SEPM Communication Settings Change
PUSH mode existed in the product long before it was SEP. It is carry over from the Sygate days. Back then, the manager was just a Policy Manager and didn’t distribute definitions or content. The manager only handed out new Firewall policies. When we brought in AV/AS and other protection technologies and merged the products “Protection Definitions were added”. This notification didn’t exist in Sygate or even early SEP.
Because of some ugly growing pains and defects with the product and definition creation, delta, client side bugs requesting the wrong definitions, etc, it was a feature\enhancement request that was added to help give a SEPM admin a heads up that something might be wrong.
The report doesn’t take into consideration if you are in PULL or PUSH mode. It doesn’t account for machines that were OFF or unable to communicate with manager while traveling, or users that are on leave or vacation (all conditions where they would be more inclined to need to pull down full definitions. It also doesn’t account that a large portion of the workforce may go home, shutdown and then come into work roughly the same time of day (shift changes) where again machines could all come online at the same time and ask for full.zips. It is only looking at simple terms did the client request a full.zip of any content and if so how many requests in x minutes.
Additionally all the logic is client side for download randomization, however before that happens, the client does have to make a request to the SEPM for the content before it is added to the queue and randomized. The SEPM will log this first event (which is used in the alert) Even with enabling that setting their exists the chance that a few clients could trigger the event because “download randomization” happens after at least one request to the manager for content. Also the logic for download randomization is psudo random. Each client has no idea that another client randomized or how many clients are generating a random time. The algorithm only states that the client needs to defer trying to download content after the first request for some random time (30 minutes). A client could decide to immediately check-in and download the next second or minute or even wait 10 minutes or up to 30 minutes (whatever maximum value you set in your case it looks like 120 minutes). Download randomization can actually make this report trigger more frequently, because you will have the initial request for content, it will be added to the download queue to download later and then at some point later it will ask again. So for each download of content type, date and revision, you will generate minimum of 2 requests and depending on how it randomizes has the potential to be very close together.
Being in PUSH mode really invalidates the usefulness of the report because regardless of the randomization setting, in your case you will have 1200 machines becoming aware that SEPM has some new definitions to download and they will all try to update.
SEPM DB Automatic Maintenance
-
Truncates the transaction log.The transaction log records almost every change that takes place within the database. The management server removes unused data from the transaction log.
-
Rebuilds the index.The management server defragments the database table indexes to improve the time it takes to sort and search the database.
-
In the console, click , and then click .
-
Under Servers, click the icon that represents the database.
-
Under Tasks, select either of the following options:
-
Click .
-
After the task completes, click .
-
In the console, click , and then click .
-
Under Servers, click the icon that represents the database.
-
Under Tasks, click .
-
On the General tab, check either or both of the following options, then click and specify the schedule for each task.
