Endpoint Protection

 View Only

  • 1.  Getting a list of all machines attempting to download from SEPM

    Posted Jan 31, 2014 03:16 PM

    Hello,

    A while back, during a network latency outage,  we blocked any machine trying to download from sepm using the block all in httpd.conf .  Since then we have reorganized our SEPM into folders with its own GUPs and slowly added the GUP IP addresses in the apache httpd.conf via allow from IP addresses such as Allow from 10.1.10.x etc. each line for each gup, then the last line said block all.  We are at a point now where we want to remove this restriction completely in the apache config and go back to way things were. 

    However, before this can happen, I would like to be certain that only machines marked as GUP are downloading from SEPM and nothing else.  Hence, Is there a way to pull a report of all machines attempting to download from SEPM?  I would like to export this in excel and confirm that these machines are valid and marked as GUPs

     

    Thanks.

     

     

     



  • 2.  RE: Getting a list of all machines attempting to download from SEPM

    Posted Jan 31, 2014 03:23 PM

    You should be able to do this using the advanced filtering options. See this article:

    https://www-secure.symantec.com/connect/articles/sepm-121-advanced-settings-filter-options-client-activity-logs

    You should be able to use the keyword "SYLINK" to filter



  • 3.  RE: Getting a list of all machines attempting to download from SEPM

    Posted Jan 31, 2014 03:24 PM

    i am curious though, is there a way to say in the httpd.conf to only allow traffic if the machine is marked as a gup?



  • 4.  RE: Getting a list of all machines attempting to download from SEPM

    Posted Jan 31, 2014 03:27 PM

    Not really sure as I don't edit it



  • 5.  RE: Getting a list of all machines attempting to download from SEPM

    Posted Jan 31, 2014 03:32 PM

    ok if I pull a report by Sylink, will it only show my GUP traffic or any machine that is trying to download from SEPM?



  • 6.  RE: Getting a list of all machines attempting to download from SEPM

    Posted Jan 31, 2014 03:39 PM

    Any machine but you can filter for only your GUPs



  • 7.  RE: Getting a list of all machines attempting to download from SEPM

    Posted Jan 31, 2014 05:43 PM

    Here's the problem with that idea - The SEPM is not only responsible for clients' content...but their policies as well

     

    If you restrict all machines from access of the SEPM except for GUPs - well the client machines will never know that new content is/will be available, they will never be able to receive their policy updates, nor will they be able to upload their logs. Simply tweaking and playing with the Apache config files are not the right option here.

     

    If your SEPM and SEP clients are running version 12.1 RU2 or newer - then the answer is explicit group update providers is what you are looking for. Make sure that all of your clients are told under the GUP provider settings that if content fails to download from the GUP to the clients, that they will never go to the SEPM (you can use an alternative [such as a LiveUpdate Adminstrator -where you can limit the bandwidth and it can build micro-defs; or Symantec LU servers [if your external bandwidth is non-issue]. 

     

    With the changes in 12.1 RU2 and overall improvements since then, all of your GUPs can be placed onto a single LU policy or over 2-3 policies and use location tagging to accomplish which LU policy to use (SEPM local, Remote Site, Off-site/Outside Network options are the three I use often)

     

    How many clients are we working with, how many sites, approx how many clients at these sites, how many GUPs at each location, what other requirements are you holding, what are the communication settings for clients to the server? There might be a much more efficient way of doing all of this here