Endpoint Protection

Just curious about something.  If a managed SEP client can't contact its SEPM server for whatever reason, will it fall back and use the Internet to update its virus defs?  If not, is there a way to set SEPM policies to do this?  I'm mainly thinking about laptops that people take home but don't jack into the network or VPN in that often.

It will assuming you have your policy set to apply it.

Do you have location awareness setup?

If you go into your LU policy there is an option for scheduling which applies to liveupdate. You can set a schedule here, which will dictate what clients do when not connected to the SEPM.

Setting up Scenario Two location awareness conditions

Follow these document

For SEP 12.1

Configuring mobile computers to automatically download definitions when disconnected from the Symantec Endpoint Protection 12.1 Management console

http://www.symantec.com/docs/TECH177361

Also, Check this Article:

What happens when both LiveUpdate Server and Default Management server are configured in a LiveUpdate policy?

http://www.symantec.com/docs/TECH140817

Hope that helps!!

In 12.1, it will fall back by default, but not at once. See LU policy > Schedule > Options for skipping LiveUpdate. There is an option "LiveUpdate runs only if the client is disconnected from SEPM for more than x hours". You can use that to run a LiveUpdate schedule if the clients are not connected to the SEPM.

By default, LU schedule will be activated if SEPM cannot be reached for 8 hours AND AV/AS content is older than 2 days.