Endpoint Protection

Let me try to make this as understandable as possible:

I have multiple domains in my network environment. Most have access to the internet, but I'll be setting one up that doesn't have any access what-so-ever. This domain will have a Symantec Endpoint Protection server in it, and I'll need to get updates to it. Here's what I'm thinking of doing. I would like to take the updates that get downloaded from a server in a domain that does have internet access, export them, and using special hardware, transfer those updates to the domain that does not have internet access. Now my question is how do I get the SEPM server in the domain without internet access to pick up those exported updates? I know I can get the updates exported and transferred to the non-internet domain, and they'll be stored in a shared directory. How can I then get the SEPM server to look at that directory to get it's updates? 

Hello Matthew,

In such an environment I would configure LUA (Live update Server) on a machine which has internet connection. LUA is designed to download virus definitions, NTP and PTP signatures. It would distribute it to a customized list you desire.

Sharing documents on how to configure LUA :-

1] Installing and Configuring LiveUpdate Administrator 2.x (LUA 2.x)

http://www.symantec.com/docs/TECH102701

2] Top articles and Best Practices of LiveUpdate Administrator 2.x

http://www.symantec.com/docs/HOWTO41810

Cheers!

Hi Matthew,

You can configure a Liveupdate Administrator for the above.

You can refer the links below for configuration :

https://www-secure.symantec.com/connect/articles/installation-and-configuration-lua

https://www-secure.symantec.com/connect/articles/configuring-distribution-center-lua

Also please check

ftp://ftp.symantec.com/public/english_us_canada/liveupdate/luadmin.pdf

LUA can be downloaded from :

http://www.symantec.com/docs/TECH98548

You can enable third-party contecnt distribution, its documented in the implemenation Guide.

Default Folder would be the subfolder inbox from SEPM Installation.

Then you just need a tool/batch to copy over the downloaded Signature Packages from Symantec hwat runs lets say 3 times a day.

Regards 

I have an existing LUA server downloading and distributing updates to all of the servers in my environment which can access it. This new domain will NOT be able to talk to the LUA server already in production, therefore I need a way to take the files which are downloaded by the LUA server and import them into a SEPM server without access to the LUA. That's what I'm asking to do.

Hi Matthew,

Using a pair of LUA 2.x servers (one that can access the Ineternet, and one on the high-security no-access network) it is possible to keep everything up to date.  This does, however, require daily manual "sneakernet" action.  The following article has all the details:

Updating downloads in an internal LiveUpdate Administrator 2.x Server using the downloads from an external LiveUpdate Server
Article: TECH106254 | Created: 2008-01-15 | Updated: 2011-08-16 |
Article URL http://www.symantec.com/docs/TECH106254

Hope this helps!
 

To update a managed client with a .jdb file:

1. In the Symantec Endpoint Protection Manager, go to Clients.
2. Select the group in which the client or clients can be found that need to be updated manually.
3. Edit the LiveUpdate Settings Policy.
4. In the LiveUpdate Policy, choose Server Settings in the left pane.
5. In the right pane, under Third Party Management, enable the option "Enable third party content management".
6. On the SEP client, make sure that the client got the policy change by checking for the existence of this folder:
   - Windows XP / 2003: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\inbox
   - Windows Vista / 7 / 2008: C:\Program Data\Symantec\Symantec Endpoint Protection\inbox\
7. Download the .jdb file from the Symantec Security Response Website:
   - http://www.symantec.com/avcenter/defs.download.html for Certified Definitions.
   - http://www.symantec.com/avcenter/rapidrelease.download.html for Rapid Release Definitions.
   Note: the file extension may change to .zip upon download. If this is occurs, change it back to .jdb.
8. For each SEP client that needs to be updated, copy the .jdb file into the folder noted in #6 above.
9. After a few minutes the .jdb file will automatically begin to process. When complete, the client should reflect new antivirus definitions.

To manually update a SEP client

1. Go to the rapid release virus definition website
2. Download the appropriate .exe file for your SEP version and Operating System
   • symrapidreleasedefsv5i32.exe for SEP installed on 32 bits OS
   • symrapidreleasedefsv5i64.exe for SEP installed on 64 bits OS
3. Run the file on the clients you whish to update and follow the instructions on the screen.
4. After a successful update you should see the following message:
   • 
5. Open the SEP client and observe that the definitions date for the "Antivirus and Antispyware protection" has changed.

Note:

in case the Intelligent Updater executable fails, you can also locally update managed SEP clients (clients which are associated with a SEPM) with the option "Third third party content management" and a JDB file. Please consult the document "TECH104363 - How to manually update definitions for a managed Symantec Endpoint Protection Client using the .jdb file" for more information

Hi Mathew,

Just a quick check to see if you were able to configure two LUA 2.x servers to successfully update clients on the isolated network. 

If time allows, please do update this thread with your experiences and obseravtions.  Future network admins in a similar position may locate this thread via an Internet search and benefit from any advioce you can share.

Thanks once again,

Mick

Just adding a cross-ref to a new unofficial document on LUA 2.x.  It may help admins who are designing their network's update architecture to better understand LUA's capabilities, strengths and requirements.

A Helpful LiveUpdate Administrator 2.x Analogy
https://www-secure.symantec.com/connect/articles/helpful-liveupdate-administrator-2x-analogy

Please do comment on the article if it is useful or any way in which it can be improved.

Thanks and best regards,

Mick

any updates ... ?

Not so much of an update as a "workaround" fix we're going to use:

LiveUpdate allows me to create multiple distribution centers, and what we're going to do is to create one that will send the updates to a different internal web server folder. We'll be monitoring that folder with a program that will take anything added to the folder, and transfer it to an internal server using a one-way connection (Owl Computer Technologies product). Once those updates are transferred in to the network without the internet connection, it's just a matter of pointing the internal SEP server to use that directory for its updates. It sounds complicated, but we already have the hardware, it's just a matter of leveraging it to meet our needs.

Many thanks for adding your environment's solution to the thread, Matt!  Sounds like a cool, creative approach. &: )