Endpoint Protection

Hello,

Recently our network team has provided the reports of proxy, in which we have observed that our SEP client is communicating to SEPM via proxy.

But that should not be the case in general, we bypass proxy for all internal traffic still Symantec client traffic to the Symantec servers going through the proxy.

This is not for all clients we have around 30,000 clients but from which as per report only around 2,500 clients is misbehaving.

Please suggest me on how we can troubleshoot this issue...

Details:

SEPM is installed on Windows 2008 R2 Standard, a client running on Windows 7 SEP 12.1 Ru6 MP1.

SEP clients can use the browser settings or a custom one. It should only apply to external communications, not to the SEPM. Did you verify this group does not have the proxy setting enabled in the SEPM? Do you have any logs to provide?

Specifying a proxy server that clients use to communicate to Symantec LiveUpdate or an internal LiveUpdate server

Configuring Symantec Endpoint Protection Manager to connect to a proxy server to access the Internet and download content from Symantec LiveUpdate

Hello Brian,

Yes this group has proxy enabled please find the below snapshot,

 

Also, i have some question as below,

1. How SEP client is configured to take bypass proxy setting, the screen shot below is the only way?

2. Is there any option on SEPM where we can put the bypass server and proxy?

3. Is this issue is with SEP client only or may be with proxy server issue?

4. Is SEP client is the dumb client which only takes the default proxy settings on IE internet options?

 

Don't know whether I am asking valid question or not , but please help me with the same.

 

 

 

 

What I linked above will show you how to configure the client to use a proxy for external communications.

You can set it up to use a proxy to the SEPM as well:

Configure Endpoint Protection to use a proxy

Hi Brian,

 

Just to get the situation revised, the issue is why Symantec client going to proxy server for definitions because of which proxy server is getting number of request.

As we have SEPM in a network, so SEP client should directly come to SEPM server for definitions if they are connected to a network but still they are coming to SEPM server via proxy.

In the proxy, we have bypassed the domain and also IP ranges but still is the issue, also further checked with our network team clients are taking below URL and going to the proxy.

"http://sep12-pw10.ec.win.colpal.com/content/{810D5A61-809F-49c2-BD75-177F0647D2BA}/170320054/xdelta170320054_To_170321004.dax"

where sep12-pw10.ec.win.colpal.com is our internal server where in proxy *.colpal.com is already bypassed.

So the question is why SEP client is going to the proxy , this was not happening previously.Do we need to change any settings on SEPM level or Proxy level?

What I linked in my last post is the config for clients to use proxy to SEPM. Was something changed? This isn't normal behavior.

Nothing was changed, only as per you last post I have changed the setting of live update policy to " I want to use my windows proxy settings (default)" from " I do not use a proxy server for HTTP or HTTPS"

That is the only change I have done but that was also post issue previously nothing was changed but still we faced this issue.

So was it every working correctly and than stopped?

Yes, previously it was working perfectly fine.From last week we are facing the issue.

But the basic question remains the same, whether client have its own intelligence to bypass the proxy or on the system level, it goes to internet proxy while having definitions and then checks that the proxy has exceptions for SEPM so its exclude proxy?  

 

The client will use/not use a proxy based on the configuration set in the SEPM. It won't just randonly do it. I would call support so someone can remote in and start looking at root cause.

Yes please, i will be available now. If possible, please contact me on my mail.

pratik_pashte@colpal.com

I will share my contact details

I don't work for Symantec. You'll need to contact them.

Hey  Pratik Pashte I am also facing the same problem, exactly same. I think there is a problem with Symantec. I logged a case with Symantec also but they did not provide any solution. What about yours.