Endpoint Protection

Hi there - I have recently upgraded our End Point management from 11 to 12 but left our clients on version 11.

Since then all of our WAN clients have noticed extra traffic on these links and they have been way higher than normal and the traffic returning to normal when you turn the management services off.  So i figured there is something with the old clients so upgraded them to 12 but I still see the same behaviour

Some information:
The WAN clients have been working fine with v11 for years
The WAN clients are on a slow link <7Mbps
We update virus dinfs every 4 hours
Our use (with the old end point management) use is about 4GB a month but with the management on it increases to 15GB

Hope someone can help

You should look into configuring GUPs to handle content updates, reducing load on bandwidth:

Best Practices with Symantec Endpoint Protection (SEP) Group Update Providers (GUP)

http://www.symantec.com/business/support/index?page=content&id=TECH93813&locale=en_US

Group Update Provider: Sizing and Scaling Guidelines

http://www.symantec.com/business/support/index?page=content&id=TECH95353&locale=en_US

Yes you can create GUP

GUP__Sizing_and_Scaling_Guidelines

https://www-secure.symantec.com/connect/downloads/gupsizingandscalingguidelines

You required to create the GUP on all of these Client locations.

Below are link which can guide you to create the GUP

Thanks for those - I dont think GUPs would be needed as I have only 1 client at the end of those WAN links???

But I have looked at Tips For Installing SEP In A Low Bandwidth Environment and changed the clients to use Pull mode and 1 hour heartbeats

Ill report back if those have made a difference

may be you can configure those clients to have direct updates from Symantec Liveupdate.

Hi,

If only one client is creating extra traffic then it would be worth to check sylink logs.

Run the Sylink monitor tool on the remote computer.

Probably remote computer will be requesting .zip file continuously instead of delta & it might be leading to high bandwidth utilization.

Agree with Chetan, the remote computer is perhaps downloading the full content (~ 200 MB) at some times instead of incremental files (some 100 KBs in best cases).

At SEPM, check Admin > Servers > Local Site > Edit Site Properties > LiveUpdate > Disk Space Management for Downloads. If the SEPM keeps only a small number of content revisions (e.g., 3), increase it to a higher number.

As you are updating content every 4 hours, you get about 3 content revisions per day. A SEPM keeping 3 revisions (default setting for small environments) would only be able to create small delta files for one day. A client that has older content (e.g., 2 days) hast to download the full content (200 MB instead of about 1 MB).

So try to increase the number of content revisions. But bear in mind that you need some disk space: For example, if you want to cover a week, you need 3 * 7 = 21 content revisions. If you are saving both 32-bit and 64-bit content, you'll need about 24 GB disk space. This will be slowly but continuously growing, of course

Thanks Greg that was the problem - the content revisions were to low