Endpoint Protection

 View Only

  • 1.  Clients Update Issue from a GUP

    Posted Feb 23, 2015 08:05 AM

    hello all,

    I have a GUP assigned for region-A group . Now this group contains few hundred endpoints ( have diffrent subnets they are part of )  and are supposed to take updates from the GUP . For this Group. I have created muliple group update provider and specified the GUP machine and for explicit GUPs I have done the mapping of diffent subnets to the GUP . For about 250 + endpoints they are downloading updates fine from the GUP but the other endpoints in the group are not downloading definations ( most of them I cannot PING from the SEPM , last connection time for them are also 1-2 weeks old ) and some are also showing " Not Available " status in the AV Defination date in the clients tab.

    What could be the problem for these endpoints not downloading the defs ? communication problems ? Corrupt installaiton or definations could also be the issue ?

    Regards



  • 2.  RE: Clients Update Issue from a GUP

    Posted Feb 23, 2015 08:06 AM

    What's the SEPM/SEP version here?

    Can you enable sylink debugging on one affected client? I would also suggest running the symhelp tool as well to detect issues.



  • 3.  RE: Clients Update Issue from a GUP

    Posted Feb 23, 2015 08:24 AM

    Thanks Brian for your reply. We are talking about SEP 12.1.5 both for Managers and endpoints.  

    Now I was looking at my GUP configuration and mappings for this group and was wondering that if I had any misconfigurations with the GUP then the other endpoints in the same group that are updated 250+ would have the same problem as other endpoints are having.  Regards



  • 4.  RE: Clients Update Issue from a GUP

    Posted Feb 23, 2015 08:30 AM

    TBH, it sounds like a general comms issue to me.  The clients must first be able to contact the SEPM in order to use GUPs.  If you're seeing a last checkin timestamp of more than 2 weeks, then investigate communications issues as a priority.



  • 5.  RE: Clients Update Issue from a GUP

    Posted Feb 23, 2015 08:38 AM

    Did you verify the affected client(s) check in?



  • 6.  RE: Clients Update Issue from a GUP

    Posted Feb 23, 2015 08:41 AM

    Thanks for your reply SMLatCST . I have also noticed few machines who have a recent timestmap with SEPM but having few weeks old defination dates.

    Secondly kindly confirm one thing don't clients already have the global list file that lists the correspondings GUPs for them or they download the list each and everytime when they heartbeat with the SEPM then download the list and after that go to the GUP to download the content ?

    Don't they have the list for their GUPs with them everytime or they download it when they check-in with the SEPM and then download the list ?

    Regards



  • 7.  RE: Clients Update Issue from a GUP

    Posted Feb 23, 2015 09:36 AM

    Haven't the foggiest I'm afraid!

    For clients that are actively in contact with the SEPM but not grabbing defs via GUPs, you'll have to go through the usual sylink/debug log trawling on the client and GUP (I'm sure you'll be familiar with this by now!).



  • 8.  RE: Clients Update Issue from a GUP

    Posted Feb 23, 2015 11:51 AM

    Hello SMLatCST do you want me to run Sylink loggin on one of the affected endpoints or on GUP both ? and for how long do you want me to run it ? 2-3 heartbeat cycles ?

    Regards



  • 9.  RE: Clients Update Issue from a GUP

    Posted Feb 23, 2015 11:52 AM

    On the affected client. Let it run thru a few heartbeats, need to see it attemtping to get its updates