Endpoint Protection

Hi All,

after upgradadtion from 12.1.5 to 12.1.6 MP3 clients starts taking updates(full zip) from SEPM. 1. Why the clients are not requesting full zip download from GUPs instead of SEPM? Though I have checked the the feature under server properties(in SEPM Admin tab), "Prevent clients from downloading full zip from SEPM".

2. What would be the impact of choosing this option ?

Any suggestion for Qn.1 & 2.

Hi,

Need to check client logs why clients are requesting full.zip from the SEPM. Actually you need to configure Liveupdate policy to avoid clients to go to SEPM directly to take updates.

Refer the below screenshot.

Second option is differnt altogether. It's about when client takes update directly from the SEPM and when more number of clients start taking full.zip from the SEPM, SEPM will stop providing full.zip to avoid over utilization of SEPM.

Are your GUPs online and functioning? Enable sylink logging on an affected client to find out what is going on.

Enable sylink debugging for Endpoint Protection clients

Hi Chetan/Brian

Thanks for your valuable time. @Chetan - The setting is already at 'Never". And, After the upgrade, I have noticed that under Admin tab>>Server Properties>>Full Definitions Download. I have ticked the option there i.e. "Prevent Clients from downloading full definition packages". But, my question no. 1 is that if I have already selected the option of "Never" under Group Update Provider(in Live Update Settings Policy), then why the clients reached to SEPM. Qn.2- As, after checking this option "Prevent Clients from downloading full definition packages", I have not seen any download from SEPM. So, would the client be taking updates from their respective GUPs(even if they require full zip definitions)?

Hi,

U need to upgrade your GUP pc av client version to 12.1 RU6 MP3, as there is a bug in SEP 12.1 RU5 and lower version.

We have faced this kind of similar issue where after SEPM upgradation clients starts taking updates from SEPM instead of GUP.

When you have the "Never" for SEPM option is selected under the GUP settings of the LU policy, client should not take updates directly from SEPM (No matter it is full or delta) (it doesn't matter whether you have the option "Prevent Clients from downloading full definition packages" enabled or not).

How did you confirm that the cliets are taking full.zip from SEPM? via clients system log or sylink monitor log?

@Chellapa - Only those clients were taking full zip updates from the SEPM which are having definitions older than 30 days as we have kept no. of revisions upto 90(which means content revisions of roughly 30 days and li'l more). Not all of the clients are going to SEPM. Rest of the clients are taking updates from their respective GUPs.

@Seyad - I totally agree with you. But, depite of that "Never" setting enabled, clients(having defs older than 30 days) were going to SEPM which are stopped now after checking the option  "Prevent Clients from downloading full definition packages". So, I could say only one thing here like Chellapa said that there might be a possibility of bug in 12.1.5, which makes the sep clients(running with 12.1.5 version) to request full zip from SEPM(running at 12.1.6 version) and that has been prevented after checking the option "Prevent Clients from downloading full definition packages".

I have observed that the clients are going for full zip from SEPM as I have created a notification(at SEPM) for that if any client request a full zip from SEPM we would get a notification over email that the following clients has requested full defs. download from SEPM.

If you are sure that the SEP cleints (after being upgraded to 12.1 RU6 MP3) are taking updates (doesn't matter delta or full) from SEPM even with the "Never" for SEPM option enabled on the LU policy of the group in which these clients are reporting to, then please report this issue to Symantec Technical Support.

I will also suggest let all the clients upgrade to the latest version & then monitor downloads. 

If clients are not allowed to bypass GUP then they shouldn't be. I think once all the clients upgraded issue will be resolved.

Hi All,

The problem seems to be fixed as I have seen in past 24 hr client-server activity logs with the option "Prevent Clients from downloading full definition packages" checked that the clients are requesting for full zip from their respective GUPs instead of SEPM. So, I assume that after upgradation of SEPM(from 12.1.5 to 12.1.6 MP3) with clients running at sep 12.1.5, only the machines which were containing outdated defs. of more than 30 days roughly(90 revisions - which are configured at my SEPM to keep) will go to SEPM bypassing the GUP(even having "Never" setting there under Live update settings>>GUP).

Good to know it looks issue has solved but interestingly clients should never bypass GUP if 'Never' option is selected in the GUP configuration. I feel it could be due to some other reason like policy corruption, client bug etc.

@Chetan - yeah you may be right. Thanks all of you guys.

Great thread guys!!!

I also will be upgrading from 12.1.5 to 12.1.6MP3 wish me luck!!!

You can add a few non-critical clients to the test group and upgrade them and monitor it for few days. If everything worked as expected upgrade all other clients.