Endpoint Protection

Could someone tell me how to create a wake-up call for the SEP clients using Altiris?

What would a wake-up accomplish for the SEP client?

A wake up call would allow an immediate check in for the client rather than waiting on the client to heartbeat.

a location policy specifying a pull? I moved this to the security forum, as it is not an Altiris related problem.

I admit I'm not sure.  I've never had need to do this, since intervals are 5 minutes for all clients.  I imagine restarting services would do it.  Does anyone know for sure?

This could be messy -- for example, if you ran a job to force 1000 clients to check-in immediately, you could cause strain on your server if it's only sized for around 1000 clients.  Perhaps if we knew more about why you need to force a SEP client to check in immediately?

Restarting smc.exe would force the client to check in immediately.

That's right.  In a batch file, it would look like this if you have no password:

"%PROGRAMFILES%\Symantec\Symantec Endpoint Protection\smc.exe" -stop
"%PROGRAMFILES%\Symantec\Symantec Endpoint Protection\smc.exe" -start

Or like this if you have a password:

"%PROGRAMFILES%\Symantec\Symantec Endpoint Protection\smc.exe" -stop -p Passw0rd123
"%PROGRAMFILES%\Symantec\Symantec Endpoint Protection\smc.exe" -start

We use GUPs and the heartbeat of our clients is 60 minutes. There are times that is too long for a client to check in.

As long as you are using GUPs and they are functioning correctly, you can lower the heartbeat to something like 20 minutes.

From a personal standpoint, we were not using GUPs to start and had the heartbeat set to 4 hours. Once we put GUPs in every location, we eventually dropped the heartbeat to 20 minutes, of course with some testing to verify no issues would arise.

Otherwise, you will need to create some sort of scheduled batch job.

Running that batch did not work resulted 9009 error code when attempting to make the client check in. I put two test machines in a testgroup. Assigned a policy with AutoProtect OFF. Right clicked on each client and updated policy and verified AutoProtect was off.

Turned on AutoProtect in the test policy. Clients are not set to heartbeat for an hour.

Sent the wakeup call to the machines to make them check in with the manager.

They did not get the latest policy and AutoProtect Remained off.

Altiris log shows 9009, SEP Heartbeat. This did not work.

In reponse to location pull. I want to be able to target a specific machine rather than a specific group for a policy. If I have one machine that needs to update a policy or dat within a group I want to be able to single out that machine and make it check in to the manager rather than waiting 60 minutes.

If that 9009 error is from Microsoft, that's a DNS error message.

Can you perform the same test, but rather than use an Altiris script, use Start > Run and type the command there?  From Start > Run it's just 'smc -stop' and 'smc -start' assuming you have no password.  If this is successful, open a command prompt and type the command there using the %PROGRAMFILES% variable.  If this is successful (smc is stopped and restarted; policy is updated and client does an immediate heartbeat), then I would put the exact same commands from the command prompt into an Altiris script and run it.

I'm not sure that it's an immediate check-in, by the way -- I believe it sets a random timer between 0 and 60 seconds.

issue is in the batch file I did not define the path to smc.exe.

For some reason you can run smc from start run but you can't just run smc.exe from anywhere in the cmd prompt.

Symantec_SEP thanks for looking into this for me :)

Also if anyone cares here is the batch that I run in Altiris as a command script task:

echo **********************************************************************
echo *                   220 - Run SEP HeartBeat                          *
echo **********************************************************************
C:
cd "C:\Program Files\Symantec\Symantec Endpoint Protection"
IF EXIST C:\RISLOG\ GOTO 222
:221
smc.exe -updateconfig
:222
@echo %date%,%time%,errorlevel: %errorlevel%,SEP HeartBeat: Begin >> C:\RISLOG\altiris.log
smc.exe -updateconfig
@echo %date%,%time%,errorlevel: %errorlevel%,SEP HeartBeat: End >> C:\RISLOG\altiris.log

Correct, you need the %PROGRAMFILES% variable or the hard reference.

modification as I noticed some fault in my script task:

echo **********************************************************************
echo *                   220 - Run SEP HeartBeat                          *
echo **********************************************************************
C:
cd "C:\Program Files\Symantec\Symantec Endpoint Protection"
IF EXIST C:\RISLOG\ GOTO 221
GOTO 222
:221
@echo %date%,%time%,errorlevel: %errorlevel%,SEP HeartBeat: Begin >> C:\RISLOG\altiris.log
smc.exe -updateconfig
@echo %date%,%time%,errorlevel: %errorlevel%,SEP HeartBeat: End >> C:\RISLOG\altiris.log
GOTO end
:222
smc.exe -updateconfig
:end
 

You all making this more difficult than it needs to be. To get clients to check in immediately simply right click on the group in the SEPM, select run command on the group and tell them to update content. The clients check in. Problem solved.

If you want to target only one machine, then go directly to that client and do the same thing, right-click it, run command, update content.

If you're looking to do it using a third-party tool, using the SEP interface or the SEPM console isn't an option.  If you're in the third-party tool when you want the update called--such as in the midst of a conditional, sequential job containing multiple tasks--having a command in SEPM won't help.

Ted G, yes i agree 100% if we were in a push mode setup.

But the clients are in a pull mode not a push mode from SEPM.  It is our understanding because of this we can't push an update to happen from sepm so we must activate the clients via a 3rd tool to force this pull of information.