Endpoint Protection

 View Only

  • 1.  Stop missed anti-virus definitions from loading at boot

    Posted Jul 16, 2010 09:21 AM
    Hi,

    We have a problem that I've been Googling and searching the forums for an answer to with no luck so far.

    Basically we are experiencing slow boot for some computers on our network, running either Symantec Antivirus v10 or Endpoint (we are migrating over from the former to the latter at the moment). On looking at the logs, what we're finding is that if a PC is switched off for a couple of days, say if a user has been on holiday, when they come back to work the PC will automatically download any definition files that it's missed whilst the PC was switched off.

    SAV/Endpoint is configured so that there's a central server which downloads the updates, and all the clients are set to pull the definition file from that server (rather than LiveUpdate) at 12:15pm each day, or within half an hour of that time.

    If the PC has been switched off whilst an update has been made available by the server, then the PC gets the updates AT NEXT BOOT. This is causing the slow boot - as well as starting up Windows, loading programs etc., the PC is also having to stream 100Mb definition files to the hard drive and load them to Symantec.

    I've fiddled with the "handle missed updates" setting within SAV/Endpoint but it's having no effect.

    So the question is: can I stop the PCs from downloading missed definition file updates at boot, and force them to wait until the next scheduled update time, which is 12:15pm for us?

    Thanks for your help!


  • 2.  RE: Stop missed anti-virus definitions from loading at boot
    Best Answer

    Posted Jul 16, 2010 09:30 AM
    How your liveupdate policy is configured?
    Clients are getting the updates from SEPM?
    If yes it is not possible to schedule it....


  • 3.  RE: Stop missed anti-virus definitions from loading at boot

    Posted Jul 16, 2010 09:33 AM
    Check this doc it may me helpful to you..
    Symantec Endpoint Protection Client configuration changes for performance optimization


  • 4.  RE: Stop missed anti-virus definitions from loading at boot

    Posted Jul 16, 2010 10:02 AM
    The clients are receiving their updates from the Symantec server - screenshot below.

     

    If I click the Settings button next to that, the only option is to "check for updates every x minutes".

    I could schedule the updates using LiveUpdate, but that means each client downloading the update from the internet, so with 300 clients that's 300 downloads of the definition file, rather than a single download to the server pushed out to the clients over the internal network. Which ain't great.


  • 5.  RE: Stop missed anti-virus definitions from loading at boot

    Posted Jul 16, 2010 10:07 AM
    Accidental double post, sorry!


  • 6.  RE: Stop missed anti-virus definitions from loading at boot

    Posted Jul 16, 2010 10:16 AM
    Sorry I thought you are telling about Endpoint....


  • 7.  RE: Stop missed anti-virus definitions from loading at boot

    Posted Jul 19, 2010 04:04 AM
    Thanks AravindKM - I think after having done some investigation this weekend that there is NO WAY to stop the clients from receiving definition file updates at next boot if they've been missed.

    This is really poor from Symantec's point of view and we will now consider another solution. It looks like EndPoint behaviour is the same as earlier versions.