Blog: Symantec Endpoint Protection

We had a customer who was experiencing slowness on their terminal servers and the slowness was keeping some reports in their core banking application from running.  We found that when we excluded the entire C: drive of the terminal server from all Symantec Endpoint Protection scans, the errors would not occur. Through trial and error, we tracked down the setting in SEP that was causing the performance problems. We changed the “Scan files when” setting from “Scan when a file is access or modified” to “Scan when a file is modified”. This solved the performance issues and reports in their core banking application are running properly now.



When attempting to access the SEP Management GUI, I got an error in my browser that said “ssl_error_weak_server_ephemeral_dh_key”. This is caused by weak ciphers which have been deprecated by browser updates.
To resolve this you have to modify the SEP server's "server.xml" file to exclude the weak ciphers and include newer and stronger ciphers, as well as replace the Java Cryptography Extension (JCE) files to support the stronger ciphers.

  1. Login to the SEP server and stop the Symantec Endpoint Protection WebService.
  2. Go to C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\conf and open server.xml.
  3. In the server.xml file, find the section with cipher= value under <Service name=”WebService”> and replace the current ciphers listed in the file with the following: ciphers="TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
  4. Download the new JCE files from Java’s website here.
  5. Unzip and save those files to C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\jre\lib\security.  Overwrite the existing files in prompted.
  6. Start the Symantec Endpoint Protection WebService back up, and you should be all set.