How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)

Article:TECH97190  |  Created: 2009-01-03  |  Updated: 2011-08-16  |  Article URL http://www.symantec.com/docs/TECH97190
Article Type
Technical Solution


Environment

Issue



I am concerned that my clients are receiving updates from a source other than their Symantec Endpoint Protection (SEP) Group Update Provider (GUP).

 


Solution



  • Enable Sylink debugging on the client in question.


  SylinkWatcher and SylinkMonitor - tools for real-time debugging of SPA 5.x and SEP 11.x


  How to enable Sylink Debugging for Symantec Endpoint Protection in the registry

 

  • Search for GUP's IP address embedded in a http command. If the GUP is the source of the update, you will see the following line in the Sylink log:


<GetLUFileRequest:>http://192.168.2.5:2967/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/80324005/delta80323019.dax

Note that the port for the GUP is 2967 (unless configured otherwise). This indicates the source is a GUP.
 

  • Please do not get this confused with the section that indicates which server the client is checking into. A GUP cannot manage a client so you will still see it connecting to the Endpoint Protection Manager.


11/05 08:18:07 [3144] <GetFirstServer> Using server '10.40.7.174'


References
For more detailed information, please refer to the following document:


Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection



 



Legacy ID



2009110311145748


Article URL http://www.symantec.com/docs/TECH97190


Terms of use for this information are found in Legal Notices