Symantec Endpoint Protection Client configuration changes for performance optimization

Question/Issue:
My system is running slowly since installation of Symantec Endpoint Protection. How do I configure Symantec Endpoint Protection to alleviate performance issues?


Solution:

Communication between the Endpoint Client and Manager are causing network and server slowdown.

Modify the default communication settings:
1. Click the Clients Tab.
2. Select the client group you would like to modify.
3. Click the Policies tab.
4. If this is not the Global group, uncheck Inherit policies and settings from parent group. Ensure that Policy inheritance is OFF.
5. Under Location-independent Policies and Settings, with in the Settings box, click Communications Settings.
6. In the Download box select Pull mode.
7. Modify the default Heartbeat Interval from "5 minutes" to fit your needs. This modifies how often clients check-in with the manager to receive policies, settings, and content (definition) updates.
8. Click OK to save settings.

Network file sharing is slow or a network-hosted application runs slowly.

Disable Network Drive Scanning:
1. Click the Policies Tab.
2. Click Antivirus and Antispyware.
3. Click the policy you would like to modify and then click Edit the Policy.
4. Click File System Auto-Protect.
5. Under Network Settings, uncheck Network.
6. Click OK.
7. Assign the policy by clicking Assign the Policy, then check each group to which the policy should apply.
8. Click Assign, then click Yes.

All systems in a group run slowly and Endpoint Protection processes are using a abnormally high level of system resources once a week.

Modify the default weekly scan:
1. Click the Policies Tab.
2. Click Antivirus and Antispyware.
3. Click the policy you would like to modify and then click Edit the Policy.
4. Click Administrator-defined Scans.
5. Select Weekly Scheduled Scan and click Edit...
6. Modify this scan so that it will run at the least intrusive time.
*There are no randomization options for this scan so all Endpoint Protection Clients in this group will run the scan at the same time.

The Application event log on the system is filled with tamper protection alerts.

Disable Tamper Protection:
1. Click the Clients Tab.
2. Select the client group you would like to modify.
3. Click the Policies tab.
4. If this is not the Global group, uncheck Inherit policies and settings from parent group. Ensure that Policy inheritance is OFF.
5. Under Location-independent Policies and Settings, with in the Settings box, click General Settings.
6. Click the Tamper Protection tab.
7. Uncheck Protect Symantec security software from being tampered with or shut down.

The system has trouble delivering email. The email server, with the Symantec Endpoint Protection client installed, runs slowly.

Deactivate the email tools on Endpoint Protection Clients within a group:

Part I - Create a custom feature set
1. Click the Admin tab.
2. Click Install Packages.
3. Under View Install Packages, click Client Install Feature Sets.
4. Under Tasks, click Add Client Install Feature Set...
5. Type All except AntiVirus Email Protection in the Name box.
6. Uncheck AntiVirus Email Protection.
7. Click OK. You should see All except AntiVirus Email Protection listed under the default Client Install Feature Sets.

Part II - Assign and deploy the custom feature set
1. Click the Clients Tab.
2. Select the client group you would like to modify.
3. Click the Install Packages tab.
4. Double-click the install package that is currently in use, for example Symantec Endpoint Protection version 11.0.780.1109 for WIN32BIT. If there is no package present in this list click Add Client Install Package, then select the package you would like to use from the drop down menu.
5. Under Client Features select All except AntiVirus Email Protection from the Select the features you want to use: drop-down menu.
6. Click OK.
7. Click the Clients tab. Under the Tasks menu click Run Command on Group and select Update Content.

Note: The above steps can be useful for adding or removing any product feature.


Original Article here

How to create multiple network profiles on Windows XP/2000

While looking for a convenient way to create network profiles, I found the note below on the personal blog of Pat Burm, which you can find here

Original post:

I normally just use DHCP everywhere I connect. But sometimes I need special configs for networks that don’t have a DHCP server running. The problem with those special configs is that they just waste time when you need to go back to the office or your home network. Nothing works and it takes you a few minutes to remember you hosed your network settings to connect to some obscure network somewhere.

In case that link ever dies, the original content follows …

1. First, save your network profile with all you need (ip, subnet, gateway, dns, wins…)
2. Now you can open a DOS shell with start -> run; then type cmd
3. On shell write: netsh -c interface dump > c:/windows/system32/homesettings.txt
   the path is optional, you save this as you want, and also the name of file (homenetwork.txt) can be different.
4. Now you can setup a different netrwok, like the first profile, and repeat the point 3.
5. On you Desktop, in a free area, click on right button of mouse and choose new -> link
6. write: %windir%\system32\netsh.exe -f c:\windows\system32\homesettings.txt
7. Next write the name of link that appear as title of icon, eg: home
8. Repeat the step 6 and 7 for other network, change the name of txt in step six…
9. you are ready, if you want, you can change the two new icons on desktop, with right button, properties, change icon (the default icon file is c:/windows/system32/shell32.dll).

Offering Remote Assistance in Windows XP

How to create an icon on your desktop to launch Offer Remote Assistance in Windows XP

Right click on your desktop
Click on New
Click on Shortcut
Under "Type the location of the item" enter:

hcp://CN=Microsoft%20Corporation,L=Redmond,S=Washington,C=US/Remote%20Assistance/Escalation/Unsolicited/Unsolicitedrcui.htm

Click next
Under "Type a name for this shortcut" enter:

Offer Remote Assistance

Click finish

And that's it. From now on, whenever you'd like to offer remote assistance to any of your users just double click on the newly created icon and enter the appropriate IP address or computer name. Note that you can only do this if you have admin privileges on the remote computer

To launch Offer Remote Assistance from a command line:

"%ProgramFiles%\Internet Explorer\iexplore" hcp://CN=Microsoft%20Corporation,L=Redmond,S=Washington,C=US/Remote%20Assistance/Escalation/Unsolicited/Unsolicitedrcui.htm 

You can also start Remote Assistance from a command line, or shortcut:

%SystemRoot%\System32\rcimlby.exe -LaunchRA

Sysadmin Notes

Notes from a syadmin on windows / linux