Endpoint Protection

Dear,

I set up the schedule of Live update on SEPM and distributed the policy to All of SEP clients.
The clients are more than 100 PCs.

However, it seems like that it is not applied for them.
All of SEP clients accessed SEPM each Monday morning no matter how much I changed the schedule & policy.

Please let me know how to set up SEPM.

Best regards,
YOM

its not the liveupdate policy
you need to change the heartbeat interval
click on clients
on the right hand side select policy
select communication settings, by default it wil be in push mode
make it to push mode with 4 hours interval check the traffic

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007102311173048

Can you please get the sylink.log

https://www-secure.symantec.com/connect/downloads/sylink-toggle

also what is the heartbaet set to?

My guess, upon seeing your subject line, is that these computers are turned off for he weekend and you are only storing 3 revisions in the SEPM.  When these machines come online on Monday morning and try to request definitions, the SEPM does not have enough older revisions to build the delta package, so instead it sends the much larger full definitions file.

If this is the case, increase the number of revisions from 3 (1 day's worth with default settings) to something closer to 9 or 12.

Admin > Servers > Local Site > Edit Site Properties > Live Update > Disk Space Management for Downloads.  Up the number.

Title: 'Best Practices for configuring the number of content revisions to keep in Symantec Endpoint Protection Manager'
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009020514050748

(If I understand correctly: you want your clients to run LiveUpdate instead of getting updates from the SEPM?)

sandra

Dear All,

I'm sorry for my late reply and thank you for your advices.
I read the manuals again.
So, just in case, I would like to confirm my concern as below.

The administrator can not arrange the schedule when client PCs get up to fetch the pattern files to the default management server for each group on the default management server's policy.
Is this right?

Best regards,
Yom

Yes the admin cannot do that.
But you can control the setting for the SEPM to download the updates which will inturn control the update distribution to the clients. because when ever the SEPM will get the updates it will give it to the clients. 

To become sure if the clients can retrieve the latest issued policy:
 

1. Open the console
2. Go to the Clients section
3. Select the group containing the purposed clients
4. Select the Details tab
5. Write down the Policy Serial number
6. Now on open the Symantec Client installed on that client locally
7. Select the help and support
8. Select Troubleshooting
9. Now check the Policy serial number with the one you wrote down

If the policy serial numbers are not equal, then the client hasn't receive the latest policy.
Please let us know the result for further inspection.
 

Dear All,

Thank you for your co-operation.
In the meanwhile, I'll check up to build GUP for SOHO and the other site.

Best regards,
Yom

gr8