We are utilising SEPM 12.1.2015 with one management server and about 140 endpoints.
Some mornings (not every morning) as users are logging onto their systems (9am), our corporate network is getting hammered. I've run multiple wireshark captures when this is occurring and can see that this due to comm's to and from our SEPM server that is based in a different site (over an MPLS network) and SEP endpoints. A little confused as our endpoints are configured to check (pull) for updates / definitions at 2pm each day and are then configured to try for a further 3 hours and failing that wait for the next scheduled live update (2pm).
Any idea's what could be occurring here? Why is SEPM hammering my network? Within the wireshark outputs it would seem that SEPM is only communicating with a small number of clients (2-3 or in some occasions just 1!!!) when this occurs?!? Is there a method to throttle the bandwidth SEPM utilises?
Anyone else experienced this? Any suggestions welcome!