Video Screencast Help

Defintions are often days old on the SEPM

Created: 09 Apr 2014 | 15 comments
The Conquistador's picture

Good day everyone, I have a situation where I was asked to prevent definitions from being downloaded during business hours so I adjusted the schedule as you can see in the attached screen shot. Since I did this, definitions can be outdated by as much as three days. Today they appear to be current, but other days they are behind.

Operating Systems:

Comments 15 CommentsJump to latest comment

Brɨan's picture

Any error messages in the server tab under the Admin page relating to LU?

Any errors in log.liveupdate file?

LiveUpdate and content troubleshooting for the Symantec Endpoint Protection Manager

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

The Conquistador's picture

The screen shot shows daily 24 hrs a day, they do not want any activity during business hours.

The Conquistador's picture

Lunchtime hours may not work either, we have companies in many times zones. That is why we have it from 19:00 to 6:00

Brɨan's picture

So here's my question: Why does it matter (to mgmt) when SEPM defs are download? Aren't you more worried about when SEP clients update?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

The Conquistador's picture

They are saying that the SEPM server is the top talker in the network and causing the most bandwidth consumption. Wouldn't the GUP handle when the clients are updated within the same Subnet that its clients are on?

Brɨan's picture

Than you have something else going on. Assuming you have GUPs, they will handle the content updates for all the clients. SEPM will update the GUPs, but the GUPs handle the rest. The clients will still check in to the SEPM to upload logs, grab policy updates, etc. but those events should not consume a ton of bandwidth unless your just logging anything and everything.

A download from LU is probably over 1GB but still I question what else is going on.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

The Conquistador's picture

I have an active ticket with Symantec open, hopefully we can get a little more clarity.

Brɨan's picture

Something else is happening...they get back to you yet?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

The Conquistador's picture

They tried yesterday, but I was sick, I told them to call me today, and knowing them they will call me when there is 5 minutes left at the end of the day or when I am at lunch.

The Conquistador's picture

What I found particularly interesting is that when the weekend came along, there were no updates until I manually ran them on Monday. I was out from the 4th til the 7th and when I got in on the 7th. The Defs were from the 3rd. Today, I didn't even do anything and the defs are current.

Windows Definitions  
Latest from Symantec: 04/08/2014 r25
Latest on Manager: 04/08/2014 r25
Brɨan's picture

You're only going to get 2 updates on the weekend and some times I've only seen one.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

The Conquistador's picture

Personally I HATE the restricted schedule, I felt that changing it would not lead to an eventual solution, and I was right, so far it has lead to further issues. I was a big fan of the every 4 hours schedule. But I am not the boss.