Microsoft
Software
Hardware
Network
Question : UDP ssc-agent traffic seems excessive
I started monitoring the traffic on my network using Network Probe. It's given me some insights into which machines are taking a great deal of bandwidth and where some unusual protocols might be coming from. But one Win 2k machine seems to be generating an extreme amount of ssc-agent traffic (UDP port 2967).
I have a Windows network connected mostly by hubs with no established domain controller or formal Microsoft networking servers managing the network. We use different workgroups but that's about it. This machine is usually the master browser for the network. Also, this machine runs as server for Symantic AntiVirus Corporate.
The ssc-agent traffic is about 10x my http traffic, and shows constant activity throughout a several hour sample. 2 GB of traffic in two hours...most other traffic is around 100-200 MB.
So...
What's the ssc-agent protocol used for? Is it a Symantic fuction or a Windows networking issue? Is there a reason this should be commanding so much activity? And is it something I can disable or schedule to run at a specific time?
Thanks for any help.
Answer : UDP ssc-agent traffic seems excessive
It's from Symantec. Here's a bit of info from the site:
"RTVScan makes a request to Winsock for port 2967 for IP and port 33345 for IPX. These values can be configured by using the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWAR
E\INTEL\LA
NDesk\Viru
sProtect6\
CurrentVer
sion\Agent
IPPort
HKEY_LOCAL_MACHINE\SOFTWAR
E\INTEL\LA
NDesk\Viru
sProtect6\
CurrentVer
sion\Agent
IPXPort
If the request for the static port fails, then RTVScan will use a dynamic port. This port will be assigned by Winsock on that server and can be different each time that you request a port."
http://service1.symantec.c
om/SUPPORT
/ent-secur
ity.nsf/do
cid/
200209
1816450048
?Open&src=
plat_hot&d
ocid=20021
1210854174
8&
nsf=ent-
security.n
sf&view=do
cid_p&dtyp
e=&prod=&v
er=&osv=&
o
sv_lvl=
Solution:
To change the frequency of NAVCE client keepalive packets
Right-click a server or server group in the Symantec System Center console, point to All Tasks, point to Norton AntiVirus, and then click Virus Definition Manager.
Select "Update Virus Definitions From Parent Server."
Click Settings.
Select "Set Client Configuration From Parent Server" box.
http://service1.symantec.c
om/SUPPORT
/ent-secur
ity.nsf/do
cid/
200004
1209270248
?Open&src=
ent_hot&do
cid=200003
2009080948
&
nsf=ent-s
ecurity.ns
f&view=doc
id&dtype=c
orp&
prod=S
ymantec%20
AntiVirus%
20Corporat
e%20Editio
n&ver=8.x&
osv=&
osv_l
vl=
and
http://service1.symantec.c
om/SUPPORT
/ent-secur
ity.nsf/do
cid/
199912
0813251448
?Open&src=
ent_hot&do
cid=200003
2009080948
&
nsf=ent-s
ecurity.ns
f&view=doc
id&dtype=c
orp&
prod=S
ymantec%20
AntiVirus%
20Corporat
e%20Editio
n&ver=8.x&
osv=&
osv_l
vl=
and
http://service1.symantec.c
om/SUPPORT
/ent-secur
ity.nsf/do
cid/
200003
2009080948
?Open&src=
ent_hot&do
cid=200209
1210045148
&
nsf=ent-s
ecurity.ns
f&view=doc
id&dtype=c
orp&
prod=S
ymantec%20
AntiVirus%
20Corporat
e%20Editio
n&ver=8.x&
osv=&
osv_l
vl=
Random Solutions
internet sharing, wireless 2 LAN
Server 2003 DNS encountered an invalid domain name in a packet from ...
Problems with windows 2003 Group policy to terminal servers using security filters and Containers
Cisco 837: building a site to site vpn with dynamic ip addresses
difference between Windows account and Active Directory
IIS and Remote Desktop unavailable
Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable,.
Share an Internet connection from my laptop to my PVP
(Cisco 1811/IOS 12.4 Advanced Security) Port forwarding problem
Windows cannot find network path. Verify network path....