Hi Guys:

Is there anyway where we can force SEPM to download definitions via ssl from liveupdate.symantec.com instead of ftp ?

Cheers!

How are you seeing it coming via ftp?

The connections happen automatically so there really isn't anything you can configure within SEPM.

See this.

• LiveUpdate connects over TCP ports 80 (HTTP), 21 (FTP) and 443 (HTTPS).
• The file that connects to the Internet is LuComServer_*_*.exe in LiveUpdate 2.5 and later and Lucomserver.exe in LiveUpdate 2.0 and earlier.
• The default folder for this file is C:\Program Files\Symantec\LiveUpdate.
• LiveUpdate connects via HTTP to the domains liveupdate.symantecliveupdate.com, liveupdate.symantec.com, and akamai.net.
• If a connection fails, LiveUpdate tries to connect to one of the other listed domains. The listed domains may change because of server maintenance.
• If LiveUpdate cannot make an HTTP connection, LiveUpdate connects via FTP to update.symantec.com/opt/content/onramp

How to determine whether your firewall is blocking LiveUpdate

I can see this clear text communication in my SIEM. 

This just happens automatically.

@ Brain : Is there anyway we could change it to SSL ? 

No way It's default Live update URL.

See Symantec live update URL.

https://www-secure.symantec.com/connect/forums/urls-default-symantec-liveupdate-server

No not from the SEPM. This starts on the Symantec end. LU does use 443 as well in addition to 80 and 21 but it may vary.

But can we change it to 80 ?

As per below articles you need to open below firewall port for update defination.

How to determine whether your firewall is blocking LiveUpdate

So if I block 80/8080 in my firewall , the communication happens on 443 only. that's the best way to go with.

You can try may be it will work.