You should use Group Update Provider on remote locations,
Read these articles here, they will help you:
Group Update Provider Overview
The Group Update Provider was a feature request to support designating a particular client to serve as a computer that will get content updates and publish them. This is designed to provide functionality vaguely similar to configuring a legacy Symantec AntiVirus client as a secondary server.
The computer that is downloading and publishing the content is referred to as the “Group Update Provider.” The computers in the client group will use the designated “Group Update Provider” as a local proxy for content updates.
Network considerations:
GUPs can be used to supplement or replace a SEPM for distributing content updates to SEP clients, but cannot be used to update policies or manage clients. This means that clients will still need network connectivity to a SEPM in order to perform the heartbeat process, which updates their policies, and informs them when new content is available to download from the GUP.
If the SEP clients you wish to update via a GUP are not able to connect to the SEPM of the HTTP port being used by the SEPM for client management, you will need to consider another method of updating clients. Depending on the version of SEPM used in your environment, the default client management port is either 80, or 8014 - This port is configurable within the product. The only method to update both content and policies on a client is through a SEPM.
Since the GUP is essentially a SEP client with the additional GUP role, it must also be able to access the SEPM via the client management port. In addition to this, the clients being served by the GUP must be able to connect to the HTTP port the GUP is listening on (2967 by default). It is recommended that a GUP be on the same network segment as all clients configured to update from the GUP.
The GUP will download definitions on-demand for itself and any clients configured to update through it. The GUP will cache all downloaded content according to the settings in its LiveUpdate policy. Clients that have been configured to use a GUP will download definitions directly from the GUP instead of SEPM. By this method, bandwidth is conserved. There must be sufficient bandwidth between the GUP and the SEPM to allow the GUP to download the full and delta definition packages being requested by SEP clients. The larger the spread of definition revisions used by the clients, the larger the bandwidth utilization between the SEPM and the GUP.
Though bandwidth usage can be significantly reduced by using GUPs strategically, it is still important to ensure that GUPs are positioned in the network to maximize their effectiveness.
GUPs should only be configured to provide updates to for clients on their local network segment. The GUP must have sufficient bandwidth to deliver content packages of up to 45 MB to the clients it serves up to 3 times a day
How to: Setup a Group Update Provider (GUP):
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/39e094426b9d082588257456006d4ac6?OpenDocument
and also:
Configuring the Group Update Provider (GUP) in Symantec Endpoint Protection 11.0 RU5
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/cb487ea7138bf8d24925763f00708be0?OpenDocument