Endpoint Protection

 View Only

  • 1.  How to force clients to get updates from SEPM

    Posted Jun 19, 2009 04:12 PM
    Hi everyone, we're in the progress of switching to SEP (from a third party AV product). We roll this out in conjunction with new desktops and notebooks. That's why we're building a brand new WinXP SP3 image now. We encounter the issue that since we install SEP as one of the last software before we reboot. Time is to short for SEP to update definitions. And that's why we can't login to the domain after reboot (because SNAC is isolating the client).

    Is there a way to force the clients right after the installation to get the updates from our internal SEPM? I'm only aware of the RUNLIVEUPDATE property. Unfortunately, this doesn't work for us in that situation since we're using an internet proxy.

    By the way, we're talking about the latest SEP version, 11.0 MR4 MP2.

    Thanks for any ideas.

    Have a nice weekend everyone.
     


  • 2.  RE: How to force clients to get updates from SEPM

    Posted Jun 19, 2009 06:17 PM
    Hi,

    I know that by default SEP downloads the definitions only from SEPM, does not it?
    I need a better description of your issue,

    regards,



  • 3.  RE: How to force clients to get updates from SEPM

    Posted Jun 22, 2009 02:11 AM
    Hi Giuseppe,
    Thanks for your help. Our problem is, that we can't login to the domain after rebooting the workstation right after installing the SEP client because there are old definitions (of course right after installation) and SNAC reports, the client is not compliant and so isolation the client.
    What we want now is to have a command line parameter or else to force the definitions update right after installation. So we could wait for the update to finish and then reboot the machine. That way, SNAC wont block active directory domain login. 
    We tried to just wait until SEP updates itself but sometimes this takes more than 15 minutes. Such a delay is annoying during setup of workstations.
    Thank you once again.
    Have a nice day
    Roland


  • 4.  RE: How to force clients to get updates from SEPM

    Broadcom Employee
    Posted Jun 22, 2009 02:21 AM
    install the SEPclient with the latest definition (instead of the default).

    Changethe number of days the SEP client can go with old definition, hence avaoiding the network block in. If its push mode the clients can immediately get an update as soon it starts communicating with the SEPM.

    cheers
    Pete


  • 5.  RE: How to force clients to get updates from SEPM

    Posted Jun 22, 2009 07:18 AM
    If you make a plan of SEP deployment, cannot you just temporarly disable just this SNAC criteria about the definitions status during the deployment period just for the involved machines?


  • 6.  RE: How to force clients to get updates from SEPM

    Posted Jun 24, 2009 05:11 AM
    @pete: Thanks for the tip. However, since we're rolling out +1'800 workstations our rollout will take 6 - 8 weeks to finish. I can't/don't want to update the package every week with newer signatures... And think of the time after the rollout, I don't want  to update the package every now and then.

    @Guiseppe: You're right, we could disable SNAC for the time of rollout. However, it's almost the same as workaround one. If we need to setup a workstation after the rollout, we encounter the same problem.

    So what I want is a permanent solution, not just a workaround.
    How are you guys working around this?

      We even tried with smc -updateconfig but the SEP client didn't update for more than 15 mins.
    After we started the 'update content' function on this workstation through SEPM everything was fine and it updated very fast and so SNAC turned 'green'.
    How can I force the 'update content' function from the workstation through a script?
    Anyone?


  • 7.  RE: How to force clients to get updates from SEPM

    Posted Jun 24, 2009 05:30 AM

    This should definitely work for you

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008042213451848


  • 8.  RE: How to force clients to get updates from SEPM

    Posted Jun 24, 2009 05:42 AM
    How about enabling SNAC after the SEP deployment, and updates. By default SEP clients update thru SEPM.


  • 9.  RE: How to force clients to get updates from SEPM

    Posted Jun 26, 2009 12:47 AM
    @Kavishbakshi: Thanks for that link. However, pete already provided this tip. And since the rollout takes 6 - 8 weeks I had to update the package every week or set the SNAC tolerance to such a long period (up to 8 weeks old signatures) which makes SNAC unuseful.

    @Paul Mapacpac: How can I enable SNAC after first successful SEP updates? This sounds interesting. Or do you mean, that I don't enable the SNAC policy until we're finished with the rollout? In the latter it's not possible.


  • 10.  RE: How to force clients to get updates from SEPM

    Broadcom Employee
    Posted Jun 26, 2009 07:47 AM

    you can enable SNAC, but if you say block client with X days old definition, then you might land up facing the problem,not connecting to the Network. In this kind of situation, have a remediation server which acts as host for providing definition to the clients, once these clients have definition, then they can connect back to network.

    I understand since the roll out takes some task/time, but this is the option the SEP product has this feature, i was added this comment to have latest Definition set in package in "ideas" section. If Symantec team include in coming build/s that will resolve the issue.

    Cheers

    Pete