Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP 11 virus defintion update settings

Created: 01 Apr 2013 | 6 comments

Hi,

I would like to have the information for the "Best practice" regarding the schedule update on sep 11 for big enterprise.

I did my work and found many best practice for the SEp 11 av. I was able to get the heartbeat, GUP, etc. But, I did not found any information regarding if the recommend the endpoint to look for update every hour, 2 horus, 6 hours, etc.

I know that the bandwith speed must be considered also. Let's consider that every low-speed have a local GUP in place, so only the GUP will load the definition and that the majority of the corporation (80%) is runnign on high-speed internet conenction.

Thanks

Operating Systems:

Comments 6 CommentsJump to latest comment

.Brian's picture

I don't believe there is a true best practice guide for this, at least not that I could find.

This KB article has a table which shows content distribution time:

Best Practices for configuring the number of content revisions to keep in Symantec Endpoint Protection Manager

Article:TECH92225  |  Created: 2009-01-05  |  Updated: 2012-03-30  |  Article URL http://www.symantec.com/docs/TECH92225

The sizing and scalability guide also has some very valuable info regarding content distribution:

Symantec Endpoint Protection (SEP) Sizing and Scalability recommendations

Article:TECH123242  |  Created: 2010-01-16  |  Updated: 2013-03-08  |  Article URL http://www.symantec.com/docs/TECH123242

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

In a managed environment. Your cleints will be using heart beat for any updates.

You need to configure your SEPM to look for updates from Symantec every 4 hours.

is the schedule update from internet or from SEPM?

MHinse's picture

Hi Brian81,

Thanks for your quick answer.

I found the same information that you mentionned. smiley

I was wondering if I want to push more often the update on the endpoint (like every 2 hours) if SYmantec as any recommendation regarding this settings ?

Thanks,

MHinse

.Brian's picture

It all depends on your bandwidth limit. The rate at which your endpoints get updated depends on what you have their heartbeat set to. However, it sounds like you have some GUPs configured so this will also improve the performance of your network. These will take care of your clients on the local subet, which you should really see a nice improvement.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

Have you gone trough these?

Best practice for configuring LiveUpdate when installing a Symantec Endpoint Protection Manager and Symantec Endpoint Protection client on the same machine.

http://www.symantec.com/business/support/index?page=content&id=TECH102337
 
About best practices for LiveUpdate policy settings
 
 
http://www.symantec.com/business/support/index?page=content&id=HOWTO81247
Mithun Sanghavi's picture

Hello,

I would suggest you to check these Articles:

Getting up and running on Symantec Endpoint Protection for the first time

http://www.symantec.com/docs/HOWTO55274

Planning the installation http://www.symantec.com/docs/HOWTO55061

Network architecture considerations http://www.symantec.com/docs/HOWTO55114

Symantec Endpoint Protection (SEP) Sizing and Scalability recommendations

http://www.symantec.com/docs/TECH123242

GUP__Sizing_and_Scaling_Guidelines

https://www-secure.symantec.com/connect/downloads/gupsizingandscalingguidelines

How To Optimize Endpoint Protection for Branch Offices using GUPs, Load Balancing, and Location Awareness

http://www.symantec.com/docs/TECH94122

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.