Endpoint Protection Small Business Edition

 View Only
Back to discussions
Expand all | Collapse all

Set only liveupdate on remote client

  • 1.  Set only liveupdate on remote client

    Posted Nov 13, 2012 05:08 AM

    Hello, I have a problem after upgrading from SEP12.0 to SEP12.1.

    We have some remote managed PC, to avoid bandwidth problem on our SEPM they was configured to use LiveUpdate and not the ManagementServer:

    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate\UseManagemetServer = 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate\UseLiveUpdateServer = 1

     

    After updating this key are automatically set to

    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate\UseManagemetServer = 1

    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate\UseLiveUpdateServer = 1

    after each system startup. As result the client download virus def from SEPM and not from liveupdate.

    Is there any way to force the remote PC to use LiveUpdate and NOT SEPM?



  • 2.  RE: Set only liveupdate on remote client

    Posted Nov 13, 2012 07:40 AM

    In your LiveUpdate policy, check the option to "Use LiveUpdate server" and make sure "Use the default Symantec LiveUpdate server" radio button is checked and uncheck everything else.



  • 3.  RE: Set only liveupdate on remote client

    Posted Nov 13, 2012 10:36 AM

    I have not a radio button "Use the default Symantec LiveUpdate server", our product is a small businnes edition



  • 4.  RE: Set only liveupdate on remote client

    Posted Nov 13, 2012 01:04 PM

    Follow these steps to enable LiveUpdate scheduling for client computers

    1

     

    In the console, click Policies.

    2

     

    Under Policies, click LiveUpdate.

    3

     

    Right-click the policy that you want and then click Edit.

    4

     

    Under Windows Settings, click Schedule.

    5

     

    Check Enable LiveUpdate Scheduling.

    6

     

    Specify the frequency and the retry window.

    7

     

    Click OK.

    To disable LiveUpdate scheduling for client computers

    1

     

    In the console, click Policies.

    2

     

    Under Policies, click LiveUpdate.

    3

     

    Right-click the policy that you want, and then click Edit.

    4

     

    Under Windows Settings, click Schedule.

    5

     

    Uncheck Enable LiveUpdate Scheduling.

    6

     

    Click OK.

     

     

     

    Configuring the LiveUpdate download schedule for

    client computers

    The LiveUpdate client schedule settings are defined in the LiveUpdate policy.

    To save bandwidth, Symantec Endpoint Protection Small Business Edition clients

    run scheduled LiveUpdates from the Symantec LiveUpdate server only if both of

    the following conditions are met:

     

    Virus and spyware definitions on a client computer are more than two days

    old.

     

    Aclient computer is disconnected from Symantec Endpoint Protection Manager

    for more than eight hours.

    To configure the schedule for LiveUpdate downloads to Windows client computers

    1

     

    Click Policies and then click LiveUpdate.

    2

     

    Right-click the LiveUpdate policy that you want, and then click Edit.

    3

     

    Under Windows Settings, click Schedule.

    Configuring updates and updating client computer protection

    Configuring the LiveUpdate download schedule for client computers

    290

    4

     

    Check Enable LiveUpdate Scheduling.

    5

     

    Specify the frequency.

    If you select

     

    Daily, also set the time of day to run. If you select Weekly, also

    set the time of day to run and the day of the week to run.

    6

     

    If you select any frequency other than Continuously, specify the Retry

    Window

     

     

    .

    The

     

    Retry Window is the number of hours or days that the client computer

    tries to run LiveUpdate if the scheduled LiveUpdate fails for some reason.

    7

     

    Click OK.

     



  • 5.  RE: Set only liveupdate on remote client

    Posted Nov 15, 2012 10:46 PM

    Step 1: Go to Client computer open the SEP client User Interface

    Step 2: Go to Configure Settings-->Client Management-->Configre settings--> 

    Step 3: Disable the Tamper protection

    Step 4: Stop the smc services

    Goto Run command-->smc -stop -->Ok

    Step 5: Goto Services.msc  Stop the SEP services

    Step 6: Go to Registry modify the changes to

     

    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate\UseManagemetServer = 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate\UseLiveUpdateServer = 1

    Step 7 : Goto Services.msc  Start the SEP services

     

    Step 8: Start the smc services 

    Goto Run command-->smc -start -->Ok

    Step 9: Enable the tamper protection

    Thats it you are good to go.........

     



  • 6.  RE: Set only liveupdate on remote client

    Posted Nov 19, 2012 01:45 AM

    SEP restore the registry key to

    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate\UseManagemetServer = 1

    and download from SEPM.

    Any other suggestion?



  • 7.  RE: Set only liveupdate on remote client

    Posted Nov 20, 2012 01:40 AM

    I have clossed the port 8014 on my firevall for incoming VPN connection but now I have no status on SEPM for the remote PC.



  • 8.  RE: Set only liveupdate on remote client

    Posted Nov 20, 2012 09:35 PM
    • Move those clients on remote sites to a separate group 
    • Create a new liveupdate policy 
    • Check the second option USe external or internal liveupdate server
    • Uncheck the first option Use default management server
    • Assign the policy to the group 
    • Now it will work

     



  • 9.  RE: Set only liveupdate on remote client

    Posted Nov 22, 2012 02:13 AM
      |   view attached

    I have not the options you dercribe. See attachement. We have a Symantec Endpoint Protection Small Businnes Edition Version 12.1.1101.401

     



  • 10.  RE: Set only liveupdate on remote client

    Posted Nov 26, 2012 08:52 PM

    On small business edition no option like tat as peer the screenshot.

    You cannot configure only external liveupdate server for ur remote clients.

    1st proirity for a managed client is to fetch updates from SEPM server and second priority to receive from Symantec Liveupdate server.

     

    Content updates (such as Antivirus and Antispyware definitions) will be automatically and silently downloaded by the manager every 4 hours and distributed to the managed Symantec Endpoint Protection clients. Clients will conduct their own LiveUpdate based on schedule

     

    This is product limitation.

     



  • 11.  RE: Set only liveupdate on remote client

    Posted Nov 27, 2012 02:00 AM

    Wrong, with version 12.0.1001.95 I was able to change the registry key as the original post (solution from Symantec).

    Now SEP overwrite the registry key at system startup. How to disable this setting update?



  • 12.  RE: Set only liveupdate on remote client

    Posted Nov 27, 2012 08:24 PM

    See if you are using a managed client managed by SEPM SBE.

    Even after you change the registry value to get updates from Symantec server.

    After the Heartbeat Interval by default 5 minutes

    Client will start communicating to the SEPM and receive the policy

    On SEPM the Liveupdate policy for clients is 1st proirity for a managed client is to fetch updates from SEPM server and second priority to receive from Symantec Liveupdate server.

    So once the Client  start communicating to the SEPM policy is updated clients will revert the changes that you made.

    This is what happening on your case.

     

    If incase you modifing the registry on a unmanaged client it will work absolutely fine without issues.

    Because those unmanaged client wont communicate to the SEPM and they never receive policy updates. So what ever the changes that you made to an unmanaged client it will work.

     

    If you want test with a single PC. Convert it as unmanaged and change the registry settings and reboot the computer. It will not revert the changes.

     

     

    Hope this will give you a better picture..

     



  • 13.  RE: Set only liveupdate on remote client

    Posted Nov 27, 2012 08:27 PM

     

    How to convert Symantec Endpoint Protection (SEP) clients from managed to unmanaged without uninstalling and reinstalling

    http://www.symantec.com/docs/TECH104010

     



  • 14.  RE: Set only liveupdate on remote client

    Posted Dec 04, 2012 05:12 AM

    The new release is not compliant with our needs! I will unistall the new release an install the old, and see if other product can manage remote client and allow download update directly from internet.