Endpoint Protection

 View Only

  • 1.  SEP Definition downloads

    Posted Jul 19, 2016 11:07 AM

    Are SEP client downloads determined by the liveupdate policy (4 hours) or by the heartbeat interval (defaul 30 minutes)? How often does the Symantec server download defs from Symantec?

    So I understand this correctly, Symantec will release definitions 3 times a day, and SEPM will tune in every 4 hours with the Symantec servers and pull down the definitions or do they do this real-time as definitions are released? After such, the clients download based on their 30 minute heartbeat interval?

     

    Any clarification appreciated. Thanks.



  • 2.  RE: SEP Definition downloads

    Posted Jul 19, 2016 11:10 AM

    The SEP client LU downloads are determined by both, potentially.

    If you have an LU policy assigned that uses both the SEPM and Symantec LU, the client will try both sources for content. It will heartbeat to the SEPM and determine if it needs content, if so, it grabs it. If you're also using Symantec LU it will check that as well based on your schedule time.

    Ideally, you only want to use one or the other. But it really depends on you.

    Yes, Mon-Fri will be 2-3x content updates. Sat-Sun, usually once per day.



  • 3.  RE: SEP Definition downloads

    Posted Jul 19, 2016 02:36 PM

    So by default, "Use the default management server" is selected along with "Use a liveUpdate server". So I understand correctly, you are saying the heartbeat interval (default is 30 minutes), will grab from the SEPM server (every 30 minutes), but will also every 4 hours pull from the Symantec Live server?

    So it doesn't use prioritization where it will use SEPM primarily, but then use Symantec Live in case for a fallback--rather it uses both?



  • 4.  RE: SEP Definition downloads

    Posted Jul 19, 2016 02:37 PM

    Correct, it will use both sources then.

     



  • 5.  RE: SEP Definition downloads
    Best Answer

    Posted Jul 20, 2016 04:18 AM

    If both "Use default management derver" and "Use a LiveUpdate server" are enabled, the behavior depends on the settings in the Schedule part of the LU policy. By default, the Options for skipping LiveUpdate are enabled. These conditions mean that LiveUpdate will only be used if the SEP client has too old content and/or has lost the connection to the SEPM (no heartbeat). But most of the time the client will update itself via SEPM.

    So, in the default settings, the connection to the SEPM is more equal than the LU connection -- LU is sort of a fallback option. You can see in the client's system log if the client is skipping the LiveUpdate connections.

    Of course you can disable these settings, and in this case the SEP client updates itself through LU and SEPM (depends which comes first) without skipping LU.