Symantec Endpoint

GJ666 · ‎12-16-2011

Hi,

This isn't so much a question but more of a issues sweep.

I have been assigned a big project to complete the roll out of Symantec Endpoint 10 (TBC) to virtual servers in our datacentre. There are about 2500 servers to think about...Nice

I was wondering if anyone out there use Symantec Endpoint on Virtual Servers and Desktops ?

Is there any recommendations in terms of scanning configuration ?

Cheers,

GJ

peetz · ‎12-16-2011

Hi,

you definitely should NOT start with SEP version 10, because it is really not virtualization friendly. I/O load during scanning is high and there is no easy method to distribute the times of pattern updates and scheduled scans over the day.

SEP11 (that we have currently deployed on all our virtual Windows servers) is much more virtualization friendly. The disk IO and CPU impact for realtime and scheduled scanning is much lower and you have a "randomization" feature for the start time of pattern updates and scheduled scans which makes it easy to distribute the CPU and IO load over the day. Nothing is worse than having 1000 VMs pulling pattern updates or starting schedules scan altogether at the same time, this will bring your storage to the knees.

SEP12 might have improved this even further, but I haven't looked into it yet.

- Andreas

Twitter: @VFrontDe, @ESXiPatches | https://esxi-patches.v-front.de | https://vibsdepot.v-front.de

pierodepaoli · ‎12-24-2011

Hi there -

This is Piero from Symantec Product Marketing.

Rather than looking at version 10, you should look at SEP 12 as there are features that have been optimized for VMware.

Shared Insight Cache:

- Allows for a file that is on multiple virtual machines to only be scanned once - drastically reducing the number of files scanned.

Resource Leveling:

- Randomizes functions such as definition updates and scheduled scans ensuring that SEP won't slow your machine down.

VIrtual Image Exception:

- Creates a white list that you decide is safe - allowing for elimination of unnecessary scanning.

Offline Image Scanner:

- Can scan offline images ensuring they are safe before being brought online.

Virtual Client Tagging

- SEP agents report back to the SEP Manager declaring whether it is installed on a physical or virtual machine - allowing you to more easily create polcies specific to physical or virtual

You can learn more about SEP 12 - including trialware here:

http://www.symantec.com/business/endpoint-protection

Hope this helps!

- Piero

GJ666 · ‎12-30-2011

Hi,

Thanks very much for responding.

We are actually using SEP 11 as a corp standard and will be upgrading to 12 later. This is out of my hands..

Anyway SEP 11 appears to be running fine. I am just trying to work out the best time setting for randomisation.

We have SEP running on ten 2003 Test Servers; hosted on an esx host and will see how performance looks during a scan and def update.

BTW. I used the competitive uninstaller from Symantec to remove CA E-Trust which has done the job very well. I guess the real "proof of the pudding" will be when we roll out the updates accross the 2500 or so servers...which will:

Remove CA E-trust

Remove CA DSM

Install SEP 11

in the case of W2k Servers..(I know..) update IE5.5

and Install SCCM

Wish me luck..

Cheers and a Happy New Year

Gordon.