Moved to ePO for better support.
First, I would go into the server's settings and disable Global Updating, at least until you get everything else sorted out (if not permanently).
Next, I would take a look at the client tasks that are currently configured. Most organizations use a couple standard/default scan and update tasks on a daily basis, and then deal with oddballs from there.
You may also want to consider suspending any installation tasks until you get a handle on everything else.
Well let me have a look at it.
Meanwhile, would it be possible to have few WAN users to talk to other Public IP of same server and rest talk to other? I mean I have two ISP links and can NAT epo server behind those 2 links. So wondering if is it possible to route few client via other link and remaining via primary?
Out of 250, 100 talk to 22.214.171.124 and reamining 150; talk to 126.96.36.199
I suppose you could rig that kind of a fake load-balancing setup by adding Agent Handler groups for each IP. Then create two different assignment rules--one listing A first and B second for half the population, and a second rule that lists B first and A second for the other half.
Personally, I'm not impressed with the Agent's native ability to randomize.
Well, in my firewall logs or analyzer it shows almost 5 GB/day is being used by port I set ASCI. The policy enforcement interval is 60 mins and ASCI is 6 hrs, even after that I did not notifce any difference in BW utilization and wondering how do I troubleshoot the issue.
5 * 1024 (Mega) * 1024 (Kilo) / 4 (ASCI per day) / 250 (systems) = 5,242.88 per system per ASCI
If that is in (b)its, then I would say that is higher than I expected, but within the realm of reason.
If that is in (B)ytes, then I would definately say that is high, but I have no idea how many events your systems normally generate. Do you use a whole pile of McAfee titles, or is it just the Agent & VirusScan (as an example).
The simple answer might be to bump up your ASCI for a few days and see what kind of difference that makes. That will reduce the bandwidth used by normal system props data, but your clients would still be generating the same number of threat events--so the bandwidth from event data would remain unchanged. But, to be honest, I prefer much smaller ASCI and policy enforcement values--so I am used to seeing claims of 'excessive' bandwidth.
I believe there is also an option in Agent policy to send only the delta in system properties, rather than the whole set of data.