Endpoint Protection

We have a remote site where sending updates from the SEP Management console over the network is not possible in a short period of time.

The Engineer has nearly 1000 brand new computers with images that include SEP. Unfortunately, all of them show out of date definitions and will work if the Engineer goes to each one of the SEP clients, right clicks, and selects "Update Policy". It is just not practical to go to each of the 1000 brand new computers individually.

I attempted to push an update from the SEP Management console, but with the limited time and bandwidth it reached 20 WIRED computers, and most of these computers are WIRELESS, and they can be off and on the network at various times.

The Engineer needs a script that he can execute at the remote site.

What are the SEP command line parameters to include in this powershell script?

All you need to do is stop/start smc. When re-started it will check in to the SEPM.

smc -stop

smc -start

So something like:

@echo off
echo.

"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\smc.exe" -stop

ping 1.1.1.1 -n 1 -w 15000 > null

"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\smc.exe" -start

echo Script Complete
echo.

This is just mine but you can customise as you see fit. Save file as example.bat than you can push remotely with psexec if you wish.

the command for policy update "smc -updateconfig"

http://www.symantec.com/business/support/index?page=content&id=HOWTO18065

Are you describing a situation in which you need to have the clients update the policy right away, right after the change, and you don't have the communication mode set to push? If not, if they are managed computers, they'll update the policy when they can connect / heartbeat in. Update Policy basically prompts the client to check in (initiates a heartbeat). So does restarting smc (as suggested by _Brian above). Plus... if the client computers don't have a network connection (as you describe with those connecting in on wireless), and can't get the prompt to check in from the SEPM, will they be able to get the command to execute a script? sandra

Rsaska

It would be advisable to have a GUP at the site which will provide update to the pc's to the pc's in short perood of time Kindly see the below link To update Definitions in the install package (Unzipped)

https://www-secure.symantec.com/connect/downloads/script-update-sep-121-installation-packages

I usually use  batch file using for function and psexec below to update the clients with definitions SMC -updateconfig will update the policies it may or may not update the definitions depending on the speed

 

Batch file

for 32 bit

for /f %%i in (C:\list.txt) do C:\psexec\psexec.exe \\%%i -d "C:\Program Files\Symantec\Symantec Endpoint Protection\sepliveupdate.exe"

 

for 64bit

for /f %%i in (C:\list.txt) do C:\psexec\psexec.exe \\%%i -d "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\sepliveupdate.exe"

make a txt file list.txt put the ip's in the text file you will have to download psexec from MS

 Best would be put a GUP at the Site

Ashish Melwani

 

"Thumbs Up" to philip.  The "smc -updateconfig" and "smc -updatepolicy" commands will both perform the equivalent of right-clicking on the SEP system tray icon and clicking "update policy" to trigger a heartbeat:

http://www.symantec.com/docs/TECH191629

Note that the "Update" command sent from the server is something entirely different, and must wait for the client to heartbeat first before it is even received.  The "Update" command from the server is meant to tell the client to run a LiveUdpate session:

http://www.symantec.com/docs/HOWTO81057

I will let the Engineer at the site know all of this, and will keep you posted.

Guys...suggest me a script that downloads\Updates policies and definitions from our companies gup servers.

Scenario: User has to run the script whenever he gets popup that defnitions are out of date to forcefully pull the definitions from GUP server.

Definition updates from the GUP happen automatically. There is no way to script this that I know of.

see here is scenario...

I have users who get updates from GUP servers.

They dont have admin rights but for some reason after they comeback from weekend holidays their AV definitions dont update and i want some script which forces the definition update from GUP servers.

We have a intranet portal where we post tools which run without admin rights.and i want to add this script to this portal for easy access to users.

 

Please help me out!!!