Question : UDP ssc-agent traffic seems excessive

I started monitoring the traffic on my network using Network Probe. It's given me some insights into which machines are taking a great deal of bandwidth and where some unusual protocols might be coming from. But one Win 2k machine seems to be generating an extreme amount of ssc-agent traffic (UDP port 2967).

I have a Windows network connected mostly by hubs with no established domain controller or formal Microsoft networking servers managing the network. We use different workgroups but that's about it. This machine is usually the master browser for the network. Also, this machine runs as server for Symantic AntiVirus Corporate.

The ssc-agent traffic is about 10x my http traffic, and shows constant activity throughout a several hour sample. 2 GB of traffic in two hours...most other traffic is around 100-200 MB.

So...

What's the ssc-agent protocol used for? Is it a Symantic fuction or a Windows networking issue? Is there a reason this should be commanding so much activity? And is it something I can disable or schedule to run at a specific time?

Thanks for any help.

Answer : UDP ssc-agent traffic seems excessive

It's from Symantec. Here's a bit of info from the site:

"RTVScan makes a request to Winsock for port 2967 for IP and port 33345 for IPX. These values can be configured by using the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\AgentIPPort
HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\AgentIPXPort

If the request for the static port fails, then RTVScan will use a dynamic port. This port will be assigned by Winsock on that server and can be different each time that you request a port."

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002091816450048?Open&src=plat_hot&docid=2002112108541748&nsf=ent-security.nsf&view=docid_p&dtype=&prod=&ver=&osv=&osv_lvl=

Solution:
To change the frequency of NAVCE client keepalive packets

Right-click a server or server group in the Symantec System Center console, point to All Tasks, point to Norton AntiVirus, and then click Virus Definition Manager.
Select "Update Virus Definitions From Parent Server."
Click Settings.
Select "Set Client Configuration From Parent Server" box.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2000041209270248?Open&src=ent_hot&docid=2000032009080948&nsf=ent-security.nsf&view=docid&dtype=corp&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=8.x&osv=&osv_lvl=

and

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/1999120813251448?Open&src=ent_hot&docid=2000032009080948&nsf=ent-security.nsf&view=docid&dtype=corp&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=8.x&osv=&osv_lvl=

and

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2000032009080948?Open&src=ent_hot&docid=2002091210045148&nsf=ent-security.nsf&view=docid&dtype=corp&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=8.x&osv=&osv_lvl=

Random Solutions

Internet Browsers will not connect to the internet, but all other network programs work.. HELP! Please!

'No Association with Access point' message with Linksys

HOW TO BRIDGE A STANDALONE NET AND LOCAL LAN

Step by step setup of local network

Memory problems in Weblogic

Configure DHCP to Exclude MAC range

Bandwidth overhead for an RDP session

Cannot log onto my domain

WinXPDisableZeroConfigurat<wbr />ion.exe

Which phone system to choose?