Endpoint Protection

How can I update an Unmanaged Client without Internet in an environment where there is a only 1 machine ( say X) that is connected to the internet and communicates with SEPM. The other clients are just standalone PC's which communicates with only X. So how can this unmanaged client communicate and collect information from it?

Please tell me the steps to do it. Its very Urgent

Hi ARPhilip.

In your case, you can use the a stand alone package to collect the inventory from this machine. I'm attaching a link bellow which will help you with this task.
 

https://www.symantec.com/connect/videos/gathering-inventory-using-stand-alone-package-video

Regards,

Download the Intelligent Updater, found here:

https://www.symantec.com/security_response/definitions.jsp

This CLIENT PC is a standalone machine.

1)not connected to the network but only communicates with X (parent PC).

2) no internet enabled

So how can we get the  virus updates/definitions updated on this CLIENt automatically.

Download the Intelligent Updater to a remove able drive on an internet connected machine, plug it in to this PC not connected to the Internet and run the IU file to update it.

Or push out the file silently via your package management system

how can I push it silenlty? what did you actually mean by package management system?

How can I automate the Virus update process on this 'STANDALONE" pc without any user intervention?

Will GUP or LUA help in this scenario?

EXperts need your full support. Please..Please

Can you please tell me the steps?

If X parent PC has access to the SEPM setup a policy to make X parent PC into a LUA and allow the stand alone machine to use X Parent PC for automatic def updates only. 

https://www.symantec.com/connect/forums/configure-unmanaged-client-get-updates-local-lua

Basically in the liveupdate policy you setup client X as an LUA once that's done you then have to update the communication file on the unmanaged to machine to be able to communicate with that GUP and get def updates only. 

How to set up Liveupdate Administrator
https://support.symantec.com/en_US/article.TECH102701.html

thanks for edit to correct your mistakes. lua makes sense now

Steps to configure LUA please

can we configure it on the windows client ( WIN 7-managed client) which communicates with SEPM. how can the unamanged clients be pointed to the LUA?

The LUA can be setup on the machine that the unmanaged client can contact. The link below provides steps to setup and configure the LUA. Then you just need to import a sylink.xml file from the SEPM to the unmanaged client to tell it to pick up updates from the LUA.

https://support.symantec.com/en_US/article.TECH102...

As has already been mentioned, the recommendation here is to install the LUA on the sole client hat has Internet access, and point the unmanaged machines at that client for updates.

I think links on how to setup the LUA have already been shared, so all good.  I think you might find the below handy on how to point unmanaged machines at a LUA though:

http://www.symantec.com/docs/TECH166129

NOTE: The steps in this article allow you to keep them as unmanaged clients, instead of making them managed clients by changing the sylink file.

It's also worth bearing the below in mind:

• LUA has no integration with SEP (i.e. SEP client on the internet-connected machine can have later definitions than the LUA, and vice versa.  Depends on which one happens to hit its update schedule first)
• No integration also means no reporting/management.  You have no way of centrally reporting/managing on the unmanaged clients from the SEPM (I'm sure you're probably already aware, but t's always prudent to state these things outright)

Our team has come up with another suggestion to automatically run the Virus definitions from a shared folder on these client PC.

1. From the Internet, The shared folder will have the *.exe or .jdb file  to be copied

2. An auotmated script to run the file from there.

Can somebody provide me with the steps?

To be fair, if you're going to go down that route, you might as well just:

Enable 3rd party content distribution on your machines:

http://www.symantec.com/docs/HOWTO80914

And use the Internet connected client to download and copy the JDB files to "%ALLUSERSPROFILE%\Symantec\Symantec Endpoint Protection\CurrentVersion\inbox" on the other machines:

http://www.symantec.com/docs/TECH104363

This parent machine is a server and not exposed to Internet. Can we push the exe file from SEPM on daily basis to shared folder? I think then we can create a script , to pull the updates into each of these machines.

What exe?  With the 3rd party updates option enabled, there's no need for execution of anything, all you need is the JDB.  As the machines are unmanaged, I'm unclear what the SEPM has to do with any of this.  Doesn't the internet-connected workstation have access to the unmanaged SEP clients?  If so, can't you just push it straight out from there?

I must admit, it sounds as if you're over complicating things here, when just installing the LUA will sort it all out.  Perhaps a bit more detail on the estate would help us help you...

So If I install a LUA somewhere in the environment on any client machine or a LUA in every site and this LUA will push the definintions to the clients in each site??

How does the client know the LUA to pull the updates?

Please can someone send me any tutorial or videos to see how actually the implementation can be done.

This is actually for critical un-managed environmnet ( petrol stations), where only 1 Parent machine is managed -domain machine . this machine also has  NO INETRNET. so if LUA cannnot be implemented rite?

So if LUA is implemenetd in the HEAD Office, how can the Parent Machine at petrol Station get the updates from LUA to push to these clients?

When a LUA is in use, the update process goes like this:

1. LUA internal scheduling tells it to connect to Symantec to grab defs
2. LUA grabs defs and PUSHES to its Distribution Centres (more about these later)
3. SEP Clients, completely independently, are told by their own internal scheduling to grab defs from the Distribution Centre

That's it.  I've already provided the link on how to point unmanaged SEP Clients at a LUA/Distribution Centre (repeated here: http://www.symantec.com/docs/TECH166129).

The Distribution Centre itself is just a web server, and can be any machine (the parent machine in each of your sites perhaps?).  The below links should help in setting up new Distribution Centres:

http://www.symantec.com/docs/TECH132545

https://www-secure.symantec.com/connect/articles/liveupdate-administrator-how-configure-remote-distribution-center

https://www-secure.symantec.com/connect/videos/liveupdate-administrator-how-configure-remote-distribution-center