Endpoint Protection

WE ARE RUNNING SYMANTEC ENDPOINT PROTECTION MANAGER 11.0.7200.1147 with updated client version 11.0.7200.1147

We have difference remote location to which we made GUP on each location of download update from server

As I read some of the technical document we cannot run LIVE-UPDATE adminsitrator with GUP senerious

so

1)- I  want to schedule the client live without selection of option <USE internal live update server/symantec lu server> etc

2)- In live update schudule content download daily/continously/weekly No monthly option and day of the week of option

 in live update schedule there must be download content monthly option if required

in live update schedule there must be day of the week and date option

3)- while reducing bandwith lower from 32kbps of GUPs cause's CPU 100% usage?

often symantec client mainly gup smc etc goes 100% CPU usage no solution tell yet ?

4)- there must be a admintrative options/commands to cancel download from the time period/day/day/hours etc

command/admin option/tool to cancle downloaded for a time period/day/week etc

5)- GUP download liveupdate if link is drop start from zero there must a routine/update that GUP should resume its last download which was aborted by link drop etc

GUP start download from zero while link chowk/drop etc of remote site...GUP must resume download as seen hudge download traffic and there must be PUASE /RESUME/stop all  option command for live update download  to specifice network/group/clients

6)-  we have some of bigger location for which kept SEPM server with replication and due to replication in night hudge amount of data transfer b/w SEPM server so

SEPM replications controlled with bandwidth we can specify bandwith limited for replication and there should be PAUSE /resume option in replication

there must be option of bandwith while replicaiton

i am waiting for update acknowledgment of propper solution

Thanks

Haroon

92-333-3670519

GUPs are "dumb slaves" of SEPMs to help distributing content. It's only possible to schedule client downloads from internal or external LiveUpdate servers. The content download from SEPMs (and GUPs) is controlled by the client heartbeat and the communication mode.

 in live update schedule there must be download content monthly option if required

Keep in mind that SEP clients with a month old content are nearly useless. Tons of malware are created every day. In my opinion, clients should be updated daily -- at least!

If your main issue is a very slow content download from SEPM to GUPs, it's possible that your GUPs have to download the full content very often (~180 MB). To prevent this, check the number of content revisions the SEPM saves. The more revisions the SEPM holds, the higher is the probability it is able to create "delta files", small incremental content files which are often not bigger than 500 KB or even less (on regularly used PCs).

Symantec publishes about three new content versions per day. If the SEPM downloads every 4 hours (default), it will get these three content revisions. To cover a time range of a week you have to save 21 content revisions (~ 24GB on hard disk). That means that every client with content not older than one week will get delta files. The traffic between SEPM and GUPs should decrease dramatically.

The number of content revisions the SEPM saves can be configured here:

Admin > Servers > Local Site > Edit Site Properties > LiveUpdate > Disk Space Management for Downloads

Have a look at these documents:

Best Practices with Symantec Endpoint Protection (SEP) Group Update Providers (GUP)
http://www.symantec.com/docs/TECH93813

Group Update Provider(GUP): Sizing and Scaling Guidelines
http://www.symantec.com/business/support/index?page=content&id=TECH95353&locale=en_US
 

GUP Videos (excellent!)
https://www-secure.symantec.com/connect/videos/group-update-providers-part-1 
https://www-secure.symantec.com/connect/videos/group-update-providers-part-2

Most of your points have already been answered by Greg. I would just add you might not need to use LiveUpdate Administrator or replication, based on your architecture:
http://www.symantec.com/docs/TECH92051

If you have any enhancement request you would like to bring to the attention of development team/product managers, please use proper section of Symantec Connect (https://www-secure.symantec.com/connect/security/ideas).

i increase number of content keep by sepm liveupdate...

but

i need solution for

1)-  GUP/Client lu /update download ....control through command/admin option ...so administrators can  pause/resume/stop/start live update of a network/group/users etc

2)- GUP client lu content etc download aborted over WAN start from zero again ...they must resume from last position ...as seen more extra traffic

3)- SMC etc EXE file taking 100% of CPU usage have seen ...what the exact reason ..because this seen to GUP only if bandwith reduce from 32kpbs ..but now upgrade to 11.0.7... seen to many of the remote location ...why this happen

4)- SEPM server replication occupy remote location full bandwidth ...there must be bandwith speed limitation option

5)- SEPM server replication stop/start option but no PAUSE/RESUMRE option

AND

6)- Client/GUP download content shedule option not available we have to select internet live update server option then shedule enable there must be shedule option without selection internal live update server and there should be option for stop/pause/start/resume these cotent

As I told you previously, if you want to ask for a new feature to be implemented in newer release, please use the right section of this website (https://www-secure.symantec.com/connect/security/ideas) => to answer your questions 1, 2, 4, 5, 6.

I also want to repeat what i said before: if you configure your environment properly (see my links and the ones from Greg), you should not need such new configuration features (they also sound to me difficult to implement as it would mean completely change the communication process between clients and SEPM).

Finally, regarding your question 3, keep in mind bandwidth throttling may have a negative impact on you client updates. An example:

 - one client requires a Full.zip file (Full definition set) - about 190 MB

 - if you have 32kbps bandwidth limit, client or GUP will need 13 hours (!) to download the file

 - it is most likely that new definition would be received on SEPM side in the meantime, therefore client/GUP would required another file just after

Bandwidth Throttling can then impact performances if many clients are asking many Full.zip, which are taking hours to download. Moreover, keep in mind Symantec recommends to use Server machines as GUP for better performance and no connection limit.

If you have any advanced technical question about the configuration, I would suggest you to open a ticket with Symantec Support (http://www.symantec.com/support/contact_techsupp_static.jsp).

If you want to discuss in details about your architecture and Best Practices/configuration for you, I would suggest you to rather contact Symantec consulting services (http://www.symantec.com/it-consulting-services).

we cannot schedule to download live update content ...without selection option of internal live update server

It is important to understand how the update process is working:

 - LiveUpdate is only used to download content from Internet or internal LiveUpdate Administrator server. It is following LiveUpdate schedule, which may be configured either in SEP client interface or in LiveUpdate policy

 - Clients are using classic HTTP connection when they update from SEPM or GUP. The update frequency is based on communication settings (PUSH/PULL mode, heartbeat - http://www.symantec.com/docs/TECH94711), on SEPM side

There is no priority between updates from SEPM and updates from LiveUpdate, as they both use separate methods and schedules (they will work in parallel). The first one that will have access to a newest definition will download it.