If we're forced to always run SEP 12.x in managed mode, will the virus defs update OK should a user take their laptop home? We have a few users that work more often at home than at the office so have to make sure SEP will be kept updated regardless of where the user is.
Default settings should allow LiveUpdate to run on a schedule if the clients cannot connect to their management server. (By default LiveUpdate skips running if there is a good connection to the SEPM--the opposite is also true.)
The difference between 11.x and 12.1.x is that LiveUpdate changed for the SEP clients. For 11.x, SEPM and SEP clients use Windows LiveUpdate; for 12.1.x, SEPM still uses Windows LiveUpdate, but the SEP clients now use LiveUpdate Engine (which you will see referred to as LUE). I haven't investigated the operational differences in great detail but this could explain why there's a difference.
There is also a note in the "Known issues and workarounds" section of the 12.1.2 Release Notes (p 17 of the PDF) that may have something to do with what you're seeing, though I don't think you mentioned an error message:
Configuring an NTLM-enabled proxy to be used with HTTP basic authentication causes client LiveUpdate to return an error on the clients that run Windows XP/Vista (2750314)
Windows XP/Vista removes the authentication credentials that are submitted when you configure Symantec Endpoint Protection to use an NTLM-enabled proxy with basic authentication on the HTTP(S) host. This removal causes the client's LiveUpdate to return an error message.
There is no workaround.
Another alternative might be to whitelist traffic to the Symantec LiveUpdate servers (liveupdate.symantec.com, liveupdate.symantecliveupdate.com) on the proxy.
sandra