Using Third-party distribution tools to distribute updates to Symantec Endpoint Protection 11.0.x clients

Article:TECH102542  |  Created: 2007-01-27  |  Updated: 2012-01-30  |  Article URL http://www.symantec.com/docs/TECH102542
Article Type
Technical Solution


Environment

Issue



You would like to know more about using Third-party Tools to distribute updates to Symantec Endpoint Protection 11.0.x clients.  How can SEP 11 clients be configured to receive new content from sources other than its Symantec Endpoint Protection Manager (SEPM) or a LiveUpdate server?


Solution



Advanced update distribution options

Large networks might rely on third party distribution tools like IBM Tivoli, Microsoft SMS, and so on to distribute updates to client computers. Symantec client software supports update distribution with these tools. To use third party distribution tools, you need to get the update files, and you need to distribute the update files with a distribution tool.

For managed clients, you can get the update files after installing and configuring a Symantec Endpoint Protection Manager server as the first and only server at a site. You then schedule and select the LiveUpdate updates to download.

The update files are downloaded into sub-directories in the following (default) directory:

  • \Program Files\Symantec Endpoint Protection Manager\Inetpub\content


You then distribute the files to the inbox directories on client computers: The following directory appears on the client computers that do not run Windows Vista:

  • \Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\inbox\


The following directory appears on the client computers that do run Windows Vista:

  • \Program Data\Symantec\Symantec Endpoint Protection\inbox\


By default, this directory does not exist, and client software does not check and process content in this directory. For managed clients, you must configure a LiveUpdate Policy for the group, enable third party distribution to clients in the group, and apply the policy.

Note: A best practice is to enable this support with a LiveUpdate Policy

Enabling third party content distribution to managed clients with a LiveUpdate Policy

When you create a LiveUpdate Policy that supports third party content distribution to managed clients, you have a couple of additional goals. One goal is to reduce the frequency with which clients check for updates. The other goal typically is to disable the ability of client users to manually perform LiveUpdate. The term managed clients means that the clients are managed with Symantec Endpoint Protection Manager policies.

When you are finished with this procedure, the following directory appears on the group's client computers that do not run Windows Vista:

  • \Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\inbox\


The following directory appears on the group's client computers that do run Windows Vista:

  • \Program Data\Symantec\Symantec Endpoint Protection\inbox\



To enable third party content distribution to managed clients with a LiveUpdate Policy

  1. On the console, click Policies.
  2. In the View Policies pane, click LiveUpdate.
  3. In the LiveUpdate Policies pane, on the LiveUpdate Settings tab, under Tasks, click Add a LiveUpdate Setting Policy.
  4. In the LiveUpdate Policy window, in the Policy name and Description boxes, type a name and description.
  5. Under Third Party Management, check Enable third party content management.
  6. Uncheck all other LiveUpdate source options.
  7. Click OK.
  8. In the Assign Policy dialog box, click Yes. You can optionally cancel out of this procedure, and assign the policy at a later time.
  9. In the Assign LiveUpdate Policy dialog box, check one or more groups to which to assign this policy, and then click Assign.



Distributing content to managed clients with third party distribution tools

After you configure the LiveUpdate Policy to enable third party content management, you locate and copy the content on Symantec Endpoint Protection Manager. After you locate and copy the content, you distribute it to clients. You also decide what content to copy and distribute.

Note: If you stage update files on client computers before placing them in the /inbox directory, you must copy the files. Moving the files does not work. You can also copy .vdb and .jdb files to the inbox for processing.

To distribute content to managed clients with third party distribution tools

  1. On the computer that runs the Symantec Endpoint Protection Manager, create a working directory such as \Work_Dir.
  2. On the console, on the Clients tab, right-click the group to update, and then click Properties.
  3. Document the first four hexadecimal values of the Policy Serial Number, such as 7B86.
  4. Navigate to the following directory: \Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent
  5. Locate the directory that contains the first four hexadecimal values that match your client group Policy Serial Number.
  6. Open that directory, and then copy index2.dax to your working directory, such as \Work_Dir\index2.dax.
  7. Navigate to the following directory: \Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content
  8. Open and read ContentInfo.txt to discover the content that each <<targetmoniker>>  directory contains.
  9. The contents of each directory is <<targetmoniker>>\<sequencenum>\full.zip and <<target moniker>>\<sequencenum>\full.
  10. Example: Virus Definitions Win32 with a date of 20080821 revision 007 will be located in: Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}\80821007
  11. Copy the content of each \<<target moniker>> directory to your working directory such as \Work_Dir.
  12. Delete all files and directories from each \<<target moniker>> so that only the following directory structure and file remain in your working directory: Work_Dir\<<target moniker>>\<latest sequence number>\full.zip (Your working directory now contains the directory structure and files to distribute to your clients.)
  13. Use your third party distribution tools to distribute the content of \Work_Dir to the \Symantec Endpoint Protection\inbox\ directory on your clients in your group.
  14. The end result must look like the following:
      • \Symantec Endpoint Protection\inbox\index2.dax
      • \Symantec Endpoint Protection\inbox\<<target moniker>>\<latest sequencenumber>\full.zip


Using the same example as above, the results would look like:

      • \Symantec Endpoint Protection\inbox\index2.dax
      • \Symantec Endpoint Protection\inbox\{C60DC234-65F9-4674-94AE-62158EFCA433}\80821007\full.zip



If the files disappear so that \inbox\ is empty, you were successful. If an \inbox\invalid\ directory appears, you were not successful and must try again.





References
administration_guide.pdf

 




Legacy ID



2007092721070448


Article URL http://www.symantec.com/docs/TECH102542


Terms of use for this information are found in Legal Notices