How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)
|Article:TECH97190|||||Created: 2009-01-03|||||Updated: 2011-08-16|||||Article URL http://www.symantec.com/docs/TECH97190|
I am concerned that my clients are receiving updates from a source other than their Symantec Endpoint Protection (SEP) Group Update Provider (GUP).
- Enable Sylink debugging on the client in question.
- Search for GUP's IP address embedded in a http command. If the GUP is the source of the update, you will see the following line in the Sylink log:
Note that the port for the GUP is 2967 (unless configured otherwise). This indicates the source is a GUP.
- Please do not get this confused with the section that indicates which server the client is checking into. A GUP cannot manage a client so you will still see it connecting to the Endpoint Protection Manager.
11/05 08:18:07  <GetFirstServer>
For more detailed information, please refer to the following document:
Article URL http://www.symantec.com/docs/TECH97190