We had cause to learn this one the hard way this past week. We didn't know that Windows Server 2008 (64-bit) and Symantec Endpoint Protection just don't mix well. It affected SMBv1 clients, SMBv2 clients (Vista, Win7) were unaffected.
The presentation of it at the packet-level was pretty specific, though. XP clients (and Samba clients) would get to the second step of the connection setup process for mapping a drive and time out.
In the end it took a call to Microsoft. Once we got to the right network person, they knew immediately what the problem was.
ForeFront is now going on those servers. It really should have been on a month ago, but because these cluster nodes were supposed to go live for fall quarter they were fully staged up in August, before we even had the ForeFront clients. We never remembered to replaced SEP with ForeFront.
The presentation of it at the packet-level was pretty specific, though. XP clients (and Samba clients) would get to the second step of the connection setup process for mapping a drive and time out.
- -> Syn
- <- Syn/Ack
- -> NBSS, Session Request, to $Server<20> from $Client<00>
- <- NBSS, Positive Session Response
- -> SMB, Negotiate Protocol Request
- <- Ack
- [70+ seconds pass]
- -> FIN
- <- FIN/Ack
In the end it took a call to Microsoft. Once we got to the right network person, they knew immediately what the problem was.
ForeFront is now going on those servers. It really should have been on a month ago, but because these cluster nodes were supposed to go live for fall quarter they were fully staged up in August, before we even had the ForeFront clients. We never remembered to replaced SEP with ForeFront.
What did the problem end up being, specifically? I've not moved from 2003 yet, but I will in the future, and I currently have EPP, so I'm interested :-)
just cleaned up a VA college student's laptop with an updated version of endpointwhat a crockmalwarebytes cleaned it all up
I believe the "fix" for SMBv1 clients is to disable oplocks both at the client and the server. At least, that's the only "fix" that Symantec has been able to come up with over the last 2.5 years and 5 maintenance releases. This problem goes all the way back to the original SEP beta release. I guess that's what happens when new product development is off-shored to India.Also, regarding ForeFront vs SEP, yes, ForeFront seems to do a *much* better job blocking malware/etc. It's sad when even the free MS Security Essentials can block & clean things better than a paid-for product like SEP.