2 Replies Latest reply on May 22, 2009 1:29 PM by tfxnick

    Excessive Bandwidth Usage from clients in two sites

      I have two remote sites that are having an issue since migrating to our central ePO/VirusScan (formerly SAV on SAV management), where every morning from about 8-10am their time, many of the workstations download a large amount of data (~50MB) each from the central ePO over the WAN and this kills their internet connection.

      What I cannot figure out is what this data is, and why there's so much of it each day. Both sites have local superagents and their policies are set to use those for software/DATs, and when doing manual updates it does report its using those.

      I observe 12KB/client or so from other locations hitting the ePO server so there's certainly something wrong in this case.

      Same AD, policies inheriting from the top. The only deviation is the agent policy specifying distributed repository order, which was cloned from the higher level policy. Same software revs. One thing that stands out is these are running the Czech language version of XP rather than English, although we do have sites in other languages that seem to be running fine (no complaints)

      Does anyone have any ideas of where to start diagnosing what is going on?

      ePO 4.0 (no patches), Agent 3.6, VirusScan 8.5i patch 6

      Thanks for any insights!
        • 1. RE: Excessive Bandwidth Usage from clients in two sites
          Are the SuperAgents at your remote sites properly updating? Do they report as being available -- check the SiteStat.xml file in your SuperAgent's repository folder and verify that its Status = "Enabled".

          I think if the central ePo server has newer versions available than at the SuperAgent, clients will download from the central ePo server.

          I'm wondering if the 8-10 am window at your remote site corresponds to your window between updating your ePo repository and replicating the new data to your SuperAgents? Would that explain the traffic you see?
          • 2. RE: Excessive Bandwidth Usage from clients in two sites

            Yah we did look at if the copies of everything on the superagent were up to date and enabled and was fine. Also the AutoUpdate time in the client is in the afternoon on all of the boxes so it wasn't that process (the AutoUpdate logs also always showed the local SA). Most of the machines are turned off at night so my feeling was that time period was related to some +/- delay on something after bootup. With the bandwidth being zapped, the machines would just pile on and it took a while for it to all finish.

            But to catch up to my current events, I was digging through the release notes for all of the McAfee products and their patches and noticed that McAfee Agent 4.0 had a bug along the way that was something along the lines of on non-english Windows it would pull full DATs rather than the delta DATs, wasting bandwidth, which was sort of like the issue, not quite, but it was a bug relating to non-english Windows and using too much bandwidth so we said heck with it and threw the newest McAfee Agent at one of the sites and not the other. The one with the newer agent did NOT have this download problem this morning.

            So it seems the answer was, they already fixed it. I do think the Czech build of Windows must have been a factor, why I may never know.