Symantic Endpoint Protection is killing us
At least, I think so... we have it installed on most of our PC's here and the server as well. It seems like when it's running a scan it really slows down our database and our exchange server, etc. This morning I had to disable endpoint protection just so everyone could work normally.
It also seems to take up an insane amount of space. I run Spacemonger and I can see about 5 different folders that are all over 5GB, all filled with various .dat files, 2 gig files with no extension, and we're quickly running out of space on our C: drive cause of this program.
Is it really necessary to have? We have a Linksys router with a built in firewall... should I get rid of SEP, and are there better anti-virus protection solutions that I should consider? Thanks!
It also seems to take up an insane amount of space. I run Spacemonger and I can see about 5 different folders that are all over 5GB, all filled with various .dat files, 2 gig files with no extension, and we're quickly running out of space on our C: drive cause of this program.
Is it really necessary to have? We have a Linksys router with a built in firewall... should I get rid of SEP, and are there better anti-virus protection solutions that I should consider? Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Are any of these better than the other for a server running Win SMS 2003 with about 60 other users on WinXp?
I know your pain, but please check the following Questions and points about your problem. You may get through it even if you change your AV. I'm talking about general Server AV configuration best practices:
1) Which version of SEP are you running? Because old versions had many bugs related to your symptoms.
2) Have you excluded Exchange, Database folders? Microsoft recommends excluding the following folders for Exchange and SQL
Exchange:
http://support.microsoft.com/kb/823166
http://theessentialexchange.com/blogs/michael/archive/2007/12/05/file-level-antivirus-for-exchange.aspx
http://www.msexchange.org/articles_tutorials/exchange-server-2007/security-message-hygiene/configuring-file-level-antivirus-software.html
SQL:
http://support.microsoft.com/kb/309422
http://blogs.msdn.com/boduff/archive/2009/07/27/is-your-anti-virus-strangling-sql-server.aspx
All Server applications:
http://myitforum.com/cs2/blogs/scassells/archive/2007/05/14/what-anti-virus-scanning-exclusions-should-be-considered-for-system-and-servers.aspx
3) Check the following Symantec support articles about SEP + Performance tuning (applies to servers + workstations):
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/ff9b34b5979d98c68825737d00647a59?OpenDocument
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/ec1422e07c11c714882574b0005ade87?OpenDocument
http://seer.entsupport.symantec.com/docs/331121.htm
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/baf6dbf5471f80e88025767a00579943?OpenDocument
http://seer.entsupport.symantec.com/docs/331178.htm
4) From my experience, don't install (Proactive protection + NTP) on servers because:
1) Proactive Protection: Proved it's failure in detecting a single virus/trojan. Plus it is a performance killer.
2) NTP (FW + IPS): If there is no strong need, don't install it. It may affect your connections stability + needs tuning and testing.
So stick with AV component alone (Don't install E-mail plugins).
5) Symantec support articles related to SQL + Exchange:
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/5256af2a034e570a88257475005ac35a?OpenDocument
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/a1594d008e6ad33b8825734b0012b1f1?OpenDocument
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/75256c1004dde22880257561003d122a?OpenDocument
http://seer.entsupport.symantec.com/docs/331167.htm
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/e1bb4a03c5bf43ee88257325000c1d58?OpenDocument
http://seer.entsupport.symantec.com/docs/331170.htm
Good Luck
1) Which version of SEP are you running? Because old versions had many bugs related to your symptoms.
2) Have you excluded Exchange, Database folders? Microsoft recommends excluding the following folders for Exchange and SQL
Exchange:
http://support.microsoft.com/kb/823166
http://theessentialexchange.com/blogs/michael/archive/2007/12/05/file-level-antivirus-for-exchange.aspx
http://www.msexchange.org/articles_tutorials/exchange-server-2007/security-message-hygiene/configuring-file-level-antivirus-software.html
SQL:
http://support.microsoft.com/kb/309422
http://blogs.msdn.com/boduff/archive/2009/07/27/is-your-anti-virus-strangling-sql-server.aspx
All Server applications:
http://myitforum.com/cs2/blogs/scassells/archive/2007/05/14/what-anti-virus-scanning-exclusions-should-be-considered-for-system-and-servers.aspx
3) Check the following Symantec support articles about SEP + Performance tuning (applies to servers + workstations):
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/ff9b34b5979d98c68825737d00647a59?OpenDocument
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/ec1422e07c11c714882574b0005ade87?OpenDocument
http://seer.entsupport.symantec.com/docs/331121.htm
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/baf6dbf5471f80e88025767a00579943?OpenDocument
http://seer.entsupport.symantec.com/docs/331178.htm
4) From my experience, don't install (Proactive protection + NTP) on servers because:
1) Proactive Protection: Proved it's failure in detecting a single virus/trojan. Plus it is a performance killer.
2) NTP (FW + IPS): If there is no strong need, don't install it. It may affect your connections stability + needs tuning and testing.
So stick with AV component alone (Don't install E-mail plugins).
5) Symantec support articles related to SQL + Exchange:
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/5256af2a034e570a88257475005ac35a?OpenDocument
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/a1594d008e6ad33b8825734b0012b1f1?OpenDocument
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/75256c1004dde22880257561003d122a?OpenDocument
http://seer.entsupport.symantec.com/docs/331167.htm
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/e1bb4a03c5bf43ee88257325000c1d58?OpenDocument
http://seer.entsupport.symantec.com/docs/331170.htm
Good Luck
Not sure about Vipre but NOD32 is rock solid on any platform and with any number of users. It also supports a local mirror on the LAN for updates and Remote Administrator manages the whole thing. The best of the lot is that is doesn't cost the earth and they also do competitive upgrades.
I put my money with VIPRE
ASKER
Do I have anything to worry about as far as completely uninstalling NEP from the server? We run exchange, web hosting, and a database from our server. It shouldnt affect anything if I uninstall and install something else, right?
ASKER
xmachine that is a LOT of information that I will have to read through... thanks for that! Still not sure if I will stick with it though still exploring these other options...
At this stage, I've moved all my customers to Eset NOD32 AntiVirus and the problems have all gone away. The slowdowns and the viruses.