Endpoint Protection

greetings

can someone assist me with a script to run an updater on a machine that last update 2 weeks back. i want to create a host integrity that forces a pc to update when its virus definition is 2 weeks old

Hello,

Check this Download:

Script to download Definitions from SEPM

http://www.symantec.com/connect/downloads/script-download-definitions-sepm

NOTE: This script is not from Symantec neither supported by Symantec.

Hope that helps!!

Hi,

the SEP clients can be out-of-date if they cannot reach LiveUpdate contents, if the content can be reached, the product does the job, no need for a script to that. What you need is to make sure is to have that content available for the out-of-date client. If the client can't get the content from the LUA or the SEPM, something is not properly working and requires further investigation, if you force the update with a script which, for example, runs the Intelligent Updater, you will just hide real the issue.

If, according to your Network Access Control policies, the out-of-dated clients are going to a quarantine VLAN, ensure in that VLAN there's an internal LiveUpdate server (to be set with LiveUpdate Administrator, LUA) and the SEP clients know about it via policies. Once they get in touch with the LUA, they will get the newest content and you will then move them to the production VLAN.

You may implement those things much easier with our Symantec Network Access Control solutions.

Script to download Definitions from SEPM

http://www.symantec.com/connect/downloads/script-download-definitions-sepm

Hi,

it looks like it works only if you have access to the SEPM in production, hence the client should be in the same VLAN rather in a quarantine one as expected if a client is not passing the host integrity (HI).

If the out-of-date client is put in the production VLAN, what this HI is useful for? Why the client should not get the definitions automatically from the SEPM as expected?