Information about the "Fast Pathing" feature in SEP 12.1 RU4

book

Article ID: 158614

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

"Fast Pathing" is a feature that it allows an organization to set a relatively long heartbeat interval to minimize traffic without losing up to date information about the security of clients.

Without this, important events like viral infections would only be uploaded during a heartbeat. Waiting for a heartbeat to forward events to the SEP Manager could slow down an organizations response time to an emerging threat.

Cause

Configuration:

Priority Upload Configuration.

-There is a checkbox to enable/disable this in the communications settings on SEPM

This setting is per group and inheritable.

Immediate Notifications.

-There is a new option for the damper on security event related SEPM notifications: “None”.

Setting this causes this notification to be evaluated every minute, to ensure up-to-date information.

Resolution

Applies To

With "Fast Pathing" enabled, the client checks if there are new detections (*) or new network security events every minute. If one of these critical events is found, the SEP client uploads all threat-detection and network security related information for the events from the logs (AVMan.log and seclog.log) but not any other log information.

* Excluding System Change events and Tracking Cookies

The “None” Damper:

Any SEPM notification with a damper of “None” is set to be checked for each minute.

The “None” damper setting allows notifications about priority event to happen quickly.

Priority Heartbeat process flow:

• Every minute, if applicable.

• Connects - Uploads Security and AV logs (No commands, No OpState, No definition information, No updates).

• Disconnects.