I dont think thats possible. You gotta creat the packagaes for the appropriate flavors of the OS and groups (with disparate policies, if required) and push em out.

Hello, thanks for the reply.

The problem we have here is that we had around 55 GB of Traffic to the outside locations of my firm and it almost *stopped* the working people for around 2 days while upgrading the outside ones.

Maybe an Administrator can tell me that it´s 100 percent for sure not possible to update the clients incremental.

No offense to you of course.

Thanks

Michael

This may not be an elegant solution but it might work for you, depending on how many clients are involved.

Create a new group called External Updates with inherited policies under the group of clients you want to update. Use Clients, Install Packages to push updates to this group. Move a few clients to that group and observe, and move them back as they are updated. You should be able to judge how many clients are manageable at once without undue impact, and any clients which don't take the upgrade will be evident so you can attend to them individually. The catch is that the clients will perform a catch-up scan when you move them into this group and again when you move them back home.

Hi, i got 4 GB of traffic now in 37 Minutes. This makes a huge amount every day. we got around 960 clients. around 350 of them are outside via tunnel-network and around 150 on vpn connections. The problem is the Symantec sends around 5 GB a day to each client. Repeating. the server SENTS data to the clients and i´m very curious what is he sending to them.

Do you have any policies on network usage per pc? Limit them (Qos)

that´s a solution. I can´t limit all pc´s cause of the antivirus program. I would like to limit the antivirus program itself. It just talks way too much.

Divide all the PCs into seperate groups and have them update at different intervals. Try adjusting other time values as well. Make sure they don't do it at the same time.

Mon is right, scheduling would be the best way to go. Cormac, you should also try monitoring network traffic and capture where it will peak the most, then compare it with your current update settings.

If you are truly saying each client is receiving 5GB of data from the SEPM per day then that is WRONG and needs investigating.

There is NO WAY your bandwidth usage should be that high.

What version of SEP and SEPM are you using on those clients?  Is everything MR4?

Maybe Cormac is referring to the accumulated data transfered  throughout the day for the server.

@mon_raralio, its possible, but the post distintly says  "Symantec sends around 5 GB a day to each client" which is definitely wrong, and should be investigated.

I agree with Mon on scheduling. Even a 24 X 7 business still has a few hours of off peak that we could optimize from.

@Paul Murgatroyd: Just a follow up on your statement, how much data per day does Symantec send to each client? Could you give maybe a ball park figure so that we could also check ours if it is within the normal levels?

thanks.

Nel Ramos

well if the client is up to date, content updates so be no more than a couple of megabytes per client, spread over the day.  In addition, each heartbeat is approximately 5KB.  If the client is out of date enough to warrant a full set of virus definitions then thats going to be about 50MB, but I wouldn't expect all your clients to be doing that.

Obviously the client has to upload logs, and depending on what you are logging these will increase that traffic, but they do compress well and you can configure how many logs we send per heartbeat.

I'd be more interested in what traffic others think they are seeing between their clients and the SEPM's

I totally agree with Paul, as with my previous post, Cormac should review network traffic. Hi Cormac can you confirm if the 5 GB traffic only for Symantec? It could be the overall traffic.

How can you confirm if a software is responsible for a certain network traffic usage? Any tools in mind?
Plus Cormac didn't say if the 5 GB traffic occured in a specific time or over a period of time.

@Cormac: Did you modify the schedule yet? And how's the system now?

 You generally can't confirm network traffic by application/ per host without some sophisticated analysis tools.

You could do in many cases by host over all, over time, and perhaps break it down by port or type of traffic.

How are you finding that it is indeed Symantec traffic, and not just general file access, vs Intranet access, etc?

I would try to use the feature that was introduced in MR3 for product updates in the liveupdate policy section as well as using the Public Symantec server for LiveUpdates..  This will require some custom groups, and manual work on moving clients in and out of the group, but it generally works.  But it would be my last choice in ways to upgrade a client.