Endpoint Protection

Hi

Im running SEP 11 MR4 MP2 on my network.

also i have configured a LUA server 

my SEP Manager get updates from my LUA server, and the clients LU policy contains updating only from my LUA server.

when i noticed that clients didn't update the AV definitions and that my SEPM had that 31/12/2009 bug, i updated it with that 3 cycles of manual download (from Symantec LU Server, of course) and changed the clients  policy to get updates only from the SEPM.

Now it's all working well.

My question is, how come my clients did not get the AV definitions, while they were set to get updates from my LUA Server? because as far as i know, that 31/12/2009 bug doesn't affect the LUA server. - unless the SEP Manager gets updates from the LUA server - then how come the LUA server didn't update my clients' AV definitions?

i just need someone to explain it to me plz.

let me know if any additional info needed.

Thanks,
Shachar

As you had to make changes to LUA also

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010010901022848


for LiveUpdate Administrator 2.2.x Users:

Ensure that LUA 2.2.2.9 (or higher) is in use.Updating the LiveUpdate Administrator Product Updates List:
• 1. Log into the LiveUpdate Administrator (LUA) website
  2. Click on the Configure tab
  3. Choose Update Symantec Product Catalog in the My Symantec Products Tasks list
Updating the LUA Download Schedule:
• 1. Click the Download and Distribute tab on The LUA website
  2. Select Schedules from the Download and Distribute menu
  3. Select the Download Schedule currently configured to download Content Updates for distribution to the SEPM and click the Edit button
  4. Click the Add button in the Select Products section
  5. Re-Check the checkbox next to the Symantec Endpoint Protection v. 11.0 product
     • The Checkbox icon will change from a square to a checkmark indicating all content available for SEPM has been selected.
  6. Click the Add button
  7. Click the OK button to save the Download Schedule
Reconfiguring the LUA Distribution Center:In order to ensure the LUA is updated with all of the needed Content Catalog entries for the new content streams needed for downloading 2010 definitions, any cached Product Catalog information must be flushed from the list. Follow these steps to flush any cached Content Catalog information.
• 1. Click the Configure tab on the LUA website
  2. Select Distribution Centers from the Configure menu
  3. Select the Distribution Center currently configured to distribute Content Updates to the SEPM and click the Edit button
  4. Click on Symantec Endpoint Protection v11.0 English in the Product List section and click the Delete button
  5. Click the Confirm Delete button on the confirmation page
  6. Once the Endpoint Protection content has been flushed from the Distribution Center, click the Add button next to the Product List section
  7. Check the Symantec Endpoint Protection v.11.0 <language> checkbox in the Add Products list
  8. Click the OK button to add the product to the Distribution Center
  9. Click the OK button to save the changes to the Distribution Center
Updating the LUA Distribution Schedule:
• 1. Click the Download and Distribute tab on The LUA website
  2. Select Schedules from the Download and Distribute menu
  3. Select the Distribution Schedule currently configured to distribute Content Updates to the SEPM and click the Edit button
  4. Click the Add button in the Select Products section
  5. Re-Check the checkbox next to the Symantec Endpoint Protection v. 11.0 product
     • The Checkbox icon will change from a square to a checkmark indicating all content available for SEPM has been selected.
  6. Click the Add button
  7. Click the OK button to save the Download Schedule
Manually Downloading and Distributing new content:To ensure the new Content Updates are available as soon as possible, manually download and distribute the new updates.
• 1. Click the Download and Distribute tab on the LUA website
  2. Select Schedules from the Download and Distribute menu
  3. Select the newly configured Download Schedule and click the Run Now button
  4. Once the manual download completes, select the newly configured Distribution Schedule and click the Run Now button
Updating the Symantec Endpoint Protection Manager:The SEPM must first download and apply the 2010 definitions patch. After the 2010 definitions patch has been downloaded, the SEPM must then download and apply an updated product catalog in order to be able to download the new definitions with 2010 dates. Once the content catalog is updated, the SEPM will need to LiveUpdate one more time in order to download the newly created 2010 definitions.
• 1. To download and apply the 2010 definitions patch:
     1. In the SEPM, click on the Admin Tab
     2. From the Admin menu, choose Servers
     3. Select the Local Site from the list
     4. Select Download LiveUpdate Content from the Tasks Pane
     5. Click the Download button in the Download LiveUpdate Content window
     6. This update will require a restart of the SEPM server
  2. To download the updated Content Catalog:
     1. In the SEPM, click on the Admin Tab
     2. From the Admin menu, choose Servers
     3. Select the Local Site from the list
     4. Select Download LiveUpdate Content from the Tasks Pane
     5. Click the Download button in the Download LiveUpdate Content window
     6. Click the Close button once the LiveUpdate session has completed
  3. To download new 2010 dated definitions:
     1. In the SEPM, click on the Admin Tab
     2. From the Admin menu, choose Servers
     3. Select the Local Site from the list
     4. Select Download LiveUpdate Content from the Tasks Pane
     5. Click the Download button in the Download LiveUpdate Content window
     6. Click the Close button once the LiveUpdate session has completed
Caveats and considerations:
• • After making these changes, the LUA server will download both 12/31/2009 and 2010 definition sets until Security Response returns to normal publishing routines for SEP definitions.
    • This means each definition revision will require approximately double disk space on the LUA server and any distribution center.
    • Once the 2010 definition issue patch has been distributed to customers, Security Response will no longer publish 12/31/2009 rev. xxx definitions and the disk space required to host SEP definitions will return to normal.

if you use LiveUpdate Administrator and the following critieria are true:

 

1. The SEPM is configured to download updates through LUA instead of Public LiveUpdate
2. SEP Clients are configured to download updates from their SEPM.

then please ensure you read the following KB: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010010901022848

Hi Shachar,

The advice above is excellent and should enable you to resolve the 31 December 2009 patch questions.

A couple follow-on considerations:

if your whole organization is using SEP, you may not need LUA 2.x at all.  LUA is good at downloading and providing content for SEP, SAV, SMSMMSE, Scan Engine, and so on.  But if the only Symantec product that you have is SEP, then allowing the SEPM to download and distribute the content (perhaps with help from GUPs) is often most efficient.

Make sure that you do not have the SEPM and LUA installed on the same physical server!  That is unsupported.

Make sure that you are running LUA 2.2.2.9 (the latest available release) and that you have tuned it for performance: LiveUpdate Administrator 2.2 Performance Tuning

Finally: here is a forum idea (enhancement request) that you may wish to add your vote to: "Hit Counter" Page for LiveUpdate Administrator 2.x.  There are other suggeste LUA improvements in the Ideas section, too.... see if you agree with them!

Thanks and best regards,

Mick