How to check which SEP client is not using the GUP to download content

Article:TECH169006  |  Created: 2011-09-07  |  Updated: 2012-07-28  |  Article URL
Article Type
Technical Solution



Link is saturated using port 8014 (port for Client - Manager communication).


Liveupdate policy assigned to the client group is configured to use GUP to download content updates. Also, the policy is configured to never download content from Management server.


Some clients are not part of the client group configured to use GUP and are downloading content from the Manager directly.

These clients are not identified.


To identify these "rogue" clients and move them to the corresponding group:

  1. Enable IIS logging of the "content" virtual directory only:
    1. If you are using Windows 2003 use the following technote:
      How to enable IIS logging for Symantec Endpoint Protection Manager in IIS 6.0
    2. If you are using Windows Server 2008 use the following technote:
      How to turn on Logging in IIS 7
  2. Wait a couple of hours for the clients to download content from the Manager
  3. Open the IIS log.
  4. In this log, only the IP Address of the GUP have to appear. If you find other IP address from the same subnet take note of it.
  5. Use the Symantec Endpoint Protection Manager to search for the IP address obtained in step 4.
  6. Move the Client to the corresponding client group (where it will use the Liveupdate policy configured to use the GUP).

Article URL

Terms of use for this information are found in Legal Notices