Endpoint Protection

Several customers have reported that the servers do not propagate the updates to the clients properly.  This is happening even with the GUP configured properly. 

The updates are so irregular that the system engineers will have to cut the CDs and send to different locations.  This is difficult for 2 specific reasons:

1. Updates are very frequently done by Symantec.

2. There are so many remote sites who do not even have system engineers to install the updates.

This system has 4000 users and are all connected via WAN. The customer is now asking specific questions.

1. Is SEP built for handling systems across a WAN?

2. How can the servers be configured properly so that the updates are propagated to all the clients as identified in the GUP? 

1. Yes SEP is built for handling systems across a WAN

2. New features and functionality in Symantec Endpoint Protection Release Update 5 (SEP RU 5) Group Update Provider (GUP)
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009092821543448

Look for following in the document :-

A. Maximum bandwidth allowed for Group Update Provider downloads from the management server Controls the amount of bandwidth that the Group Update Provider uses to download content updates from the server.
 Select one of the following options:
 Check Unlimited to allow any amount of bandwidth.
 Check Up to to limit the bandwidth to the amount that you specify.
 

B.

In this case you have to isolate the issue by taking sylink logs from the GUP and few clients. However the first step is to check or configure the Liveupdate policy properly as recommended.

1. Is SEP built for handling systems across a WAN?

Yes, SEP can handle the clients across WAN.

2. How can the servers be configured properly so that the updates are propagated to all the clients as identified in the GUP? 

It's the client which request for the updates to server. It's based on heartbeat settings. The more number of revisions on SEPM, the higher chances of SEPM to generate delta assuming the clients are not frequently updated.

Hello,

For remote sites over 150-200 clients,using Live Update Administrator instead of GUP give us much better results.

For better GUP configuration,

1- Put all GUP clients on all remote sites to one group

2-Change the Liveupdate setting to use Multiple GUP with their ip addresses. (After that the clients get their GUP Roles)

3-On every group that you want to use GUP , change following groups liveupdate policy for use single GUP that points following GUP client ip that already placed on GUP Client Group. (Clients now that which GUP will they get their updates.

Regards,

Oykun

In these scenarios, are the proper updates on the GUP's?  It would be located in the Symantec Endpoint Protection program files directory under SharedUpdates.  there should be some full.zip files dated today or yesterday and other ones that end in !dax.  Those are the incremental deltas.

Do the clients know that they are to use a GUP?  You can verify by looking in the registry.  If you go to [HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate].  UseMasterClient should equal 1.  This says the client knows to use a GUP.  MasterClientHost should equal the host name of the GUP.

If all that checks out, I would enable Sylink debugging on the client.  Logs will be generated, hopefully showing why the update fails to get downloaded.  Follow these two:

How to enable Sylink Debugging for Symantec Endpoint Protection in the registry

http://www.symantec.com/business/support/index?page=content&id=TECH104758&locale=en_US

How to debug the Symantec Endpoint Protection 11.x client

http://www.symantec.com/business/support/index?page=content&id=TECH102412&locale=en_US