Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

LUA workflow

  • 1.  LUA workflow

    Posted Sep 04, 2013 04:50 AM

    Hello,

    we use LUA to download update on internet and push it to our SEPM.

    Can someone help me to understant the workflow of the LUA for these 2 processes ? I mean, how files are downloaded, where, from which process... What log can be useful..

    Thnaks in advance

     

    Regards



  • 2.  RE: LUA workflow

    Posted Sep 04, 2013 05:51 AM

    LUAdmin will use internet and download the defs, this will download all the products defined in catalog

    in sepm you will put the Luadmin url Http://luaminserver:7070/clu-prod

    sepm will then get it from luadmin.

    Edit: this should help

    LiveUpdate and content troubleshooting for the Symantec Endpoint Protection Manager



  • 3.  RE: LUA workflow

    Trusted Advisor


  • 4.  RE: LUA workflow

    Posted Sep 04, 2013 06:03 AM

    I can recommend to check the available best practices documentation about LUA,  that should give you more insight in how LUA works and how it is configured:

    Knowledgebase Articles for Liveupdate Administrator (LUA)

    https://www-secure.symantec.com/connect/articles/knowledgebase-articles-liveupdate-administrator-lua



  • 5.  RE: LUA workflow

    Posted Sep 04, 2013 06:57 AM

    Hi Xtof,

    we use LUA to download update on internet and push it to our SEPM.

    Can the SEPM in your organization access the Interenet, or is it on a dark network / airgapped that has no access?  If it can reach the Internet, I recommend allowing the SEPM to download and distribute the contents that it needs to its SEP clients.  The network usage will always be more efficient (able to use deltas for definition updates, etc).

    If the SEPM cannot reach the Internet, then using an LUA 2.x server is definitely a way to make sure that your SEPM and its clients stay up-to-date with all content types. 

    These articles may help:

    When to use LiveUpdate Administrator
    http://www.symantec.com/docs/TECH154896 
     

    How to configure LiveUpdate to use alternate sources through the Symantec Endpoint Protection Manager Console
    http://www.symantec.com/docs/TECH103706 
     

    Updating downloads in an internal LiveUpdate Administrator 2.x Server using the downloads from an external LiveUpdate Server
    http://www.symantec.com/docs/TECH106254 
     



  • 6.  RE: LUA workflow

    Posted Sep 04, 2013 07:44 AM
    HI,
     
    How client computers receive content updates
     
    Client computers can use LiveUpdate to download security definitions and other product updates automatically, but several other content distribution methods are available to update clients.
    The LiveUpdate server schedule settings are defined in the Site Properties on the Admin page. The LiveUpdate client schedule settings are defined in the LiveUpdate Settings policy.
    When you add and apply a LiveUpdate Settings policy, you should have a plan for how often you want client computers to check for updates. The default setting is every four hours. You should also know the place from which you want your client computers to check for and get updates. If possible, you want client computers to check for and get updates from the Symantec Endpoint Protection Manager. After you create your policy, you can assign the policy to one or more groups and locations.
     
    Regards
    Ajin
     


  • 7.  RE: LUA workflow

    Posted Sep 04, 2013 10:19 AM

    Hello,

    clients use Sepliveupdate when connected on internet ans SEPM when on the LAN.

    LUA are used because we use an homologation process through this service.

    What i'm looking for is Flowchart of the global process from the download on internet to distribution on SEPM. Files and folders used for example..

    Regards



  • 8.  RE: LUA workflow

    Posted Sep 04, 2013 10:39 AM

    At a very high level, it kinda goes like this:

    1. LUA connects to Symantec LiveUpdate on the 'net when the download schedule hits
    2. Downloads content to Temp directory (C:\TempDownload by default but configurable under Configure -> Preferences on LUA)
    3. After downloads are complete the LUA then processes these into the Downloads directory (C:\ProgramData\Symantec\LiveUpdate Administrator\Downloads\ by default, again configurable)
    4. Download scheduled job ends
    5. Distribution job connects the configured Distribution Centres and pushes content out using configured mechanism (UNC\HTTP\FTP).  The fodler this drops into depends on the Distribution Centre, but the default ones (installed with the LUA) go to "C:\Program Files (x86)\Symantec\LiveUpdate Administrator\clu-prod" and "C:\Program Files (x86)\Symantec\LiveUpdate Administrator\clu-test"
    6. Dist job ends
    7. SEPM Performs LU to http://<LUA>:7070/clu-prod
    8. LU Client on SEPM downloads defs to "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads" or "C:\ProgramData\Symantec\LiveUpdate\Downloads" depending on OS
    9. These are then processed by the SEPM into the DB, and into the "Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content" folder

    And that's pretty much it as far as the SEPM and LUA goes.  Clients will update as normal from then on out (so heartbeat, delta generation, delta download, client processes delta and updates).

    Defaults are assumed where applicable BTW



  • 9.  RE: LUA workflow

    Posted Sep 04, 2013 10:41 AM

    Thanks for this answer.

    Is there somewhere explanation of files used (livetri, mini...) ?



  • 10.  RE: LUA workflow

    Posted Sep 04, 2013 10:54 AM

    You can actually discern much of the purpose of the various files from the log.liveupdate file on the SEPM.

    From the looks of it, the tri files lists what there is to download, and the zip, 7z, m26, x64 files appear to be the actual content



  • 11.  RE: LUA workflow

    Posted Sep 05, 2013 03:20 AM

    Thanks.

    My last question is "what are these files, each extension ?"



  • 12.  RE: LUA workflow

    Posted Sep 05, 2013 03:36 AM

    Perhaps this will help?

    http://www.symantec.com/docs/TECH166279



  • 13.  RE: LUA workflow

    Trusted Advisor
    Posted Sep 05, 2013 04:44 AM

    Hello,

    Check these Articles:

    LiveUpdate Administrator 2.x: What product selections are needed for specific versions of Symantec Endpoint Protection?

    http://www.symantec.com/docs/TECH139618

    Symantec Endpoint Protection 11.x LiveUpdate "Micro Definition" Updates Explained

    http://www.symantec.com/docs/TECH180196

    How to understand the file extensions of Symantec Endpoint Protection 11 updates in LiveUpdate Administrator 2.x

    http://www.symantec.com/docs/HOWTO42219

    Hope that helps!!