Video Screencast Help

From where Endpoint Protection SMB downloads its updates?

Created: 29 Nov 2012 | 2 comments
RoFz's picture

Hi, we would like to know what is the specific source for updates to Endpoint Protection SMB clients. Is it the Internet (Symantec servers) or the local server (Protection Center)? Everytime we install a new client, LiveUpdate is executed locally on the workstation and about 200-300 MB of updates (?) are downloaded. Is there a way to centralize this process on the Endpoint Protection Center (console)?

As a general rule for antivirus solutions updates are usually split into these five groups:

- Full Software Upgrades (such as what appears of being done by LiveUpdate after a new install of and endpoint)

- Minor Software Updates (such as hotfixes)

- Full Signature Database Upgrades

- Incremental Virus Signature Database Updates

- Policy configuration

We know that Endpoint Protection SMB clients do get policy updates from the local server (Protection Center), and we also know that during the first install all of above (except policy) is downloaded directly from Symantec by LiveUpdate on each workstation, but we do not know exactly about all of the other things above.

The main concern is that it would be very expensive (and also stupid) to have a full network of Endpoint Protection clients downloading software and virus updates using the local Internet circuit, instead of centralizing the update process on the Protection Center.

Could anyone clarify how the update process works for EP SMB? Also, is this process the same for versions 12 and 2013?

Comments 2 CommentsJump to latest comment

Rafeeq's picture
Tosavebandwidth,SymantecEndpointProtectionSmallBusinessEditionclients run scheduled LiveUpdates from the Symantec LiveUpdate server only if both of the following conditions are met:
■ Virus and spyware definitions on a client computer are more than two days old.
■ AclientcomputerisdisconnectedfromSymantecEndpointProtectionManager for more than eight hours.
almost same as in SeP
RoFz's picture

Thanks Rafeeq.

So, if i understood you correctly, SEP and SEP SMB always try to get updates from the local SEP console/server, except when it is unavailable or unreachable, is that correct?

Would that rule also apply to software updates?

Extending the previous question a bit: why SEP clients always look for Symantec's Live Update server instead of the local SEP console/server when they are manually installed (despite the fact they were generated by the same local console/server)?