Endpoint Protection

Hello,

I have been searching around and can't seem to pinpoint a clear answer.  Hopefully someone here knows.  I have an environment segragated from the internet.  We have a SEP 11 server and Windows clients.  I also have some linux clients deployed.  I update my definitions by dropping a new .JDB file every so often.  This works great with Windows clients.  My problem is trying to get my linux clients to update automatically or at all.  So what I tried to do is to implement the Live Update Server (as per the Linux client documentation) but there are a few roadblocks that I can't get past.  Installed the LU Administrator software on my SEP 11 management server.

1. Can I even configure the LU server to point to the definitions that the SEP server already has.
2. Do I point the live update administrator (for the "Source Server") to the http path of my SEP 11 server or do I use a UNC path.
      a. Root Directory? (http)
      b. login id? (http)
      c.  Port? (http)
3.  If UNC Path.  Where on the SEP server does that UNC path need to point to pick up existing definitions?  Can I create a share directly to this folder/area?
4. Not sure if Linux clients can use the definitions provided by my existing SEP 11 Server.  ie .jdb file that I drop in every week
5.  Do i need to download another file for Linux defs and if so where do i put it?  How do I do a manual update on linux clients?
6.  Can I manage the live update server from my SEP administration console?  Or do i use two separate websites/consoles? 

I apologize for all the questions, but the documentation i've found (and what came with it) seems to assume that my servers are connected (and vulnerable) to the internet.

Thanks in advance

1. No.  LUA is a completely different beast.  It is an LU mirror.  It is not recommended that a SEPM and LUA not be on the same physical server.

Title: 'LiveUpdate Administrator 2.x and Symantec Endpoint Protection Manager on the Same Physical Server'
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008060510124848


2. No, it must point to a Symantec LU server.  It can be pointed to another LUA server too.

Title: 'Configuring LiveUpdate Administrator (LUA) to download updates from another LUA Server'
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008082807141348


3. I do not know if Linux clients can retrieve definitions via UNC path.  There is more info in this document:

Title: 'Configuring Symantec Antivirus for Linux (SAVFL) to download definitions from the Distribution Center of an internal LiveUpdate Administrator (LUA) 2.x Server'
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009041712553748


4. No.   SAV for Linux has its own definitions, and LUA must be configured to retrieve those definitions via Add Products.


5. There are manual definitions for Linux machines.

Title: 'How to update a Linux-based computer with Intelligent Updater definitions'
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009101408060848


6. No, unfortunately not.  LUA has its own console.  See #1 regarding putting them on the same physical server.

Here's a walkthrough:

Title: 'Installing and configuring LiveUpdate Administrator 2.x'
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007101913262648

sandra

Thanks for the answers.  Let me see if I can communicate my problem better.  I am NOT connected to the internet.  I have to get definitions manually.  This is not a problem for the Windows stuff.  Just drop defs in one directory for all clients. Done.  Linux documentation says I need a LU server to automate defintition pushes. 

Is the internet a requirement for local LU server?

If not, according to documentation it says that you can designate local servers from which LUA can get updates.  I think I got this working.  What do I put in my source server directories?  The .jdb's the .sh script?  I keep getting a message saying no updates are currently available for the products selected in this schedule.

If you are NOT connected to the internet your LU server wil not work; you cannot manually update a LU server.
Do you need to know how to update Linux servers manually?
You cannot manage your Linux servers from SEPM
You can use this document to manage your SAV linux till SEP is supported

Management of Symantec AntiVirus (SAV) for Linux
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007100513224548
update primary server it should update other clients.

LUA never pushes definitions; client must always request, and the same is true for SEP on Windows (even the 'push' connection is a misnomer, as the 'push' is merely a prompt to check in and make the request).  There is no equivalent to a JDB that can be dropped into LUA to update it, so yes, you will need the internet to update LUA.  JDBs will NOT supply definitions to Linux machines.

You could manually download Intelligent Updater definitions for Linux and distribute them to your clients via script or something like that.

sandra

Push was the wrong word to use.  My fault.  So what is the Source server for if not for AV definitions?

From the Documentation:
Configuring Symantec LiveUpdate Administrator
By using the Configure pages, you can add and manage the products for which
you want LiveUpdate to download updates. You can also add and manage the
source servers and distribution centers, and modify general Symantec LiveUpdate
Administrator settings.

I just assumed that since a source server can be a UNC path to a local server that somehow I can put the latest definitions on that source server path so the live update server will pull them from the Source and will have them ready for when my clients do a Live Update.

Please correct me if I am misunderstanding this process.

Thanks for your assistance.

There is, to the best of my knowledge, no file that you can download (like a JDB for Windows) and place locally for a LiveUpdate Server to pull down for clients to then pull down.  The source server would be the Symantec LiveUpdate servers, or another LUA server (see #2 in my first post above).  It is where definitions and other content comes from.

I do not believe it is possible to use the Linux Intelligent Updaters to seed the LUA.  It is nothing I have ever heard of being done.  Those files are not really intended for anything but updating the local Linux client.

sandra

Hi Cuco76,

The advice above is 100% correct. LUA 2.x is designed to use a connection to the Internet to work.  It's not possible to manually drop .jdb's or files from a SAV for Linux Intelligent Updater onto a LUA 2.x server. 

Also, just for emphasis: problems will arise if LUA 2.x and SEPM are installed on the same physical server.  If you are planning on adding LUA 2.x to your environment, please chose to locate it on a server that does not have a SEPM installed.

Thanks and best regards,

Mick

This KB can help you?
Updating downloads in an internal Live Update Administrator Server using the downloads from an external Live Update Server

Thank you AravindKM!  This is exactly what I was looking for!