Hi.

We have just recently upgraded from 11.0.7 to 12.1.4 on out management severer.

I have a couple of thousand clients spread around approximately 50 locations.
On the 11.0.7 platform I had to create 50 different LiveUpdate policies witch pointed to a unique GUP provider on a unique location.
Then I had to create a Location awareness policy that specified the IP arrange (for example 192.2.0.0 to 192.2.255.255) on that same unique location.

This has been working fine, but seems a bit messy.

With 12.1.4 there has been mentioned that this is now much easier to do in 12.1.4.
Either with Multiple Group Update Providers or the Explicit Group Update Provider.

I must admit I can’t really get the hang of it from reading the PDF “Symantec™ Endpoint Protection and Symantec Network Access Control Installation and Administration Guide”.

Does anyone have a clue if it really is better in 12.1.4?

And how to do it?

Best regards
T.

Understanding "Explicit Group Update Providers (GUPs) for Roaming Clients" in Symantec Endpoint Protection (SEP) 12.1.2

http://www.symantec.com/connect/articles/sep-121ru2-and-explicit-group-update-provider

See this thread also

http://www.symantec.com/connect/forums/multiple-gups-all-network

Understanding "Explicit Group Update Providers (GUPs) for Roaming Clients" in Symantec Endpoint Protection (SEP) 12.1.2

http://www.symantec.com/business/support/index?page=content&id=TECH198640

You only need one LiveUpdate policy if using the explicit GUP. This article should help:

What is the processing order of an Explicit GUP list within version 12.1.2 of Symantec Endpoint Protection?

Ok.

So the workflow seems like this:

1. First create all my 50 GUPs in the Multiple Group Update Providers with each server with its own rule set number.
2. Create the linkes between the GUP and the network they will serve in the Explicit Group Update Providers list.
3. Aplly the LiveUpdate policy to the groups where the clients and servers are.

I'll give it a go.

Best Regards

T.

See how that goes and post back if you need help

Hi,

You are following right top down execution of GUP providers.

• Providers on the Multiple Group Update Providers list, in order

• Providers on the Explicit Group Update Providers list, in order

• The Provider that is configured as a Single Group Update Provider

To accomplish above steps GUP sequence order in liveupdate Policy has also changed.

You can add Group Update Providers to a list that clients use to connect to Group Update Providers that are on subnets other than the client's own subnet. You map the subnet that the clients are located on to the subnets of the Group Update Providers that you want the client to use.

Learn more about it: https://www-secure.symantec.com/connect/articles/sep-121ru2-and-explicit-group-update-provider

Will this be a problem?

We have a network called AAA.0.0.0 and AAA.2.0.0 (AAA is identical).

`The second octet is different though so shouldn't be

Ok.

So should I remove the GUP server from the Multiple Group Update Provider list or not?

Should it only be one entry for a GUP?

Can it not be listed in both the Multiple Group Update Providers list and the Multiple Group Update Providers list?

Regards

T.

Hi,

So should I remove the GUP server from the Multiple Group Update Provider list or not?

Should it only be one entry for a GUP?

--> If you want to implement Explicit group update provider then you need Multiple group update provider list first.

Just check following KB for known issue of 1 RU4 and GUP.

When the Group Update Provider (GUP) functionality is enabled on a Symantec Endpoint Protection 12.1 RU4 (12.1.4013.4013) client, the Symantec Management Client process (SMC.exe) crashes. If the GUP functionality is disabled, the crashes no longer occur.

http://www.symantec.com/business/support/index?page=content&id=TECH213461

Hi.

Thanks for informing me. Wasn't aweare of that.
Liitte information there....
Is it related to a spesific OS or thoesn't that matter?
 

Shouldn't matter, it's for RU4 in general so any OS it's installed on.

I know Symantec always recommends running the GUPs at the same version as the SEPM, but if I upgrade the SEPM to version 12.1.4 (presently running 12.1.3), but leave the GUPs at 12.1.3, will they still have the SMC.EXE crashing issue?

I need to upgrade the SEPM to resolve a bug in 12.1.3 that is supposedly fixed in 12.1.4, but it sounds like the SMC bug will make my issue worse.  The bug in 12.1.3 I need to fix is :

It's just a recommendation not a must.

My SEPM is at 12.1.4 but I still have functioning GUPs on 11.x.

Run a netstat, do you show open connections?

Hi,

Q. I know Symantec always recommends running the GUPs at the same version as the SEPM, but if I upgrade the SEPM to version 12.1.4 (presently running 12.1.3), but leave the GUPs at 12.1.3, will they still have the SMC.EXE crashing issue?

-->  I tried to check more info on smc service crashing (Fix id: 3275417) & I believe you shouldn't face SMC.EXE crashing issue with SEP 12.1 RU3. However to be on safer side you can test it in your environment.

Upgrade the SEPM to 12.1 RU4 and keep the GUP on 12.1 RU3 version. It should work without any issue.

Guys

Indeed a GUP on 12.1 RU3 does not exhibit the SMC.EXE crashes and is fine for clients and SEPMs running 12.1 RU4.

I would advise against using 12.1 RU4 in GUP mode; I have seen it stable on some machines and unstable on others even when they run the same OS etc. AFAIK absolute root causes are as yet unpublished.

12.1 RU5 is in beta testng and is 'supposed' to be the fix however SYM are still testing it internally and with test clients.

Thanks

Reg