Endpoint Protection

Hi All,

I've got a bit of a problem that I need some help with but let me first give you the scenario.

Single Group with a 32Bit Windows Server 2003 Primary Parent Server (10.1.6.6010).
In this group I have other 32Bit Secondary servers (10.1.6.6010).
I've got a 64Bit Windows 2003 R2 Server running 10.1.6.6000 Client Version which has been installed as a managed server pointing to the 32Bit Primary Parent.

My 64Bit server will not take def updates from the 32Bit server and Symantec have advised me to use LiveUpdate Administrator. I've installed this on my primary parent but still can't get the 64Bit box to take def updates.

Wondered if anyone could run over the config from an SSC point of view so I can ensure I haven't missed anything.

Thanks in advance,

Chris.

Hi Chris,

The best document I've run across for this is a bit lengthy, but can be found here. In the section "To configure LiveUpdate Admin for Symantec AntiVirus Virus Definition downloads", make sure you chose the correct version of AV you're using as the ones specified in the document will not give you the SAV CE 10 64-bit definitions.

A short note, make sure you select "SymAllLanguages" for this update as this is the languaged SAV CE 10 uses for definitions. In addition, if you do not spend some time selecting just the updates you need in the GUI, you'll get a huge download.

The documentation for the LiveUpdate Administration Utility can be found here. It is a large PDF...

One stop shop for downloading LU and LUAU programs.

I had the same problem and it took ages for me to understand what was going on. I thought I was doing somthing wrong but its a limitation of th software. This is taken from the readme which comes with the software.  I think it will help if you have installed  the 64 bit server using the client software.


64-BIT SUPPORT
===================================================================================
-------------------------------------------------------
Managing 64-bit clients with the Symantec System Center
-------------------------------------------------------
To manage 64-bit clients with the Symantec System Center, configure the client settings so that the clients do not receive automatic virus definitions updates. The easiest way to configure the client settings is to configure a client group and place your 64-bit clients in this group. You can rely on users to click LiveUpdate, or you can set a LiveUpdate schedule for the group by using the Symantec System Center.

To manage 64-bit clients with the Symantec System Center:

1. Create a client group.

2. Right-click the client group.

3. Uncheck Inherit settings from Server Group.

4. Right-click the client group, and then select All Tasks > Symantec AntiVirus > Virus Definition Manager.

5. In the Virus Definition Manager dialog box, uncheck Update virus definitions from parent server.

6. Do one or both of the following:
    - Uncheck Do not allow client to manually launch LiveUpdate.
    - Check Schedule client for automatic updates using LiveUpdate, click Schedule, specify a schedule, and then click OK.

7. Click OK.

After you install 64-bit client software, drag the client computers into this client group.


-------------------------------
Side effects repair limitations
-------------------------------
64-bit antivirus clients support side effect repair only for 32-bit viruses and security risks that have infected the WOW64 portions of the 64-bit operating systems on AMD(R)/64 and EM64T hardware. 64-bit antivirus clients do not currently support the repair of 64-bit viruses and security risks on the 64-bit native operating system facilities outside of WOW64 on AMD/64 and EM64T hardware.

Thanks for the help all.

Managed to get this working a treat. For this with problems, this is definatly the best article for getting things working

http://entkb.symantec.com/security/output/n2006042616115348.html

Cheers,

Chris.

I've followed that article, and it looks like that is the best solution to this type of problem. But there is one part of the article that I don't understand.

"To schedule the schedule from Symantec System Center (SSC)

1. Right-click the LiveUpdate Admin Server, click All Tasks, and then click LiveUpdate.
2. Click the LiveUpdate Administrator tab to locate the scheduler."

I can't seem to find the LiveUpdate Admin server to perform these steps.

I don't see a way in the LU Admin Utility to schedule it to download updates daily. Any one know what this is referring to? I have followed every other part of the article except this. Thanks.

Can you explain what is meant by the "LiveUpdate Admin server" as mentioned in the artcile.

Here is the link

http://entkb.symantec.com/security/output/n2006042616115348.html

This article does work. I installed the LU Admin Utility and downloaded all the definitions I wanted to, including 64x, and pointed SSC to pull updates from an internal web server via a UNC path (the place where the LU admin utiltiy downloaded the files). The only problem is, how do I schedule the LU Admin utility to check for new definition updates every day? If I can figure that out, then this article is a solid work around to having to connect directly to Symantecs website.

The only part of the article I am having a problem with, is how to schedule the LU Admin utiltity. It states how to do it, through the LU Admin Server, however, I can not find this piece. If anyone has any idea where to find this or what this is, I would greatly appreciate some input. Thanks.

Is there any indication when this bug will get fixed?

Thank you.

Folks,

There is no bug. This works a treat. I have successfully setup my 64 Bit Servers to point to a 32Bit Parent running live update administrator. My clients are receiving updates and it's working great.

With regards to scheduling, it's really easily. Even easier if you're 64 Bit Clients are in a sub client group.

In the SSC, right click your client folder and navigate to All Tasks > Symantec AntiVirus > Virus Definition Manager. From here, click the Schedule button and you can now set how often clients in this client group look to live update administrator for updates.

Please understand the live update administrator is simple a through device. If I client requests an update, live update administrator connects to the Symantec ftp site and downloads updates as requested, then passing them onto the client that made the request. This is really handy if your company policy is to restrict port 21 etc.

Any problems get in touch, but it's really simple and works a treat.

Regards,

Chris.

Thanks Chris.

So I configured Live update with SSC to pull from an internal server and pointed it to the UNC path where the LiveUpdate Admin Utility downloaded the definitions. I have also gone to Virus Definition manager for the group of clients and specified how frequnetly to check for new updates using live update.

Any time a client makes a request, the Live Update Admin utility will download new updates? If so, then I'm all set.

There's two ways to schedule LiveUpdate administrator:

1. Using the SSC (as discussed above)
2. Using a program to schedule LUAdmin to run. If you're using MS Task scheduler, you need to call luadmin.exe silently (luadmin.exe -silent)... The switches for luadmin.exe can be found here:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002022713034648

All

In a setup where there is one primary and multiple secondary SAV servers, should LUadmin be installed on the primary, or can it be installed on a secondary?  Does it matter?

Rgds

Tim

 It doesn't matter.Till the primary is able to access to that computer.
But if your LU Admin can connect the internet from Primary server then why not let primary server download the defs.

However if you wanna test the defs n all..then installing it on the Primary will be benificial as it will be local otherwise even if you install on any other computer it doesn't matter till your primary is able to access the LUA.