Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Definition update on SEP clients.

Created: 20 Dec 2012 | 14 comments

Hi,

I'm a little confused about something... It seems the only way for my SEP clients to pickup new definition files is through LiveUpdate.

So although I have both "Use the default management server" and "Use LiveUpdate" checked on our SEPM server, definition files don't seem to be updated using the default management server.

Is there a way I can manually test definition file updates through the management server?

Thanks.

 

Comments 14 CommentsJump to latest comment

.Brian's picture

Do you have the policy applied to the group?

You can turn on Sylink monitoring to see what's going on:

https://www.symantec.com/business/support/index?pa...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ashish-Sharma's picture

HI,

Try to uncheck "Use LiveUpdate".

 

How to update definitions for Symantec Endpoint Protection Manager (SEPM) using a .jdb file

 

Article:TECH102607  |  Created: 2007-01-08  |  Updated: 2012-06-28  |  Article URL http://www.symantec.com/docs/TECH102607

 

LiveUpdate and content troubleshooting for the Symantec Endpoint Protection Manager

 

Article:TECH105924  |  Created: 2008-01-16  |  Updated: 2012-03-30  |  Article URL http://www.symantec.com/docs/TECH105924

Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart

 

Article:TECH95790  |  Created: 2009-01-26  |  Updated: 2012-03-30  |  Article URL http://www.symantec.com/docs/TECH95790

 

Thanks In Advance

Ashish Sharma

 

 

Steve23's picture

Thanks for the quick replies.

 

1) Yes, I do have the policy applied to the groups. I know this because if I do choose to run LiveUpdate on the client, it points to an internal LU server as the SEPM server policy is configured.

2) I have tested with a .jdb file, but I'm not sure how to force a non-LiveUpdate definition file update on the client side to make sure the update through the management server is working.

I'll try the Sylink monitoring to see what it shows.

Ashish-Sharma's picture

HI,

Check one more artical

How to configure LiveUpdate to use alternate sources through the Symantec Endpoint Protection Manager Console

 

Article:TECH103706  |  Created: 2008-01-09  |  Updated: 2012-01-24  |  Article URL http://www.symantec.com/docs/TECH103706

 

Thanks In Advance

Ashish Sharma

 

 

Steve23's picture

Thanks Ashish for the extra article.

 

Here's a different approach to my issue...

I have an isolated environment with a SEPM server and some clients.

I update the SEPM using a .jdb file.

I don't have access to a LiveUpdate server. (Isolated)

I want to update the defs on my SEP clients and LiveUpdate is not an available option since I don't have a LiveUpdate server and don't want to add one.

How do I force a SEP client to update its defs?

.Brian's picture

Once the SEPM gets updated, the clients will check in on the heartbeat and they will receive the command that they need to update.

As long as you have the "Use the default management server" option checked in the LU policy and the policy correctly applied, they should than update.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Steve23's picture

Is there anyway to force the update on the client side?

Also, if updates through the SEPM and LiveUpdate are available, which gets used first?

Lastly, where in the SEPM can I find the "heartbeat" setting? I've seen it somewhere, just can't remember where.

.Brian's picture

In SEPM, right click on a client and select "Run Command on Computers >> Update Content"

When the client checks in on next heartbeat, it will get the command to update.

So you can't truly force an update instantly but you can send the command thru SEPM but it's all dependant on the heart beat.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Steve23's picture

Here's what I did:

1) On the SEPM, I changed the heartbeat time from 5 mins to 1 min for the test group my test client is in.

2) On my test client, right-clicked and selected "Update Policy"

3) On the SEPM, I right-clicked my test client and select Update Content. I then watched the the Update Content progress in the SEPM's Command Status tab under Monitors.

4) When the task completed, when back to the test client and waited for at least 5 mins. Open the SEP client's GUI and still no change in the def file version. The SEPM is at version Dec 20th, my test client at version Dec 18th.

I'm either misinterpreting and the only def update option in SEPM is LiveUpdate, or my configuration is wrong; even though I have "Use the default management server" checked in the LiveUpdate Policy in my test group.

Maybe there's somewhere else I need to specify to "Use the default management server"?

.Brian's picture

To me it sounds like a configuration issue. If you can export your LU policy and post it here that would be great to verify it is set correctly

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Steve23's picture

How about I start with screenshots... Worried about privacy issues.

AttachmentSize
SEPM-LU.zip 188.02 KB
Steve23's picture

I did provide some screenshots. I guess the moderators still have to approve them before they appear in the thread.

sandra.g's picture

Bear in mind that the command "Update clients" will only prompt the clients to launch LiveUpdate on their next heartbeat in. You cannot prompt a heartbeat (which is how the client checks for content from the SEPM) in this way.

The only way I can think to trigger the clients to heartbeat in is to have the communication mode set to Push (rather than Pull), give it time for that Communication Settings change to be picked up by the clients (based on previous heartbeat schedule), then make a minor change to any policy. This will prompt the client to heartbeat in and it should pick up new content at the same time.

You wrote:

I have an isolated environment with a SEPM server and some clients.

I update the SEPM using a .jdb file.

I don't have access to a LiveUpdate server. (Isolated)

I want to update the defs on my SEP clients and LiveUpdate is not an available option since I don't have a LiveUpdate server and don't want to add one.

How do I force a SEP client to update its defs?

So this situation applies to your original post? Are you saying that the only way your SEPM gets content is with a JDB; that the SEPM itself never gets content from Symantec LiveUpdate's servers?

The SEPM is at version Dec 20th

Are you seeing that on the Home tab, under Latest on Manager? (What version of the SEPM and SEP clients are you running?)

If there is NO LiveUpdate server configured for use and the clients do not have access to Symantec LU servers, then the way forward is with sylink debugging. It will demonstrate why the content delivery is failing to the client.

(BTW, the only thing a JDB will update is virus definitions. If you're concerned that other types of content besides Virus and Spyware defs are not updating on the clients then it's because of the JDB file updating the SEPM.)

sandra

Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!