Managing content updates
|Article:HOWTO80884|||||Created: 2012-10-24|||||Updated: 2013-10-07|||||Article URL http://www.symantec.com/docs/HOWTO80884|
Symantec products depend on current information to protect computers from threats with the latest threat protection technology. Client computers and servers need periodic updates to their protection content, such as virus and spyware definitions, intrusion protection system signatures, and product software. LiveUpdate provides these Symantec-signed updates through an Internet connection. The LiveUpdate client verifies them to ensure that the updates come from Symantec and have not been tampered with in any way.
Symantec Endpoint Protection supports the HTTPS, HTTP, and FTP protocols to connect to internal LiveUpdate servers. It supports connections to the Symantec LiveUpdate server over HTTP, with FTP as the backup method. Although HTTPS is not supported for connection to the Symantec LiveUpdate server, the content is digitally signed. The advantage of HTTP is that most clients can connect to the LiveUpdate server over HTTP, and HTTP is typically faster.
The LiveUpdate that Symantec Endpoint Protection uses does not update content in other Symantec products. If you previously used a single instance of LiveUpdate for content updates on multiple products, you should now enable the LiveUpdate scheduler in those other Symantec products.
To configure updates for clients, you use the following policies:
The LiveUpdate Settings policy specifies the content servers that client computers contact to check for updates and how often clients check for updates. The LiveUpdate Content policy specifies the content types that your client computers download. You can also configure some of the content types that are downloaded to the management server on the LiveUpdate tab of the Site Properties dialog box.
If you use a LiveUpdate server, the LiveUpdate Settings policy providesfor the following areas:
The degree of user control over LiveUpdate
You can let users manually start LiveUpdate from their client computers. This setting is disabled by default. If you enable this setting, users can start LiveUpdate and download the latest content virus definitions, component updates, and product updates. Depending on the size of your user population, you may not want to let users download all content without previous testing. Additionally, conflicts can occur if two LiveUpdate sessions run simultaneously on client computers.
You can also choose to let users change their LiveUpdate schedule and change their proxy settings.
Download of product updates
By default, users are not allowed to download product updates from a LiveUpdate server, but you can change this setting.
Use of standard HTTP headers
LiveUpdate sometimes uses non-standard headers that a firewall might block. You can use this setting to make Symantec Endpoint Protection Manager require standard HTTP headers from LiveUpdate. This setting applies only to downloads to clients from an external or an internal LiveUpdate server.
You can restrict users from running LiveUpdate only on Windows clients. Users on Mac clients can always run LiveUpdate. Product updates from a LiveUpdate server, however, can be restricted on both Mac and Windows clients. If you restrict product updates from LiveUpdate on a Mac client, you must provide them manually. Mac clients cannot get updates from the management server.
Table: Tasks for managing content updates describes some of the tasks that you can perform to manage content updates. Since you can use the defaults for updating, all tasks are optional.
Table: Tasks for managing content updates
Article URL http://www.symantec.com/docs/HOWTO80884