How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)
| Article:TECH97190 | | | Created: 2009-01-03 | | | Updated: 2011-08-16 | | | Article URL http://www.symantec.com/docs/TECH97190 |
Problem
I am concerned that my clients are receiving updates from a source other than their Symantec Endpoint Protection (SEP) Group Update Provider (GUP).
Solution
- Enable Sylink debugging on the client in question.
SylinkWatcher and SylinkMonitor - tools for real-time debugging of SPA 5.x and SEP 11.x
How to enable Sylink Debugging for Symantec Endpoint Protection in the registry
- Search for GUP's IP address embedded in a http command. If the GUP is the source of the update, you will see the following line in the Sylink log:
<GetLUFileRequest:>http://192.168.2.5:2967/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/80324005/delta80323019.dax
Note that the port for the GUP is 2967 (unless configured otherwise). This indicates the source is a GUP.
- Please do not get this confused with the section that indicates which server the client is checking into. A GUP cannot manage a client so you will still see it connecting to the Endpoint Protection Manager.
11/05 08:18:07 [3144] <GetFirstServer>
References
For more detailed information, please refer to the following document:
Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection
|
|
Legacy ID
2009110311145748
Article URL http://www.symantec.com/docs/TECH97190
Terms of use for this information are found in Legal Notices
Thank you.