EPDR rollout best practices?

We are having quite a few issues with poor performance in a Terminal Server environment with EPDR installed. Task manager and other functionalities takes 2-3 minutes to open up and the end user complains of slowness. When we disable or remove EDPR works perfect. We have worked with support in the past and have disabled some functions as testing and it would seem to be fine for a little while and when a new update comes out it would start being problematic again. We are wondering if anyone knows of a possible best practice for rolling out on the following:

Termserver
SQL Server

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Jason24
    I'd suggest opening a support case -- performance issues often differ quite a bit between installations. A support case will give you the best results.

    -James Carson
    WatchGuard Customer Support

  • @james.carson We have already done cases in the past and have actually been on phones calls with WG in regards to this. What I am asking is does WG or anyone else have a best practices guide for Termserver and SQL environments because it seems to keep being a problem that crops up after an update. Like are there certain features that should not be enabled because of multiple users in a termserver sessions like Decoy files enabled or something along those lines

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Jason24
    I don't have best practices as it pertains specifically to that program.

    I would still suggest opening a support case (mention the previous issues that you've had) as the best way to get a resolution for this.

    -James Carson
    WatchGuard Customer Support

  • David_David_ WatchGuard Representative

    Hello, @Jason24

    We do have something that might help you on conduct a controlled upgrade on one of those mentioned role server.
    First of all, you should apply the General Bet Practices for upgrading altogether:
    https://www.pandasecurity.com/en/support/card?id=700039

    When these specific devices are ready to upgrade, start by upgrading one of them.
    If you find any kind of extra consumption on the device resources, try the following method to pinpoint the module creating the wrong:
    Access the Aether/WG protection console.
    Click on the SETINGS tab.
    Now access on the left hand column “Per computer Settings”.
    Copy the Default profile, creating a new one, and rename it to your like, or use an existing profile.
    The changes will affect to all computers under this profile.
    On the new created profile, click on “Security against Unauthorised Protection Tampering”.
    Activate the three switches.
    Establish a password.
    Hit save.
    Now apply this new profile to the troubled computer.

    Once created, open the local interface on the troubled computer.
    On the bottom right you will find the administrators panel.
    click on it and enter the password.
    Now you will see the protection modules, with a switch right beside.
    Turn the modules off (if on) following this order:
    Turn the firewall Off.
    Minimise the panel.
    Try your software or recreate the issue.
    Turn the mail Antivirus off.
    Minimise the panel.
    Try your software or recreate the issue.
    Turn the web browsing antivirus and the web access control Off.
    Minimise the panel.
    Try your software or recreate the issue.
    Turn the device control Off.
    Minimise the panel.
    Try your software or recreate the issue.
    Turn the Advanced Protection Off.
    Minimise the panel.
    Try your software or recreate the issue.
    And at last, turn the File Antivirus Off.
    Minimise the panel.
    Try your software or recreate the issue.

    Once you do know the module, open a case for support with all the data and testing performed.

    While we do study the case, you can create a special profile for those devices, with the troubling module disabled, so your devices will still be protected while we do provide a solution to your issue.

    Hope this helps!

    David

Sign In to comment.