If enabling the debug on GUP - you should see the defs requests from SEP clients received by GUP:
http://www.symantec.com/business/support/index?page=content&id=TECH102412
([HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC]
"smc_debuglog_on"=dword:00000001) with output file - debug.log
...this will show you as well all clients connecting to GUP and overview over what is being requested.
Sylink (http://www.symantec.com/business/support/index?page=content&id=TECH104758) is best to see it from the other side - from SEP client requesting updates from GUP.