Symantec Endpoint Protection

[PsyOps]

We're using version 11. We have a server and clients. Each client is managed from the server.

The server pulls definition updates from an upstream server. As I understand it, the server is supposed to push these updates to the clients. What is actually happening is the server sends the command to the clients to update its definition files, but the client is going out to the upstream server rather than the SEPM server for its updates.

Does anyone know how to set up the install packages (or any other settings) that would require the clients to pull updates from the SEPM server rather than from the upstream server?

 

[OICU812]

There are 2 ways to configure SEPM, either push the defs to the clients or have the communication policy dictate that the clients should "check-in" for new defs/policies. I've tried both and the client "check-in" seems to yield the best results for me. You can also configure the LiveUpdate policys to force them to only talk to the server and/or prohibit communication with the upstream server. All else fails, just block the clients from communicating with the outside LiveUpdate servers at the firewall.



Sorry for the vagueness in the reply, I'm not in front of my SEPM server at the moment.

 

[PsyOps]

There are 2 ways to configure SEPM, either push the defs to the clients or have the communication policy dictate that the clients should "check-in" for new defs/policies. I've tried both and the client "check-in" seems to yield the best results for me. You can also configure the LiveUpdate policys to force them to only talk to the server and/or prohibit communication with the upstream server. All else fails, just block the clients from communicating with the outside LiveUpdate servers at the firewall.



Sorry for the vagueness in the reply, I'm not in front of my SEPM server at the moment.

I appreciate the reply. Blocking at the firewall results in the client showing a 404 error; in other words it can't contact the upstream server. It doesn't seem to fail over to look for updates from the SEPM server. I haven't tried setting it for 'check-in' (actually called 'pull') vice 'push'. I'll give that a try. If I set this though, when I initiate an 'update content', will the client respond to it? Also, when I set this, is it on the fly or do I have to push out new install packages to the clients?

 

[thomas_Symantec]

Check out this helpful troubleshooting document. "Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart"
Enterprise Support - Symantec Corp. - Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart

Let me know how it goes for you.

Best,
Thomas (Symantec)