Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Symantic Endpoint Protection is killing us

Posted on 2010-01-11
8
Medium Priority
?
602 Views
Last Modified: 2013-11-22
At least, I think so... we have it installed on most of our PC's here and the server as well. It seems like when it's running a scan it really slows down our database and our exchange server, etc.  This morning I had to disable endpoint protection just so everyone could work normally.

It also seems to take up an insane amount of space.  I run Spacemonger and I can see about 5 different folders that are all over 5GB, all filled with various .dat files, 2 gig files with no extension, and we're quickly running out of space on our C: drive cause of this program.

Is it really necessary to have? We have a Linksys router with a built in firewall... should I get rid of SEP, and are there better anti-virus protection solutions that I should consider?  Thanks!
0
Comment
Question by:Tymetwister
8 Comments
 
LVL 17

Expert Comment

by:Mike_Carroll
ID: 26285006
I've seen loads of issues like yours with Symantec over the years. It hogs space and slows things down to a crawl.

At this stage, I've moved all my customers to Eset NOD32 AntiVirus and the problems have all gone away. The slowdowns and the viruses.



0
 
LVL 16

Accepted Solution

by:
2PiFL earned 2000 total points
ID: 26285038

We've had similar issues with Symantec and their recomendation is to exclude affected folders, etc.  We switched to Vipre and haven't looked back.
0
 
LVL 8

Author Comment

by:Tymetwister
ID: 26285202
Are any of these better than the other for a server running Win SMS 2003 with about 60 other users on WinXp?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 15

Expert Comment

by:xmachine
ID: 26285739
I know your pain, but please check the following Questions and points about your problem. You may get through it even if you change your AV. I'm talking about general Server AV configuration best practices:

1) Which version of SEP are you running? Because old versions had many bugs related to your symptoms.

2) Have you excluded Exchange, Database folders? Microsoft recommends excluding the following folders for Exchange and SQL

Exchange:

http://support.microsoft.com/kb/823166
http://theessentialexchange.com/blogs/michael/archive/2007/12/05/file-level-antivirus-for-exchange.aspx
http://www.msexchange.org/articles_tutorials/exchange-server-2007/security-message-hygiene/configuring-file-level-antivirus-software.html

SQL:

http://support.microsoft.com/kb/309422
http://blogs.msdn.com/boduff/archive/2009/07/27/is-your-anti-virus-strangling-sql-server.aspx

All Server applications:

http://myitforum.com/cs2/blogs/scassells/archive/2007/05/14/what-anti-virus-scanning-exclusions-should-be-considered-for-system-and-servers.aspx

3) Check the following Symantec support articles about SEP + Performance tuning (applies to servers + workstations):

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/ff9b34b5979d98c68825737d00647a59?OpenDocument

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/ec1422e07c11c714882574b0005ade87?OpenDocument

http://seer.entsupport.symantec.com/docs/331121.htm

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/baf6dbf5471f80e88025767a00579943?OpenDocument

http://seer.entsupport.symantec.com/docs/331178.htm

4) From my experience, don't install (Proactive protection + NTP) on servers because:

1) Proactive Protection: Proved it's failure in detecting a single virus/trojan. Plus it is a performance killer.

2) NTP (FW + IPS): If there is no strong need, don't install it. It may affect your connections stability + needs tuning and testing.

So stick with AV component alone (Don't install E-mail plugins).

5) Symantec support articles related to SQL + Exchange:

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/5256af2a034e570a88257475005ac35a?OpenDocument

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/a1594d008e6ad33b8825734b0012b1f1?OpenDocument

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/75256c1004dde22880257561003d122a?OpenDocument

http://seer.entsupport.symantec.com/docs/331167.htm

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/e1bb4a03c5bf43ee88257325000c1d58?OpenDocument

http://seer.entsupport.symantec.com/docs/331170.htm

Good Luck
0
 
LVL 17

Expert Comment

by:Mike_Carroll
ID: 26286309
Not sure about Vipre but NOD32 is rock solid on any platform and with any number of users. It also supports a local mirror on the LAN for updates and Remote Administrator manages the whole thing. The best of the lot is that is doesn't cost the earth and they also do competitive upgrades.
0
 
LVL 2

Expert Comment

by:amrishvora
ID: 26291819
I put my money with VIPRE
0
 
LVL 8

Author Comment

by:Tymetwister
ID: 26296378
Do I have anything to worry about as far as completely uninstalling NEP from the server?  We run exchange, web hosting, and a database from our server.  It shouldnt affect anything if I uninstall and install something else, right?
0
 
LVL 8

Author Comment

by:Tymetwister
ID: 26296392
xmachine that is a LOT of information that I will have to read through... thanks for that!  Still not sure if I will stick with it though still exploring these other options...
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question