I need help figuring out how to create a test group on which to test an AV definition package before deployment. There was one other posting on this I found, but I couldn't make sense out of the responses. The only thing I got out of it was how to enable Active Directory authentication for administrators.

We have SEPM 12.1 installed on Windows Server 2008 Ent. All the managed clients are Windows 7 Ent. This is an intranet that is not connected to the internet so I don't use LiveUpdate. I have a site I visit to download .jdb definition update files and drop them in the server /incoming folder for distribution to clients.

We only use Antivirus and Anti Spam, not the firewall, intrusion detection or other features.

What I would like to do is figure out how to create a computer group that would receive the new definition .jdb file first, in order to evaluate it for any possible conflicts or problems before deploying it to the rest of the enterprise.

I don't see an intuitive way to do this.

Does anyone have a link, tutorial, or could describe how I would do this in the environment I've described above?

Thanks for any and all assistance.

This could be challenging.

In the LU policy, uncheck the setting to use default management server for updates and assign it to your groups.

Create the new test group and uncheck inheritance and assign it a separate LU policy to get updates from the SEPM.

You can than update the SEPM using JDB file and only that test group should get updated.

It’s not going to be possible in my environment. With SEPM, you must choose either the default management (SEPM) server, a Group Update Provider (which gets its updates from the DMS anyway and serves only to reduce server bandwidth load in large environments) or an internal or external LiveUpdate Server in conjunction with LiveUpdate Administrator.

The internal LiveUpdate server can be used with LiveUpdate Administrator which *does* allow the testing of definitions, but it can’t be deployed in my environment because the internal LUA needs to connect to online Symantec LUA servers at some point, and my network is completely air gap, so that’s not going to work. I can’t set up any LUA at any point along the way that would be able to connect to Symantec LUA servers.

Perhaps in future releases Symantec will incorporate the ability of SEPM to selectively distribute updates to a computer group rather than a blanket 100% distribution. This is the only solution for environments such as mine that are isolated completely from the Symantec LUA servers.

On your test group , Enable only Third party Management option ( this does not need to enable LU or default management option) then manually paste the jdb files on these clients

How to manually update definitions for a managed Symantec Endpoint Protection Client using the .jdb file

http://www.symantec.com/business/support/index?page=content&id=TECH104363

Hi, 

I am agreeing with rafeeq's comments.

Use third part management option to update test clients.

Regards

Ajin

even if you apply fault definition, you can roll back using the SEPM LU policy to the desired/working definition.

Hello,

LiveUpdate Administrator is a good tool which allows to split the content deployment between a test and a production environment, here is a introduction to it:

http://www.symantec.com/business/support/index?page=content&id=TECH102701

It is not recommended to add such complexity to small environments, if you are dealing with a big network, then LUA should meet your needs in a more structured way.