Endpoint Protection

 View Only

  • 1.  LiveUpdate Content policy Settings?

    Posted Sep 21, 2009 10:39 AM
    So out to the box here is the way the security Definitions each client use.  
    1.JPG

    I also know you should only download the items that you use.  

    But I am looking for a better description of what technology is link to each download.

    Also is there a brief description of the benefits of each

    I need to tune the download to each client so it not 2 MB to each client. I need that to be smaller.  


     


  • 2.  RE: LiveUpdate Content policy Settings?

    Posted Sep 21, 2009 11:24 AM

    Title: 'Reducing Content Cache on the Symantec Endpoint Protection Client'
    Document ID: 2008021510024348
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008021510024348?Open&seg=ent



    Title: 'Determining the definitions available to clients on a Symantec Endpoint Protection Manager'
    Document ID: 2009013010395248
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009013010395248?Open&seg=ent


  • 3.  RE: LiveUpdate Content policy Settings?

    Posted Sep 21, 2009 11:32 AM
     
    Antivirus and antispyware definitions : These definitions contain two types of updates, full-version update and direct-delta update. The type of the update is
    included in the update package. Separate virus definition packages are available for the x86 and the x64 platforms.
     
     
    Decomposer signatures These signatures support the Antivirus and  Antispyware Protection engine, and are used to decompose and read the
    data that is stored in various formats.
     
    TruScan proactive threat scan heuristic signatures :  These signatures protect against zero-day attack threats.
     
    TruScan proactive threat scan commercial application list These application lists are the legitimate commercial applications that have generated false positives in the past.
     
    Intrusion Prevention signatures  These signatures protect against network threats and support the intrusion prevention and detection engines.
     
    Symantec Security Response. Submission Control :These signatures control the flow of submissions to signatures
     
     
    Host Integrity Signature :These templates include the predefined requirements that enforce updated patches and security measures on the client
    computer. Only available in the Site Properties dialog box when you install Symantec Network Access Control


  • 4.  RE: LiveUpdate Content policy Settings?

    Posted Sep 21, 2009 12:19 PM
    So on 32 bit clients is it also recieving the dat file for the 64 bit version.   From what I can tell it is.  Is that correct?


  • 5.  RE: LiveUpdate Content policy Settings?

    Posted Sep 21, 2009 12:54 PM
    No a 32 bit client will not receive the dat files for 64 bit

    On the Cleint navigate to :

    HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint Protection\Content\{

    {C60DC234-65F9-4674-94AE-62158EFCA433}  For 32 bit

    {1CD85198-26C6-4bac-8C72-5D34B025DE35} For 64 bit

    See the diffrence


  • 6.  RE: LiveUpdate Content policy Settings?
    Best Answer

    Posted Sep 21, 2009 12:59 PM
    You can get the same info from  Sylink.log


    10:42 [2788] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {1CD85198-26C6-4bac-8C72-5D34B025DE35} Seq:90821007
    08/22 05:10:42 [2788] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS

    It means that it  ignoring the 64 bit defintions


  • 7.  RE: LiveUpdate Content policy Settings?

    Posted Sep 21, 2009 03:51 PM
    So each machine is still downloading 2MB of data what is the best way to trim this down?


  • 8.  RE: LiveUpdate Content policy Settings?

    Posted Sep 24, 2009 06:28 AM
    What are the components you have installed?

    Just AV and AS? or all of them?

    If you just have AV i dont think they need truscan and IPS signatures. you can uncheck those.