Endpoint Protection

Hi All, 

We will soon be upgrading from SEP 11 to SEP 12 and will be using a third party tool to distribute the client package to the endpoints. This deployment will be done a month or two after the package has been created. Since the deployment will be done to hundreds of clients at one shot, I am worried about the bandwidth issues that may arise due to the clients reaching out to the SEPM to get the av updates and ending up in pulling down full zip (greater than 200MB) instead of deltas (Our SEPMs are configured to retain only 30 content revisions). Hundreds of clients reaching out to the SEPM for full zips is going to put a lot of load on our network.

I refereed to this article which seemed like a possible solution: https://www-secure.symantec.com/connect/ideas/reduce-first-time-definition-update-size. But , would this really work? Wont the clients client freeze forever at the same content revision level defined in the LiveUpdate Content policy? Will the clients be able to get the delta instead of a full zip? 

Any alternative solutions to this problem? Appreciate your thoughts. 

Thanks!

you can install the client with full update as well. will that be ok for you?

Why don't you setup a GUP to handle the content updates so clients don't back to the SEPM

Using Group Update Providers to distribute content to clients

check this discussion, if not on the latest , you will still have defs loaded so that your clients do not download the full content from SEPM.

https://www-secure.symantec.com/connect/node/1614331

Hello,

To Answer your Question, when SEP version 12.1 clients are deployed with Packages from SEPM, these packages are created with Latest definitions in it.

So as soon as SEP clients gets installed, the clients are installed with latest definitions.

Now, incase, these clients are Mobile machines, and then connect to the SEPM for definitions however, say incase, they are unable to fetch the entire downloads, then the next time it downloads it would download the same definitions again. 

It would fetch those days definitions which have not been received by Clients.

Here are few Article for you:

Symantec Endpoint Protection 12.1: Installing the Manager for the first time and deploying clients

http://www.symantec.com/docs/TECH163580

Creating custom client installation packages in the Symantec Endpoint Protection Manager console version 12.1

http://www.symantec.com/docs/TECH165801

Also, 

See About the types of threat protection that Symantec Endpoint Protection provides.

See Configuring client installation package features.

After installation, you can enable or disable the protection technologies in the security policies.

See About enabling and disabling protection.

See Performing tasks that are common to all security policies.

Reference: https://www-secure.symantec.com/connect/forums/client-deployment-packages

https://www-secure.symantec.com/connect/forums/initial-definitions-sep-121-install-package

Hope that helps!!

Thank you for the quick responses. 

In our environment, once we handover the package to the deployment team, they usually do some sort of testing with it for about a month and then follow their schedule to the deploy the package. Once I handover the package to them, I will not be able to make any further updates to the package. Hence, for sure the definitions will get out of date and the client will get only a full zip when they connect to the SEPM.

GUPs are good, but due to certain infrastructure limitations, I would not be able to use GUP for most of the locations where our clients reside. Any other thoughts on how I could tackle this situation other than increasing the content revisions to a much higher number than 30? 

Will the idea given in the link https://www-secure.symantec.com/connect/ideas/reduce-first-time-definition-update-size. work?

That idea would not work unfortunately at all - if you have few/several months difference between the definitions release - the size of the delta update would possible reach the size of the full .zip package at some point = making the use of it not really beneficial when comparing to full update.

There is no perfect solution for your case I'am affraid - here you have only 3 options:

1. Create a new package from SEPM with current defs = not an option as per you previous post

2. Try to limit the impact on network by clients requesting full update either by:

- GUP implementation

- Liveupdate Administrator implementation

https://www-secure.symantec.com/connect/articles/installation-and-configuration-lua

http://www.symantec.com/docs/TECH93409

3. Provide clients with updates manually using the Intelligent updater = possible not a good solution if you have a lot of clients.

http://www.symantec.com/docs/TECH102606

Hello,

I agree with SebastianZ.

Secondly, You could tackle this situation by increasing the content revisions to a higher number than 90, (3 definitions releases every day)

However, check this Download - 

Script to download Definitions from SEPM

which may assist you in this situations.

NOTE: This is not provided neither supported by Symantec.

Hope that helps!!