Endpoint Protection

Hi guys,

I have a situation where some of our clients need to refrain from updating their definition files during working hours. I understand that in order to do this we need to implement a Live Update server.

Our current SEPM server downloads updates directly from the internet and distributes updates to clients directly. If we try and update the liveupdate policy to prohobit the updates during working hours its saying that this option can only be used in conjunction with a live update server.

I have installed the lie update server and configured the basics but I'm not sure if what I have done is correct. I find the information very patchy. Can anyone point me in the direction of a tutorial or white paper on how to acheive this?

Once up and running only a selection of clients will be getting updates via live update.

Are you doing it with IIS?  Set up your IIS site shared to a folder first.  I ran in circles for a while trying to figure out the order because documentation was so sparse

Here are some links to information on LUA

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007130831286398

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008101012361148

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007101913262648

You can use below docs for configuring liveupdate server
Configuring Distribution Center in LUA 

Refer the below doc
How to update virus definitions and other content with Symantec Endpoint Protection 11 and Symantec Network Access Control 11

While configuring live update policy 
Select only liveupdate server (Remove management server option)
Go to schedule tab and do a scheduling as req.

Additionally, I had to first set up the site in IIS.  This was just a folder somewhere on my drive that was going to house the different content folder.  If my case, my site was called LiveUpdate and it mapped to my e:\LiveUpdate_DP folder that I manually created

After that I went to my E:\LiveUpdate_DP folder and created different folders for my different content.  I had a SAV 10 Workstation folder, a SAV 10 Server folder, a SEP 11 workstation folder and a SEP 11 server folder.  My structure was as follows:

e:\LiveUpdate_DP
     - sav10_wks
     - sav10_srv
     -sep11_wks
     -sep11_srv

then in IIS, my website showed those four folders as subfolders of the website.

Log into your LiveUpdate Administrator now.  Add whichever products you need to your product catalog and the appropriate content you want it to distribute (virus defs, product updates...).  Make sure you have plenty of space as this content can take up several GB of space.

Create a download schedule.  This is where you tell the LUA what product content to download and what schedule to download it

Create a distribution schedule.  Make this for about 30 minutes after each download schedule.  This is what takes the content you just downloaded and sends it to the folders you created for content.

After that you create your Distribution Centers.  This is the most frustrating part of the entire process.  For me, I had two Distribution Centers; one for SAV and one for SEP.  Within DC (Distribution Center) you have a location for each content, so I had a location for SAV for servers and a location for SAV for workstations.

Specify a Location Name.  Next line down in the Hostname/IP field, enter the server name that this LUA is on.  Root directory is where you actually specify the IIS share name for clients to access.  Referencing the structure above you would enter LiveUpdate_DP/sav10_wks.  You enter one location for each content folder you have.  Select the rest of the info as defaults.  Make sure you TEST each location (there is a test connection button on the screen after you finish entering the location info and hit OK) and that is says Successful before you move on.

After you do all that, you can click on Client Settings up configure to see the IIS share names for each product to specify to the clients or the SEPM.

Below doc also will be helpful to you
LiveUpdate Administrator 2.2 Performance Tuning 

Thanks guys.

I'm a total newbie to the update server stuff. I wasnt aware there was any IIs config needed and havent done that although i have installed the administrator.

Is this a problem or can I machtrack and sort the IIS stuff now? Where can i find what needs to be done on IIS?

I've just been checking out the web server stuff and by default the default distributuion centre points to a folder called clu-prod. I cant see this in IIS however if i got the the URL of this on port 7070 i get a response. Has this installed its own web server??

it wont get installed with iis.
its apache server not iis.

i did not understand this.

". If we try and update the liveupdate policy to prohobit the updates during working hours its saying that this option can only be used in conjunction with a live update server."
can you post a screen shot. I think you are confused with livedupate server and internal liveupdate server, please post a screen shot, i think its just a click away. 

I'm afraid I have nowhere to host images at work. Free hosts are blocked

If i edit a live update policy i click info schedule and the "enable live update scheduling" is greyed out. just above this it says:

NOTE: The controls on this dialog will only be enabled if 'use a love update server' is selected on the server settings tab.

In addition the download of updates keeps failing after 70% or more. Any idea why this is?

if you just take a screenshot, save it to your local PC, you can attach the image (not just a URL to the image) to this post

Thats the confusion is.

Schedule will only work when you check symantec liveupdate server or internal liveudpate server

the option will be grayed out when you select manager.( BY Design)
because you cant tell a client when to download updates from manager
clients will take updates when they talk to the sep manager ( heart beat)

yeah, in your LU policy, on the Server Settings screen, you must check Use a LiveUpdate server in order to be able to set LU scheduling.  then you can set Daily at a time outside of business hours and the clients will update during the time frame you want and you won't need an internal LU server, it'll jsut use Symantec internet LU server.

Of course if you have the Default Management Server checked it will udpate from teh SEPM, so make sure you uncheck Default Manager Server.

I wud suggest just keep it simple let all clients take the updates from SEPM and let SEPM take the updates from LUA.

SEPM -ADMIN- Server- Local Site -properties-Liveupdate-Source Server 

Refer the below article. It will give a step by step information about the installation and configuration of liveupdate server with screen shot
Installation and configuration of LUA 

If you are having multiple sites with more no. of clients you can consider the possibility of distribution centers. This distribution center will act as some thing like secondary liveupdate server (It will get the updates from main LU server and distribute it to the clients)
Below doc can help you in this
Configuring Distribution Center in LUA

------------------------------------------------------------------------------------------------------------------------------
In the SEPM edit liveupdate policy 
Go to server settings
select only use a liveupdate server option (remove the use the default management server option)
under liveupdate server  select use a specified internal liveupdate server 
click on add and give the informations.(the url will be http://<server_name>:7070/clu-prod. and the live update server name give a name which u can identify easily)
Go to schedule tab
do a schedule according to your requirement

Refer below doc also.It will give more informations
How to update virus definitions and other content with Symantec Endpoint Protection 11 and Symantec Network Access Control 11

Note:if we select default management server as the source for updation we don't have any control over the updation timing because the client will contact the server in the heart beet interval and find out any update is present and if present it will download

Thanks for the replies.

We have to have an internal live update server because the clients which we need to update are not allowed a direct connection to the internet for numerous reasons. We also dont allow FTP from clients within the business so I can only see an internal LU server as the solution.

I've got the LU server up and running as far as I can see and I'm going to edit the LU policy on the OU these clients reside in but can anyone tell me if there is a way to check that the policy has updated on the clients and that they are, indeed, getting updates from the internal server?

Login to SEPM
  Go to clients----->select desired group which the clients present------>Details tab
  Here you will find the policy sl. no(This sl. no. will be changed if any policy changes happens)
Note this
Go to clients tab (right side) select client status view here you can see the policy sl. no of each client ,match it with the sl. no. which you noted
The same can be confirmed from client also.
For this open the client interface
Go to Help and support---->troubleshooting
Here also you can see the plicy sl. no.
Match it with the noted one...
 

After getting the problem solved pls don't forget  to mark the post which helped you to solve the problem as solution so that it will be helpful for the future visitors in the form ....

 

Hi there:

Is there any way through which we managed multiple internal LiveUpdate Server from single console. Simply how we managed multiple LiveUpdate Server centrilly.

Regards
Ishaq

Why you need multiple liveupdate servers
You can host liveupdate servers from one main liveupdate server
Below doc will explain how to do it
Configuring Distribution Center in LUA 

Hello again!

I've set up the live update server and its downloading and distributing the content to the web site I've set up but for some reason the clients are not downloading updates from it. I've set up the live update policy in the SEPM and int he policy I've specified the website URL in this policy.

Does anyone have any pointers as to where I can look to see whats going wrong?

One thing I should point out is that I havent added a username or password into the live update policy settings. I dont know what should be put in here. I assumed nothing as its set for annonamous access

Do you have ant proxy server between client and Liveupdate server?
If yes proved the user name and password
If no live it as blank 

The clients do use a proxy server although they should have an exception to ensure local traffic remains internal. The computers are in a workgroup configuration and I'm unsure at the moment as to what their IP settings are.