Endpoint Protection

I have configured live update policy using Explicit GUP for the clients for which I have the client subnet details. Also I have enabled the internal live update server option and scheduled to run for the clients older than 3 days definitions in the same policy. (as these subnets have very few clients and GUP is not feasible for them). However these machines are still not downloading definitions from the internal live update server even though they are running with more than 3 days old definitions. Please help me clarify if my understanding for the skip live update functionality is correct and what other things I can check to resolve this.

So you have a LUA server in place? Did you add that into the policy? Perhaps some screenshots here will help...

Yes Brian, we have LUA server in place and enabled the live update button on the clients also. when hitting the live update button on the client it downloads the definition from the assgined LUA, but the clients which are running older than 3 days definitions are not downloading the definitions automatically. Live update schedule is selected to run for every 4 hours and the skip live update option is enabled if the clients are running within 3 days definitions. Also as I mentioned earlier the Explicit GUP policy is working for the clients where the client subnet details and the respective GUPs are assigned.

On your GUP policy settings you also need to select either the single or multiple GUP option. One of these needs to be used in conjunction with the Explicit GUP.

Thanks for the reply. Appreciate if you could explain how exactly the above changes would make the client download from the definition from LUA.If there is any article that can explain more about this.

They wouldn't, but, your GUP policy still needs to be corrected.

Enable sylink debugging on the client:

How to enable Sylink debugging for Endpoint Protection clients

Let it run thru a few update attempts and review the log for issues.

Really, you should only need to update from teh GUP or SEPM when on network and from Symantec LU when off network.

Is there a reason you're using a LUA?

The main idea behind using the LUA is because we do not have GUPs available for all client subnets. Also if I enable the multiple GUP option in the same live  update policy, does the client in different subnet can still download definition from a GUP in a different subnet ? and I am afraid of using the single GUP in this policy because this will be assigned to the clients globally and this should not cause any unnecessary bandwidth issues to that single GUP. We are planning to maintain only a couple of live update policies all together and not a bunch of policies for live update.