Information about the "Fast Pathing" feature in SEP 12.1 RU4
Last Updated November 08, 2013
"Fast Pathing" is a feature that it allows an organization to set a relatively long heartbeat interval to minimize traffic without losing up to date information about the security of clients.
Without this, important events like viral infections would only be uploaded during a heartbeat. Waiting for a heartbeat to forward events to the SEP Manager could slow down an organizations response time to an emerging threat.
Priority Upload Configuration.
-There is a checkbox to enable/disable this in the communications settings on SEPM
This setting is per group and inheritable.
-There is a new option for the damper on security event related SEPM notifications: “None”.
Setting this causes this notification to be evaluated every minute, to ensure up-to-date information.
With "Fast Pathing" enabled, the client checks if there are new detections (*) or new network security events every minute. If one of these critical events is found, the SEP client uploads all threat-detection and network security related information for the events from the logs (AVMan.log and seclog.log) but not any other log information.
* Excluding System Change events and Tracking Cookies
The “None” Damper:
Any SEPM notification with a damper of “None” is set to be checked for each minute.
The “None” damper setting allows notifications about priority event to happen quickly.
Priority Heartbeat process flow:
Every minute, if applicable.
Connects - Uploads Security and AV logs (No commands, No OpState, No definition information, No updates).
Imported Document ID: TECH212153
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe