it.ucsf.edu

SEP for Mac: Troubleshooting

Generally, the UCSF SEP client policies are set to allow end-users to temporarily disable the SEP protection technologies to help troubleshoot issues.  Before we discuss that option, as well as other work-arounds, here are some common behaviors to help determine if SEP is just doing its job, or if SEP may be the cause of anomolous issues.

SEP for Mac contains anti-virus/anti-malware protection technologies. Typically, the most resource intensive task that SEP for Mac performs is running a full scan of a volume. Potential side effects during file scanning may include:

  • increased cpu usage
  • slow disk access
  • locked out by a file caused by quarantining actions
  • block internet traffic deemed to be an attack/risk to the network

 

 To determine if SEP for Mac is in the middle of a scanning operation, you can check the status by:

  1. Go to Applications -> Symantec Solutions -> Symantec Endpoint Protection
  2. the Status screen should note any active tasks being perform by SEP

Other things to note about scheduled scans:

  • The first scan of any volume may take a long time to complete
  • After a successfully completed scan, subsequent scheduled scans will take less time since the client should skip files that have not modified since the last scan
  • Scheduled scan(s), defined in policy, are typically set for times that will cause the least amount of impact to the work day (i.e. in the middle of the night or really early in the morning)
  • If a machine was powered down during a scheduled scan, the scan will resume once the computer is powered on again

 

A note regarding Time Machine volumes:

  • a Time Machine volume containing a long history will take a really long time to complete because each time interval on the backup will be scanned as though it were an entire system
  • to mitigate the issue, we recommend:
    • only mounting Time Machine volumes when needed
      -or-
    • starting a new Time Machine volume after installing the SEP for Mac client
      -or-
    • maintaining Time Machine on a smaller volume

 

Pages