Endpoint Protection

 View Only

  • 1.  Managed SEP clients downloading updates.

    Posted Dec 11, 2009 03:42 PM
    Is it possible for managed SEP clients to download updates directly from Symantec if the definitions are out of date and the server can not be reached?  I am concerned about laptops that may be off the network for a week or two at a time. 


  • 2.  RE: Managed SEP clients downloading updates.
    Best Answer

    Posted Dec 11, 2009 03:46 PM

    How to configure mobile computers to automatically download virus definitions when disconnected from the Symantec Endpoint Protection Management console

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/ebe7903cbde2824b8825741f00776b77?OpenDocument 


  • 3.  RE: Managed SEP clients downloading updates.

    Posted Dec 11, 2009 04:30 PM
    I am currently facing this issue with Christmas break comming up soon. Our mobile clients will be gone for two weeks and will not be on location to recieve updates. I read the article you posted, however all of my groups are location specific and not machine type specific. I have over 2100+ clients. There would be no way to create a group just for our 300+ laptops and put them in there and use the live update server instead of the SEP management server. Is there not a way that i could set all of my groups to go out to the internet and download updates if the management server is not availible? Thanks


  • 4.  RE: Managed SEP clients downloading updates.

    Posted Dec 11, 2009 05:34 PM
    1. Configure a location with the condition 'unable to contact management server'. (this can be done for all your groups).
    2. Set the LU policy in that group to use Symantec LiveUpdate server.

    The clients (laptop or desktop) will only switch to the LiveUpdate server when they are unable to connect to the SEPM.


  • 5.  RE: Managed SEP clients downloading updates.

    Posted Dec 11, 2009 05:37 PM
     You can still follow the same steps as the article gives, you just need to apply it to all your groups because your laptops are scattered all through the other location specific groups. This policy should not affect the other clients at all, only ones that will change locations. Although you might want to consider taking the time to create a group for just laptops, as this could save you time in the future applying policies that should only affect mobile users. 

    Cheers
    Grant


  • 6.  RE: Managed SEP clients downloading updates.

    Posted Dec 11, 2009 09:26 PM
    Go to the Manage Locations section and set up a Connected Location and a Remote - Disconnected Location. 

    Set the Connected location to be true if the client can contact the SEPM.  Set the Remote - Disconnected to be true if it cannot contact the SEPM.

    Enable Location awareness in the group policy.  You will then be presented with two locations in the policies screen of a group.  In the Connected location apply a LiveUpdate policy that downloads from the SEPM.  In the Remote - Disconnected location apply a LiveUpdate policy that uses a LiveUpdate server, and choose the default of the Symantec LiveUpdate (internet).

    That's all.  It works well.  You can even set the LiveUpdate button on the client to be enabled in the Remote - Disconnected location if you want to give your users the ability to update their definitions on demand as well.


  • 7.  RE: Managed SEP clients downloading updates.

    Posted Dec 12, 2009 01:07 AM
     Follow the doc edit LU Policy and check both the check boxes default management and symantec liveupdate and apply to all your groups.
    Then click on Advanced setting and enable the liveupdate button as well...
    After the christmas break you can change the policy back to default as it it.