Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Do not need "Download Protection Content"

Created: 06 Mar 2012 • Updated: 06 Mar 2012 | 2 comments
Paul from PA's picture
0 Agree
0 Disagree
0 0 Votes
Login to vote
Status: Alternative Solution

This refers to Symantec Endpoint Protection 12.1 RU 1.

Our application is Critical Infrastructure Protection.  Our customers have a network of Windows computers (XP and 7) that never, ever, ever connect to the Internet - they are 'air gapped'.

We want to use SEP, but only with 'basic' protection: AV only, no other features, because we cannot download and apply updates the way that we can with AV definitions.

The problem is that, in the SEPM Home page, the indication "Endpoint Status" is that all of the client computers are Out-of-date, because they don't have the latest "Download Protection Control" - but they will never have such, because, with no connection to the Internet, they will never get it.  The indicator in the upper left corner of the page can be set to 'OK' by deselecting the showing of Download Protection Content, but there is no way to defeat that in the indication in the center of the page.

Comments 2 CommentsJump to latest comment

Elisha's picture

You can update the content even on an air gaped network by using LiveUpdate Administrator (LUA).  You will have one LUA server in your air gaped network and one connected to the Internet.  Then you can copy the content from the one connected to the Internet to the air gaped LUA via a DVD.  SEPM 12.1 can then be configured to get content from the LUA server.

Check out this KB in how to do this:

http://www.symantec.com/business/support/index?page=content&id=TECH104893

+2
Login to vote
Mick2009's picture

"Thumbs up" to teh above.... here's another article that is very good for high-security air-gapped networks:

Updating downloads in an internal LiveUpdate Administrator 2.x Server using the downloads from an external LiveUpdate Server
Article: TECH106254 | Created: 2008-01-15 | Updated: 2011-08-16 |
Article URL http://www.symantec.com/docs/TECH106254  
 

With thanks and best regards,

Mick

+1
Login to vote