Managing content updates
| Article:HOWTO80884 | | | Created: 2012-10-24 | | | Updated: 2013-06-06 | | | Article URL http://www.symantec.com/docs/HOWTO80884 |
Symantec products depend on current information to protect computers from threats with the latest threat protection technology. Client computers and servers need periodic updates to their protection content, such as virus and spyware definitions, intrusion protection system signatures, and product software. LiveUpdate provides these Symantec-signed updates through an Internet connection. The LiveUpdate client verifies them to ensure that the updates come from Symantec and have not been tampered with in any way.
Symantec Endpoint Protection supports the HTTPS, HTTP, and FTP protocols to connect to internal LiveUpdate servers. It supports connections to the Symantec LiveUpdate server over HTTP, with FTP as the backup method. Although HTTPS is not supported for connection to the Symantec LiveUpdate server, the content is digitally signed. The advantage of HTTP is that most clients can connect to the LiveUpdate server over HTTP, and HTTP is typically faster.
Note: | The LiveUpdate that Symantec Endpoint Protection uses does not update content in other Symantec products. If you previously used a single instance of LiveUpdate for content updates on multiple products, you should now enable the LiveUpdate scheduler in those other Symantec products. |
To configure updates for clients, you use the following policies:
The LiveUpdate Settings policy specifies the content servers that client computers contact to check for updates and how often clients check for updates. The LiveUpdate Content policy specifies the content types that your client computers download. You can also configure some of the content types that are downloaded to the management server on the LiveUpdate tab of the Site Properties dialog box.
If you use a LiveUpdate server, the LiveUpdate Settings policy provides for the following areas:
The degree of user control over LiveUpdate
You can let users manually start LiveUpdate from their client computers. This setting is disabled by default. If you enable this setting, users can start LiveUpdate and download the latest content virus definitions, component updates, and product updates. Depending on the size of your user population, you may not want to let users download all content without previous testing. Additionally, conflicts can occur if two LiveUpdate sessions run simultaneously on client computers.
You can also choose to let users change their LiveUpdate schedule and change their proxy settings.
Download of product updates
By default, users are not allowed to download product updates from a LiveUpdate server, but you can change this setting.
Use of standard HTTP headers
LiveUpdate sometimes uses non-standard headers that a firewall might block. You can use this setting to make Symantec Endpoint Protection Manager require standard HTTP headers from LiveUpdate. This setting applies only to downloads to clients from an external or an internal LiveUpdate server.
You can restrict users from running LiveUpdate only on Windows clients. Users on Mac clients can always run LiveUpdate. Product updates from a LiveUpdate server, however, can be restricted on both Mac and Windows clients. If you restrict product updates from LiveUpdate on a Mac client, you must provide them manually. Mac clients cannot get updates from the management server.
Table: Tasks for managing content updates describes some of the tasks that you can perform to manage content updates. Since you can use the defaults for updating, all tasks are optional.
Table: Tasks for managing content updates
Task | Description | ||
|---|---|---|---|
Run LiveUpdate after installation | After you install Symantec Endpoint Protection Manager, it is configured to periodically update content automatically. However, you can run LiveUpdate immediately or at any point to download the latest security and product updates. See Downloading LiveUpdate content manually to Symantec Endpoint Protection Manager. | ||
Configure the LiveUpdate download settings for the management server | Configure the management server to receive regular content updates. These content updates can be distributed to client computers. When you configure a site to download LiveUpdate content to Symantec Endpoint Protection Manager, you need to make the following decisions:
See Configuring a site to download content updates. See Configuring the disk space that is used for LiveUpdate downloads. See Configuring the LiveUpdate download schedule for Symantec Endpoint Protection Manager. | ||
Set up a connection to allow a proxy server to connect to the Symantec LiveUpdate server | Establish communication between a proxy server and Symantec Endpoint Protection Manager so that it can connect with Symantec subscription services. A proxy server can provide an additional level of protection between your site and an external Symantec LiveUpdate server. | ||
Specify proxy settings for client communication to an internal LiveUpdate server | You can specify proxy settings for the clients that connect to an internal LiveUpdate server for updates. The proxy settings are for updates only. They do not apply to other types of external communication that clients use. You configure the proxy for other types of client external communication separately. | ||
Decide how client computers get updates | Client computers can automatically download security definitions and other product updates from Symantec Endpoint Protection Manager, but several other content distribution methods are available. For example, you can allow users who travel with portable computers to use an Internet connection to get updates directly from a Symantec LiveUpdate server. Some installations that have large numbers of clients may set up single or multiple Group Update Providers to reduce the load on the management server. You can also configure an explicit list of Group Update Providers that clients can use to connect to Group Update Providers that are on subnets other than the client's own subnet.
See About the types of content that LiveUpdate can provide. See How client computers receive content updates. See Configuring the LiveUpdate download schedule for client computers. | ||
Configure the amount of control to give users over LiveUpdate | You can decide how much control to give your users over their content updates. See Configuring the amount of control that users have over LiveUpdate. | ||
Tune client download parameters | To mitigate the effect of downloads on network bandwidth, you can download content randomly so that not all clients get updates at the same time. See About randomization of simultaneous content downloads. See Randomizing content downloads from the default management server or a Group Update Provider. To mitigate the effect of downloads on client computers' performance, you can have the client computers download content updates when the client computers are idle. See Configuring client updates to run when client computers are idle. | ||
Configure an alternate distribution method | Client computers automatically download virus definitions and other content updates from Symantec Endpoint Protection Manager, but there are several alternate distribution methods that you can use. |
|
|
Legacy ID
v38539566_v81626096
Article URL http://www.symantec.com/docs/HOWTO80884
Terms of use for this information are found in Legal Notices
Thank you.