Endpoint Protection

I've notice that client connections to my internal Liveupdate servers use PASV.   It it possible to force Active FTP.

(001889) 8/14/2009 0:01:15 AM - (not logged in) (10.21.104.160)> Connected, sending welcome message...
(001889) 8/14/2009 0:01:15 AM - (not logged in) (10.21.104.160)> 220 Symantec Liveupdate Distribution Point
(001889) 8/14/2009 0:01:15 AM - (not logged in) (10.21.104.160)> USER lu_reader
(001889) 8/14/2009 0:01:15 AM - (not logged in) (10.21.104.160)> 331 Password required for lu_reader
(001889) 8/14/2009 0:01:15 AM - (not logged in) (10.21.104.160)> PASS *********
(001889) 8/14/2009 0:01:15 AM - lu_reader (10.21.104.160)> 230 Logged on
(001889) 8/14/2009 0:01:15 AM - lu_reader (10.21.104.160)> TYPE I
(001889) 8/14/2009 0:01:15 AM - lu_reader (10.21.104.160)> 200 Type set to I
(001889) 8/14/2009 0:01:15 AM - lu_reader (10.21.104.160)> PASV
(001889) 8/14/2009 0:01:15 AM - lu_reader (10.21.104.160)> 227 Entering Passive Mode (10,181,47,39,245,53)
(001889) 8/14/2009 0:01:15 AM - lu_reader (10.21.104.160)> SIZE

Are yoo getting : "Error: 500 'RETR': command not understood"

 If ues then the cause by replication failure on the Symantec FTP servers. A possible workaround is to change the directory from where the FTP script downloads definitions.

In Symantec System Center, click Virus Definition Manager > Configure > Source > Configure.

You see a Remote Folder field with the following path:

 

To change the directory:

 

 

/public/english_us_canada/antivirus_definitions/norton_antivirus_corp

Change the path to:

/AVDEFS/norton_antivirus_corp

I believe changing to Active FTP is not an option, and is hard coded in the program.

Cheers,
Thomas

No, I want active FTP for Quality Of Service (QOS) bucketing.  The random ports make PASV hard to classify.

40,000 clients doing PSAV ftps across our MPLS cloud and ending up in the default QOS bucket isn't nice.

I understand why a retail product might do this, being behind a NAT router and all... but corporate?