Video Screencast Help

SEP11 Frequently Asked Questions File

Created: 06 Mar 2009 • Updated: 10 Mar 2009 | 19 comments
Language Translations
J.Porter's picture
+8 8 Votes
Login to vote

 System Administrators and users alike typically have questions related to SEP11. The FAQ file in this article contains comon questions asked by users in my organization, and maybe helpful to your organization as well.

 

 

Q. What is a GUP and why can’t I manage my clients with the GUP?

A. GUP stands for “Group Update Provider”. The GUP is not a management tool, and the purpose is to reduce the load on the SEP servers, and benefit post with narrow bandwidth. The GUP is a SEP11 client that acts as a proxy between the SEP servers and clients in the group (Organizational Unit). The GUP receives definitions from the SEP11 server, and then allows clients to retreive updates locally. 

Q. I have a lot of workstations in my OU and would like to assign two GUPs to my OU, can this be done?

A. A group (Organizational Unit) can only be assigned one GUP. On the other hand, one GUP can be assigned to multiple groups (OUs). If the multiple sub OUs are located under the same top level OU, only provide the highest level OU. (i.e. Domain/OU/workstations/ and Domain/OU/servers/. Only provide Domain/OU). We recommend post with remote locations assign a separate GUP for the remote location. The separate GUP should be physically located in the remote location.

Q. How do I know my workstations are connected to the GUP?

A. You can determine if a SEP11 is retrieving updates from a GUP by completing the following instructions: 

    1. Open SEP11.
    2. Select view logs on the left.
    3. Select view logs under Client Management.
    4. Select system log.
    5. Look for an entry similar to “Start using Group Update Provider (proxy server) @ XXX.XXX.XXX:2967.”

 
 

Q. How do I tell if my GUP is doing its job?

AOnce a computer receives the policy nominating it as a GUP from the SEP11 servers, the folder C:\Program Files\Symantec\Symantec Endpoint Protection\SharedUpdates will be created. When the GUP connects to the SEPM server for updates, it will store the updates it downloads in the shared updates folder. The file GUP.DAT will also reside in the folder.

Q. Why aren’t my clients updating from the GUP when the LiveUpdate button is pressed?

A. local users may run LiveUpdate manually; however, it is not required or recommended as the primary means of update. Whenever the live update is pressed, the client will skip the GUP and update from the SEPM servers. Each client has a policy applied telling it to check in every 3 hours with the local Group Update Provider (GUP), or the Symantec Endpoint Protection Manager (SEPM) if no GUP is assigned.  Every 3 hours the client will attempt to update definitions from the GUP.

Q. How do I update SEP11 using a .jdb file?

A. The .jdb needs to be copied to file to \Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming folder. After you copy the file to the proper folder, you should notice the updates are applied within 30 seconds.

Q. How do I know workstations at my location are receiving updated definitions?

A.  Definition dates are shown as soon as the client application is opened, as well as in the client’s system logs. Defintion updates and definition version can also be viewed in the client system logs. 

Q. How do I update the policy on my SEP11 client?

A. You can update the policy by completing the following instructions or right clicking on the SEP11 icon in the task tray and selecting "update policy": 

  1. Open SEP11
  2. Select “Help and Support”
  3. Select troubleshooting
  4. The field that says “Policy Serial Number” contains the policy date.
  5. Under the Policy Profile field, select “update” to update policy.

Q. Systems are scaned at 2301(11:01 PM). My office is closed and workstations are turned off, can you reschedule or scans?

A. Scans are run at 2301(11:01 PM) locally. The scans will not start according to the time on the server, unless your office is in the same time zone. Even if your workstations are powered down at 2301 locally, the scan will run at the first chance possible, most likely when the user initially logs on. The scans will attempt to run over the next 12 hours if unsuccessful.

Q. How do I view reports displaying status of my workstations and servers?

A. System administrators can request a "limited administrator" account which will allow access to reporting features, and abilit to issue basic commands to SEP11 clients in their OU.

 

Comments 19 CommentsJump to latest comment

nkapoor's picture

Great article, I could have used that 4 months ago or so.

-1
Login to vote
brav's picture

Nice to know the info about GUP's wasn't much in the documentation about these when we first implemented SEP .

m00

+1
Login to vote
Jerry Chen's picture

it let the enduser know what we done for them....

-1
Login to vote
Ajit Jha's picture

Good Documentation

Ajit

Regard's

Ajit Jha

Technical Consultant

ASC & STS

-1
Login to vote
J.Porter's picture

Thank you!

0
Login to vote
Tejas Shah's picture

#1. Give details about how to install GUP on a seprate machine.

#2. In a environment where at present clients are updtaing from SEPM. After creating GUP, how d oyou configure clients to now onwards get defination from GUP?

#3. Tell is what sould be the best prative for a "Firewall" policy. I mean, shall we keep the default seeting for Firewall policy, the way it gets installed, or you want/recommand something to change.

#4. Same is for Antivirus and Antispyware policy.

Tejas

0
Login to vote
J.Porter's picture

1) The GUP is a setting under the LiveUpdate policy. You can specify the GUP by editing the LiveUpdate policy and entering the IP or hostname of the machine that you want to serve as the GUP. The GUP should be in the same OU as the sep11 clients it is servicing.

2) Once the GUP is configured, the clients will receive the updated policy with the GUP nomination if they're in the same group.

3) The firewall policy depends on your business, and your requirements. I can't really tell you how to set your firewall. First define your requirements. What kind of data do you need to protect? I've noticed the IPS creates network latency, but I don't think this is a Symantec problem. I believe we have security configurations that interact with some of the signatures in a negative way.

4) We don't scan exchange boxes, and database files.

0
Login to vote
Vikram Kumar-SAV to SEP's picture

Symantec Endpoint Protection 11.0 Group Update Provider (GUP)
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007092720522748

Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper
http://service1.symantec.com/SUPPORT/ent-security....

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

0
Login to vote
J.Porter's picture

Good information!

0
Login to vote
Symantec World's picture

Very useful article.

Regards, M.R

+1
Login to vote
J.Porter's picture

Thank you!

0
Login to vote
Optimus Prime's picture

So helpful..I need this right away...

;-)

0
Login to vote
Jay Pawaskar's picture

This is very good info. As you have mentioned, I can assign multiple groups to a single GUP, does that mean that Server/OU1 and Server/OU2 can be assigned to a single GUP? Then what if I assign Server/OU1 and ServerOU2 to one GUP and Server/OU1 and Server/OU2 to another GUP? Is it possible?

0
Login to vote
early_morning's picture

We are getting ready to setup GUP in the next week or 2.  Timely article.
thanks

0
Login to vote
early_morning's picture

When I moved from my test enviornment I used Sylinkdrop.exe.  It moves the user to the new group but the policies don't seem to work in the new group for the user moved.

Do you have to designate the box that does NOT keep old configuration?

0
Login to vote
Raghav_KBL's picture

Nice article ,,, which contains basic information...

But should have more on configuration.

Regards
Raghavendra K S
IT-Officer
Karnataka Bank Ltd,
Bangalore

0
Login to vote
Wah@Symantec's picture

Great job on the article!!!!

0
Login to vote