Endpoint Protection Small Business Edition

Hello All,

I was wondering is it possible to set the Endpoint protection to automatically update the virus/threat definition without being connection to the Protection Manager?

What I am looking to do is enable our laptop the ability to automatically download the update without being connected to our network. Does anyone know if this can be done if so could you provide instruction on doing so?

Thanks,
Vinh

Yep. You can create a separate location for OFF network and you can assign a policy so that clients go out to Symantec liveupdate. Good example here:

Setting up Scenario Two location awareness conditions

Hello,

What version of SEP are you running?

In case, of SEP 11.x, please check out the below link:

How to configure mobile computers to automatically download virus definitions when disconnected from the Symantec Endpoint Protection Management console

http://www.symantec.com/docs/TECH104571

In case, of SEP 12.1, please check out the below link:

Configuring mobile computers to automatically download definitions when disconnected from the Symantec Endpoint Protection 12.1 Management console

http://www.symantec.com/docs/TECH177361

Hope that helps!!

Check this

How to configure mobile computers to automatically download virus definitions when disconnected from the Symantec Endpoint Protection Management console

http://www.symantec.com/docs/TECH104571

Hello Brian,

I have enable manage location for our laptop group and set the switch to "client computer does not connect to management server." However, it does not appear that our laptop are automatically updating the virus/threat definition off the network.

a screen shot below should allow you to see what kind of setting I have made.

Did you assign a new LiveUpdate policy and set a schedule?

I have not assign a new LiveUpdate Policy. I am actually using one that has been set by my system admin that has a schedule set.

The policy that is in place at the moment is exactly as mention in the previous post by Mithun for version 12.1. http://www.symantec.com/docs/TECH177361

I have test this setup on a laptop that we have and apply the new location policy update that I recently create. From there I left it disconnected from our network for a couple of days and hook it up to an external connection about a week later to see if it is able to update by itself, but it didnt seem to so.  

According to the documentation it appears that the endpoint protection does not update itself unless the virus/threat definition is about 2 days old.

Brian, do you know how long it usually takes the endpoint protection client to update itself?  

 

Do you have two locations created, one for ON and another for OFF, or something similar?

The ON network location will have a different policy than the OFF network location.

The OFF network policy should be to go out to connect to Symantec LiveUpdate.

Defs are released 3x a day Mon-Fri so if it hasn't been updated in awhile than the configuration is not correct.

I just check and it looks like we have two location policy. Aside from the one I create the other one did not have a switch condition; therefore, I ended up added one which was "switch to this location client computer connects to management server."

The currently setting for the liveupdate for the default location is as follows:

Did you confirm the client switched to the Off network location?

It appears to have taken switch to the off network location as shown below.

Than per your policy, it should check every 4 hours. Still not working?

It appear to be switching from the on and offsite location which is a very good start.

I will get back to you within about a day or so and let you know if our laptop were able to actually update dates offsite.

Hopefully this would work. Thanks for your help Brian as well as the other posters Rafeeq and Mithun.
 

Glad to help. Let us know how it goes.

Hello Brian,

I was finally able to test it out today and it appears to be working. I believe what happen was that I had only one location added which was for the offsite. By adding a second location one for the internal network appear to have resolve this issue.

Therefore, thanks for your support.

Sincerely,
Vinh Dang

Correct. By doing that, you can than apply a separate LiveUpdate policy to update clients while off the network.

Please don't forget to mark the post that helped the most as solved. This will benefit future users searching for a solution to the same problem.

Thanks and take care,
Brian