SEP11 Frequently Asked Questions File

 System Administrators and users alike typically have questions related to SEP11. The FAQ file in this article contains comon questions asked by users in my organization, and maybe helpful to your organization as well.

Q. What is a GUP and why can’t I manage my clients with the GUP?

A. GUP stands for “Group Update Provider”. The GUP is not a management tool, and the purpose is to reduce the load on the SEP servers, and benefit post with narrow bandwidth. The GUP is a SEP11 client that acts as a proxy between the SEP servers and clients in the group (Organizational Unit). The GUP receives definitions from the SEP11 server, and then allows clients to retreive updates locally. 

Q. I have a lot of workstations in my OU and would like to assign two GUPs to my OU, can this be done?

A. A group (Organizational Unit) can only be assigned one GUP. On the other hand, one GUP can be assigned to multiple groups (OUs). If the multiple sub OUs are located under the same top level OU, only provide the highest level OU. (i.e. Domain/OU/workstations/ and Domain/OU/servers/. Only provide Domain/OU). We recommend post with remote locations assign a separate GUP for the remote location. The separate GUP should be physically located in the remote location.

Q. How do I know my workstations are connected to the GUP?

A. You can determine if a SEP11 is retrieving updates from a GUP by completing the following instructions: 

1. Open SEP11.
2. Select view logs on the left.
3. Select view logs under Client Management.
4. Select system log.
5. Look for an entry similar to “Start using Group Update Provider (proxy server) @ XXX.XXX.XXX:2967.”

Q. How do I tell if my GUP is doing its job?

A. Once a computer receives the policy nominating it as a GUP from the SEP11 servers, the folder C:\Program Files\Symantec\Symantec Endpoint Protection\SharedUpdates will be created. When the GUP connects to the SEPM server for updates, it will store the updates it downloads in the shared updates folder. The file GUP.DAT will also reside in the folder.

Q. Why aren’t my clients updating from the GUP when the LiveUpdate button is pressed?

A. local users may run LiveUpdate manually; however, it is not required or recommended as the primary means of update. Whenever the live update is pressed, the client will skip the GUP and update from the SEPM servers. Each client has a policy applied telling it to check in every 3 hours with the local Group Update Provider (GUP), or the Symantec Endpoint Protection Manager (SEPM) if no GUP is assigned.  Every 3 hours the client will attempt to update definitions from the GUP.

Q. How do I update SEP11 using a .jdb file?

A. The .jdb needs to be copied to file to \Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming folder. After you copy the file to the proper folder, you should notice the updates are applied within 30 seconds.

Q. How do I know workstations at my location are receiving updated definitions?

A.  Definition dates are shown as soon as the client application is opened, as well as in the client’s system logs. Defintion updates and definition version can also be viewed in the client system logs. 

Q. How do I update the policy on my SEP11 client?

A. You can update the policy by completing the following instructions or right clicking on the SEP11 icon in the task tray and selecting "update policy": 

1. Open SEP11
2. Select “Help and Support”
3. Select troubleshooting
4. The field that says “Policy Serial Number” contains the policy date.
5. Under the Policy Profile field, select “update” to update policy.

Q. Systems are scaned at 2301(11:01 PM). My office is closed and workstations are turned off, can you reschedule or scans?

A. Scans are run at 2301(11:01 PM) locally. The scans will not start according to the time on the server, unless your office is in the same time zone. Even if your workstations are powered down at 2301 locally, the scan will run at the first chance possible, most likely when the user initially logs on. The scans will attempt to run over the next 12 hours if unsuccessful.

Q. How do I view reports displaying status of my workstations and servers?

A. System administrators can request a "limited administrator" account which will allow access to reporting features, and abilit to issue basic commands to SEP11 clients in their OU.