We are deploying with the following locations:

• Disconnected - Update from Symantec
• Connected in a known Subnet - Update from an Explicit GUP's
• Connected in an unknown Subnet - Update from a Single GUP

Is it possible to check which Location and GUP an endpoint is using from querying the SEP database and/or the console?

Hi,

Check this Article:

How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)

http://www.symantec.com/docs/TECH97190

I would also suggest you to check the Articles below which may interest you:

Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP)

http://www.symantec.com/docs/TECH104539

Group Update Provider(GUP): Sizing and Scaling Guidelines

http://www.symantec.com/business/support/index?page=content&id=TECH95353&locale=en_US

SEP Content Distribution Monitor / GUP monitoring tool

http://www.symantec.com/business/support/index?page=content&id=TECH156558

GUP content monitoring tool video

https://www-secure.symantec.com/connect/videos/sep-content-distribution-monitor-introduction

and 

Link to download the SEP Content Distribution Monitor Utility 

https://www-secure.symantec.com/connect/downloads/sep-content-distribution-monitor

 You can find events regarding updates from the GUP by going to Monitors > Logs > Log type: System > Log content: Client activity > View log

How to determine what content SEP 12.1 clients are downloading from a GUP?

on the client check the location, the policy related to the location will be applied

Is it possible to check which Location and GUP an endpoint is using from querying the SEP database and/or the console?

You can check the policy number directly in SEP client GUI by going to Help - Troubleshooting - General -> here you will find the policy serial number

For the GUP check the System logs on the SEP client - there you will find entries specifying that the client has downloaded content from a GUP.

known subnet ---> related gup

unknown subnet ---> single gup

You make it from the same single liveupdate policy.

I don't think the best way is to use location.

What I need is to be able to look at this information in a centralised interface to ensure that the SEP agent is using the right GUP. Thus any suggestions about looking at each individual SEP agent is not answering the question.

Monitor - Logs - Event Source :"SYLINK" could provide you every information about clients update you need.

You can check under the logs in SEPM

How to determine what content SEP 12.1 clients are downloading from a GUP?

http://www.symantec.com/business/support/index?page=content&id=TECH188574

Thanks all,

Whilst I can look for the GUP information from the SEPM, however it is nowhere near being as neat as I would have expected. Also the data interpretation does not appear to be easily automated.

Further, I see nothing about confirming that the location the agent thinks it is in being visible within the console.

Unfortunately this seems to confirm my suspicion that there is no way of going somewhere within the interface and finding this information.

Further, this means that it is unlikely that I can construct a monitoring/reporting format that identifies when an endpoint has calculated the wrong:

• Location and thus has the incorrect update policy.
• GUP to use, especially when using an Explicit GUP.

Thus we can not proactively manage the implications of this on the network infrastructrue, only manage retrospectively once an issue is highlighted.

Shame, as I would have thought that this kind of requirement would have been addressed within an enterprise product.

Looks like I will be putting in an enhancement request.