Endpoint Protection

 View Only
Expand all | Collapse all

Symantec AntiVirus v10 - Delaying client contact with SystemCenter for VirusDef updates

  • 1.  Symantec AntiVirus v10 - Delaying client contact with SystemCenter for VirusDef updates

    Posted May 18, 2011 06:31 AM

    We have a problem whereby the clients update the new AV definitions on boot up and this slows down the computer by up to 20 minutes (as using intensive SVCHOST processing at the same time WSUS is).

    I have attempted to delay the updating of clients to a more suitable time of the day (after midday) so that the new definitions are not downloaded each day at boot up. This was a suggestion from this article....

    http://www.symantec.com/business/support/index?page=content&id=TECH90860&locale=en_US

    ...however this is not ideal.

    I have set the SystemCenter central console to download new Virus Defs (via VDTM) at 12:15pm every day. This will work great for staff that work for 7 days a week 365 days a year, but most of us go home on Friday and return on Monday.

    This will mean that every Monday the PC bootup will be slow again. This will also be the case for anyone who isn't in the office for a day or so, so as you can see the options are unworkable.

    Clients are all XP SP3 (up to date via WSUS end of April 2011) and are running v10.0.2.2000

    Is there anyway of setting the client to delay communication with the central server for updates so it waits for 30mins/1hr before attempting to connect. Either via a registry entry or otherwise.

    Thanks in advance.



  • 2.  RE: Symantec AntiVirus v10 - Delaying client contact with SystemCenter for VirusDef updates

    Posted May 23, 2011 01:42 PM

    Unfortunately I can't think of any solution that doesn't result in a download upon login on Monday morning, because the clients are going to check in with the SAV server when they're booted up, and when they do they're going to see that there are new definitions from the SAV server from over the weekend. Even an internal LiveUpdate solution with a LiveUpdate schedule set to daily would still run as a missed event if the machine is off over the weekend. I can't think of a way to suppress check in until X minutes after loading, unfortunately.

    This document might come in handy, specifically regarding other factors contributing to slow boot up:

    Computers installed with SAV client 10.1.x boot up slower when receiving new definitions through VDTM
    http://www.symantec.com/docs/TECH90860

    I wanted to mention, unrelated to the query at hand, that the build you're using is very old (: is given as 27 April 2005) and has known vulnerabilities. These two documents (more recent one first) document all of the bug fixes and improvements:

    Release notes for Symantec Client Security 3.1.x and Symantec AntiVirus 10.1.x
    http://www.symantec.com/docs/TECH101820

    Release notes for Symantec Client Security 3.0.x and Symantec AntiVirus Corporate Edition 10.0.x
    http://www.symantec.com/docs/TECH101383

    It is recommended that at minimum you plan to migrate to SAV 10.1.9.9100 (MR10) or even SEP for expanded protection.

    Best practices for configuring Symantec AntiVirus Corporate Edition 10.x (Contains links to migration documents)
    http://www.symantec.com/docs/TECH101213

    How To Migrate From Symantec Antivirus System Center Console To Symantec Endpoint Protection Manager
    http://www.symantec.com/docs/TECH106485

    sandra