Video Screencast Help

live update on short time usage PC's

Created: 21 Nov 2012 | 12 comments

 

if we have short usage PC's that are only on for perhaps an hour and we have a 4 hourly update schedule, what would happen in the following situation:
 
pc runs updates but then is switched off for a couple of weeks, switched back on but only for 1 hour
 
Could it miss the update within the last switch on period?
 
 
 
Ive looked at the doc http://www.symantec.com/business/support/index?pag... and from what I can gather it would schedule it for sometime in the next 4 hours after switch on, not immediately?
 
which means that on these Pc's they can end up quite out of date.
Discussion Filed Under:

Comments 12 CommentsJump to latest comment

pete_4u2002's picture

when the machine is switrched on, it will communicate with the SEPM to get the updates for request for policy and content, Even LUall.exe is triggered if it is enabled. If the conetnt updates can be downloaded in 1 hour then it should be ok.

 

Even you can download jdb file or Inteligent updater on another machine as soon it is up, you can update the machine.

netmgr's picture

if that is the case then im wondering what the 'continuously' option is on liveupdate frequency, listed in this document:

http://www.symantec.com/business/support/index?pag...

The Continuously option allows the client computers that infrequently communicate with the Symantec Endpoint Protection Manager server to get the latest updates. They get the latest updates when they connect to the network and authenticate to the server.

Rafeeq's picture

there are two modes of communication

push mode ( client will communicate to manager based on interval)

pull mode  ( constant connection)

second method will push the defs whenever they are avaialable (if system is ON)

for these machines. You can create a new group and make the communication setting as Pull mode. the moment they are on, they will communcate with manager and get the latest defs.

 

Rafeeq's picture

That option is when you are using Liveudpate administartor to update virus defs.

clients can take updates from

SEPM

Liveupdate administrator

Liveupdate server (using internet)

sandra.g's picture

Your client computers would heartbeat in to the SEPM when they were booted up and would automatically request the new content from the SEPM (as mentioned above), probably a full content set if they're off for weeks at a time. The new content would be whatever is available from the SEPM at the time. The rest of it would depend on whether the machines are on long enough to get a full content update while it's booted up, which will in turn depend on whether the network throughput is sufficient.

LiveUpdate options for "Continuously" would be about updating from a LiveUpdate server (internal or external), not the SEPM. When it says "They get the latest updates when they connect to the network and authenticate to the server"--that is referring to the LiveUpdate server.

sandra

Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!

netmgr's picture

 

OK that makes sense thanks

When a client requests new content does SEPM load level/schedule these requests or send it straight away?

Im just trying to understand why we have a large percentage of school use laptops that are only in use sporadically and for maybe 30 to 60 mins at a time that always seem to be lagging behind with the definitions.

perhaps they just arent on long enough to get the updates?

sandra.g's picture

When a client requests new content does SEPM load level/schedule these requests or send it straight away?

I didn't catch which version you were using, but Download Randomization would stagger updates within the defined time period (see attached image, which is from a 12.1.2 SEPM; obviously, choose your actual group). With the time set to 5 minutes (in the image), there could be up to a 5 minute delay in the start of the content download.

Do the client laptops have an internet connection while away from the network? Does the LiveUpdate server settings policy allow them to use a LiveUpdate Server? If not, this would be a good scenario for using location awareness. For example: If the laptop has an IP number assigned outside the network's range, then use a LiveUpdate policy that allows content to come in via a scheduled LiveUpdate.

Of course, if they don't turn on or wake up the laptops while away from your network, there's not much you can do about that. smiley

sandra

Randomization.png

Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!

Rafeeq's picture

those will be delta updates only not the full content

sandra.g's picture

Delta updates will only be provided if the SEPM has content going back as far as when the client last connected. If the SEPM's holding a month's worth of content, then yes, the client gets a delta if it's been off after 3 weeks away. If the SEPM doesn't have the base definition set (what the client has) from which to build the delta, it can't build the delta (the difference between the old and the newest) and must give the client the full update.

sandra

Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!

netmgr's picture

 

ill check the settings tomorrow, however the laptops never leave our wireless network location, the issue is that I dont think that when they do get turned on after maybe a day or 3 weeks they are on long enough to get the updates, especially as they may require a full update rather as a delta.

 

Quite a lot of laptops are only used by students within a small period of time then shut down, resulting in them having out of date definitions

it may well be that our Download Randomization is set too high - I will report back

netmgr's picture

ok thanks for all that info folks, it looks like we have the randomisation set perhaps a little high at 30 mins

I will look at reducing that and see how it drops the list of out of date PCs

One last thing if we enable location awareness and get updates from the internet when away from our network for other laptops, will that notify our own SEPM and give it the info it needs to update our reports on definition dates on that PC? or will it only know when it connects back onto our network?

sandra.g's picture

One last thing if we enable location awareness and get updates from the internet when away from our network for other laptops, will that notify our own SEPM and give it the info it needs to update our reports on definition dates on that PC? or will it only know when it connects back onto our network?

It will only be able to report back its status once it's back on your network and can connect to the SEPM.

sandra

Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!