installed with SEP client V12.1 RU1 MP1 ?

    Is there any caveats or best practice to implement for fileserver with drives greater than 4x 2 TB ?

     



  • 2.  RE: Large Windows File server SEP client deployment best practice

    Broadcom Employee
    Posted Sep 19, 2012 04:26 AM

    from thread

    https://www-secure.symantec.com/connect/forums/sep-heavily-used-fileservers#comment-4787611

     

    For example, the default setting for Auto-Protect is set to scan all files accessed or modified. By changing this to only scan files that have been modified you should be able to alleviate some of the performance issue since files on the server would only be scanned by Auto-Protect if there were changes made to the file.

    You would also want to ensure that Auto-Protect is not configured to scan files when they are being backed up.

    I've linked some documents below that should provide some assistance with configuration changes to assist with performance while still keeping Auto-Protect enabled.

    http://www.symantec.com/business/support/index?page=content&id=TECH102711

    http://www.symantec.com/business/support/index?page=content&id=TECH92440

     

     



  • 3.  RE: Large Windows File server SEP client deployment best practice

    Posted Sep 19, 2012 04:31 AM

    "Thumbs up" to Pete's advice.

    One note, as well: if this is a file server with disks measured in several TB, SEP might not be the right product for the job.  SEP is great for desktops, laptops, most servers, etc,  Symantec also has a Scan Engine product which is designed for the fast, high-volume scanning of fiel servers.

    https://www.symantec.com/scan-engine  



  • 4.  RE: Large Windows File server SEP client deployment best practice

    Posted Sep 19, 2012 09:52 AM

    many thanks Pete, so in this case I was under the impression that SEP v12.1 RU1 MP1 have some new features for large drive scanning capabilities.



  • 5.  RE: Large Windows File server SEP client deployment best practice

    Broadcom Employee
    Posted Sep 19, 2012 10:01 AM

    the performance will be keep on improving :-), however the settings needs to be configured properly if you think of having AV on desktop.



  • 6.  RE: Large Windows File server SEP client deployment best practice
    Best Answer

    Posted Sep 19, 2012 07:38 PM

    Shared Insight Cache

    Taken directly from the 'New features' blurb: Built for Virtual Environments: Integrates with VMware vShield Endpoint to offload critical scanning while providing the strongest protection for your virtual infrastructure. Symantec Endpoint Protection can white list baseline images, maintain a shared scan cache, randomize scans and updates, scan offline images and automatically identify and manage virtual clients.

    & this: Utilizing a SIC server can reduce the impact of full scans by up to 80%, but does not significantly reduce the impact of Active scans.

    & this (the above 80% refers to this paragraph): The Shared Insight Cache tool improves scan performance in virtualized environments by not scanning files that a Symantec Endpoint Protection client has determined are clean. When the client scans a file for threats and determines it is clean, the client submits information about the file to Shared Insight Cache. When any another client subsequently attempts to scan the same file, that client can query Shared Insight Cache to determine if the file is clean. If the file is clean, the client does not scan that particular file

    Another tool to use is Virtual Image Exception Tool.

    What's new in SEP 12 has a section specific for virtual environments.

    How Insight Lookup works explains some ideas on not having to scan files over & over again.

    Virtualisation best practices speaks for itself.

    About Shared Insight Cache.

    I know none of these specifically address your large volume question, but should go a long way in addressing your overall concerns.

     

     



  • 7.  RE: Large Windows File server SEP client deployment best practice

    Posted Nov 27, 2012 01:57 AM

    Yes, that does make sense Ian !

    thanks for the complete suggestion and explanation.



  • 8.  RE: Large Windows File server SEP client deployment best practice

    Posted Nov 28, 2012 02:44 PM

    It's a pleasure.

    Have you found a solution to your large volume scan problem?

    We don't use SIC and our 2-3TB volume takes 7+ days to scan.



  • 9.  RE: Large Windows File server SEP client deployment best practice

    Posted Nov 28, 2012 06:53 PM

    Hi Ian,

    I haven't found for the large volume scan solution yet, but at least for the Shared SAMBA network drive, I can use the custom scheduled scan from a client.