Video Screencast Help

How To Save Time Entering Multiple Explicit Group Update Providers (GUPs)

Created: 30 Nov 2012 | 10 comments
Brent Gueth's picture

This is the standard interface to enter Explicit Group Update Providers in SEP 12.2.x: 

 

This interface is servicable enough with a small number of entries, but when you are entering in hundreds of entries, this interface can be time consuming.  Using instructions similar to the KB article "How can I add a large number of hosts to a Host Group in Symantec Endpoint Protection", we can enter in multiple entries easily into the Explicit Group Update Provider List (or the multiple Group Update Provider list).  Here are the instructions that are based off the ones in the linked knowledge based article. 

1. Login into your SEPM management console

2.  Go to Policies - Live Update

3. Export an existing Live Update policies that includes at least one explicit GUP in it that you want to bulk add GUP's to. 

4. Rename the exported policy from *.dat to *.zip

5.  Open up the zip archive and extract the main.xml file

6. Open the main.xml file

7.  Find the section marked <ExplicitGUPMapping> and copy the whole section. 

8. Create a new excel document 

9.  Add a list of subnets in Column B of of the document and a list of the corresponding GUPs per subnet in Column D

10.  In Column F you will need to paste in a list of unique 128 bit Hex keys that are as long as your list of hosts

11. Add the beginning XML tag to Column A (example:  <ExplicitGupEntry ClientSubnet=")

 

12.  In Column C place the tag information that occurs after the subnet, but before the IP address (example: " GupMappingType=GUP_IPADDRESS" GupMappingValue=")

13. In Column E we place the XML tag information that happens after the IP addres, but before the unique key (example: " Port=2967" _d="false" _i=")

13. In Column G you paste in the closing tag information (example: " _t="1354330697081" _v="6"/>)

Things to be aware of in this step as an FYI:

o   _v  parameters can all be the same

o   _t  parameters can all be the same

14. Use Excel to fill in Columns A, C, E, G with the information you placed in the first row. 

15.  Copy Columns A through G and paste them into your text editor of choice.   You will have to remove the the tabs in the document to get the formatting correct.  If you are using Notepad copy one of the tabs and use Find/Replace to remove the tabs.   After you are finished you will have a list that looks like this:

16.  Copy and past this into the explicit GUP section of the main.xml file

17.  Save the main.xml file and zip it up.  

18.  Rename the .zip file to a .dat file

19.  Import this policy into your SEPM and have an updated list of GUP providers.  

This method should only be used if you are dealing with an extremely large number of GUPs.   For a handful of GUPs any time savings you gained from this method would be minimal.  

This same method can be used for inputting multiple GUPs into the SEPM by using the steps listed (altered for the XML) and going under the GUPRuleSet section of the main.xml file.   For this section you will only need 4 columns.  Column A will be the beginning of the XML tag, Column B will be the hex string that occurs after i=", Column C you can copy everything before the IP address, Column D will be your GUP IP Addresses, and Column E will be the closing of your XML tag following the IP address. 

 

Brent Gueth
Security Consultant
Conventus Corporation

 

 

Comments 10 CommentsJump to latest comment

Brent Gueth's picture

I also forgot to add, please test this in your development environment before importing it directly into your production environment. 

Brent Gueth
Security Consultant
Conventus Corporation

.Brian's picture

Please add this as an article as well so it won't get lost in the shuffle of all the posts on here. Thanks for posting this.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ajit Jha's picture

Good Idea..You can post in Ideas or Article Sections.

Regard's

Ajit Jha

Technical Consultant

ASC & STS

TORB's picture

I was just wondering about one of the steps?

In step 10 you write:

"In Column F you will need to paste in a list of unique 128 bit Hex keys that are as long as your list of hosts"

 

How do i determine the hex value based on my number of hosts? The number of host can also vary from day to day. Is this a problem?

 

Best Regards

Torb

RSASKA's picture

"In Column F you will need to paste in a list of unique 128 bit Hex keys that are as long as your list of hosts"

 

This is a wonderful article, except I have no way of creating a list of unique 128bit Hex keys

And, even if I can create these Hex keys, how do I know they are already NOT in use within SEPM?

The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.

 

Brent Gueth's picture

In response to RSASAKA - There are many 128bit Hex generators online or a VB script programmer to generate them for you. You are unlikely to generate a collision based on the number of possiblities available, but it is my understanding the numbers on this list are specific to the GUPs listed and do not have any correlation to other keys in the SEPM. 

in response to Torb above - if you are changing the number of explicit GUPs on a daily basis, then this method would only be useful for your static list of GUPs.   Addtionaly GUPs would still have to be manually added or removed. 

 

 

Brent Gueth
Security Consultant
Conventus Corporation

Elisha's picture

There is a tool I created to help you build a LiveUpdate policy with multiple explicit GUPS.  Check out this page for details on the tool:

https://www-secure.symantec.com/connect/downloads/generate-liveupdate-policies-have-many-gup-subnets

Ambesh_444's picture

Hi Brent,

Good to see your post, Nice post i hope this post will help.

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."