Endpoint Protection

 View Only

  • 1.  GUP Updating

    Posted Aug 30, 2012 05:56 PM

    Hi, I'm fairly new to Symantec Endpoint Protection,so I had a few questions I was hoping someone could clarify.

    1. Is it possible for a GUP to update a GUP?

    2. If a GUP can update another GUP and all the GUPs are out of date, if all GUPs are told to update at the same time, will a GUP query another GUP and wait for it to finish before updating from that GUP?

    3.  Is a GUP supposed to follow the LiveUpdate policy for when it updates because I've seen GUPs update at times other than what is specified in the LiveUpdate policy?

    4.  Is it best practice to use the inherited policy from the Main section for all the sites in different locations?

    5.  With GUP updating, if I have 3 subnets at one location, such as 192.168.1.x, 192.168.2.x, and 192.168.3.x, but I only have a GUP on the 192.168.1.x subnet, will that GUP server update clients on the other 2 subnets despite having a multiple GUP list but no backup GUP specified because they all exist at that location?



  • 2.  RE: GUP Updating

    Posted Aug 30, 2012 09:17 PM

    1. In theory yes, however you can't have multiple GUPs on the same subnet. 

    2. See response to 1 but in theory, the server can handle X amount of connections at the same time

    3. How is it configured?

    4. Not necessarily, depends on the needs of your site. They may need different policies.

    5. Yes, as long as you specify in the location awareness the correct subnet ranges.



  • 3.  RE: GUP Updating

    Posted Aug 30, 2012 10:32 PM

    1. What happens if there are multiple GUPs on the same subnet?

    3. The LiveUpdate policy is set for once per day, after noon, with a 7 hour window. I see GUPs updating in the morning or even before noon, at random.

    5.  Would this require breaking the policy inheritance to be able to specify the proper subnets for each location?

    One other question.  Would are the differences in the log sizes if the hearbeat is set to 30 minutes and left in push mode as opposed to pull mode? 

     

     

     

     

     

     

     



  • 4.  RE: GUP Updating
    Best Answer

    Posted Aug 31, 2012 04:11 AM

    It might be worth reviewing the below articles for more info on GUPs and what they do:

    http://www.symantec.com/docs/TECH139867
    http://www.symantec.com/docs/TECH122515
    http://www.symantec.com/docs/TECH95353

    But to take a stab at your questions (focussing on your OP):

    1. Yes, it is possible to have GUPs obtaining updates via other GUPs.  This usually only happens when there is more than one GUP in the same subnet (regardless of whether they are defined as "Single GUPs" via lots of different LU Policies, or as "Multiple GUPs").  When this happens, as per the article above, the GUP with the lowest IP address is used for updates.  As only the GUP with the lowest IP address is used, the other GUPs in the same subnet are effectively normal SEP Clients.  While they may listen for requests, they won't actually get asked for updates.
    2. You can't daisy-chain GUPs so this question is moot
    3. Both the GUP and the "Use Default management server" options have no schedule, and operate solely on the heartbeat interval.  It's also worth noting that this is initiated by the client, so there is no way of scheduling the distribution of updates when using either of these options.  The LU Scheule only applies to an LU session (where a client connects to either Symantec or to an internal LUA).
    4. As Brian says, configuring inheritance is up to you ("Thumbs UP" BTW!)
    5. Nopes, a GUP must be configured as either a "Single GUP" or a "Backup GUP" in order to be used by SEP Clients from other subnets.  If it is only listed in the "Multiple GUP" list, then the clients in subnets 192.168.2.* and 192.168.3.* will not try to use a GUP in the 192.168.1.* subnet.

    Please take note of the below as well:

    • The logic of choosing which GUP to use is performed by the clients, not the GUPs.
    • The update sequence it initiated by the client
    • The GUP only caches what has been requested of it by the clients talking to it (the files cached are often different between different GUPs)

    Finally, regarding logs and heartbeat intervals, take a peek at the below articles:

    http://www.symantec.com/docs/TECH123242
    http://www.symantec.com/docs/TECH92051



  • 5.  RE: GUP Updating

    Posted Sep 03, 2012 06:09 PM

    I think SMLatCST answers your questions the best.

    One additional point that often gets over looked. The GUP component is really just a DLL to launch a webserver to host the definitions. The SEP client on the GUP machine still acts independantly and needs updating just like any other client. Just because the client is up to date does not mean the GUP is distributing up to date definitions. Or vice versa, just because the GUP is distributing updated definitions does not mean the SEP client on the same workstation is up to date.



  • 6.  RE: GUP Updating

    Posted Sep 05, 2012 08:15 AM

    The GUP only caches what has been requested of it by the clients talking to it (the files cached are often different between different GUPs)

     

    I guess this is why I see differences in sizes of total amounts downloaded amongst the different GUPs.  Thanks for all the answers!!!