Endpoint Protection

Searching for Best Practice for copying Anti-Virus definition from Host to VM.

We have 100 laptops in Windows 7 which are getting the Anti-Virus definition update from SEPM version 12.1.6. These laptops use low bandwidth connection, most of the time offline with no internet connection.

Each laptop has a VM player installed and both the Host OS and the VM have the SEP client. Currently, Host and VM clients get the definition update from SEPM separately.

Issues we have

1. The same definition will be downloaded twice and took over an hour to update.

2. When the host connected to the SEPM to update, the VM may not be running, so only the Host updated. We have to remind users to run the VM while they are connecting to the network to get definition update.

We want the laptop only download the definition one time when the definition changes, and both host and VM are updated.

I read some articles and forum here.

1. Can I setup the Host client as the Group Update Provider (GUP) and provide definition to the VM?

2. Can I change the Virus definition location in the VM to point to the Host folder, so both Host and VM share the same definition?

3. During startup, create a script to copy the definition from host to VM?

Please provide some suggestions and what would be the best practice. If this question has been answered before, please provide a link. 

Thank you!

Edmund

Your questions 1, 2 and 3 can all be solved by a GUP

Unfortunatly anything with a client on in even a VM will download it's own defs. The best way to remedy this in a low bandwidth environment is to us a GUP on the local network and you can even set the host to download from the GUP. Your policy you can set them up to only get defs from the GUP and not the SEPM if required, or you can set the SEPM as a backup if they can't reach the GUP. Any machine with a SEP client can be turned into a GUP. 

See the below link for GUP best practices
https://support.symantec.com/en_US/article.TECH93813.html

Here's my 2 pence worth!

1. GUPs can be used here, but would depend on how your network is setup.  If all your hosts and guests are on the same subnet and you ue the multiple GUP option, then all the guests are going to ask the same host for defs.  Using the Single GUP option might get you the bandwidth saving you want and lock each guets to their host, but woud require placing each Host and its Guest in a separate SEP Group for each pair (bit of a pain, I know!)  Lastly, even with the GUP stuff all setup, there's no gurantee that it will be faster, as the hour between your update might be down to the heartbeat intervals, and is something else you'd want to look at.
2. I know of no supported way of accomplshing this.  You might be able to make it happen using Junction points, but there's no gurantee it'd work I'm afraid.
3. As with 2, tjhere's no supported way fo doing this in SEP, but you can always give it a go.  The below article states the location of the def files:
   https://www.symantec.com/docs/TECH223909

In all honesty, I think the closest you can get to your desired behaviour is using the Single GUP option, but it would be a bit of a faff.

You might consider upgrading to SEP14 and give it's Low Bandwidth mode a go:

https://www.symantec.com/docs/HOWTO127152

Thanks for answering the questions.

I tested the Option 3 today on my test laptop.

I stopped the SEP service in the VM first, copy the def files from the host computer folder to the VM folder, and restart the SEP service.

It looked OK at the begining, but after few mintues, it showed an error that "Your Virus and Spyware defintions are missing or corrupted..."