Commands issued by Symantec Endpoint Protection Manager are executed by clients at next heartbeat
|Article:TECH160281|||||Created: 2011-05-18|||||Updated: 2012-07-28|||||Article URL http://www.symantec.com/docs/TECH160281|
Commands issued by Symantec Endpoint Protection Manager (SEPM) are executed by Symantec Endpoint Protection (SEP) clients at next heartbeat if the communication mode is set to pull mode.
Is it possible to run commands in real time on SEP clients?
The product's communication model is the server-client one, only the SEP client can start a TCP connection with the SEPM which is listening for them through the Symantec Web Server installed in IIS, by default on port 8014.
The connection between SEP and SEPM is established when the system boots, i.e. when the Symantec Management Client service starts.
In push mode, the connection is constantly kept established and the SEPM can send messages to the SEP clients.
In pull mode, the connection is kept open only for the required time and closed between heartbeats therefore the SEPM cannot send messages or files to the clients, they will get them when the connection is established again at next hearbeat.
The product is working as designed, according to server-client communication model and selected push or pull communication mode.
If faster response is required on executing the commands, the heartbeat should be reduced or the communication mode should switched to push. Before doing it, consider the impact that a more frequent communication has on systems and network performance, please, review the Related Articles section for more details about the communication between SEP clients and SEPM and how to size it.
Article URL http://www.symantec.com/docs/TECH160281