Endpoint Protection

Hi

We have notice that our SEP client directly downloading signature file from internet from Symantec Liveupdate server, this information has been given by network reporting tools.

I have attached screen shots of configuraion live update on Symantec server for our groups, is this correct configuration 

We want our SEP client only download from our SEP server only there should not be any secondary location of live update

Thanks

uncheck the second mark i.e. "use a liveupdate server". Once changed the client should take the policy and update only from SEPM.

Hello,

Correct, Uncheck the "Use a Liveupdate Server" from the Liveupdate Policy.

and check this Article:

Symantec Endpoint Protection Manager 12.1 - LiveUpdate - Policies explained

http://www.symantec.com/docs/TECH178257

Hope that helps!!

HI,

Please remove Second Check box

Can you check any unmanged client are avaialble in your Enviorement ?

It's updating directly internet.

Hi Golani,

"Thumbs up" to the advice, above!

One extra note: please be sure that you are using the latest releases of SEP.  There are known conditions in which earlier releases of individual SEP 11 clients will go to the default internet-based LiveUpdate servers despite being configureed to go to an internal source. 

Here is an article with more information:

SEP clients go to the LiveUpdate server on the Internet despite a LiveUpdate policy from the SEPM to prevent that.
Article:TECH95946   |  Created: 2009-01-02   |  Updated: 2012-06-01   | 
Article URL http://www.symantec.com/docs/TECH95946

Please do update this thread with news if this has fixed the issue for you!
 

Agreed. uncheck "Use a Live update server".

Hi

Is there any other way after unchecked " Use a Live Update Server" to confirm that all my SEP client are only downloading signature from SEP server only. Like log or event on SEP client that client is only communicating for singnature update to SEP server not going to Internet

Thanks

Hello,

You could check the sylink.log and you could also check the Client Activity Log.

Check this Article:

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

http://www.symantec.com/docs/TECH104758

How can we check which content SEP 12.1 clients are downloading from GUP?

https://www-secure.symantec.com/connect/articles/how-can-we-check-which-content-sep-121-clients-are-downloading-gup

Hope that helps!!

You can check the client server activity log, but this works only for SEP 11 RU 7 & later versions.

You can check the sylink monitor

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

http://www.symantec.com/business/support/index?page=content&id=TECH104758

http://www.symantec.com/business/support/index?page=content&id=TECH103369

You can also see if there is any internet traffic from your clients.