We have a SEPM in Network A and 20 unmanaged machines at a seperate branch - Network B . Can I setup a liveupdate server in Network B to provide updates only and not manage these machines(policies etc) and use Network's A SEPM to obtain updates-? Customer only wants to use one server to provide updates to all 20 machines....
Any help would be appreciated.
Thanks in advance
Hope this help
Is it Supported to Configure Unmanaged Symantec Endpoint Protection Clients to Update from LiveUpdate Administrator 2.x rather than the Symantec Endpoint Protection Manager?
Sooooo, yes you can point all the NetworkB clients at a LUA Server in NetworkB (as pointed out by James007 above!), but you cannot get the LUA Server in NetworkB to grab its own defs from your SEPM in NetworkA in a supported fashion. The LUA Server in NetworkB would have to go out directly to Symantec LiveUpdate.
Client won't be able download updated from a SEPM or a GUP without being a managed. Because the clients need to communicate with the SEPM to findout what latest definition it has. and request a link to download it, if needed.
I understand that you don't want to use another server for liveupdate distribution. An alternative would be to install an LUA on the same server in which the SEPM in installed. But Symantec doesn't recommend installing SEPM and LUA on the same server. The reason being that LUA download its definitions from internet (not from SEPM) and it involves download and distribution of huge data (in GB) and installing SEPM and LUA on same server may cause performance as well as bandwidth issues on the server.
I would suggest you to deploy a script or a thirdparty deployment tool to update the clients manually using the method mentioned in the below link. But to do this you might have to first export an unmanaged client installation package from SEPM with the policies set as in the given link and reinstall SEP on the 20 unmanaged clients.
I don't think you will be able to use JDB file everytime to update just AV definitions for the 20 endpoints.
Best option would be to make the 20 endpoints Managed clients and allowing them to take definition from Symantec Cloud (Internet).
Else you can have them as managed and promote any of the endpoint as GUP for Network B. Now GUP alone will take definitions from the SEPM in Network A. Rest of the endpoints in Network B will take it from the GUP in their same vicinity. There will be less administrative intervention needed in this setup.
As there are only 20 endpoints, any descent desktop should be able to perform as GUP. It should be connected to LAN and should be made to run 24X7 to ensure effective content distribution. Else you can resort to having a dedicated server with minimal configuration for GUP.
Hope this helps!
@ Maria Robinath Thanks, had that in mind as well.
Being as though the solution has been provided by @Seyed I comment merely that unmanaged endpoints clearly suffer compared to managed endpoints. Simply providing content definitions and signatures being deployed to a seperate branch (assuming these are corporate endpoints like under the SEPM at Network A) at Network B is not sound.
Difference between a managed Symantec Endpoint Protection (SEP) Client and an Unmanaged SEP Client (Article: TECH185894)(First column is dispositive I have had to clearly articulate in the role of a SEP/SEPM admin)