Endpoint Protection Small Business Edition

I am running SEPM 12.1.4013.4013 on Windows Server 2008 R2 Enterprise on a 50/10mb connection.  I have 75 clients that are disbursed throughout 13 different locations which are all on a 1.5mb or 3mb connection (T1 or Dual T1).

The issue I am having is with what I can only assume are the LiveUpdates.  All of my clients seem to be constantly pulling data from the SEPM Server, which is killing the bandwidth on both the server end, and all of my remote connections.  Looking at the Resource Monitor on the server, shown below, it shows that the httpd.exe process (located at: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\bin) has dozens of connections open (one for pretty much each of my Clients) where it is sending data to each one at the rate of 30K/s.  Now I know 30K/s is not alot, however when you multiply that by 75 it adds up quickly.

Looking around at the Policies that I have in place, I am unable to see any option where I can force the Client to update using Symantec's LiveUpdate Servers.  And quite honestly, I have no idea if that is even possible.  If it is possible, how would one go about it? 

I have the LiveUpdate Policy configured to update Daily, starting at 9:55PM.  However, it is now 9:00AM (11 hours later) and it is STILL going, and causing my network latency to skyrocket.

Is there anything that I can do to help prevent this from happening?  Updating from a LiveUpdate Server that is not in-house would be best, as it would be faster overall, and would cause less network usage on the SEPM server itself.

Any thoughts?

---------
Jason M. Hecker
Director of Information Technology
Great Lakes Dermatology
jhecker@glderm.com

Do you have configure GUP ?

You can configure GUP in your remote location.

Tips For Installing SEP In A Low Bandwidth Environment

https://www-secure.symantec.com/connect/articles/tips-installing-sep-low-bandwidth-environment

Group Update Provider: Sizing and Scaling Guidelines

http://www.symantec.com/business/support/index?page=content&id=TECH95353

Best Practices with Symantec Endpoint Protection (SEP) Group Update Providers (GUP)

http://www.symantec.com/business/support/index?page=content&id=TECH93813

Have you looked into GUPs?

Best Practices with Symantec Endpoint Protection Group Update Providers

This allows you to designate a client on the local LAN to act as a content provider so the clients don't go out to Symantec LU over back over the WAN to the SEPM.

Hello Jason ,

clients talk to SEPM based on heartbeat for policy/ updates.

Can you please check if you have also checked SEPM for the updates in the liveupdate policy?

in the liveupdate policy click on server settings and uncheck SEPM .. This will make sure that your clients will get updates only from Internet and not from SEPM.

Rafeeq,

I am looking for that option in the LiveUpdate policy as you mentioned, however I do not see an option for that.  Below is an image of what my Policy edit screen looks like, and I do not see that setting anywhere.  Am I in the wrong area?  Or is that not available in SEPM 12.1.4?

Are you running SEP small business?

You should be on small business then, that option is not available. Since SEPM can update defs you can uncheck liveupdate scheduling

James007,

I read the links that you had posted, however none of them seem reflect my setup.  The images that are in the post: https://www-secure.symantec.com/connect/articles/tips-installing-sep-low-bandwidth-environment look nothing like what I have on my screen.

For example, below is my LiveUpdate policy screen, however there is no "Server Settings" section as is displayed in that post you linked to (Image here: https://www-secure.symantec.com/connect/imagebrowser/view/image/1185621/_original )

I am starting to think that my version of SEPM 12.1.4 is 'cripped' or something.  I know that is a bad way to put it, but there are obviously features that I do not have.  I am running SEPM Small Business Edition, which now that I think of it is probably the issue.

_Brian,

I am on Small Business Edition, which clicked in my mind just a few minutes ago, and is probably the reason that I can not do 1/2 of the things that I would like to do.  Right?

That's correct, that option is not available on SBE

IN Small Edition this option not available.

Feature comparison between SEP 12.1 SBE and EE

https://www-secure.symantec.com/connect/articles/feature-comparison-between-sep-121-sbe-and-ee

I don't believe SBE supports GUPs either. You can only get updates from Symantec LiveUpdate or from the SEPM.

possibility to scheduled updates "after hours"?