For port scan and Antimac spoofing check from the source of these attacks it might be false positive if it coming from internal network.

For GUP to be enabled even if you have just AV & ASpy its works..So make sure your new GUP policies are assigned properly.

Hi,

Please make sure that the machines acting as GUP are upgraded to the latest version. Also, you can refer to the following articles for for information on GUP in RU5:

https://www-secure.symantec.com/connect/articles/c...

https://www-secure.symantec.com/connect/articles/t...

As you have upgraded 100 users, you can specify the Liveupdate policy with the IP addresses of GUP for those machines and see if they get the definitions.

As you mentioned that after the upgrade, clients started to have popups for features you had disabled earlier, you can confirm the same settings from SEPM as well as the client.

Best,
Aniket

We had Tracking Cookies set as a Centralized Exception and set as Ignore.

After moving SEPM from MR4MP1a to RU5, our scheduled scans started throwing alerts for Tracking Cookies. It was still a Centralized Exception but it had changed from Ignore to Log.

FWIW,

Ray

I have confirmed that computer names are not working for GUPS after the upgrade in my environment.  When you look in the SEPM and do properties on the machine that is setup as the GUP you see a true statement next to that field.  But this is not so true.  I let one of the sites sit for several days and the machines never recieved updates.  I changed to update from managment server only and within 2 hours all users were current.  I am starting my testing for the Ip address now. 

Just make sure it wasnt the upgrade process.  I tested uninstalling the clients completly and reinstalling them and recieved the same result.  Will post back my finding after the ip address testing. 

Ever since I upgraded to RU5 the GUP feature has stopped working.  I have now tried using the IP address of a machine that is local to the group.  Yes the machine shows in the management console as the GUP and it has the shared folder in the program files, but the other machines will not update by this method.  Is anyone else experiencing this problem after upgrading from MR4 to RU5?

 You need to upgrade the Clients to MR5 as well..

I am testing the upgrade on five groups.  All are upgraded and all have a defined GUP.  I did just check something that you listed in a post earlier and it was this file location:

GUP List is stored in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\gup

The file globalindex.xml contains information about the globallist.xml .

I have noticed that only three out of the five locations are showing in this XML file and out of the three only one of them is actually working properly.  i will reboot the server and see if the globallist.xml file refreshes.   

Hi,

The primary method of finding all the GUPs will be to go to clients->Search clients and search for "Group Update Provider" " = " " True"

I have never payed attention to that feature under task.  Thank you for that quick search feature.  I have rebooted the server and still only three GUPs out of five are showing.  I will give the server some time to allow all the machines to make contact back with it and will check it then.  Thank you for your help.

Please confirm your policy for liveupdate. How did you define these GUPs? Did you define the IP addresses manually, or created a criteria to be satisfied. If the policy is correct, make sure that the clients have received this policy.

Aniket

I noticed that once the server was upgraded all GUPS that were prevously defined had been removed.  I have manually gone back into the Live update settings and selected GUP.  In one group I have entered the IP address of the GUP and in the other I put the name of the machine.  Both are working the same.  I will monitor and check back. thankyou

 In our environment, we have 2 SEPM servers (no replication) and approx 40 GUPS.  We've only upgraded a handful of clients and 3 GUPS.  When searching as described above, the only results returned are the GUPS running RU5.  None of the MR4MP2 GUPS are displayed.  Is this a flaw in the RU5 search?  Or are the clients no longer talking to MR4MP2 GUPS and getting updates from their respective SEPM servers (policies are defined such that clients are supposed to get updates from SEPM after 12 hours of no GUP contact).  In all liveupdate policies checked, the old version GUPS are still defined as they were before the SEPM upgrades.

I was beginning to think that the GUPS had started working but I now realize that the machines are contacting the SEPM because the GUP time is expireing.  I have doubled checked all the xml files and have done searches for GUPS and everyone shows but the machines are not using them.  I can change the policy to use sepm only and all updates are applied within 10 hours.  Change to GUPS and then they sit there for 10 days before they contact the SEPM to get there updates. 

RU5 prides itself on the GUP features but they are useless in my environment and are beginning to cause bandwidth issues. I had no problems with GUP before the upgrade.  I have attempted a clean install of clients in one group and that did not help. 

Does a server rebuild sound like something that is in my future?