Updating Windows Mobile Devices from an Internal LiveUpdate Administrator 2.x Server
|Article:TECH159934|||||Created: 2011-05-12|||||Updated: 2013-05-29|||||Article URL http://www.symantec.com/docs/TECH159934|
Can Windows Mobile smartphones, PDA's and other mobile devices that run Symantec Endpoint Protection Mobile Edition 6.x (SEPME 6.x) or Symantec Mobile Security 7.2 (SMS 7.2) be configured to successfully download new antivirus updates from an internal server, rather than Internet-based LiveUpdate source servers? How can this be done?
Configuring SEPME 6.x and SMS 7.2 devices to retrieve contents from an internal LiveUpdate server can be useful in organizations where the devices are not permitted to access the Internet.
IMPORTANT NOTE! Using WAN or another technology, the devices must be able to access intranet sites (HTTP, port 80) on the corporate network.
Important Note on File Size
Update files for Symantec mobile products are typically quite small. Current virus definitions are only a few KB, and product updates are also measured in KB. The amount of bandwidth saved by downloading these updates from the Internet to host on an internal LiveUpdate server should be considered against the configuration time and effort involved. Unless there are a great number of mobile devices to administer, it may be advisable for each mobile device to use their LiveUpdate Wireless components to retrieve their updates directly from the Internet.
Windows Mobile devices running SEPME 6.x and SMS 7.2 can be configured to download these updates from a local LUA 2.x Distribution Center within a corporate network, but the limited amount of total bandwidth saved should be considered by an administrator before setting up and maintaining an internal LUA 2.x server.
Windows Mobile and Android Devices Only
Devices which operate on the Symbian OS cannot receive their updates from an internal server. These will need to update their contents from internet source servers. Only Android and Windows Mobile devices protected by SEPME 6 or SMS 7.2 can update from an internal LUA 2.x server.
Configuring LiveUpdate Administrator 2.x
To download and distribute definitions, a LiveUpdate Administrator 2.x server needs to be installed in the corporate network. SEPME 6.x and SMS 7.2 devices cannot update from a Symantec Endpoint Protection Manager (SEPM) or other management console. Information and instructions for LiveUpdate Administrator 2.x can be found in the articles Installing and Configuring LiveUpdate Administrator 2.x (LUA 2.x) and Best Practices for LiveUpdate Administrator (LUA) 2.x.
Once LUA 2.x is installed, configure it to download content updates for Symantec Mobile Security 6.0.1. This will download the correct Windows Mobile definitions. The Symantec Mobile Security 7.2 listed in LUA 2.x is only for Android definitions.
The updates for Windows Mobile devices protected by SEPME 6.x or SMS 7.2 cannot be distributed to the default clu-prod Distribution Center (DC). By default, Windows clients must access that DC using port 7070. Windows Mobile devices must retrieve their definitions over HTTP using port 80. Administrators must create a Distribution Center that uses this port and protocol.
(Android devices may receive their updates from DC's with ports other than 80.)
After downloading and distributing the available updates in LUA 2.x, use Windows Explorer confirm that the following file is available in the DC:
303112306jtun_avdefs2.zip (Note that the numeric portion of the file's name will change)
These definitions are listed as "av_defs_pocketpc 2.0 English" and "Pocket PC 2.0 Virus Definitions" within the Manage Updates screens of LUA 2.x.
Symantec Management Console
The Mobile LiveUpdate Policy is configured within the Symantec Management Console (SMC). For details on how to install the Symantec Management Platform (SMP) and the Symantec Mobile Security Solution, please see the Implementation Guide for Symantec Endpoint Protection, Mobile Edition and Symantec Network Access Control, Mobile Edition and the Illustrated Guide to Installing Symantec Mobilie Security 7.2.
Enter the details for the LUA 2.x DC in the field, "Use a specified internal LiveUpdate server." Do not enter a prefix like "http://" but do be sure to provide the correct directory (if necessary) in the URL.
Full detailed descriptions of each field can be found in the Implementation Guide.
Update the Device
New configuration settings (including those of Mobile LiveUpdate Policy) are distributed to the SEPME 6.x and SMS 7.2 Windows Mobile devices via Mobile Agent. Click Update from within the Mobile Agent GUI on the device, and, after receiving confirmation that the new policy has been received, run LiveUpdate.
The mobile device should then be able to connect to the DC over HTTP and retrieve the content that LUA 2.x has distributed there.
Article URL http://www.symantec.com/docs/TECH159934