Antivirus Definition Update Configuration (Within Office & Roaming)
Updated: 21 May 2010 | 8 comments
This issue has been solved. See solution.
Hi Guys,
We would like to be able to configure SEP so that:
- When a client is in the office it contacts SEPM to download the definitions
- When a client is outside of the office it downloads the definitions using Live Update
Our clients can spend a large amount of time out of the office without connecting in to our VPN. When this happens we need them to get their updates from Live Update, but when in the office we want them to use our servers (primarily to save bandwidth, but also to give us more control).
Is this possible? If so how can we configure it?
Many Thanks,
Chris Jones
discussion Filed Under:
Comments
All you do is for the
All you do is for the roaming user, enable live update button while keeping the client managed. This will allow you to let the roaming users connect to the internet and pick up defs. But when they are on the office network, the server pushes the defs to the clients automatically. This is exactly how we have eployed at our enterprise
The best solution is to
The best solution is to configure setting in LiveUpdate Settings policy.
Check allow users to manually Launch Liveupdate, it will solve both ur issues
Regards'
Ajit Jha
Technical Consultant
STS
Thanks vikram3500, I've seen
Thanks vikram3500, I've seen that option - but the help file in SEPM it states:
"If both options are enabled, clients try to retrieve updates from both sources. Typically, do not enable both options unless you have a specific reason. If the management server provides named update versions to clients, and the clients have previously downloaded the latest updates from a LiveUpdate server, the clients do not download and install the named (previous) versions"
Which makes me unsure about doing this. Do you get any negative side effects or problems?
Thanks,
Chris
If you enable LU on the
If you enable LU on the client, thats a pull mechanism, whilst the Update from the server is a push...The LU button has to be clicke don by the user to connect to the Internet. What I can do is go back to my workplace first thing tomorrow and get you the exact settings...
My laptop personally has that setting wher i can connect to the internet sitting at home as I am currently doing, while in the office the SEPm pushes defs out every so often
So... Use the default
So...
Use the default management server will result in SEPM pushing the updates out as it receives them.
and
Use a Live Update server will result in the client following the live update schedule and pulling updates accordingly - e.g. once a day at 13:00.
In which case if you connect the client to the office network you will predominantly get your updates from SEPM (I'm guessing that the moment SEP sees the network it tells SEPM it is there and the update gets pushed out almost instantly?), but at any rate all clients will get an update every day?
Thanks,
Chris
Make an office location that
Make an office location that has the SEPM configured as liveupdate source and default location will have Symantec public liveupdates as update servers.
- Jukka
how I would do it
I would set up some location awarnes. In this case I would find something to key off of such as a ip range or ranges to specify that the machine is in the office and all other ranges would be out of office. Then set two different update policys when the user is out of office have it use live update and check for updates once an hour. That may seem extreem for how often to check but remember that there will not be a download unless there are new definitions existing and this get remote machines protected fast.
Thanks Rick & Jukka, I've
Thanks Rick & Jukka,
I've tested that and that seems to do what we want.
Cheers,
Chris
Would you like to reply?
Login or Register to post your comment.