Video Screencast Help

Make it easier to turn GUP on or off

Created: 26 May 2009 • Updated: 04 Feb 2013 | 2 comments
MichaelHornung's picture
21 Agree
1 Disagree
+20 22 Votes
Login to vote
Status: Partially Implemented

Currently the GUP feature of Symantec Endpoint Protection can only be enabled by making a computer's name or IP address match the GUP name or IP address defined in a LiveUpdate policy applied to that host.  When managing literally hundreds of branch offices this requires too many policies and policy groups to keep the software manageable.  I propose additional ways to allow SEP managers to instruct a server to become a GUP:

1) If a server gets a LiveUpdate policy and a GUP is defined, and the name of that GUP is a CNAME that resolves to the name of the server, TURN IT ON.  This in addition to being able to specify the IP address of the computer to be a GUP, and also in addition to specifying a NetBIOS computer name, or a DNS A name of a computer to be the GUP.

2) Respect an administrator-controlled registry key to enable/disable the GUP which is controlled outside of LiveUpdate policy.

There are several forum threads where people want to better manage GUPs:

https://www-secure.symantec.com/connect/forums/man...
https://www-secure.symantec.com/connect/forums/gup...
https://www-secure.symantec.com/connect/idea/de-ce...
https://www-secure.symantec.com/connect/forums/ad-...

Here is the overview of GUPs as they stand now:

http://service1.symantec.com/SUPPORT/ent-security....

Comments 2 CommentsJump to latest comment

Alessandro Cesarini's picture

This is really a good idea and it would make our life so much easier dealing with 105 sites

0
Login to vote
Elisha's picture

In SEP 12.1 GUPs can be enabled by registry keys.

However we don't support using CNAME because that would require each client to do a DNS query to check every name in the policy to see if any name resolves to itself.  This would only work on very small networks.  For larger networks it would cause too much traffic and a lot of extra load on the DNS server.

0
Login to vote