Information about the "Fast Pathing" feature in SEP 12.1 RU4


Article ID: 158614


Updated On:


Endpoint Protection


"Fast Pathing" is a feature that it allows an organization to set a relatively long heartbeat interval to minimize traffic without losing up to date information about the security of clients.

Without this, important events like viral infections would only be uploaded during a heartbeat. Waiting for a heartbeat to forward events to the SEP Manager could slow down an organizations response time to an emerging threat.



Priority Upload Configuration.
-There is a checkbox to enable/disable this in the communications settings on SEPM
    This setting is per group and inheritable.
Immediate Notifications.
-There is a new option for the damper on security event related SEPM notifications: “None”.  
   Setting this causes this notification to be evaluated every minute, to ensure up-to-date information.



Applies To

  With "Fast Pathing" enabled, the client checks if there are new detections (*) or new network security events every minute.  If one of these critical events is found, the SEP client uploads all threat-detection and network security related information for the events from the logs (AVMan.log and seclog.log) but not any other log information.

         * Excluding System Change events and Tracking Cookies

The “None” Damper:
Any SEPM notification with a damper of “None” is set to be checked for each minute.
The “None” damper setting allows notifications about priority event to happen  quickly.
Priority Heartbeat process flow:
Every minute, if applicable.
Connects - Uploads Security and AV logs (No commands, No OpState, No definition information, No updates).