Endpoint Protection

  • Private Community
 View Only

  • 1.  CRITICAL: NETWORK LOAD ALERT

    Posted Oct 27, 2016 11:41 AM

    We have so often received the alert message “CRITICAL: NETWORK LOAD ALERT: Too many requests for full definitions” from our SEPM since last year.

     

    Is it the warning message that the performance of our SEPM server was NOT sufficient for managing our clients?

     

    If the performance of our SEPM server is insufficient, which grade of the server can be recommend?

    Or should we have multiple SEPM?

     

    I describe our network environment as follows;

     

    Domain                                   : Windows Server 2008R2

    Network address                      : in one subnet  in one site

    SEP version                            : 12.1.6 (12.1 RU6 MP1)

    SEP manager                          : Independent server: HP ML310e Xeon 4core with WindowsServer 2008R2.

    Client                                      : 80 x Windows10

     



  • 2.  RE: CRITICAL: NETWORK LOAD ALERT

    Posted Oct 27, 2016 12:16 PM

    It means your clients are pulling full defs. Are they configured to get from SEPM or GUPs or somewhere else?



  • 3.  RE: CRITICAL: NETWORK LOAD ALERT

    Posted Oct 27, 2016 04:53 PM

    Yes, from SEPM in the same domain and same site.
     



  • 4.  RE: CRITICAL: NETWORK LOAD ALERT

    Posted Oct 27, 2016 05:15 PM

    For the clients that are showing up in the alert, are they out of date? How many content revisions are you keeping on your SEPM?



  • 5.  RE: CRITICAL: NETWORK LOAD ALERT

    Posted Oct 29, 2016 12:24 PM

    How many content revisions are you storing on your SEPM? See Admin > Servers > Local Site > Edit Site Properties > LiveUpdate > Disk Space Management for Downloads. A low number means that SEPM is not able to create delta files for the clients for a longer time so they have to download the full content. Symantec provides AV/AS three times a day. For example, to cover two weeks you should insert 42 content revisions.

    Upgrading is another option. As of 12.1.6 MP3, the NETWORK LOAD ALERT is limited to AV/AS events. That significantly reduces the number of annoying alerts.



  • 6.  RE: CRITICAL: NETWORK LOAD ALERT

    Posted Nov 02, 2016 06:38 AM

    35 requests for full definitions received in the past 10 minutes. This situation could indicate a potential network overload.
    You can block any future requests for full definitions. In the management console, go to Admin > Servers > Server Properties > Full Definitions Download tab, and check Prevent clients from downloading full definition packages.
     

    Symantec Endpoint Protection

    Symantec

    Notification Events

    2016/10/28 08:44:00 to 2016/10/28 08:54:00

     

      Print      

    		  

     

     

     

     

    Full Definition Requests

     

    Client IP

    Product Version

    Definition Name

    Source Revision

    Target Revision

    Reason Code

    Reason Description

    Time

    Server

    File Size

    192.168.1.227

    12.1.7004.6500

    SEPC Virus Definitions Win64 (x64) 12.1 RU6

    161014008

    161027023

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:53:55

    SEPPSERVER

    246 MB

    192.168.1.227

    12.1.7004.6500

    SEPC Iron Revocation List 12.1 RU6

    161014035

    161027018

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:53:55

    SEPPSERVER

    1 MB

    192.168.1.167

    12.1.6318.6100

    SEPC Virus Definitions Win64 (x64) 12.1 RU6

    161014008

    161027023

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:53:52

    SEPPSERVER

    246 MB

    192.168.1.167

    12.1.6318.6100

    SEPC Iron Revocation List 12.1 RU6

    161014035

    161027018

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:53:52

    SEPPSERVER

    1 MB

    192.168.1.202

    12.1.6318.6100

    SEPC Iron Revocation List 12.1 RU6

    161014035

    161027018

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:50:24

    SEPPSERVER

    1 MB

    192.168.1.202

    12.1.6318.6100

    SEPC Iron Whitelist 12.1 RU6

    161005001

    161027002

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:50:24

    SEPPSERVER

    12 KB

    192.168.1.202

    12.1.6318.6100

    SEPC Virus Definitions Win64 (x64) 12.1 RU6

    161006005

    161027023

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:50:24

    SEPPSERVER

    246 MB

    192.168.1.184

    12.1.6318.6100

    SEPC Virus Definitions Win64 (x64) 12.1 RU6

    161012021

    161027023

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:50:07

    SEPPSERVER

    246 MB

    192.168.1.184

    12.1.6318.6100

    SEPC Iron Revocation List 12.1 RU6

    161013004

    161027018

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:50:07

    SEPPSERVER

    1 MB

    192.168.1.230

    12.1.7004.6500

    SEPC Virus Definitions Win64 (x64) 12.1 RU6

    161014008

    161027023

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:55

    SEPPSERVER

    246 MB

    192.168.1.222

    12.1.7004.6500

    SEPC Virus Definitions Win64 (x64) 12.1 RU6

    161014008

    161027023

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:55

    SEPPSERVER

    246 MB

    192.168.1.230

    12.1.7004.6500

    SEPC Iron Revocation List 12.1 RU6

    161014035

    161027018

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:55

    SEPPSERVER

    1 MB

    192.168.1.222

    12.1.7004.6500

    SEPC Iron Revocation List 12.1 RU6

    161014035

    161027018

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:55

    SEPPSERVER

    1 MB

    192.168.1.235

    12.1.7004.6500

    SEPC Virus Definitions Win64 (x64) 12.1 RU6

    161014008

    161027023

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:54

    SEPPSERVER

    246 MB

    192.168.1.235

    12.1.7004.6500

    SEPC Iron Revocation List 12.1 RU6

    161014035

    161027018

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:54

    SEPPSERVER

    1 MB

    192.168.1.226

    12.1.7004.6500

    SEPC Virus Definitions Win64 (x64) 12.1 RU6

    161014008

    161027023

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:54

    SEPPSERVER

    246 MB

    192.168.1.226

    12.1.7004.6500

    SEPC Iron Revocation List 12.1 RU6

    161014035

    161027018

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:54

    SEPPSERVER

    1 MB

    192.168.1.229

    12.1.7004.6500

    SEPC Virus Definitions Win64 (x64) 12.1 RU6

    161014008

    161027023

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:54

    SEPPSERVER

    246 MB

    192.168.1.214

    12.1.6318.6100

    SEPC Virus Definitions Win64 (x64) 12.1 RU6

    161015001

    161027023

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:54

    SEPPSERVER

    246 MB

    192.168.1.229

    12.1.7004.6500

    SEPC Iron Revocation List 12.1 RU6

    161014035

    161027018

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:54

    SEPPSERVER

    1 MB

    192.168.1.214

    12.1.6318.6100

    SEPC Iron Revocation List 12.1 RU6

    161015006

    161027018

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:54

    SEPPSERVER

    1 MB

    192.168.1.233

    12.1.7004.6500

    SEPC Virus Definitions Win64 (x64) 12.1 RU6

    161014008

    161027023

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:54

    SEPPSERVER

    246 MB

    192.168.1.233

    12.1.7004.6500

    SEPC Iron Revocation List 12.1 RU6

    161014035

    161027018

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:53

    SEPPSERVER

    1 MB

    192.168.1.228

    12.1.7004.6500

    SEPC Virus Definitions Win64 (x64) 12.1 RU6

    161014008

    161027023

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:49

    SEPPSERVER

    246 MB

    192.168.1.228

    12.1.7004.6500

    SEPC Iron Revocation List 12.1 RU6

    161014035

    161027018

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:49

    SEPPSERVER

    1 MB

    192.168.1.143

    12.1.6318.6100

    SEPC Virus Definitions Win64 (x64) 12.1 RU6

    161014008

    161027023

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:47

    SEPPSERVER

    246 MB

    192.168.1.143

    12.1.6318.6100

    SEPC Iron Revocation List 12.1 RU6

    161014035

    161027018

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:47

    SEPPSERVER

    1 MB

    192.168.1.203

    12.1.6318.6100

    SEPC Virus Definitions Win64 (x64) 12.1 RU6

    161014008

    161027023

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:46

    SEPPSERVER

    246 MB

    192.168.1.203

    12.1.6318.6100

    SEPC Iron Revocation List 12.1 RU6

    161014035

    161027018

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:46

    SEPPSERVER

    1 MB

    192.168.1.145

    12.1.6318.6100

    SEPC Virus Definitions Win64 (x64) 12.1 RU6

    161014008

    161027023

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:43

    SEPPSERVER

    246 MB

    192.168.1.145

    12.1.6318.6100

    SEPC Iron Revocation List 12.1 RU6

    161014035

    161027018

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:42

    SEPPSERVER

    1 MB

    192.168.1.192

    12.1.6318.6100

    SEPC Virus Definitions Win64 (x64) 12.1 RU6

    161014008

    161027023

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:42

    SEPPSERVER

    246 MB

    192.168.1.192

    12.1.6318.6100

    SEPC Iron Revocation List 12.1 RU6

    161014035

    161027018

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:41

    SEPPSERVER

    1 MB

    192.168.1.173

    12.1.7004.6500

    SEPC Virus Definitions Win64 (x64) 12.1 RU6

    161014008

    161027023

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:38

    SEPPSERVER

    246 MB

    192.168.1.173

    12.1.7004.6500

    SEPC Iron Revocation List 12.1 RU6

    161014035

    161027018

    5

    Source revision sent by client did not exist on server

    2016/10/28 08:49:38

    SEPPSERVER

    1 MB


  • 7.  RE: CRITICAL: NETWORK LOAD ALERT

    Posted Nov 02, 2016 06:50 AM

    The disk space is adequate around 120GB free.

    We plan to be going to update from 12.1.6.MP1 to MP6 in this year.

    Thank you very much for good news!

     

    Best rigards!

     



  • 8.  RE: CRITICAL: NETWORK LOAD ALERT

    Trusted Advisor
    Posted Nov 02, 2016 11:45 AM

    I work in Education and we get this every time we have Half term where many PCs are switched off during the half term period.

    Once the users returns and switches on the PCs, some of these PCs may receive the full defs, others may not, depending on how long the PCs has been switched off.

    And that's where we receive these alerts.

    Perhaps this is similar for you?