Endpoint Protection

Hi,

I have a Windows 7 computer on the Network running a sage product. 3 other computers (win 7) connect to this computer to run sage (the sage data folder is shared). Over the last few days the 3 users have being complaning about sage being slow. To login in takes 5+ minutes. If I disable network threat protection the problem goes away. I have excluded the data folder but it is still the same. Is there any way to allow unresticted access to the share without uninstalling NTP? I am running SEP ver 12.1.4013.4013

Thanks in Advance

Poco

This was a code issue/bug. Did you try the latest, 12.1.4.1? You're on 12.1.4.

This should've been fixed in 12.1.4.1, see here:

New fixes and features in Symantec Endpoint Protection and Network Access Control 12.1.4.1 and 12.1.4.1a 

http://www.symantec.com/docs/TECH216262

Hi,

Thank you for posting in Symantec community.

I would suggest to follow the steps given in this article

In order for the fix to work, the following features of SEP must be disabled:

1. Denial of Service Protection
2. Fingerprint Masquerading
3. Stealth mode web browsing
4. P2P Authentication
5. Custom IPS

In addition, the fix will not work on any firewall rule which has packet logging enabled.

Reference: SMB transfer speeds decrease after installing Symantec Endpoint Protection 12.1 RU2 MP1 or higher

http://www.symantec.com/docs/TECH201555

Chetan,

We are having similiar NTP issues here even with 12.1.4100.4126 running on clients.  I never knew additional components would have to be disabled for the "fix" to work.  I have now verified/disabled everything you referenced except P2P Authentication because I'm not sure where that is in the SEPm console.  Can you advise where I would check for that?

Also are these additional steps documented anywhere.  It would have been nice to see those steps in the release notes.

Thanks,

Larry

These are in the firewall policy, however, judging from the link I posted, it's a bug. The upgraded version resolves it.

Hi Brian,

I was aware of the bug and that's why we upgraded from 12.1.3 to 12.1.4100.4126.  I was surprised when I still had to either disable the firewall component of NTP for users to have normal file transfer speeds.  Are you saying with the latest version I shouldn't need to disable the other features Chetan referenced?  If that's the case then I will have to open another ticket because we are still having issues with this functionality.

Thanks,

If everything was working correctly, should be no reason to have to disable those features.

Hi,

If you clicked on products in TECH201555, SEP 12.1 RU4 MP1 is also listed there.

Follow the workaround till the time you get permanant solution.

Solution

This issued has been fixed in Symantec Endpoint Protection 12.1 RU4 MP1.

It says it fixed but the Product portion says this affects 12.1 RU4 MP1 as well. Which is it?

Very misleading and not informative...

Hi,

Thanks for all the replies. I updated to the latest release as Brian suggested and it has resolved my issue.

Thanks again,

Poco

It might be possible some customers have faced this issue with 12.1 RU4 MP1 as well. 

OK I have looked at the tech doc and want to make sure I understand this completely.  The issue started at 12.1.2 and affects all versions up to 12.1.4.X, a fix was implemented in the latest version that will only work if certain features are disabled? I agree with Brian, the wording in the doc is not the most straightforward.

If that is correct then I still need to know where to verify P2P Authentication from a 12.1.3 SEPm server (only my clients are at the latest 12.1.4 version). Also I want to verify that the "Enable port scan detection" box in Firewall>Protection Settings will not cause any issues with slowness....it's pretty much the last setting I have still enabled in the Firewall Policy.

Please advise,

The problem is the TECH article says 12.1.4.1 fixes but yet is also affected by this bug...ok

For the P2P authentication, you can configure it here:

http://www.symantec.com/docs/HOWTO55028

NOTE: You need SNAC installed. If you don't use SNAC, this won't apply.

For what it's worth we have had happy users and no more slow transfers since we unchecked "enable denial of service detection" in the firewall policy...after upgrading to 12.1.4.1. I've scripted file transfers to/from the affected users machines and can verify the transfers look good. Thanks for the help and guidance.

glad it's working