Do you have shared policy for the clients?  Or are they setup individually?  And are you sure the clients are not set to go to the internet for updates instead of the SEPM?

 in SEPM - Admin -Servers - Local Site- Properties - Liveupdate. Make sure you have set it for you 4pm daily.

then SEPM - Policies- Liveupdate -Policy -Server Settings
Make sure only "Default Management server is checked"
Uncheck the second one "Symantec liveupdate server"

>techbeck, yes, we have shared as well as per group non-shared policy.  Some groups are configured to get their update via Group Update Provider.  Previously, it was set to use LiveUpdate, set the time at 4am only, but we started to noticed a network slowdown during 12-1pm and 6-7 pm.  Last week, I un-checked Use a LiveUpdate server and that also disabled LiveUpdate Scheduling.  When I looked at the clients' applicatio nlogs, they are still downloading virus defs 3 times a day.

I alos noticed that each Virus update is now around 116MB per client, look at C:\Program Files\Common Files\Symantec Shared\VirusDefs and check the size of each folder.  Imagine each client getting this update from the server 3 times a day, multiply that by the number of computers we have, around 120 servers and a thousand clients, and the impact on our network.

We're looking for a way to just turn off LiveUpdate services during business hours.

> Vikram, yes, we did that 4 days ago, made sure only "Default Management server is checked".  But based on application logs from some computers, it's still loading virus defs thrice per day.

you must check "Use LiveUpdate Server" and then set the schedule for 4PM daily in scheme panel. click "OK"
second, open LiveUpdate policy uncheck "Use LiveUpdate Server" and then to click "OK"
only "Default Management server is checked"

if ont, when you set 4PM daily and to uncheck "Use LiveUpdate Server" the schedule can not to apply.

But, i have a question that where are the LiveUpdate policy save in client?

First in LU policy---->server settings assure that  you are selected only two things-- Management server and Group Update Provider for all groups.
Second assure that all clients getting  this policy .This you can find out by matching the policy sl. no. of the corresponding group in the server and the policy in the clients. If you made any chage in the policy this sl. no. will get changed.

Hi lanZ,

Sorry to let you know that this is not possible if the clients are managed. Managed clients get the updates in every heartbeat.

As a workaround, you can increase the heartbeat interval. I know this is a kind of unacceptable solution.

or

Set up LiveUpdate Administrator in the network, and make the clients to contact the internal LiveUpdate Server instead of the default management server.

>Prashant, I will try to change the heartbeat interval and will advise you if that worked.

I finally received an acknowledgement from Symantec Support after filing a case last week.  I was told to run Symantec Endpoint Protection Support Tool on the manager.  In our experience with support, it's going to take a lot of time back and forth.  I will rather try the suggested solutions first.

Thanks to all of you.  If not for this forum, I will be googling and binging all the time for a solution while waiting for Symantec support to respond to my case.

Have a look in this article also
Tips For Installing SEP In A Low Bandwidth Environment