Endpoint Protection Small Business Edition

 View Only
  • 1.  Symantec Endpoint Protection and Offsite Laptops

    Posted Jun 02, 2015 09:55 AM

    We have an internal SEP manager. We're running version 12.1.4. A user noticed that her Symantec icon wasn't showing the green dot when she was at home, and got concerned. I assume that's happening because the machine isn't connected to the SEPM while offsite. (She plugged back in onsite and the green dot returned.) How can I ensure that any offsite laptops are still receiving virus definition updates and still being properly secured in spite of not being connected to the manager?



  • 2.  RE: Symantec Endpoint Protection and Offsite Laptops
    Best Answer

    Broadcom Employee
    Posted Jun 02, 2015 09:56 AM

    Hi,

    Thank you for posting in Symantec community.

    That's correct status if user is not connected to the main site through VPN.

    You would like to configure your mobile computers to automatically download virus definitions when they are disconnected from the network but still update from the Management Console when connected.

    Check this article: How to configure mobile computers to automatically download virus definitions when disconnected from the Symantec Endpoint Protection Management console

    http://www.symantec.com/docs/TECH104571

    By default, Symantec Endpoint Protection Manager provides updates to Windows clients. To help mitigate network overloads for Windows client updates, you should also let clients get updates from a LiveUpdate server.

    To set up an external LiveUpdate server for Windows, Mac, or Linux clients

    1. In the console, open a LiveUpdate policy, and click Edit

    2. Under Windows Settings, Mac Settings, or Linux Settings, click Server Settings.

    3. Click Use the default Symantec LiveUpdate server or specify another LiveUpdate server. If needed, specify your proxy configuration.

    4. Click OK.

    Reference article: Setting up an external LiveUpdate server for Symantec Endpoint Protection clients

    http://www.symantec.com/docs/HOWTO81007



  • 3.  RE: Symantec Endpoint Protection and Offsite Laptops

    Posted Jun 02, 2015 09:57 AM

    You need to configure the LU policy to get updates while off the network. You need to use location awareness and create a second location so that when laptops go off the network they get updates from Symantec

    How to configure mobile computers to automatically download virus definitions when disconnected from the Symantec Endpoint Protection Management console



  • 4.  RE: Symantec Endpoint Protection and Offsite Laptops

    Posted Jun 02, 2015 10:03 AM

    The Symantec Endpoint Protection Manager Locations feature lets you apply different security policies to different locations within an Endpoint Protection Group. Setting up this feature requires 2 steps:
     

    1. Configuring a LiveUpdate policy to "Use a LiveUpdate server" only.
    2. Configuring "Locations" and the criteria for "Location switching" within the applicable "Group" in the Symantec Endpoint Protection Manager


    Follow the steps below:
     

    • How to configure a LiveUpdate Policy to only Use a LiveUpdate server:
      1. Click Policies in the left navigation bar.
      2. Select LiveUpdate.
      3. Under "Tasks" click Add a LiveUpdate Settings Policy.
      4. Enter a <Policy Name> , and then select Server Settings.
      5. Uncheck the Use the default management server (recommended) option and place a check by the Use a LiveUpdate Server option.
      6. Select Schedule in the left navigation bar and place a check in the box to select the Enable LiveUpdate Scheduling option.
      7. Designate the Frequency for clients to run LiveUpdate. (daily is recommended)
      8. Click OK
      9. When asked if you would like to assign this policy, click Yes to assign the policy.
      10. Select the group and/ or location to which you want this policy applied.
      11. Click Assign.
      12. When asked if you would like to assign the policy changes, click Yes to assign the policy.



      How to create a Location for mobile clients:
      1. Click Clients in the left navigation bar, select Policies.
      2. Under "View Clients" select the group which includes your mobile computers.
      3. Under Tasks, click the Manage Location option to launch the Manage Locations dialog box.
      4. Near the bottom of the "Locations" section, click Add.
      5. Enter a Name for your location, a Description (if desired), and click OK.
      6. Ensure that the "Enable this location" option is checked.
      7. At the "Switch to this location when:" section, click Add.
      8. In the "Specify Location Criteria" window, select a criteria type in the drop down menu.
      9. To specify the conditions of the selected criteria, click Add and type the condition you wish to use.
      10. Click Ok.
      11. Adjust the location check interval (if desired).
      12. Check the Enable location change notification box, if you wish a notification message to be displayed when the criteria for location change has been met.
      13. Click OK to complete the process. Your new Location appears under the Policies tab.


      How to assign your custom LiveUpdate policy to this location:
      1. In the "Location-specific Policies" section for your new location, click the Tasks link for the "LiveUpdate Settings Policy", and then click Replace Policy.
      2. Select the desired new policy from the drop down menu.
      3. Click OK to complete the process. Your new policy appears under "Location-specific Policies."

    How to configure mobile computers to automatically download virus definitions when disconnected from the Symantec Endpoint Protection Management console

    https://support.symantec.com/en_US/article.TECH104571.html



  • 5.  RE: Symantec Endpoint Protection and Offsite Laptops

    Posted Jun 02, 2015 11:02 AM

    Ok so the below should do it? Or is that something different? See image.

    Untitled.png



  • 6.  RE: Symantec Endpoint Protection and Offsite Laptops

    Broadcom Employee
    Posted Jun 02, 2015 11:05 AM

    It's already checked, so it should take care.

    If you could see it's mentioned there "Specify whether client computers receives scheduled content updates from Symantec liveupdate server in addition to receiving updates from Symantec Endpoint Protection Manager. The schedule settings content how often client computers receive updates from Symantec Liveupdate".



  • 7.  RE: Symantec Endpoint Protection and Offsite Laptops

    Posted Jun 03, 2015 12:50 PM

    Thank you.



  • 8.  RE: Symantec Endpoint Protection and Offsite Laptops

    Broadcom Employee
    Posted Jun 03, 2015 12:54 PM

    You are welcome & pls mark this thread as a solved if your query has been resolved with the best answer that helps you.