Endpoint Protection

 View Only

  • 1.  SEP on heavily used Fileservers

    Posted Nov 10, 2010 10:39 AM

    Hi all,

    we are currently switching all our Antivirus-software to SEP. Although we were told that it is possible to use SEP on fileservers with very high IO, it seems to be no good choice.

    The SEP-clients Real-time Scan-Engine seems to choke down the server's performance A LOT.

    So the question is:

    Ist there a product better suited for this, or are there any settings I can switch to improve performance (disabling real-time-scanning is no option ;-)) ?

    If another product is recommended, will it be manageable via the Endpoint Protection Manager?

     

    Thanks in advance for your answers.

    Best regards

    Stephan



  • 2.  RE: SEP on heavily used Fileservers

    Posted Nov 10, 2010 01:02 PM

    We have SEP installed on all our fileservers, however, we only use the Antivirus component. No PTP or NTP and everything works fine. Keep in mind this is only scanning the C: drive, not the shares.

    To do that, you can use the SAV for NAS product for your filers/cifs. It is a separate product and not manageable from SEPM.



  • 3.  RE: SEP on heavily used Fileservers
    Best Answer

    Posted Nov 11, 2010 06:53 PM

    For example, the default setting for Auto-Protect is set to scan all files accessed or modified. By changing this to only scan files that have been modified you should be able to alleviate some of the performance issue since files on the server would only be scanned by Auto-Protect if there were changes made to the file.

    You would also want to ensure that Auto-Protect is not configured to scan files when they are being backed up.

    I've linked some documents below that should provide some assistance with configuration changes to assist with performance while still keeping Auto-Protect enabled.

    http://www.symantec.com/business/support/index?page=content&id=TECH102711

    http://www.symantec.com/business/support/index?page=content&id=TECH92440



  • 4.  RE: SEP on heavily used Fileservers

    Trusted Advisor
    Posted Nov 11, 2010 08:23 PM

    Hello,

    Believe me , Kurt is correct.

    Let me get things right, you want to improve performance as well as keep the scan Enabled...

    We see that you are very much interested in having your scans more of Performance based and should use as much as less CPU usage.

    Check these documents as below:

    1) Enabling multithreaded scans

    http://www.symantec.com/business/support/index?page=content&id=TECH101387&locale=en_US

    2) Symantec Endpoint Protection scan tuning options

    http://www.symantec.com/business/support/index?page=content&id=TECH105706&locale=en_US

     



  • 5.  RE: SEP on heavily used Fileservers

    Posted Nov 11, 2010 11:06 PM

    LOCK ALL SETTINGS!!!

    Administrator defined scan

    • It is recommended that a monthly scan should be configured to occur in a maintenance window when the server is not under a heavy load
    • File type scanning can be limited to high risk extensions to increase scanning speed
    • Scan times should be randomized on virtual machines to avoid resource usage issues
    • Turn off retry interval to ensure missed scans do not run during business hours
    • Set first action to Quarantine for all detection types
    • Set second action to Delete for all detection types
    • Enable – Terminate processes automatically
    • Enable – Stop services automatically

    File System Auto-Protect

    • Scan only selected extensions
    • Determine file types by examining file contents (turn off for even better performance)
    • Do not scan when a file is backed up
    • Disable Network scanning of remote computers
    • Do not check for boot record viruses
    • Set first action to Quarantine for all detection types
    • Set second action to Delete for all detection types
    • Lock all override actions so that end users can’t modify
    • Enable – Terminate processes automatically
    • Enable – Stop services automatically
    • Disable notifications to end users
    • Load auto protect when SEP starts
    • Do not scan floppies on computer shutdown
    • Enable Risk Tracer (disable for more performance)

    Disable and Lock Internet Email Auto-Protect
    Disable and Lock Microsoft Outlook Email Auto-Protect
    Disable and Lock Lotus Notes Auto-Protect
    Disable TruScan Proactive Threat Scans

    Quarantine

    • Do Nothing when new definitions arrive
    • Delete oldest files to limit folder size to 500MB for all files


  • 6.  RE: SEP on heavily used Fileservers

    Posted Nov 22, 2010 06:36 AM

    Thank you all for your answers,

     

    I will have a look at the Documentation and keep your Settings as a "baseline", zer0.

    I'll come back to this, should I encounter more problems :-)



  • 7.  RE: SEP on heavily used Fileservers

    Posted Nov 22, 2010 10:35 AM

    This also may help:

     

    Symantec Endpoint Protection Client configuration changes for performance optimization

    http://www.symantec.com/business/support/index?page=content&id=TECH102711&locale=en_US

     

    From the list of bookmarks that I normally use.