Definition update on SEP clients.
Created: 20 Dec 2012 | 14 comments
Hi,
I'm a little confused about something... It seems the only way for my SEP clients to pickup new definition files is through LiveUpdate.
So although I have both "Use the default management server" and "Use LiveUpdate" checked on our SEPM server, definition files don't seem to be updated using the default management server.
Is there a way I can manually test definition file updates through the management server?
Thanks.
Discussion Filed Under:
Comments 14 Comments • Jump to latest comment
Do you have the policy applied to the group?
You can turn on Sylink monitoring to see what's going on:
https://www.symantec.com/business/support/index?pa...
SEP Knowledge Base
Endpoint SWAT
HI,
Try to uncheck "Use LiveUpdate".
How to update definitions for Symantec Endpoint Protection Manager (SEPM) using a .jdb file
LiveUpdate and content troubleshooting for the Symantec Endpoint Protection Manager
Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Thanks for the quick replies.
1) Yes, I do have the policy applied to the groups. I know this because if I do choose to run LiveUpdate on the client, it points to an internal LU server as the SEPM server policy is configured.
2) I have tested with a .jdb file, but I'm not sure how to force a non-LiveUpdate definition file update on the client side to make sure the update through the management server is working.
I'll try the Sylink monitoring to see what it shows.
HI,
Check one more artical
How to configure LiveUpdate to use alternate sources through the Symantec Endpoint Protection Manager Console
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Thanks Ashish for the extra article.
Here's a different approach to my issue...
I have an isolated environment with a SEPM server and some clients.
I update the SEPM using a .jdb file.
I don't have access to a LiveUpdate server. (Isolated)
I want to update the defs on my SEP clients and LiveUpdate is not an available option since I don't have a LiveUpdate server and don't want to add one.
How do I force a SEP client to update its defs?
Once the SEPM gets updated, the clients will check in on the heartbeat and they will receive the command that they need to update.
As long as you have the "Use the default management server" option checked in the LU policy and the policy correctly applied, they should than update.
SEP Knowledge Base
Endpoint SWAT
Is there anyway to force the update on the client side?
Also, if updates through the SEPM and LiveUpdate are available, which gets used first?
Lastly, where in the SEPM can I find the "heartbeat" setting? I've seen it somewhere, just can't remember where.
Found the heartbeat setting.
In SEPM, right click on a client and select "Run Command on Computers >> Update Content"
When the client checks in on next heartbeat, it will get the command to update.
So you can't truly force an update instantly but you can send the command thru SEPM but it's all dependant on the heart beat.
SEP Knowledge Base
Endpoint SWAT
Here's what I did:
1) On the SEPM, I changed the heartbeat time from 5 mins to 1 min for the test group my test client is in.
2) On my test client, right-clicked and selected "Update Policy"
3) On the SEPM, I right-clicked my test client and select Update Content. I then watched the the Update Content progress in the SEPM's Command Status tab under Monitors.
4) When the task completed, when back to the test client and waited for at least 5 mins. Open the SEP client's GUI and still no change in the def file version. The SEPM is at version Dec 20th, my test client at version Dec 18th.
I'm either misinterpreting and the only def update option in SEPM is LiveUpdate, or my configuration is wrong; even though I have "Use the default management server" checked in the LiveUpdate Policy in my test group.
Maybe there's somewhere else I need to specify to "Use the default management server"?
To me it sounds like a configuration issue. If you can export your LU policy and post it here that would be great to verify it is set correctly
SEP Knowledge Base
Endpoint SWAT
How about I start with screenshots... Worried about privacy issues.
I did provide some screenshots. I guess the moderators still have to approve them before they appear in the thread.
Bear in mind that the command "Update clients" will only prompt the clients to launch LiveUpdate on their next heartbeat in. You cannot prompt a heartbeat (which is how the client checks for content from the SEPM) in this way.
The only way I can think to trigger the clients to heartbeat in is to have the communication mode set to Push (rather than Pull), give it time for that Communication Settings change to be picked up by the clients (based on previous heartbeat schedule), then make a minor change to any policy. This will prompt the client to heartbeat in and it should pick up new content at the same time.
You wrote:
So this situation applies to your original post? Are you saying that the only way your SEPM gets content is with a JDB; that the SEPM itself never gets content from Symantec LiveUpdate's servers?
Are you seeing that on the Home tab, under Latest on Manager? (What version of the SEPM and SEP clients are you running?)
If there is NO LiveUpdate server configured for use and the clients do not have access to Symantec LU servers, then the way forward is with sylink debugging. It will demonstrate why the content delivery is failing to the client.
(BTW, the only thing a JDB will update is virus definitions. If you're concerned that other types of content besides Virus and Spyware defs are not updating on the clients then it's because of the JDB file updating the SEPM.)
sandra
Symantec, Information Development, IMDP
Symantec Endpoint Protection / Core Security Engineering Group
Don't forget to mark your thread as 'solved' with the answer that best helped you!
Would you like to reply?
Login or Register to post your comment.