Hi Guys,
I'm totally baffled as to what is required or what is happening in our organisational setup. hope you can help.
We have Symantec AntiVirus Corporate Edition 10.x (10.1.7.7000) deployed to all our client PCs (XP) and these PCs are managed through Symantec System Centre console on two 'parent servers'
these servers are located in different physical offices. hence each parent server manages a respective number of clients, based on office location. (This is an existing setup, before my time with this company).
What i'm confused about is where these clients are getting their updates from (virus definitions / version updates) - from the parent server or from Symantec over the internet.
This has come about because yesterday, from Symantec System Centre, i changed some settings from the parent servers to managed clients virus definitions by:
"Update virus definitions from the parent server" and
"schedule client for automatic updates using LiveUpdate"
see pic :
The issue arose when we noticed out internet link being maxed out for about 30 minutes. what we pieced together was that from all the client AV logs, the LiveUpdate was initiated on all the PCs at once and was getting the definition update from the Symantec LiveUpdate server instead of the designated 'parent server'.
This obviously wasnt 'an issue' when there was no defined schedule. ie each PC would get a new definition at random times based upon system startup. hence there was no spike noticed in internet traffic; until now.
I've done a fair bit of reading through these KBs and manuals:
Where I read from the first document listed: "LiveUpdate can retrieve definitions files either from the Symantec server (which it does by default) or from an internal Web, FTP, or file server created with the LiveUpdate Administration Utility." <- this has confused me.
Does this mean that even though i run Symantec System Centre, with 2 parent servers, each with their designated alotment of managed client PCs -and- with an option designating ""Update virus definitions from the parent server" ... that the clients will still update from the internet (Symantec LiveUpdate servers) instead of our internal 'parent servers' if LiveUpdate Administration Utility is not installed and configured in conjunction?
Also, i note in the document explaining Symantec LiveUpdate Administrator, it mentioned the client LiveUpdate source is kept in the file
Settings.Hosts.LiveUpdate (which is generated from the
Symantec LiveUpdate Administrator 2.1 utility and then saved to the client in the directory C:\Program Files\Symantec\LiveUpdate\). i opened this file and confirmed that the LiveUpdate source was that server.
However when i looked in one of the existing client PCs (before importing this file), the file was called
Setings.Default.LiveUpdate and it contained the Symantec website:
HOSTS\0\ACCESS2=http://liveupdate.symantecliveupdate.com
are they they same?
Ultimately, the question is: can I set the clients to download from the parent server without configuring Symantec LiveUpdaet Administrator?