Endpoint Protection

Hi,

I have been asked to start looking in to rolling out SEP for our MAC clients (as our sophos renewel is coming up)

We have SEP rolled business wide on all of our Window machines and they want it rolled out now on our MAC's (Aprox 100 machines)

Now after reading alot of tech articles and documents I have setup our own LUA server version 2.2.2.9 for the MAC's to get their def's from and also now the SEPM. The Macs are also still beign managed by the SEPM as well.

Seeing as the mac gurus here like to keep updated with the OSX versions most of the MAC's here are getting updated to 10.7 so that means I have had to go back from 12.1 to 11.6 RU7 (but that dosnt realy bother me)

I did have an issue with my 2 test Mac's trying to contact the LUA server at the start but tralled through the logs and found out they were trying to go through our proxy server, so just added in a bypass and they contected fine after that :D

After a day or so I noticed that the clients def's were still sitting at 10/04/2010 r3. Now that cant be the current def's for a MAc client. A Year out of date?

When I manualy try and run the Liveupdate on the mac's themselves it says that they are up to date. Here is a snippit from the liveupdt.log showing me that they are connecting.

Nov 18, 2011 8:40:31 AM Java LiveUpdate launched with the command line = -c /Library/Application Support/Symantec/LiveUpdate/liveupdate.conf --abort-on-file-exists /private/tmp/liveupdate.2.3W3jAe --available-list /private/tmp/liveupdate.3.SfQFjO [ -p Symantec Endpoint Protection for Mac Virus Defs V2 -v MicroDefsB.Full -l SymAllLanguages -z 0 -t IntelVirusDef ] [ -p Symantec Endpoint Protection for Mac Virus Defs V2 -v MicroDefsB.CurDefs -l SymAllLanguages -z 2010100403 -t IntelVirusDef ]

Nov 18, 2011 8:40:31 AM   Symantec Endpoint Protection for Mac Virus Defs V2, MicroDefsB.Full, SymAllLanguages, IntelVirusDef, 0

Nov 18, 2011 8:40:31 AM   Symantec Endpoint Protection for Mac Virus Defs V2, MicroDefsB.CurDefs, SymAllLanguages, IntelVirusDef, 2010100403

Nov 18, 2011 8:40:31 AM Using character set UTF-8 Nov 18, 2011 8:40:31 AM Command-line Product Selections to update:

Nov 18, 2011 8:40:31 AM (ProdName, Version, Lang, ItemSeqName, SeqNum) Nov 18, 2011 8:40:31 AM Adding JLU to the current command line

Nov 18, 2011 8:40:31 AM   JLU Macintosh, 3.6, English, LiveUpdateSeq, 20

Nov 18, 2011 8:40:31 AM Java Version 1.6.0_26.

Nov 18, 2011 8:40:31 AM Mac OS X 10.7.2

Nov 18, 2011 8:40:31 AM Java LiveUpdate version 3.6 Build 20.

Nov 18, 2011 8:40:31 AM ProductInventory: parsed default inventory file: /etc/Product.Catalog.JavaLiveUpdate

Nov 18, 2011 8:40:31 AM Inventory File Product Selections to update:

Nov 18, 2011 8:40:31 AM (ProdName, Version, Lang, ItemSeqName, SeqNum) Nov 18, 2011 8:40:31 AM The property maxZipFileSize is not set in config file Nov 18, 2011 8:40:31 AM The property maxZipFileSize in config file changed to 614,400 Nov 18, 2011 8:40:31 AM The property maxTriFileSize is not set in config file Nov 18, 2011 8:40:31 AM The property maxTriFileSize in config file changed to 10,485,760 Nov 18, 2011 8:40:31 AM The property maxPackageSize is not set in config file Nov 18, 2011 8:40:31 AM The property maxPackageSize in config file changed to 734,003,200 Nov 18, 2011 8:40:31 AM The property maxPackageContentSize is not set in config file Nov 18, 2011 8:40:31 AM The property maxPackageContentSize in config file changed to 734,003,200 Nov 18, 2011 8:40:31 AM Cache is disabled.

Nov 18, 2011 8:40:31 AM Checking to see if JLU can connect to its own listener thread.

Nov 18, 2011 8:40:31 AM Checking to see if a session of JLU is running at port 49216.

Nov 18, 2011 8:40:31 AM An active JLU session has been detected.

Nov 18, 2011 8:40:31 AM JLU was able to successfully connect to its own listener thread.

Nov 18, 2011 8:40:31 AM Downloading minitri.flg to /private/tmp/liveupdate/1321576831758/minitri.flg ...

Nov 18, 2011 8:40:31 AM Connecting to luasvr01.wanews.com.au:7070 via HTTP ...

Nov 18, 2011 8:40:31 AM Connected to 172.28.1.31 sending request ...

Nov 18, 2011 8:40:31 AM Waiting for response ...

Nov 18, 2011 8:40:31 AM Receiving file ...

Nov 18, 2011 8:40:31 AM Transfer completed in 8 ms (32,500 bytes/sec) Nov 18, 2011 8:40:31 AM Downloading jlu$20macintosh_3.6_english_livetri.zip to /private/tmp/liveupdate/1321576831758/jlu$20macintosh_3.6_english_livetri.zip ...

Nov 18, 2011 8:40:31 AM Connecting to 172.28.1.31 via HTTP ...

Nov 18, 2011 8:40:31 AM Connected to 172.28.1.31 sending request ...

Nov 18, 2011 8:40:31 AM Waiting for response ...

Nov 18, 2011 8:40:31 AM Downloading symantec$20endpoint$20protection$20for$20mac$20virus$20defs$20v2_microdefsb.full_symalllanguages_livetri.zip to /private/tmp/liveupdate/1321576831758/symantec$20endpoint$20protection$20for$20mac$20virus$20defs$20v2_microdefsb.full_symalllanguages_livetri.zip ...

Nov 18, 2011 8:40:31 AM Connecting to 172.28.1.31 via HTTP ...

Nov 18, 2011 8:40:31 AM Connected to 172.28.1.31 sending request ...

Nov 18, 2011 8:40:31 AM Waiting for response ...

Nov 18, 2011 8:40:31 AM Downloading symantec$20endpoint$20protection$20for$20mac$20virus$20defs$20v2_microdefsb.curdefs_symalllanguages_livetri.zip to /private/tmp/liveupdate/1321576831758/symantec$20endpoint$20protection$20for$20mac$20virus$20defs$20v2_microdefsb.curdefs_symalllanguages_livetri.zip ...

Nov 18, 2011 8:40:31 AM Connecting to 172.28.1.31 via HTTP ...

Nov 18, 2011 8:40:31 AM Connected to 172.28.1.31 sending request ...

Nov 18, 2011 8:40:31 AM Waiting for response ...

Nov 18, 2011 8:40:31 AM

Nov 18, 2011 8:40:31 AM The Java LiveUpdate session has completed successfully.

Nov 18, 2011 8:40:31 AM Return code = 0

Nov 18, 2011 8:40:31 AM

Goto the Article mentioned in the below Link

http://www.symantec.com/business/support/index?page=content&id=TECH103198&actp=search&viewlocale=en_US&searchid=1321598913794

I have already read that Article and if you look at the logs they are contacting the LUA server fine and downloading the definitions fine. But the clients are not updating.

Hi Mark,

>  I have setup our own LUA server version 2.2.2.9 for the MAC's to get their def's from and also now the SEPM

For the sake of security and stability, I strongly recommend that you contact Technical Support for details on how to upgrade to the newer LUA 2.3.  Your current version has a known vulnerability.

> most of the MAC's here are getting updated to 10.7 so that means I have had to go back from 12.1 to 11.6 RU7 (but that dosnt realy bother me)

The new SEP 12.1 RU1 has support for Lion. No need to roll back: upgrade!  &: )

Support for Mac OS X 10.7 (Lion) with Symantec Endpoint Protection for Mac
Article: TECH166376 | Created: 2011-08-03 | Updated: 2011-11-16 |
Article URL http://www.symantec.com/docs/TECH166376

>  did have an issue with my 2 test Mac's trying to contact the LUA server at the start but tralled through the logs and found out they were trying to go through our proxy server, so just added in a bypass and they contected fine after that :D

"Thumbs up!"

Are you absolutely, positively certian that the LUA server has the latest Symantec Endpoint Protection for Mac Virus Defs V2 definitions?  (It is very common for admins to select "Symantec Endpoint Protection for Mac Virus Defs" instead by accident.)

Please check and keep this thread updated with your progress!

All the best,

Mick
 

Hi Mick,

• Yea I couldnt find out how to get 2.3 so I just went with what I could get off the Symantec website.
• I know that 12.1 RU1 supports Lion but I called up and they said it hadnt been released yet and I was like huh? so didnt argue about it and just went with RU7
• I have everything selected to download under SEP v11.0 and SEP v12.1 so I'm not to sure if I should only select just the MAC virus defs or if selecting everything has caused the issue?

Look forward to your feedback.