?
Solved

Symantic Endpoint Protection is killing us

Posted on 2010-01-11
8
Medium Priority
?
596 Views
Last Modified: 2013-11-22
At least, I think so... we have it installed on most of our PC's here and the server as well. It seems like when it's running a scan it really slows down our database and our exchange server, etc.  This morning I had to disable endpoint protection just so everyone could work normally.

It also seems to take up an insane amount of space.  I run Spacemonger and I can see about 5 different folders that are all over 5GB, all filled with various .dat files, 2 gig files with no extension, and we're quickly running out of space on our C: drive cause of this program.

Is it really necessary to have? We have a Linksys router with a built in firewall... should I get rid of SEP, and are there better anti-virus protection solutions that I should consider?  Thanks!
0
Comment
Question by:Tymetwister
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 17

Expert Comment

by:Mike_Carroll
ID: 26285006
I've seen loads of issues like yours with Symantec over the years. It hogs space and slows things down to a crawl.

At this stage, I've moved all my customers to Eset NOD32 AntiVirus and the problems have all gone away. The slowdowns and the viruses.



0
 
LVL 16

Accepted Solution

by:
2PiFL earned 2000 total points
ID: 26285038

We've had similar issues with Symantec and their recomendation is to exclude affected folders, etc.  We switched to Vipre and haven't looked back.
0
 
LVL 8

Author Comment

by:Tymetwister
ID: 26285202
Are any of these better than the other for a server running Win SMS 2003 with about 60 other users on WinXp?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 15

Expert Comment

by:xmachine
ID: 26285739
I know your pain, but please check the following Questions and points about your problem. You may get through it even if you change your AV. I'm talking about general Server AV configuration best practices:

1) Which version of SEP are you running? Because old versions had many bugs related to your symptoms.

2) Have you excluded Exchange, Database folders? Microsoft recommends excluding the following folders for Exchange and SQL

Exchange:

http://support.microsoft.com/kb/823166
http://theessentialexchange.com/blogs/michael/archive/2007/12/05/file-level-antivirus-for-exchange.aspx
http://www.msexchange.org/articles_tutorials/exchange-server-2007/security-message-hygiene/configuring-file-level-antivirus-software.html

SQL:

http://support.microsoft.com/kb/309422
http://blogs.msdn.com/boduff/archive/2009/07/27/is-your-anti-virus-strangling-sql-server.aspx

All Server applications:

http://myitforum.com/cs2/blogs/scassells/archive/2007/05/14/what-anti-virus-scanning-exclusions-should-be-considered-for-system-and-servers.aspx

3) Check the following Symantec support articles about SEP + Performance tuning (applies to servers + workstations):

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/ff9b34b5979d98c68825737d00647a59?OpenDocument

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/ec1422e07c11c714882574b0005ade87?OpenDocument

http://seer.entsupport.symantec.com/docs/331121.htm

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/baf6dbf5471f80e88025767a00579943?OpenDocument

http://seer.entsupport.symantec.com/docs/331178.htm

4) From my experience, don't install (Proactive protection + NTP) on servers because:

1) Proactive Protection: Proved it's failure in detecting a single virus/trojan. Plus it is a performance killer.

2) NTP (FW + IPS): If there is no strong need, don't install it. It may affect your connections stability + needs tuning and testing.

So stick with AV component alone (Don't install E-mail plugins).

5) Symantec support articles related to SQL + Exchange:

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/5256af2a034e570a88257475005ac35a?OpenDocument

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/a1594d008e6ad33b8825734b0012b1f1?OpenDocument

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/75256c1004dde22880257561003d122a?OpenDocument

http://seer.entsupport.symantec.com/docs/331167.htm

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/e1bb4a03c5bf43ee88257325000c1d58?OpenDocument

http://seer.entsupport.symantec.com/docs/331170.htm

Good Luck
0
 
LVL 17

Expert Comment

by:Mike_Carroll
ID: 26286309
Not sure about Vipre but NOD32 is rock solid on any platform and with any number of users. It also supports a local mirror on the LAN for updates and Remote Administrator manages the whole thing. The best of the lot is that is doesn't cost the earth and they also do competitive upgrades.
0
 
LVL 2

Expert Comment

by:amrishvora
ID: 26291819
I put my money with VIPRE
0
 
LVL 8

Author Comment

by:Tymetwister
ID: 26296378
Do I have anything to worry about as far as completely uninstalling NEP from the server?  We run exchange, web hosting, and a database from our server.  It shouldnt affect anything if I uninstall and install something else, right?
0
 
LVL 8

Author Comment

by:Tymetwister
ID: 26296392
xmachine that is a LOT of information that I will have to read through... thanks for that!  Still not sure if I will stick with it though still exploring these other options...
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question