Endpoint Protection

 View Only

  • 1.  SEPM contacting an external IP - Is it legit?

    Posted Aug 17, 2011 12:59 PM

    Need to resolve if the traffic I recently sniffed is legit....

     

    Should SEPM v11.x be pulling data from IP's on cachenetworks.com's (69.22.154.x) block?

     

    Thanks!



  • 2.  RE: SEPM contacting an external IP - Is it legit?



  • 3.  RE: SEPM contacting an external IP - Is it legit?

    Posted Aug 17, 2011 01:13 PM

    Looks to be content updates via LiveUpdate.



  • 4.  RE: SEPM contacting an external IP - Is it legit?

    Posted Aug 17, 2011 01:14 PM

    Hello Allen ,

    Rafeeq has mentioned it correct however if you dont want your Sep manager to get updates directly from external source .

    Then you can Introduce Liveupdate Administrator in your envoirnment .

    http://www.symantec.com/business/support/index?page=content&id=TECH102701



  • 5.  RE: SEPM contacting an external IP - Is it legit?

    Trusted Advisor
    Posted Aug 17, 2011 01:17 PM

    Hello,

    Symantec Endpoint Protection uses the Symantec Liveupdate Servers to update itself via the servers as below:

    http://akamai.net
    http://liveupdate.symantecliveupdate.com*
    http://symantec.com*
    http://symantec.symantecliveupdate.com*

    As these servers are located across the world, they would use such Public IP addresses.

    Incase, you feel you would like to keep a check or monitor the same, make sure you create an exceptions for the above sites and block others.



  • 6.  RE: SEPM contacting an external IP - Is it legit?
    Best Answer

    Posted Aug 17, 2011 01:19 PM

    Liveupdate is hosted with Akamai. I am not familiar with cachenetworks.

     


  • 7.  RE: SEPM contacting an external IP - Is it legit?

    Posted Aug 17, 2011 01:24 PM

    Ok, yes, it is Akamai, I was mistaken.

     

    Many thanks to everyone!  :)