search cancel

Computers running Endpoint Protection 14 with Intrusion Prevention experience poor performance transferring large media files


Article ID: 175877


Updated On:


Endpoint Protection


Client Intrusion Prevention System (CIDS) is a component of the optional Intrusion Prevention (IPS) protection feature of Symantec Endpoint Protection (SEP).  The CIDS engine is updated periodically.

SEP clients with CIDS engine version 16 and earlier could exhibit slower than expected speeds of large media file transfers over the internal network. High CPU usage could also be possible.


CIDS 16 and earlier contain a SMB parser that requires more processing power to analyze the media files.  This, in turn, decreased the throughput and transfer speed.


The CIDS 17 engine improved the SMB parser, increasing the network transfer speeds and decreasing CPU usage.  CIDS 17 was released in February 2019 and all SEP 14.X clients should have received the updated engine through LiveUpdate content updates.  SEP 14.2 RU1 and newer installation packages ship with CIDS 17 already included.

If performance is poor, please check the version of the CIDS engine that is present. To check version of CIDS installed on SEP client:

- Open the SEP client UI
- Click on Help, then Troubleshooting
- Choose Versions on the left
- In the Engines window, scroll down to Intrusion Prevention Engine.

If the Intrusion Prevent Engine is 17.x, then the endpoint has received the CIDS 17 update.