HOW TO change the LiveUpdate source of an unmanaged Windows Symantec Endpoint Protection 12.1 Client

Article:TECH166129  |  Created: 2011-08-01  |  Updated: 2012-09-26  |  Article URL
Article Type
Technical Solution


You would like to configure an unmanaged (also known as "self-managed") Symantec Endpoint Protection 12.1 client to a different LiveUpdate source server instead of the Internet-based defaults.  How can this be accomplished by dropping a "Settings.Hosts.LiveUpdate" file that was exported from Symantec LiveUpdate Administrator 2.x (LUA 2.x)?


Do not use the steps in this article for SEP 12.1 clients that are managed by a Symantec Endpoint Protection Manager (SEPM) in the organization.  Clients correctly managed by a SEPM will receive a LiveUpdate policy that directs them to retrieve content from an internal LUA 2.x server's Distribution Center.


Please use the following steps to export, and copy the LiveUpdate settings to an unmanaged Symantec Endpoint Protection 12.1 client:

  1. Open the Symantec LiveUpdate Administrator console and login using an administrator account
  2. Click on "Configure", then click on "Client Settings"
  3. Click on the "Export Windows Settings" button and save the settings file to disk. 

NOTE: Please review (and edit) the settings prior to exporting the settings.

Before you can copy the the Settings.Hosts.LiveUpdate file to the client, make sure that Tamper Protection is temporarily disabled on the target machine. Symantec Endpoint Protection will block you from copying the file unless Tamper Protection is disabled. To disable Tamper Protection, please follow these steps:

  1. Open Symantec Endpoint Protection 12.1
  2. Click on "Change Settings"
  3. Next to Client Management, click on "Configure Settings"
  4. Select the "Tamper Protection" tab
  5. Un-check "Protect Symantec security software from being tampered with or shut down"
  6. Click on OK
  7. Close Symantec Endpoint Protection 12.1

Copy the Settings.Hosts.LiveUpdate file you exported earlier to the client. The target folder varies by operating system, and also includes the exact version number (For example 12.1.671.4971.105) of the Symantec Endpoint Protection client that is installed:

Windows XP / Windows 2003

"C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Config\"

Windows Vista / Windows 7 / Windows 2008 / 

"C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Config\"


Note: If SEP 12.1's Tamper Protection is not disabled before attempting to copy settings.hosts.liveupdate to this location, permissions-related errors will be displayed. SEP 12.1 will log these attempts to its Tamper Protection log:

Actor Target
C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE (PID 2508) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Config\Settings.Hosts.LiveUpdate (PID 0)
C:\WINDOWS\EXPLORER.EXE (PID 3604) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Config\Settings.Hosts.LiveUpdate (PID 0)


 After the settings.hosts.liveupdate file has successfully been copied, do not forget to re-enable SEP's Tamper Protection!

Article URL

Terms of use for this information are found in Legal Notices