Symantec Endpoint Protection

I have installed symantec endpoint protection on windows server 2003, and i deployed antivirus on almost 25 computers connected to domain. I feel the pc's in the network become slow after installing symantec endpoint protection and i also notice that its scanning randomly anytime and updating virus definitions during working hours which is causing the speed of the computers very slow. I applied some policies on symantec endpoint protection to scan pcs at mid night 11pm and update virus definitions at 1 am. But still when i arrive in office in the morning users are complaining that their pc's are slow. Please help me in solving this problem i want to make my network and computers faster.

Thanks
Adnan
Adnan J IqbalNetwork EngineerAsked:
Who is Participating?
 
jhalapradeepCommented:
Hi,

Please follow this document to optimize performance for SEP client.
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007102311173048

Again as this version is too old, I will recommend upgrading it to the latest version SEP 11.0 RU6.
There are some new features added for the scans.
Please check this:
http://www.symantec.com/connect/articles/what-new-sep-ru6

Regards,
Pradeep Jhala
0
 
kurian2z5Commented:
Symantec is bloatware. You should have researched first. All their new products will render your PC annoyingly slow to open files etc.

For centrally managed Anti-Virus I recommend Microsoft Forefront Client Security, Trendmicro OfficeScan, or McAfee OnAccess Enterprise.
0
 
Alan HardistyCo-OwnerCommented:
If you have set your PCs to scan at 11pm - are the computers left on in order that they can run a scan at 11pm or are they switched off?
If they are switched off, they will start to scan in the morning and slow your PCs down.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Adnan J IqbalNetwork EngineerAuthor Commented:
well, i have to switch from symantec to any other software, but i have to suffer till the end of this year as my license is still valid.
PC's are only logged off and not switched off and scanning are taking place on time, but i do not know why it runs scanning services like RTVSCAN, it makes pc's very slow indeed.
0
 
BawerCommented:
symantec is a well known corporation,,, actually its not slow software i am using it for about 500 clients and no one complains,,, the reason is that i have created better policies, for update, for scanning etc... so try to be logical in policy creation... i don't support other guys talking about symantec which is incorrect...sorry,,,,,,
0
 
Alan HardistyCo-OwnerCommented:
Rtvscan is the real-time scanner and will always run.

You can change settings to not scan all files which should cut down the work it has to do and thus the speed, but Symantec software is often berated for slowing down computers.

Which version of SEP are you running?  The latest is 11.0.5 (unless there is a newer release I have missed).
0
 
Adnan J IqbalNetwork EngineerAuthor Commented:
i am running 11.0.2, well about policies, i have applied them properly , do i have to install only antivirus and antispyware feature? because i am installing all three features on every workstation.
1. Antivirus & Antispyware
2. Proactive Threat Protection
3. Network Threat Protection
I am really fed up of this symantec, it gives me really hard time , if anyone can advise about best policies to implement so i can test.
0
 
JhunjoeCommented:
What is your clients workstation ram speed and what OS they are running?
0
 
Adnan J IqbalNetwork EngineerAuthor Commented:
They are running Windows XP Professional SP3 with 1 GB RAM.
0
 
Alan HardistyCo-OwnerCommented:
11.0.2 is a very old version and many improvements to the client overhead have been made in the later versions.
I would upgrade to 11.0.5 (visit https://fileconnect.symantec.com), download the latest version and get upgraded - then see if your clients are as slow.
0
 
BawerCommented:
remove the Network Threat Protection as i have done the same in my network the reason is that it will check all the incoming packets even with a network from certain applications so will slow down the machines as well...
0
 
Adnan J IqbalNetwork EngineerAuthor Commented:
i will remove network threat protection but what about proactive threat protection, shall i keep it. I will monitor the speed of the workstations after removing network protection and will get back to you
if anyone can advise about best policies to be implemented.
0
 
BawerCommented:
in policies i hope you have not enable the full scan ,, it should be quick scan, and what i have done here is that i scheduled it at 12:00 PM,, where almost many users leave for lunch and untill they are back the systems are already scanned. But make sure that the PCs have enough ram to support the scanning and processor as well, we are using dell 780 Pcs and so far no one complains...also schedule the update at server level twice a week because Symantec only releases the updates twice in a week...
0
 
Adnan J IqbalNetwork EngineerAuthor Commented:
If i make the above mentioned changes on the server, will it be increasing the chances of threats to the clients?
0
 
BawerCommented:
no don't worry it will not,,,specific to virus threats... since in corporate network those are not major considered option , Yes for personal use then those options are good...
0
 
jhalapradeepCommented:
Hi,

These are the best practices suggested by symantec, and it wont affect your corporate network.
But again I would like to mention here to upgrade the software to latest version. SEP 11.0 RU6.
You will really see the difference once upgraded.

Regards,
Pradeep Jhala
0
 
BawerCommented:
Pradeep is also right to upgrade which is always recommended option, but so far i have experience in symantec,, too many options will certainly slow down the machine...
0
 
Adnan J IqbalNetwork EngineerAuthor Commented:
I will apply these policies as pradeep advised. Also i will monitor the network and PC's Performance and will update you guys. I hope it works..
0
 
BawerCommented:
one more thing is that update is at server level, and on client level especially in corporate environment its not easy... so better you work with policies and options first and see the effect....also as far as server is concerned upgrade it to newer symantec version...
0
 
Adnan J IqbalNetwork EngineerAuthor Commented:
I have updated newer version, users with Outlook 2007 are facing error
The Add-in "Symantec AntiVirus 10.1"  (C:\Program Files\Symantec AntiVirus\vpmsece4.dll) cannot be loaded and has been disabled by Outlook.  Please contact the Add-in manufacturer for an update.  If no update is available, please uninstall the Add-in

How can i disable this addin
0
 
jhalapradeepCommented:
Hi,

Please follow this document to disable the antivirus addin.
http://service1.symantec.com/support/ent-security.nsf/docid/2007121314073048?Open&seg=ent

Regards,
Pradeep Jhala
0
 
Adnan J IqbalNetwork EngineerAuthor Commented:
Mr. Pradeep.... by applying the above policies on symantec endpoint manager console, i notice that the attacks per hours are going up rather than before, will it effect my network or workstations?
0
 
jhalapradeepCommented:
Hi,

What kind of attacks are you observing? can you be specific? check the logs and tell me what exactly it is logging?

Regards,
Pradeep Jhala
0
 
BawerCommented:
you mean by disabling the network options...or what policies you disabled...
0
 
Adnan J IqbalNetwork EngineerAuthor Commented:
After applying these policies, i notice that my network is much faster and computers are running great. But in Event Viewer some users are facing warnings, please chek the attached image.
warning.JPG
0
 
jhalapradeepCommented:
Hi,

This should not be something to worry about..
Check this article from symantec:
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002073015235648

also check this :
http://www.symantec.com/connect/forums/event-errors-could-not-scan-due-extraction-errors-encountered-decomposer-engines

And it is great to hear that after applying the suggested policy changes the machines are working faster and are fine..

Regards,
Pradeep Jhala
0
 
Adnan J IqbalNetwork EngineerAuthor Commented:
These references shows that we do not need to take any steps to avoid these warning. Is that true?
0
 
jhalapradeepCommented:
Yes that is absolutely correct.  I think your performance issue is resolved now.. :)

Regards,
Pradeep Jhala
0
 
Adnan J IqbalNetwork EngineerAuthor Commented:
yes, i appreciate your help and hopefully i will get more help from you in future. Just the last question!
Do i have to run live update for users daily or weekly? Currently i configured them daily.
Many Thanks
0
 
jhalapradeepCommented:
Hi,

I will recommend daily liveupdate. As there are 2 revisions available from symantec liveupdate server daily.

Regards,
Pradeep Jhala
0
 
Adnan J IqbalNetwork EngineerAuthor Commented:
I found the exact solution to the problem.
0
 
kbitguruCommented:
Hi Adnan,

Appreciate if you could share the solution with us.
0
 
Adnan J IqbalNetwork EngineerAuthor Commented:
Hi,

Please follow this document to optimize performance for SEP client.
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007102311173048

Again as this version is too old, I will recommend upgrading it to the latest version SEP 11.0 RU6.
There are some new features added for the scans.
Please check this:
http://www.symantec.com/connect/articles/what-new-sep-ru6

Regards,
0
 
kbitguruCommented:
Thanks, upgrading to 11.0.6 seems to have resolved this issue.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.