Question : UDP ssc-agent traffic seems excessive

I started monitoring the traffic on my network using Network Probe. It's given me some insights into which machines are taking a great deal of bandwidth and where some unusual protocols might be coming from. But one Win 2k machine seems to be generating an extreme amount of ssc-agent traffic (UDP port 2967).

I have a Windows network connected mostly by hubs with no established domain controller or formal Microsoft networking servers managing the network. We use different workgroups but that's about it. This machine is usually the master browser for the network. Also, this machine runs as server for Symantic AntiVirus Corporate.

The ssc-agent traffic is about 10x my http traffic, and shows constant activity throughout a several hour sample. 2 GB of traffic in two hours...most other traffic is around 100-200 MB.

So...

What's the ssc-agent protocol used for? Is it a Symantic fuction or a Windows networking issue? Is there a reason this should be commanding so much activity? And is it something I can disable or schedule to run at a specific time?

Thanks for any help.

Answer : UDP ssc-agent traffic seems excessive

It's from Symantec. Here's a bit of info from the site:

"RTVScan makes a request to Winsock for port 2967 for IP and port 33345 for IPX. These values can be configured by using the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\AgentIPPort
HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\AgentIPXPort

If the request for the static port fails, then RTVScan will use a dynamic port. This port will be assigned by Winsock on that server and can be different each time that you request a port."

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002091816450048?Open&src=plat_hot&docid=2002112108541748&nsf=ent-security.nsf&view=docid_p&dtype=&prod=&ver=&osv=&osv_lvl=

Solution:
To change the frequency of NAVCE client keepalive packets

Right-click a server or server group in the Symantec System Center console, point to All Tasks, point to Norton AntiVirus, and then click Virus Definition Manager.
Select "Update Virus Definitions From Parent Server."
Click Settings.
Select "Set Client Configuration From Parent Server" box.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2000041209270248?Open&src=ent_hot&docid=2000032009080948&nsf=ent-security.nsf&view=docid&dtype=corp&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=8.x&osv=&osv_lvl=

and

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/1999120813251448?Open&src=ent_hot&docid=2000032009080948&nsf=ent-security.nsf&view=docid&dtype=corp&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=8.x&osv=&osv_lvl=

and

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2000032009080948?Open&src=ent_hot&docid=2002091210045148&nsf=ent-security.nsf&view=docid&dtype=corp&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=8.x&osv=&osv_lvl=

Random Solutions

Group Policy Based Windows Time Synchronization Issues.

Linksys VLAN and DHCP Problem

how i can assign an email to my domain mame?

Clien/Server Setup

Making Novell the Primary Logon Client

How to load a sip image into cisco ip phone

E-mail Problems with Winproxy

Gateway setting changes with Manually configured IP

My Cisco IP Phone 7960 is showing the incorrect time, all my other phones are 7970 and show the correct time. Any Ideas?

TightVNC security