New Server & Symantec Endpoint AV Update - Problems :-)

Started by mblack, April 29, 2014, 08:37:57 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

mblack

Replaced our server over the weekend. Things are great with the server, TAM and programs working great ... except INTERNET is crawling for many sites (company). Also Citrix client no longer works for Chubb and delete/reinstall doesn't solve.
Users are on IE 9, some on IE 8 (all fine last Friday).
We upgraded to Symantec Endpoint 12.1.4. We were on 11. I'm thinking this is the problem.

Techs have confirmed DNS settings are correct.
Suggestions ... please :-)!

thanks!

Margaret
Margaret Black
mblack@ambins.com
Allan M Block Agency, Tarrytown, NY
ASCnet PAC - Customer / LEAD - Nominations
TAM 12.5.3 25 users, W2008 Server, Office 2007, Exchange, @vantage 9.0, Ezlynx Rating

Jeff Zylstra

No one will like this suggestion, but I'm guessing that you're correct and it's the new version of Norton's AV.  Probably one that scans links on the internet and adds features that you didn't have before, or didn't have turned on.  The best thing that I can think of is to visit a few known, safe sites and record the access times then flush dns and cache and turn off the Norton's and go through the process again.  Any significant changes will answer that question for you.   
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Mark

Eeew, Jeff:  Symantec > Norton!!

Norton = Home User product
Symantec = Business product

I would take a single workstation, turn SEP off and see if it makes any difference.  Maybe even before that, run IE without add-ons or even try a different browser to see if anything improves.

It's easy to look directly at SEP as the likely cause, but it could be anything at this point.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Jeff Zylstra

Quote from: Mark on April 29, 2014, 10:23:33 AM
Eeew, Jeff:  Symantec > Norton!!

Norton = Home User product
Symantec = Business product

I would take a single workstation, turn SEP off and see if it makes any difference.  Maybe even before that, run IE without add-ons or even try a different browser to see if anything improves.

It's easy to look directly at SEP as the likely cause, but it could be anything at this point.

ROFL!  Sorry Mark!  Yes, I guess I need to move into the 20th century!
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Jeff Golas

I agree with Mark, try disabling all options of SAV on one workstation and see if that makes a difference. If so, go back and turn on each feature one by one until you find the one that was the culprit, then hit up SAV support and see if they can iron out the wrinkles.

Jeff Golas
Johnson, Kendall & Johnson, Inc. :: Newtown, PA
Epic Online w/CSR24
http://www.jkj.com

Ric

or even the 21st century?

Quote from: Jeff Zylstra on April 29, 2014, 10:39:42 AM
Quote from: Mark on April 29, 2014, 10:23:33 AM
Eeew, Jeff:  Symantec > Norton!!

Norton = Home User product
Symantec = Business product

I would take a single workstation, turn SEP off and see if it makes any difference.  Maybe even before that, run IE without add-ons or even try a different browser to see if anything improves.

It's easy to look directly at SEP as the likely cause, but it could be anything at this point.

ROFL!  Sorry Mark!  Yes, I guess I need to move into the 20th century!

Ric Tucker
Manager of Information Systems
Past President, New Jersey Chapter

J A Mariano Agency
TAM 2020, 11users, Windows 2019 Server,
Windows 10 Pro 64-bit workstations
fax@vantage 9.0.5,
Acoustic guitar, drums, percussion
Chrome, Microsoft 365

Mark

I was told that SEP 12 might have a browser add-on.  You could check that as well.  Is it slow with other browsers?

I did notice this morning that running in IE 9 compatibility mode made some company sites very sluggish.  But, we are actually on IE 10.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Jeff Zylstra

Quote from: Ric on April 29, 2014, 11:14:09 AM
or even the 21st century?

Quote from: Jeff Zylstra on April 29, 2014, 10:39:42 AM
Quote from: Mark on April 29, 2014, 10:23:33 AM
Eeew, Jeff:  Symantec > Norton!!

Norton = Home User product
Symantec = Business product

I would take a single workstation, turn SEP off and see if it makes any difference.  Maybe even before that, run IE without add-ons or even try a different browser to see if anything improves.

It's easy to look directly at SEP as the likely cause, but it could be anything at this point.

ROFL!  Sorry Mark!  Yes, I guess I need to move into the 20th century!

A creature of habit.  Yes, the 21st century would be much better.  Can I claim that I was traumatized by y2K?

And thank you for the clarification not to turn off AV for every user, but just the workstation you're testing on.  I guess I should have been clearer on that.
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Mark

Quote from: Jeff Zylstra on April 29, 2014, 12:12:33 PM
And thank you for the clarification not to turn off AV for every user, but just the workstation you're testing on.  I guess I should have been clearer on that.

I was never correcting you Jeff.  8)
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

mblack

Thanks for the suggestions.  I had disabled the Ad-on.  Also disabled and used Chrome.  Have completely uninstalled (internet pretty nice without :-)) although still no luck with Chubb Masterpiece which uses an ICA client).

Am starting to wonder if it's something with the new server? 

Oh the joys.

And by the way, again just want to say thanks for the help. Knew I would get some quick replies here.  Still waiting for someone, anyone, to reply on the forums. Oh well.  Nice to see so many "faces" again!
Margaret Black
mblack@ambins.com
Allan M Block Agency, Tarrytown, NY
ASCnet PAC - Customer / LEAD - Nominations
TAM 12.5.3 25 users, W2008 Server, Office 2007, Exchange, @vantage 9.0, Ezlynx Rating

Mark

I would call Chubb then.  They have probably experienced this before.  In fact, it sounds familiar but it's been a while since I've had to do anything with that.

Is it that the ICA client never starts?
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

mblack

Mark, been chatting with Chubb. They told me to remove all my printers (been there, even dumped them off the new server - should not have done that ... I usually don't touch the server except for minor stuff ... well ... anyway that's fixed now).

I've been in hacking my regedit (again, very carefully) based in Citrix newsgroup help.

I really do respect our tech company so today is troubleshooting day to gather as much info as I can and they'll be in tomorrow.

The slow internet on some sites is just weird.

Tam is flying though!  Reports in seconds, night utilities took 5 minutes.  There is a lot of good stuff too. I do like my glass half full ... haha.
Margaret Black
mblack@ambins.com
Allan M Block Agency, Tarrytown, NY
ASCnet PAC - Customer / LEAD - Nominations
TAM 12.5.3 25 users, W2008 Server, Office 2007, Exchange, @vantage 9.0, Ezlynx Rating

Mark

To me, this doesn't sound like it's related to the server unless you are running some type of filter on the server.  I assume that you are experiencing this on multiple (or all?) workstations?
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

mblack

Margaret Black
mblack@ambins.com
Allan M Block Agency, Tarrytown, NY
ASCnet PAC - Customer / LEAD - Nominations
TAM 12.5.3 25 users, W2008 Server, Office 2007, Exchange, @vantage 9.0, Ezlynx Rating

Mark

Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

mblack

Unfortunately I don't think that's going to work.  Saw that this morning.  The ICA Client is called within Chubb's system.  I've attached a print screen of the error.

Margaret Black
mblack@ambins.com
Allan M Block Agency, Tarrytown, NY
ASCnet PAC - Customer / LEAD - Nominations
TAM 12.5.3 25 users, W2008 Server, Office 2007, Exchange, @vantage 9.0, Ezlynx Rating

Mark

Gotchya.  I would definitely call Chubb.  You are probably not the only agency with this problem.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

mblack

Well the culprit was .... our Sonicwall!  A settign was off which sure did cause some issues.

Thanks for all the help.  I sure appreciated it!
Margaret Black
mblack@ambins.com
Allan M Block Agency, Tarrytown, NY
ASCnet PAC - Customer / LEAD - Nominations
TAM 12.5.3 25 users, W2008 Server, Office 2007, Exchange, @vantage 9.0, Ezlynx Rating

Bob


Jeff Zylstra

Quote from: mblack on April 30, 2014, 11:09:49 AM
Well the culprit was .... our Sonicwall!  A settign was off which sure did cause some issues.

Thanks for all the help.  I sure appreciated it!

Please tell me that there was at least something in the router log that said it was blocking things?  I've had it where it would block something, but I hadn't checked the box to report that type of thing because it wasn't very clear on what it was reporting on.  I'm not real impressed on SonicWall's logging and/or reporting.  Either it's too intrusive or bothersome, or things that should ALWAYS be reported (like a blocked access attempt), aren't reported. 
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Charlie Charbonneau

Inquiring minds want to know, what was the offending SW doing? or not doing?
Charlie Charbonneau
GBMB Insurance
San Antonio TX.

EPIC 2022, CSR24, Windows 2012 Hyper-V & 2016, Win10/11 Pro Stations, Sophos Anti-Virus.
.                .                 ..              ...

mblack

Check with our techs, in a nutshell, on the SonicWall, under zones for LAN, needed to disable some of the auto blocking options. Once this was done, all returned to normal on our network with the internet.
Margaret Black
mblack@ambins.com
Allan M Block Agency, Tarrytown, NY
ASCnet PAC - Customer / LEAD - Nominations
TAM 12.5.3 25 users, W2008 Server, Office 2007, Exchange, @vantage 9.0, Ezlynx Rating

Charlie Charbonneau

Charlie Charbonneau
GBMB Insurance
San Antonio TX.

EPIC 2022, CSR24, Windows 2012 Hyper-V & 2016, Win10/11 Pro Stations, Sophos Anti-Virus.
.                .                 ..              ...