SEP Agents and Content Update
I have been working on a client that is running SEP 11.0.6a and has 3 x GUP's for content updates (primarily A/V signatures). It has been observed that each Monday as the SEP Agents reconnect after the weekend that it takes the best part of a day to catch up. This has been improved with some closer attention and policy tweaking. However I strongly suspect there is a significant portion of the fleet that is waiting for the GUP retry timeout and defaulting to the SEPM for updates (currently set to 2 hours).
Whilst this practice is presently not impacting the network noticably, as the fleet grows it will become less and less workable. Also, ideally I would like to turn this timeout off entirely!
What I need is a way to identify those endpoints that are retrieving their content direct from the SEPM. This really needs to be able to run from the SEPM and not require queries/observations run on specific endpoints as any "solution" of that manner is simply not feasible with the size of the client. Is there a way to do this?