In your LiveUpdate policy, check the option to "Use LiveUpdate server" and make sure "Use the default Symantec LiveUpdate server" radio button is checked and uncheck everything else.

I have not a radio button "Use the default Symantec LiveUpdate server", our product is a small businnes edition

Follow these steps to enable LiveUpdate scheduling for client computers

1

 

In the console, click Policies.

2

 

Under Policies, click LiveUpdate.

3

 

Right-click the policy that you want and then click Edit.

4

 

Under Windows Settings, click Schedule.

5

 

Check Enable LiveUpdate Scheduling.

6

 

Specify the frequency and the retry window.

7

 

Click OK.

To disable LiveUpdate scheduling for client computers

1

 

In the console, click Policies.

2

 

Under Policies, click LiveUpdate.

3

 

Right-click the policy that you want, and then click Edit.

4

 

Under Windows Settings, click Schedule.

5

 

Uncheck Enable LiveUpdate Scheduling.

6

 

Click OK.

 

 

 

Configuring the LiveUpdate download schedule for

client computers

The LiveUpdate client schedule settings are defined in the LiveUpdate policy.

To save bandwidth, Symantec Endpoint Protection Small Business Edition clients

run scheduled LiveUpdates from the Symantec LiveUpdate server only if both of

the following conditions are met:

■

 

Virus and spyware definitions on a client computer are more than two days

old.

■

 

Aclient computer is disconnected from Symantec Endpoint Protection Manager

for more than eight hours.

To configure the schedule for LiveUpdate downloads to Windows client computers

1

 

Click Policies and then click LiveUpdate.

2

 

Right-click the LiveUpdate policy that you want, and then click Edit.

3

 

Under Windows Settings, click Schedule.

Configuring updates and updating client computer protection

Configuring the LiveUpdate download schedule for client computers

290

4

 

Check Enable LiveUpdate Scheduling.

5

 

Specify the frequency.

If you select

 

Daily, also set the time of day to run. If you select Weekly, also

set the time of day to run and the day of the week to run.

6

 

If you select any frequency other than Continuously, specify the Retry

Window

 

 

.

The

 

Retry Window is the number of hours or days that the client computer

tries to run LiveUpdate if the scheduled LiveUpdate fails for some reason.

7

 

Click OK.

 

Step 1: Go to Client computer open the SEP client User Interface

Step 2: Go to Configure Settings-->Client Management-->Configre settings--> 

Step 3: Disable the Tamper protection

Step 4: Stop the smc services

Goto Run command-->smc -stop -->Ok

Step 5: Goto Services.msc  Stop the SEP services

Step 6: Go to Registry modify the changes to

 

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate\UseManagemetServer = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate\UseLiveUpdateServer = 1

Step 7 : Goto Services.msc  Start the SEP services

 

Step 8: Start the smc services 

Goto Run command-->smc -start -->Ok

Step 9: Enable the tamper protection

Thats it you are good to go.........

 

SEP restore the registry key to

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate\UseManagemetServer = 1

and download from SEPM.

Any other suggestion?

I have clossed the port 8014 on my firevall for incoming VPN connection but now I have no status on SEPM for the remote PC.

• Move those clients on remote sites to a separate group 
• Create a new liveupdate policy 
• Check the second option USe external or internal liveupdate server
• Uncheck the first option Use default management server
• Assign the policy to the group 
• Now it will work

 

I have not the options you dercribe. See attachement. We have a Symantec Endpoint Protection Small Businnes Edition Version 12.1.1101.401

 

On small business edition no option like tat as peer the screenshot.

You cannot configure only external liveupdate server for ur remote clients.

1st proirity for a managed client is to fetch updates from SEPM server and second priority to receive from Symantec Liveupdate server.

 

Content updates (such as Antivirus and Antispyware definitions) will be automatically and silently downloaded by the manager every 4 hours and distributed to the managed Symantec Endpoint Protection clients. Clients will conduct their own LiveUpdate based on schedule

 

This is product limitation.

 

Wrong, with version 12.0.1001.95 I was able to change the registry key as the original post (solution from Symantec).

Now SEP overwrite the registry key at system startup. How to disable this setting update?

See if you are using a managed client managed by SEPM SBE.

Even after you change the registry value to get updates from Symantec server.

After the Heartbeat Interval by default 5 minutes

Client will start communicating to the SEPM and receive the policy

On SEPM the Liveupdate policy for clients is 1st proirity for a managed client is to fetch updates from SEPM server and second priority to receive from Symantec Liveupdate server.

So once the Client  start communicating to the SEPM policy is updated clients will revert the changes that you made.

This is what happening on your case.

 

If incase you modifing the registry on a unmanaged client it will work absolutely fine without issues.

Because those unmanaged client wont communicate to the SEPM and they never receive policy updates. So what ever the changes that you made to an unmanaged client it will work.

 

If you want test with a single PC. Convert it as unmanaged and change the registry settings and reboot the computer. It will not revert the changes.

 

 

Hope this will give you a better picture..

 

 

How to convert Symantec Endpoint Protection (SEP) clients from managed to unmanaged without uninstalling and reinstalling

http://www.symantec.com/docs/TECH104010