Endpoint Protection Small Business Edition

 View Only
Expand all | Collapse all

sepm 12 clients running liveupdate outside schedule

  • 1.  sepm 12 clients running liveupdate outside schedule

    Posted Mar 20, 2013 11:56 AM

    I have a group of clients connected to sepm 12

     

    I have configured live update to only run at 21:00 and only try for 2 hours

     

    Most of the time that seems to work however sometimes like during the middle of the day a definition update occured which really slowed the PCs down

     

    How do I prevent this...?

     

     



  • 2.  RE: sepm 12 clients running liveupdate outside schedule

    Posted Mar 20, 2013 12:00 PM

    is it possible this update came from the SEPM instead or can they only get updates from Symantec LiveUpdate?



  • 3.  RE: sepm 12 clients running liveupdate outside schedule

    Posted Mar 20, 2013 12:08 PM
    im not sure... just looking at the client is shows definition update applied at 11:30 which is outside of the allowed time


  • 4.  RE: sepm 12 clients running liveupdate outside schedule

    Posted Mar 20, 2013 12:43 PM

    Check it

    Configuring the LiveUpdate download schedule for Symantec Endpoint Protection Manager

     

    Article:HOWTO54810  |  Created: 2011-06-29  |  Updated: 2011-12-20  | 

    Article URL http://www.symantec.com/docs/HOWTO54810

    Symantec Endpoint Protection Manager - LiveUpdate - Policies explained

     

    Article:TECH104435  |  Created: 2008-01-20  |  Updated: 2010-11-30  |  Article URL http://www.symantec.com/docs/TECH104435

     



  • 5.  RE: sepm 12 clients running liveupdate outside schedule

    Posted Mar 20, 2013 12:51 PM
    Check the System log to see what it shows as the source for the download.


  • 6.  RE: sepm 12 clients running liveupdate outside schedule

    Posted Mar 20, 2013 12:54 PM

    ok but

    how does this matter I defined a policy saying only do it at 21:00 and try for 2 hours

     



  • 7.  RE: sepm 12 clients running liveupdate outside schedule

    Posted Mar 20, 2013 01:19 PM
    Because that only applies for Symantec LiveUpdate. It couldve gotten the update from SEPM and there is no way to set a schedule for this. It happens automatically.


  • 8.  RE: sepm 12 clients running liveupdate outside schedule

    Trusted Advisor
    Posted Mar 20, 2013 02:48 PM

    Hello,

    Could you check the IDLE DETECTION state policy within the Liveupdate Policy of SEPM provided to the groups?

    Try removing the IDLE DETECTION settings, Retry Window and Download Randomization Options and check if that helps!!

    Check this Article:

    Symantec Endpoint Protection Manager 12.1 - LiveUpdate - Policies explained

    http://www.symantec.com/docs/TECH178257

    Hope that helps!!



  • 9.  RE: sepm 12 clients running liveupdate outside schedule

    Posted Mar 20, 2013 03:08 PM

    as silly as it seems ... i need to figure out a way to prevent any updates during business hours

     

    maybe a script to stop a service or something?

     

     



  • 10.  RE: sepm 12 clients running liveupdate outside schedule

    Posted Mar 22, 2013 03:33 AM

    Maybe not the update itself slows down the clients here but the triggered scan that is occuring afterwards?

    Does the scan occurs after the definitions on the client have been updated? If yes this would be then the Defwatch scan - and as if you want you can disable this one complete so that the machine are scanned only when the scheduled scan is set.

    To disable got to the AV policy -> Windows Settings -> Scheduled Scans -> Admin scans -> Advanced -> uncheck ~Run an Active Scan when new definitions arrive".

     

    Back to the definitions schedule - you can set this up only if the LIveupdate Symantec servers are the only source for the updates - if you have the Management server updates enabled as well - client will connect to SEPM according to heartbeat and take the definitions - ignoring this way the LU schedule - it is by default like that.



  • 11.  RE: sepm 12 clients running liveupdate outside schedule

    Broadcom Employee
    Posted Mar 23, 2013 05:18 AM

    Hi,

    There are two modes, push mode &  pull mode.

    Pull mode

    In pull mode, the client connects to the manager according to the heartbeat frequency. This procedure repeats indefinitely. The number of clients that can be supported in pull mode depend on the following conditions:

    Push mode

    In push mode, the client establishes a persistent TCP connection to the server. If a client cannot connect to the management server, it retries periodically, depending on the heartbeat frequency. The following conditions apply to push-mode communication:

    Client will connect to SEPM according to heartbeat and take the definitions.

    I think setting you have configured are applicable for SEPM liveupdate not for client liveupdate.

    You can take the help of other tools to find out which process is actually slowing down the system.