Does client machines running on SEP11RU7 require logged on to receive latest AV Definitions? Or just simply leave the machine connected to the network?

client will communicate with SEPM based on heart beat interval, push mode or pull mode

it does not matter if user is logged in or not, the client will stilll contact and get periodic updates.

is the client managed? how is the LU policy defined? If LU is enabled and configured to get the updates from Symantec LU then you need to have interne connection.

Hello,

No it's depend on heartbeat settings

The SEP client heartbeat interval is normally controlled by communications policies set at the Symantec Endpoint Protection Manager (SEPM). In certain situations, the SEP client will decrease its heartbeat interval to a value between 0 and 60 seconds. The purpose of this accelerated heartbeat is to ensure that critical updates and content are delivered to clients in as timely a manner as possible. Once the client is able to download the content update or package requested, the client will then re-apply the heartbeat interval configured at the SEPM level. It is not possible to configure clients' Accelerated Heartbeat intervals.

About Accelerated Heartbeat in Symantec Endpoint Protection (SEP) Clients.

Article:TECH93724

|

Created: 2009-01-30

|

Updated: 2010-11-18

|

Article URL http://www.symantec.com/docs/TECH93724

https://www-secure.symantec.com/connect/articles/symantec-endpoint-protection-heartbeat-process

All clients are managed via SEPM. LU Policy is defined, set to every 3 hours to run the liveupdate. Clients will get the definitions either from SEPM or LUA. Due to some network bandwidth issues, we want to ask the users to leave their machines overnight to get the latest definitions. We want to ensure the definitions will be distributed to all clients as long as the machines are connected to the network.

Yes it will

if you carefully looked at where the definitions are stored.

it will be users folder or documents \settings \all users

so no matter who is logged in or not logged in will still get updates :) 

we have hundereds of application servers where no one logs in for a fortnight. but still they get udpates coz of heartbeat.. 

Hi,

--> Yes simply leave the machine connected to the network.

Make sure clients are in Push mode.

Push mode

The client establishes a constant HTTP connection to the server. Whenever a change occurs with the server status, it notifies the client immediately.

Pull mode

The client connects to the server periodically, depending on the frequency of the heartbeat setting. The client checks the status of the server when it connects.

Because of the constant connection, push mode requires a large network bandwidth. Most of the time you can set up clients in pull mode.

What is the difference between Push and Pull modes when downloading policies and content from the management server? --> Clients that use the Push mode download policies and content as soon as they become available. On push mode an open connection is kept so that the manager can contact the client immediately when data is available. Clients that use the Pull mode download policies and content based on the Heartbeat interval setting, which is set to 5 minutes by default. Because of the greater network bandwidth that is used with the push mode, it is recommended more for small and medium-sized networks.                                                                                  

Configuring push mode or pull mode to update client policies and content

http://www.symantec.com/business/support/index?page=content&id=HOWTO26845

All clients are managed via SEPM. LU Policy is defined, set to every 3 hours to run the liveupdate.

One thing to keep in mind is that the client only uses LiveUpdate when downloading from Symantec's cloud servers or from LiveUpdate Administrator.  If the client is configured to download definitions from the SEPM, the schedule is determined by the client's heartbeat interval and it will simply transfer via TCP port 8014.

Hi,

Do you have any update on this? If issue is resolved then don't forget to mark your thread as 'SOLVED' with the answer that best helps you

Thank you all. Left my machine turned on, connected to the network overnight and it did get the updates from the Symantec server. The only watch out is the power settings - it might hiberate or change to sleep mode after certain minutes, based on the policy enforced.