Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Configure liveupdate to run on client computers - Part 1

Created: 30 Jul 2013 • Updated: 04 Sep 2013 | 2 comments
Language Translations
Chetan Savade's picture
+13 13 Votes
Login to vote

Hello,

This article will demonstrate how to configure liveupdate to run client updates.

Some time customers may get confuse with these settings, they may feel these settings are applicable between SEP client and SEP Manager communication but it's not true.

It's very important to go through the following note which is available at the start of the page.

Important note: Enable the scheduling of automatic downloads from liveupdate servers. The schedule settings do not control downloads from the default management server, from Group Update Providers, or from third party content management tools. Downloads from the default management server depends upon heartbeat interval and selected mode. (Push mode or Pull mode)

 

1) Enable Liveupdate Scheduling:

  1. Click Policies and then click LiveUpdate.

  2. On the LiveUpdate Settings tab, right-click the policy that you want, and then click Edit.

  3. Under Windows Settings, click Schedule.

  4. Check Enable LiveUpdate Scheduling.

  5. Specify the frequency

You can select this option as per business requirement, By default it's set to every 4 hours.

Untitled6.png

 

2) Retry Window:

Untitled5.png

Set the maximum retry allowed after a failed schedule update. If the maximum time is reached before the update has run, the computer will wait for hthe next scheduled time to try again.

If you select any frequency other than Continuously, specify the Retry Window.

 

3) Download Randomization Option:

If you selected Continuously or Every "XX" hours then this option is grayed out by default.

Check the screen-shot.

Untitled2.png

If you selected Daily or Weekly option then you can configure download randomization options.

For Daily you set it to minimum 1 days & maximum 12 days

For Weekly you can set it to minimum 1 days & maximum 3 days

Untitled4.png

Your network might experience traffic congestion when multiple client computers attempt to download content from a LiveUpdate server. You can configure the update schedule to include a randomization window. Each client computer attempts to download content at a random time that occurs within that window

4. Idle Detection:

Untitled.png

To ease client computer performance issues, you can configure content downloads to run when client computers are idle. This setting is on by default. Several criteria, such as user, CPU, and disc actions, are used to determine when the computer is idle.

If Idle Detection is enabled, once an update is due, the following conditions can delay the session.

  • The user is not idle.

  • The computer is on battery power.

  • The CPU is busy.

  • The disk I/O is busy.

  • No network connection is present.

After one hour, the blocking set is reduced to CPU busy, Disk I/O busy, or no network connection exists. Once the scheduled update is overdue for two hours, as long as a network connection exists, the scheduled LiveUpdate runs regardless of idle status

To configure client updates to run when client computers are idle

To configure client updates to run when client computers are idle.

  1. Click Policies.

  2. Under Policies, click LiveUpdate.

  3. On the LiveUpdate Settings tab, right-click the policy that you want to edit, and then click Edit.

  4. Under Windows Settings, click Schedule.

  5. Check Delay scheduled LiveUpdate until the computer is idle. Overdue sessions will run unconditionally.

Reference: http://www.symantec.com/docs/HOWTO55289

5. Options for skipping liveupdate:

Untitled1_1.png

To save bandwidth, Symantec Endpoint Protection clients can be configured to only run scheduled LiveUpdates from the Symantec LiveUpdate server if one of the following conditions is met

  • Virus and spyware definitions on a client computer are more than two days old. Maximum duration can be 31 days.

  • A client computer is disconnected from Symantec Endpoint Protection Manager for more than eight hours.  Maximum hours can be 24 hours

 

Following KB's can be helpful as well:

Configuring the LiveUpdate download schedule for client computers

http://www.symantec.com/docs/HOWTO55287

Randomizing content downloads from a LiveUpdate server

http://www.symantec.com/docs/HOWTO55174

Configuring the LiveUpdate download schedule for client computers

http://www.symantec.com/docs/HOWTO55287

Configuring client updates to run when definitions are old or the computer has been disconnected

http://www.symantec.com/docs/HOWTO55293

Configuring client updates to run when client computers are idle

http://www.symantec.com/docs/HOWTO55289

Comments 2 CommentsJump to latest comment

Michael_Dexter's picture

Thank you. That surely helps.

0
Login to vote