Information about the "Fast Pathing" feature in SEP 12.1 RU4

book

Article ID: 158614

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

"Fast Pathing" is a feature that it allows an organization to set a relatively long heartbeat interval to minimize traffic without losing up to date information about the security of clients.

Without this, important events like viral infections would only be uploaded during a heartbeat. Waiting for a heartbeat to forward events to the SEP Manager could slow down an organizations response time to an emerging threat.

Cause

 Configuration:

Priority Upload Configuration.
-There is a checkbox to enable/disable this in the communications settings on SEPM
    This setting is per group and inheritable.
 
 
 
Immediate Notifications.
-There is a new option for the damper on security event related SEPM notifications: “None”.  
   Setting this causes this notification to be evaluated every minute, to ensure up-to-date information.
 
 
 

Resolution

 -


Applies To

  With "Fast Pathing" enabled, the client checks if there are new detections (*) or new network security events every minute.  If one of these critical events is found, the SEP client uploads all threat-detection and network security related information for the events from the logs (AVMan.log and seclog.log) but not any other log information.

         * Excluding System Change events and Tracking Cookies

The “None” Damper:
Any SEPM notification with a damper of “None” is set to be checked for each minute.
The “None” damper setting allows notifications about priority event to happen  quickly.
 
Priority Heartbeat process flow:
Every minute, if applicable.
Connects - Uploads Security and AV logs (No commands, No OpState, No definition information, No updates).
Disconnects.

Attachments