Endpoint Protection

 View Only

  • 1.  Does an SEP 12.1 client pull def updates when it starts?

    Posted Mar 18, 2013 05:00 PM

    I've always assumed that if a workstation has been shut down, that when it's restarted, it will query the SEP managmement server for A/V definition updates.  Is this true?  What if the LU policy says that the Retry Windows is X hours and it's been more than that since the workstation was turned off? 

    I'm just trying to understand how the SEP agent behaves.

     

    Thanks!
    Mark



  • 2.  RE: Does an SEP 12.1 client pull def updates when it starts?

    Posted Mar 18, 2013 07:00 PM

    When the SEP client startups it will check in with the SEPM and go thru its normal checks and getting definitions is one of them.

    I believe it could be possible that if you have the LU policy to go out to Symantec LU that depending on the schedule it could go out to Symantec LU to get defs.



  • 3.  RE: Does an SEP 12.1 client pull def updates when it starts?

    Posted Mar 18, 2013 09:51 PM

    Question: I've always assumed that if a workstation has been shut down, that when it's restarted, it will query the SEP managmement server for A/V definition updates.  Is this true? 

    Ans: Yes it is true by default SEP clients configured to get the liveupdate through the SEPM server as a primary source. 

    Question: What if the LU policy says that the Retry Windows is X hours and it's been more than that since the workstation was turned off? .

    Ans: IF the workstations are turned off for couple of days it wont run the liveupdate to connect internet when it starts. And it cannot retry after x hours if configuration is only to get the update from SEPM server.

    If the secondary source is enabled that means your LU configuration for clients is enabled to update using Symantec LU server as well.

    Then also the clients will reach out the SEPM server as it is the primary source in case if the clients unable to reachout the SEPM server then only it will try to reach out the internet to receive their updates. tat time it will connect to the symantec LU server. even if the client cannot connect LU server it will use the scenario Retry LU after X hours.

     

    Hope this helps.....



  • 4.  RE: Does an SEP 12.1 client pull def updates when it starts?

    Posted Mar 19, 2013 02:04 AM

    Hi,

    Ans Q1: Yes it will contact SEPM for policy changes and Updates,

    Ans Q2: Specifies the number of hours or days to keep trying to run LiveUpdate if the scheduled run of LiveUpdate failed for some reason. This option is enabled when the Every, Daily or Weekly option is selected. The default is every four hours with a two-hour retry window.

    Regards

    Ajin