Endpoint Protection

 View Only

  • 1.  How do I know if the client is downloading delta or full virus definitions

    Posted Sep 05, 2016 10:25 AM

    I have a user who'll be on leave for two weeks and during the period, the PC will be shutdown according to his practice.

    I have a SEPM server running 12.1.6.MU4 and virus defintions is daily updated.

    Live Update policy for the site is 42 content revisions.

    How do I know if the user's PC will be downloading a full virus definitions or delta virus definitions after he returns back as the PC is a remote site and the link between PC and SEPM server is only 1.5Mbps and I don't want the  PC to downliad the full definitions and I expect the download is delta because of 42 content revisions. How can I verify if it's delta download or full download?



  • 2.  RE: How do I know if the client is downloading delta or full virus definitions

    Posted Sep 05, 2016 10:29 AM

    42 content revisions covers roughly 2 weeks or so.

    You can do some advanced filtering in the SEPM logs to see what the clients are doing though:

    SEPM 12.1 - Advanced Settings filter options for Client Activity logs

    Set the Event Source to "SYLINK" and you'll see one of two entries. One for "the client opted to download a full definition package..." (full content download) or "Downloaded new content update from management server successfully..." and the file name will end in .dax which means it downloaded the delta file.



  • 3.  RE: How do I know if the client is downloading delta or full virus definitions

    Posted Sep 05, 2016 12:42 PM

    There's no output from my server.

    From Monitors, Log tab, I specify:

    Log Type: System

    Log Content: Client Activity

    Click Advanced Settings and in Event Source, specify SYLINK and click  View Log.

     

    Do I need to change any policies or enable which logs to have the log output?

     



  • 4.  RE: How do I know if the client is downloading delta or full virus definitions

    Posted Sep 05, 2016 12:46 PM

    It looks like this?

    1_4.jpg

    If so, these settings should suffice.



  • 5.  RE: How do I know if the client is downloading delta or full virus definitions

    Posted Sep 05, 2016 01:16 PM

    Same as yours. View Log does not have any output.

    Can you help post some sample log result?

     



  • 6.  RE: How do I know if the client is downloading delta or full virus definitions

    Posted Sep 05, 2016 01:26 PM

    2_1.jpg

    I assume your clients are connected to the SEPM?

    If you go to the Clients page >> Policies tab >> Client Log setttings do you have the box checked to upload the System log to the SEPM?



  • 7.  RE: How do I know if the client is downloading delta or full virus definitions
    Best Answer

    Posted Sep 05, 2016 01:53 PM

    Thank you. After I have downloaded the latest virus definitions and after some time, the logs appear with may logs of Content Update Server with logging of downloading the dax files.

    Thank you very much and I will mark this as solution.



  • 8.  RE: How do I know if the client is downloading delta or full virus definitions

    Posted Sep 05, 2016 01:54 PM

    Thanks. Please mark the solution that best helped you.



  • 9.  RE: How do I know if the client is downloading delta or full virus definitions

    Posted Sep 08, 2016 12:05 AM

    Hi, I want to know from your screen capture, is it that you enable SYLINK logging before you can view the log of SYLINK event source? As I find that by default SYLINK events are not logged.



  • 10.  RE: How do I know if the client is downloading delta or full virus definitions

    Posted Sep 08, 2016 05:27 AM

    No sylink logging does not need to be enabled first.