Managing content updates

Article:HOWTO80884  |  Created: 2012-10-24  |  Updated: 2014-09-21  |  Article URL
Article Type
How To


Managing content updates

Symantec products depend on current information to protect computers from threats with the latest threat protection technology. Client computers and servers need periodic updates to their protection content, such as virus and spyware definitions, intrusion protection system signatures, and product software. LiveUpdate provides these Symantec-signed updates through an Internet connection. The LiveUpdate client verifies them to ensure that the updates come from Symantec and have not been tampered with in any way.

Symantec Endpoint Protection supports the HTTPS, HTTP, and FTP protocols to connect to internal LiveUpdate servers. It supports connections to the Symantec LiveUpdate server over HTTP, with FTP as the backup method. Although HTTPS is not supported for connection to the Symantec LiveUpdate server, the content is digitally signed. The advantage of HTTP is that most clients can connect to the LiveUpdate server over HTTP, and HTTP is typically faster.


The LiveUpdate that Symantec Endpoint Protection uses does not update content in other Symantec products. If you previously used a single instance of LiveUpdate for content updates on multiple products, you should now enable the LiveUpdate scheduler in those other Symantec products.

To configure updates for clients, you use the following policies:

  • LiveUpdate Settings policy

  • LiveUpdate Content policy

The LiveUpdate Settings policy specifies the content servers that client computers contact to check for updates and how often clients check for updates. The LiveUpdate Content policy specifies the content types that your client computers download. You can also configure some of the content types that are downloaded to the management server on the LiveUpdate tab of the Site Properties dialog box.

If you use a LiveUpdate server, the LiveUpdate Settings policy provides Advanced Settings for the following areas:

  • The degree of user control over LiveUpdate

    You can let users manually start LiveUpdate from their client computers. This setting is disabled by default. If you enable this setting, users can start LiveUpdate and download the latest content virus definitions, component updates, and product updates. Depending on the size of your user population, you may not want to let users download all content without previous testing. Additionally, conflicts can occur if two LiveUpdate sessions run simultaneously on client computers.

    You can also choose to let users change their LiveUpdate schedule and change their proxy settings.

  • Download of product updates

    By default, users are not allowed to download product updates from a LiveUpdate server, but you can change this setting.

  • Use of standard HTTP headers

    LiveUpdate sometimes uses non-standard headers that a firewall might block. You can use this setting to make Symantec Endpoint Protection Manager require standard HTTP headers from LiveUpdate. This setting applies only to downloads to clients from an external or an internal LiveUpdate server.

The degree of user control over LiveUpdate that you can configure varies depending on the client platform. The following options are available

  • You can restrict Windows users from getting either definitions and other protection content or product updates from LiveUpdate.

  • You can restrict Mac users from getting product updates from LiveUpdate.

    If you choose this option, you must provide product updates to Mac clients manually. Mac clients do not get product updates from the management server.

  • You cannot restrict Linux users from running LiveUpdate.

    Linux clients do not get product updates from LiveUpdate. You must provide product updates to Linux clients manually.

You can configure the Symantec Endpoint Protection Manager Apache web server, however, to allow a small number of Mac clients to download LiveUpdate content. For configuration instructions, see the following article:

Enabling Mac clients to download LiveUpdate content using the Apache Web server as a reverse proxy

Table: Tasks for managing content updates describes some of the tasks that you can perform to manage content updates. Since you can use the defaults for updating, all tasks are optional.

Table: Tasks for managing content updates



Run LiveUpdate after installation

After you install Symantec Endpoint Protection Manager, it is configured to periodically update content automatically. However, you can run LiveUpdate immediately or at any point to download the latest security and product updates.

See Downloading LiveUpdate content manually to Symantec Endpoint Protection Manager.

Typically you should run LiveUpdate after Symantec Endpoint Protection Manager installation if you did not run LiveUpdate during installation. LiveUpdate must download the Host Integrity templates and intrusion prevention signatures before you can apply Host Integrity or Intrusion Prevention policies to clients.

Configure the LiveUpdate download settings for the management server

Configure the management server to receive regular content updates. These content updates can be distributed to client computers.

When you configure a site to download LiveUpdate content to Symantec Endpoint Protection Manager, you need to make the following decisions:

  • How often the site checks for LiveUpdate content updates.

  • What content types to download to the site.

  • The languages for update types to download.

  • The LiveUpdate server that serves the content to the site.

  • The number of content revisions to keep.

See Configuring a site to download content updates.

See Configuring the LiveUpdate download schedule for Symantec Endpoint Protection Manager.

See Checking LiveUpdate server activity.

Set up a connection to allow a proxy server to connect to the Symantec LiveUpdate server

Establish communication between a proxy server and Symantec Endpoint Protection Manager so that it can connect with Symantec subscription services. A proxy server can provide an additional level of protection between your site and an external Symantec LiveUpdate server.

See Configuring Symantec Endpoint Protection Manager to connect to a proxy server to access the Internet and download content from Symantec LiveUpdate.

Specify proxy settings for client communication to an internal LiveUpdate server

You can specify proxy settings for the clients that connect to an internal LiveUpdate server for updates. The proxy settings are for updates only. They do not apply to other types of external communication that clients use. You configure the proxy for other types of client external communication separately.

See Specifying a proxy server that clients use to communicate to Symantec LiveUpdate or an internal LiveUpdate server.

Decide how client computers get updates

Client computers can automatically download security definitions and other product updates from Symantec Endpoint Protection Manager, but several other content distribution methods are available. For example, you can allow users who travel with portable computers to use an Internet connection to get updates directly from a Symantec LiveUpdate server.

Some installations that have large numbers of clients may set up single or multiple Group Update Providers to reduce the load on the management server. You can also configure an explicit list of Group Update Providers that clients can use to connect to Group Update Providers that are on subnets other than the client's own subnet.


Linux clients get updates only from an internal or an external LiveUpdate server. Mac clients can get updates only from an internal or external LiveUpdate server, or by using the Apache web server as a reverse proxy.

See About the types of content that LiveUpdate can provide.

See How client computers receive content updates.

See Configuring the LiveUpdate download schedule for client computers.

Configure the amount of control to give users over LiveUpdate

You can decide how much control to give your users over their content updates.

See Configuring the amount of control that users have over LiveUpdate.

Tune client download parameters

To mitigate the effect of downloads on network bandwidth, you can download content randomly so that not all clients get updates at the same time.

See About randomization of simultaneous content downloads.

See Randomizing content downloads from the default management server or a Group Update Provider.

To mitigate the effect of downloads on client computers' performance, you can have the client computers download content updates when the client computers are idle.

See Configuring client updates to run when client computers are idle.

Configure an alternate distribution method

Client computers automatically download virus definitions and other content updates from Symantec Endpoint Protection Manager, but there are several alternate distribution methods that you can use.

See How client computers receive content updates.

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices