Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Live update connection failure on SEP 12.1

  • 1.  Live update connection failure on SEP 12.1

    Posted Aug 28, 2012 08:45 AM

    Hi All,

     

    On new issue I found is that when I used the new SEP 12.1 client to do live update. it shows connection failed through our Bluecoat proxy.  And if I run the old version SEP 11.0.6 on my another laptop with the same proxy configuration, it works. I went through the forum, somebody said it is a bug?? Andbody has some ideas for that.

     

     

     



  • 2.  RE: Live update connection failure on SEP 12.1

    Posted Aug 28, 2012 08:50 AM

    Hi,

    Check this thread

    https://www-secure.symantec.com/connect/forums/sepm12-live-update-fail



  • 3.  RE: Live update connection failure on SEP 12.1

    Trusted Advisor
    Posted Aug 28, 2012 08:52 AM

    Hello,

    Check these Articles: 

    How to Update the Proxy settings in the Symantec Endpoint Protection Manager (SEPM) 12.1

    https://www-secure.symantec.com/connect/articles/how-configure-proxy-settings-symantec-endpoint-protection-manager-sepm-121

    Required exclusions for proxy servers to allow Symantec Endpoint Protection to connect to Symantec reputation and licensing servers

    http://www.symantec.com/docs/TECH162286

    Hope that helps!!



  • 4.  RE: Live update connection failure on SEP 12.1

    Posted Aug 28, 2012 08:55 AM

    well it is not a bug , make sure you create right exceptions from Bluecoat and it should be all good.



  • 5.  RE: Live update connection failure on SEP 12.1

    Posted Aug 28, 2012 09:42 AM

    So,if I create right exceptions from Bluecoat, I can use the proxy server specified by client browser to get update?



  • 6.  RE: Live update connection failure on SEP 12.1

    Trusted Advisor
    Posted Aug 28, 2012 09:49 AM

    Hello,

    Correct, make sure you have proxy Settings in place.

    Please go through the Articles provided above carefully.

    Hope that helps!



  • 7.  RE: Live update connection failure on SEP 12.1

    Posted Aug 28, 2012 09:51 AM

    Correct.

    If you don't want to configure the Proxy in the SEPM, SEPM can still connect to the internet and download content from Proxy settings configured in the "default browser".

    * * * * *

    You will need to establish the connection to the internet through browser - unless the system is using WPAD, NTLM authentication (for seemless proxy access) or another form of "always on proxy pass through".



  • 8.  RE: Live update connection failure on SEP 12.1

    Posted Aug 28, 2012 12:50 PM

    True right exceptions for liveupdate should work absolutely fine as fas as i have experienced



  • 9.  RE: Live update connection failure on SEP 12.1

    Posted Sep 06, 2012 02:08 AM

    Hi Guys,  I check my log.

    254 2012/8/23 8:10:41 Information 1207030C Downloaded new content update from the management server successfully. Remote file path: http://xx:8014/content/{55DE35DC-862A-44c9-8A2B-3EF451665D0A}/120822001/xdelta120821001.dax 
    255 2012/8/23 8:10:43 Information 12070800 An update for Revocation Data was successfully installed.  The new sequence number is 120822032.

    265 2012/8/24 1:12:55 Warning 12130002 [File reputation submission] Submitting information to Symantec failed. 

     

    The SEP 12.1client is now downloading the update from SEPM 12. but the reputation submission falied

    So I think I will only add exceptions in the Blue coat proxy for submission,it should be ok? For clients live update, I prefer to get updates from SEPM12. So it means I don't need add liveupdate websites in the exception, right?

     

     

     


  • 10.  RE: Live update connection failure on SEP 12.1

    Broadcom Employee
    Posted Sep 06, 2012 02:41 AM

    submission have different url.

    check this link

    http://www.symantec.com/docs/TECH162286



  • 11.  RE: Live update connection failure on SEP 12.1

    Posted Sep 06, 2012 04:41 AM

    So if I only want to enable reputation submssion, I will put below urls into exception, is it right?

    If I don't want to clients to get update from internet directly, shall I not put http://liveupdate.symantecliveupdate.com into exception in BlueCoat?  Now I only want to SEPM to do update provider for my SEP 12 .1 clients.    Live update is not working well on my SEP clients,

     

    Thanks!

     

     

     

    Ping submissions: These submissions are per definition type (AV for example.) and allow Symantec to judge the effectiveness of a set of definitions that are not yet taking any action (Beta detections.) based on the number of "Pings" each detection/definition creates. For example, if a detection creates a storm of ping replies to Symantec, this detection may be a false positive detection and will be investigated for effectiveness.
    This system and related URLs are part of Symantec's false positive avoidance system.
    • https://stnd-avpg.crsi.symantec.com
    • https://avs-avpg.crsi.symantec.com
    • https://stnd-ipsg.crsi.symantec.com
    • https://bash-avpg.crsi.symantec.com
     
    Sample submissions: These URLs are designed to accept samples of any detections that are made by the clients.  If a client gets a detection, it queries Symantec if this sample is needed (i.e. No formal definition created for this item yet.) and if not needed because a formal definition is already created, the client will not submit the sample. This query response system effectively reduces the network traffic created by SEP and makes SEP more responsive to new and emerging threats.
    • https://central.ss.crsi.symantec.com
    • https://central.nrsi.symantec.com
    • https://central.avsi.symantec.com
    • https://central.b6.crsi.symantec.com
     
    CAT submissions: Client Authentication Token.  This is how a client authenticates itself to Symantec to make use of the reputation servers for Download Insight, for example.  This is required.
    • https://tus1gwynwapex01.symantec.com
     
    Error submissions: If SEP generates an error report due to a component crash, this URL is how the SEP install reports the error and associated data back to Symantec.
    • https://stnd-lueg.crsi.symantec.com
     
    Insight reports: Data sent back to the client from a reputation query.
    • https://ent-shasta-mr-clean.symantec.com
     
    Insight: URL that SEP clients send reputation requests to.
    • https://ent-shasta-rrs.symantec.com
     
    License activation: URL that SEP uses to verify if the license being used is current and active.
    • https://services-prod.symantec.com/service/IPLService.serviceagent/IPLendpoint1
     
    Licensing: URL SEP uses to check the license status.
    • https://services-prod.symantec.com
     
    LiveUpdate: URL that SEP uses to connect to for definition updates.
    • http://liveupdate.symantecliveupdate.com
     
    Telemetry: Data sent to Symantec about the SEP install.  i.e. How SEP is being utilized by the customer base.
    • https://tses.symantec.com/
     
    SETI: Data sent to Symantec about installation related events.
    • https://tses.symantec.com


  • 12.  RE: Live update connection failure on SEP 12.1

    Broadcom Employee
    Posted Sep 06, 2012 05:00 AM

    for symantec liveupdate, allow these urls

    http://liveupdate.symantecliveupdate.com
    http://liveupdate.symantec.com
    ftp://update.symantec.com



  • 13.  RE: Live update connection failure on SEP 12.1

    Posted Sep 06, 2012 10:58 AM

    Are you able to ping these 3 ?

    http://liveupdate.symantecliveupdate.com
    http://liveupdate.symantec.com
    ftp://update.symantec.com

    if you are unable to please add them under exception from you Blue Coat and try