Hello everyone, I have been troubleshooting an issue with system performance. I have many users who are on gig connections but they are only getting 5 - 10 MB down, but oddly are getting 30 - 40 mb up. After doing some performance review and logging with netsh I found there were active drops in the netevens.xml and wfpdiag.xml logs that show Symantec, and zscaler (local proxy) traffic being dropped. . Windows Defender is not enabled but it seems this filter runs anyways. It has something to do with securing applications that cross communicate via API on loopback interface. I have tried following a few articles that describe adding exceptions in to the filter with the checknetisolation.exe tool. When I pull the id for Symantec with Get-Startapps it shows the id as @{Name=Symantec Endpoint Protection; AppID=Symantec.ToastUI}. I have tried adding it with just the app id like this CheckNetIsolation.exe LoopbackExempt -a -n=Symantec.ToastUI. When I run CheckNetIsolation.exe LoopbackExempt -s it shows it as
Name: AppContainer NOT FOUND
SID: S-1-15-2-2250518988-1949527527-585200290-877550249-3023153756-727064717-1584476154
The main reason I am here though is to ask where I can download the tool to view the rawlog.log in C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Logs? I opened it in notepad++ and I get a bunch of garbage. Any help for either of these problems would be greatly appreciated.
------------------------------
Thank you all,
------------------------------