Endpoint Protection

We have VDIs that are stuck on the definitions they had from their parent VM. I'm wondering if there is a setting that disables definition downloads when no users are logged in. 

I know there is a a setting somewhere about scanning with or without a user logged in, is there one similar for definition downloads?

That should not matter, has anything else changed?

See here:

Troubleshooting Content Delivery to the Symantec Endpoint Protection client

it wil dowmload even if no one is logged in

check this

Best Practices for Symantec Endpoint Protection on Citrix and Terminal Servers

http://www.symantec.com/business/support/index?page=content&id=TECH91070

Symantec Endpoint Protection 12.1 - Virtualization Best Practices

http://www.symantec.com/business/support/index?page=content&id=TECH173650

Enable Sylink Debuggin on the client, will get to know the reason.

http://www.symantec.com/business/support/index?page=content&id=TECH104758

Note that this is only happening on a portion of a VDI pool, not all of them. The definitions for a lot of these are stuck on the date the parent was last "recomposed" and they are actively checking into the SEPM (within the last 1 hour).

sylink debugging will give a better look into the problem

Enable sylink debug on one of affected clients: http://www.symantec.com/docs/TECH104758 - the log will show you if there are any errors during client-> sepm communication or definition download.

I turned on Sylink debug on my local machine to test the process. It is not creating the log file. What do I need to do to get that to generate? I'm just trying to write to C:\temp\sylink.log.

did you do smc -start after changing the registry?

click on update policy, it should starting writing the log

Still nothing after a reboot. Let me check the permissions on C:\Temp

try c:\sylink.log

Ok; I had the new string value in {HKLM...SYLINK} instead of {HKLM...SYLINK\Sylink} and now it is working.

Now I just need to get on one of the customer machines and enable this.

Just a follow up, it looks like the randomization window on these machines is too large (+/- 4 Hours). These are non persistent VDIs and are only online for ~ 1 hour or so, so many of them are still on the definitions of the Parent VM, and don't update before logging off and "evaporating". 

Since these are VDI we are nervous about changing the randomization window (2000+ virtual machines in scope). I'll let you know what this looks like when we down size the window to +/- 30 Minutes in testing. Hopefully clients get up to date a lot faster, even if they are non persistent and will "evaporate" after shutdown.