Endpoint Protection

 View Only

  • 1.  Scheduled updates from management server

    Posted May 07, 2013 10:43 AM

    I have my management server set to get updates daily starting after 5pm. and the client machines typically update after that. However, I have one group that needs to update at a different time (14:00).  If I go to the live update scheduler it says that it doesn't impact downloads from that server.  This particular group of clients has no internet access so they must get it from the management server at the specified time, but I'm not sure I've done this correctly.  I created a new live update policy and only selected the management server, then scheduled liveupdate to run at 14:00.  Not sure if I've done this correctly.



  • 2.  RE: Scheduled updates from management server
    Best Answer

    Posted May 07, 2013 10:49 AM

    There is  no way to schedule updates from the SEPM to the client. They will update automatically once they check in to the SEPM and are notified that updates are available.

    The schedule you set only pertains to Symantec LiveUpdate servers

    untitled_12.JPG



  • 3.  RE: Scheduled updates from management server

    Posted May 07, 2013 10:59 AM

    So essentially, I'd need to set up an internal LU server to handle this or they will just update when they check-in?

    Thanks,

    Tony



  • 4.  RE: Scheduled updates from management server

    Posted May 07, 2013 11:19 AM

    It's not recommened to use a LUA to do this but it depends on how many client you need to update at that time? It could theoretically be done

     

    Best Practices for LiveUpdate Administrator (LUA) 2.x

    Article:TECH93409  |  Created: 2009-01-13  |  Updated: 2012-11-28  |  Article URL http://www.symantec.com/docs/TECH93409

     

    When to use LiveUpdate Administrator

    Article:TECH154896  |  Created: 2011-03-07  |  Updated: 2012-07-18  |  Article URL http://www.symantec.com/docs/TECH154896

     



  • 5.  RE: Scheduled updates from management server

    Trusted Advisor
    Posted May 08, 2013 09:47 AM

    Hello,

    What you are trying to achieve could be only done by setting up an LUA. However, I would suggest you to check these Articles:

    When to use LiveUpdate Administrator 

    http://www.symantec.com/docs/TECH154896

    LiveUpdate Administrator 2.x and Symantec Endpoint Protection Manager on the Same Physical Server

    http://www.symantec.com/docs/TECH105076

    Best Practices for LiveUpdate Administrator (LUA) 2.x

    http://www.symantec.com/docs/TECH93409

     

    Here are a couple articles about LUA that may also help:

    https://www-secure.symantec.com/connect/articles/managing-liveupdate-administrator-2x-space-usage

    https://www-secure.symantec.com/connect/articles/helpful-liveupdate-administrator-2x-analogy

    Hope that helps!!



  • 6.  RE: Scheduled updates from management server

    Posted May 08, 2013 10:08 AM

    In summary:

    Whenever the SEPM gets a hold of the latest definitions, any clients configured to "Update via the default management server" will pick up those new defs on the next heartbeat and randomisation window.

    That means when you change your SEPM's schedule to run at 2pm, then all clients are likely going to download the defs shortly after that.

    Currently, the only way to accurately schedule the download of definitions on SEP Clients is to enable "Update via LiveUpdate", which enables the scheduling options, and either point them at Symantec LiveUpdate (if your WAN link can handle it) or at an internal LUA server as you mentioned.

    There is an active IDEA for the option to schedule the definition downloads via the SEPM.  Please vote for it if you think it beneficial:

    https://www-secure.symantec.com/connect/ideas/option-have-update-windows-endpoints-without-use-symantec-liveupdate-or-liveupdate-administrat