The following methods of updating content exist:

Configuring a site to download updates
When you configure a site to download updates, the updates are placed in the database. This allows the management servers to distribute updates to clients.

The default behavior and best practice in most cases is to have sites download updates from the Symantec LiveUpdate server.

To configure a site to download updates from the Symantec LiveUpdate server

1. In the Symantec Endpoint Protection Manager console, click Admin.
2. In the "Tasks" pane, click Servers.
3. In the "View" pane, right-click Local Site, and then click Edit Site Properties.
4. In the "Site Properties" dialog box, on the "LiveUpdate" tab, under "Download Schedule", set the scheduling options for how often the server should check for updates.
5. Under "Update Types to Download", inspect the list of update types that are downloaded.
6. To add or delete an update type, click Change Selection, modify the list, and then click OK.
7. Under Languages, inspect the list of languages of the update types that are downloaded.
8. To add or delete a language, click Change Selection, modify the list, and then click OK.
9. Under LiveUpdate Source servers, ensure that the LiveUpdate Source server is set to Symantec LiveUpdate server
   This is the default setting.
10. Click OK.

If you have an internal LiveUpdate server, you can configure the site to download updates from that server instead. This can be useful for sites with over 10,000 nodes. For more information on setting up an internal LiveUpdate server, see the "LiveUpdate Administrator's Guide."

To configure a site to download updates from an internal LiveUpdate server

1. In the Symantec Endpoint Protection Manager console, click Admin.
2. In the "Tasks" pane, click Servers.
3. In the "View" pane, right-click Local Site, and then click Properties.
4. In the "Site Properties" dialog box, on the "LiveUpdate" tab, under "Download Schedule", set the scheduling options for how often the server should check for updates.
5. Under Update Types to Download, inspect the list of update types that are downloaded.
6. To add or delete an update type, click Change Selection, modify the list, and then click OK.
7. Under "Languages", inspect the list of languages of the update types that are downloaded.
8. To add or delete a language, click Change Selection, modify the list, and then click OK.
9. Under LiveUpdate Source servers, click Edit Source Servers.
10. In the LiveUpdate Servers dialog box, check Use a specified internal LiveUpdate server, and then click Add.
11. In the "Add/Update Server" dialog box, complete the boxes with the information that identifies the LiveUpdate server, and then click OK.
    "Help" lists and describes the data to enter in the boxes. For failover support, you can install, configure, and select more than one LiveUpdate server. If one server goes offline, the other server provides support.
12. In the "LiveUpdate Server" dialog box, click OK.

About site replication and content updates
If you configure sites on your network for replication from another site, the content updates that are in the database of the primary site will replicate as part of the database. In this case, you only need to configure updates on the primary site.

If you choose to use product updates as well as content updates, you should not replicate product updates between sites, because these updates can be quite large, and one exists for every language that you select.

Configuring a group of clients to download updates
In order to configure the behavior of a client group, you use LiveUpdate client policies, which you create in Symantec Endpoint Protection Manager.

About LiveUpdate client policies
To configure a group to download updates, you use LiveUpdate client policies. There are two kinds of LiveUpdate client policy: LiveUpdate Settings policies, and LiveUpdate Content policies. The following table shows what each type of policy controls, and to what products each applies:

Configuring a LiveUpdate Settings policy
You can either create a new LiveUpdate Settings policy or edit an existing policy.

To create a LiveUpdate Settings policy

1. On the console, click Policies.
2. In the "View Policies" pane, click LiveUpdate.
3. In the "LiveUpdate policies" pane, on the LiveUpdate Settings tab, if a policy exists and is highlighted, click the mouse somewhere in the white space in the pane other than where the policies are listed.
   Note: Deselect any policy that is selected, and remove the yellow highlight.
4. In the lower-left Tasks pane, click Add a LiveUpdate Settings Policy.

To edit an existing LiveUpdate Settings policy

1. On the console, click Policies.
2. In the "View Policies" pane, click LiveUpdate.
3. In the "LiveUpdate policies" pane, on the LiveUpdate Settings tab, click and highlight the policy that you want to edit.
4. In the lower-left Tasks pane, click Edit the Policy.

Whether you created a new policy or are editing an existing one, you now see the LiveUpdate Policy window.

To configure the LiveUpdate Settings policy

1. On the "Overview" pane, accept or change the "Policy name" and "Description."
2. In the navigation box on the left, click Server Settings.
3. In the "Server Settings" pane, under "Internal or External LiveUpdate Server", check and enable at least one source from which to retrieve updates.
   Note: Most organizations should use the default management server.
4. In the "navigation" box on the left, click Schedule.
5. In the "Schedule" pane, accept or change the scheduling options.
6. In the "navigation" box on the left, click Advanced Settings.
7. Decide whether to keep or change the default settings.
   • Generally, you do not want users to modify update settings. You may, however, want to let them manually launch a LiveUpdate if you do not support hundreds or thousands of clients.
   • If you want clients to be able to launch LiveUpdate, you must specify an internal or external LiveUpdate server in the "Server Settings" pane. The "Advanced Settings" options are disabled unless a LiveUpdate server is selected.
8. When you finish configuring the policy, click OK.
9. In the Assign Policy dialog box, do one of the following:
   • Click Yes to save and assign the policy to a group or a location in a group.
   • Click No to save the policy without assigning it to any clients.
10. If you clicked Yes, in the Assign LiveUpdate Policy dialog box, check the groups and locations to which to assign the policy, and then click Assign.
    If you cannot select a group that is nested, that group inherits policies from its parent group, as set on the Clients> [group name]> Policies tab.

Creating a LiveUpdate Content policy
A LiveUpdate Content policy allows you to control exactly which content updates are available to your clients. Typically, you would use a LiveUpdate Content policy if you test content updates in an isolated environment before you distribute them to clients. On most networks, you do not need to change the settings in the default LiveUpdate Content policy.

Note: If you configure a LiveUpdate Content policy to distribute specific content updates rather than the latest updates, clients will no longer be updated automatically. You must distribute a new LiveUpdate Content policy for each new update that you wish to allow.

To create a LiveUpdate Content policy

1. On the console, click Policies.
2. In the View Policies pane, click LiveUpdate.
3. In the "LiveUpdate policies" pane, on the "LiveUpdate Content" tab, if a policy exists and is highlighted, click the mouse somewhere in the white space in the pane other than where the policies are listed.
   You want to deselect any policy that is selected, and remove the yellow highlight.
4. In the lower-left "Tasks" pane, click Add a LiveUpdate Content Policy.

To edit an existing LiveUpdate Content policy

1. On the console, click Policies.
2. In the "View Policies" pane, click LiveUpdate.
3. In the "LiveUpdate policies" pane, on the "LiveUpdate Content" tab, click and highlight the policy that you want to edit.
4. In the lower-left "Tasks" pane, click Edit the Policy.

Whether you created a new policy or are editing an existing one, you now see the "LiveUpdate Policy" window.

To configure a LiveUpdate Content policy

1. In the "Overview" pane, in the "Policy name" box, accept or change the "Policy name" and "Description."
2. In the "LiveUpdate Content" pane, click Security Definitions.
3. In the "Security Definitions" pane, check the updates to download and install, and uncheck the updates to disallow.
4. For each update type, do one of the following actions:
   • To always get the most recent updates, check Use latest available.
   • To control which version of the updates clients receive, check Select a revision.
5. To continue, do one of the following:
   • If you did not check Select a revision for an update type, click OK, and then continue with step 8.
   • If you did check Select a revision for an update type, click Edit, and then continue with the next step.
6. In the Select Revision dialog box, in the Revision column, click and select the revision to use, and then click OK.
   You can only select revisions that the management server has already downloaded and that are in the database.
7. In the LiveUpdate Content window, click OK.
8. In the Assign Policy dialog box, click Yes.
   You can optionally cancel out of this procedure, and apply the policy at a later time.
9. In the Assign LiveUpdate Content Policy dialog box, check one or more groups to which to apply this policy, and then click Assign.

Viewing and changing the LiveUpdate Content policy that is applied to a group
LiveUpdate Content policies are applied to groups and to all locations in groups. Therefore, the policy does not appear with other policies under locations in the console.

To view and change the LiveUpdate Content policy that is applied to a group

1. In the console, click Policies, and create at least two LiveUpdate Content policies.
2. Apply one of the policies to a group.
3. In the console, click Clients, and then click the group that you want to view.
4. In the right pane, on the "Policies" tab, under "Location-independent Policies and Settings", under "Settings", click LiveUpdate Content Policy Settings.
5. In the dialog box, specify the LiveUpdate Content Policy to use for the group, and then click OK.

About Group Update Providers
When you create a LiveUpdate Settings policy, you have the option of specifying a Group Update Provider. The Group Update Provider provides updates to clients in the group, and any subgroups that inherit policies as set on the Clients tab. If you have clients in a group at a remote location that have bandwidth issues over the WAN, make a client in the group the Group Update Provider. The Group Update Provider must be a member of the group to which it provides updates. The Group Update Provider also lets you offload processing power from the Symantec Endpoint Protection Manager if you need that option.

When you configure a Group Update Provider, you specify a host name or IP address and a TCP port number. The default TCP port number is 2967, a port that was used in Symantec AntiVirus 10.x and Symantec Client Security 3.x network communications. If your Group Update Provider computer receives IP addresses with DHCP, you should either assign a static IP address to the computer, or type the host name. If your Group Update Provider computer is at a remote location, and if that remote location uses network address translation (NAT), type the host name.

To configure a Group Update Provider in a LiveUpdate Settings policy

1. On the console, click Policies.
2. In the "View Policies" pane, click LiveUpdate.
3. In the "LiveUpdate Policies" pane, on the LiveUpdate Settings tab, under Name, click and select the policy to edit.
4. In the lower-left "Tasks" pane, click Edit the Policy.
5. In the "LiveUpdate Policy" window, click Server Settings.
6. In the right pane, under "Group Update Provider", check Use the Group Update Provider as the default LiveUpdate server.
7. Click Group Update Provider.
8. In the "Group Update Provider" dialog box, in the "Host" box, type an IP address or a host name.
9. In the "Port" box, accept or change the default, and then click OK.
10. In the "Update Policy" window, verify that at least one LiveUpdate server is still selected, and then click OK.

Configuring a local client to download updates
If a client is unmanaged, or if a LiveUpdate Settings policy for managed clients allows, several options exist for downloading updates on individual clients.

Running LiveUpdate manually
Unmanaged clients and clients that are configured by a LiveUpdate Settings policy to allow manual updates have the LiveUpdate button enabled in the Symantec Endpoint Protection window. This button runs LiveUpdate Express, which downloads the latest content updates automatically.

Scheduling LiveUpdate
Unmanaged clients and clients that are configured by a LiveUpdate Settings policy to allow changes to the LiveUpdate schedule can be configured locally to download updates at specific times.

To configure the LiveUpdate schedule

1. In Symantec Endpoint Protection, click Change settings.
2. In the right pane, click Client Management.
3. In the "Client Management Settings" window, on the "Scheduled Updates" tab, check Enable automatic updates.
4. Select the frequency and time that you want LiveUpdate to run.
5. To configure options about what to do if LiveUpdate is not able to run at the specified time, click Advanced.
6. When you finish configuring the LiveUpdate schedule, click OK.

Running LiveUpdate from the command line
LiveUpdate can also be run from the command line or as a Windows scheduled task, with an optional -s(ilent) switch:

"C:\Program Files\Symantec\LiveUpdate\Luall.exe" -s

This should normally be done only to check LiveUpdate's function, e.g. running it without the silent switch to verify the list of products that are registered with LiveUpdate.


References
This document is available in the following languages:

• Brazilian-Portuguese: http://www.symantec.com/business/support/index?page=content&id=TECH102467&locale=pt_BR
• French: http://www.symantec.com/business/support/index?page=content&id=TECH102467&locale=fr_FR
• German: http://www.symantec.com/business/support/index?page=content&id=TECH102467&locale=de_DE
• Italian: http://www.symantec.com/business/support/index?page=content&id=TECH102467&locale=it_IT
• Spanish: http://www.symantec.com/business/support/index?page=content&id=TECH102467&locale=es_ES
• Simplified Chinese: http://www.symantec.com/business/support/index?page=content&id=TECH102467&locale=zh_CN