Endpoint Protection

We have an internal script for checking if all the SEP client is configured approprately.It check one registry key which I don't know the meaning of.

On 64bit Windows:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\PatternManager\Schedule]
"Type"=dword:00000001

32bit Windows :

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\PatternManager\Schedule]
"Type"=dword:00000001

The value of Type is required to be 1 in the script. I did my search,but no result was found.Could you please tell me what it means?

https://www-secure.symantec.com/connect/blogs/registry-key-location-changes-version-1211100

its LU schedule on the client. is it enabled =1

Yes.enabled =1

What I want to know is the Type key.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\PatternManager\Schedule]
"SkipEvent"=dword:00000002
"RandomizeDayOfWeek"=dword:00000006
"MinOfDay"=dword:000003fc
"MissedEventEnabled"=dword:00000001
"LastStart"=dword:3f501333
"Enabled"=dword:00000001
"TimeWindowMonthly"=dword:0000000b
"TimeWindowWeekly"=dword:00000003
"RandomizeDayRange"=dword:0000012c
"TimeWindowDaily"=dword:00000008
"RandomizeWeekStart"=dword:00000004
"Type"=dword:00000001
"RandomizeWeekEnd"=dword:00000006
"RandomizeMinOfDay"=dword:00000031
"DayOfWeek"=dword:00000005

that indicates its enabled to schedule on these settings.

Thanks pete, but I don't understand.If enabled = 1 , then the scheduled LiveUpdate is enabled,right? So why bother using another key? And what if type = 2?

There isn't any documentation for this specifically. Is there something you're looking to do with this info or just for knowledge?

Not sure exactly what this Pattern Manager/Schedule is referring to but it is definitely not the Liveupdate Schedule as the settings for LU are under:

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\Liveupdate\Schedule

Yes,_Brian,I didn't find any relevant documentation either.As I mentioned, there is a legacy Perl script written by my colleague (already quit) for checking the configuration for SEP client installed on the servers in our company.One of the check points is [Type] key and it's required to be 1.That's why I want to know exactly what it represents for.

Type = 1 - DAILY

Type = 2 - WEEKLY

Type = 3 - MONTHLY

Type = 5 - CONTINUOUSLY

Note: It doesn't look like we use Type 3 anymore.

Hope that helps!

Hi David-Z

Thanks for your information.It makes sense.But I'm still confusing.Even when the LiveUpdate is configured to run daily,the [Type] key is still 2. Maybe SEP doesn't use this key anymore?

Please refer to the following two snapshots.One is SEP11 , the other is SEP12. Both of them are configured to run LiveUpdate every day.

As I mentioned above Liveupdate settings are under different registry key - can you confirm with this one if the settings match those in the GUI?

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\Liveupdate\Schedule

Hope you don't mind.

I would like to ask.

1. Are you checking this from the client side?
2. Why don't you use the status on the SEP Manager to verify if each client is configured properly?
3. Are notifications turned off?
4. Have you visited the logs?

As far as I know, you can verify if the SEP clients are installed, configured and running properly using the SEP Manager.