Endpoint Protection

 View Only

  • 1.  SAV 10.1.4 - Discovery Service

    Posted Nov 26, 2009 07:28 AM
    Hi everyone.

    Just want to check something.

    Is the descovery service the same thing 'check in time' (Tools > Discovery Service)

    i.e if it  is set to 60 minutes, do the clients check in every 60 mins or is that the server refresh (i.e refrsh list of clients in the sav console?



    Just need to know whether this is the server list refresh or the actual client check in time.

    If it is, may have an issue with corrupt clients attmptint to download from SAV every 50 minutes and would increase the time, but want to make sure I have the right setting.

    This is the setting I am on about:

    disc.jpg


  • 2.  RE: SAV 10.1.4 - Discovery Service

    Posted Nov 26, 2009 07:53 AM
    To discover computers on the network, a computer that runs the Symantec System Center sends several pings, which are UDP broadcasts to port 38293, to the network. The ping program verifies that the remote computer exists and can accept requests.. Only antivirus servers are discovered by using this ping and pong mechanism. Symantec Client Security finds client information by querying the server for its client information. Clients ping the server to get the port number that the server’s Rtvscan listens on. The client’s Rtvscan can then send its keep-alive packet to the parent server’s Rtvscan, and  communication can begin. The keep-alive packet contains information such as the following:
     
    ■ Date of the computer’s virus definitions files
    ■ When the computer was last infected
    ■ Firewall version
    ■ Timestamp of the firewall policy
    ■ If the firewall is installed, enabled, and whether there was an error importing the last policy sent
    ■ If the firewall policy on the server and client differ IP pings are sent to the remote computer running Symantec Client Security server software to determine what type of protocol it uses.
     
    The data from the computer that runs Symantec Client Security client software is stored on the computer that runs Symantec Client Security server software that is the client’s parent management server. The Symantec System Center console reads each parent management server’s registry to get the data that it displays in the console.
     
    You can configure the Discovery Cycle time-out interval. By default, the interval is set to 480 minutes (every 8 hours), but you can set the time-out to any value from 1 to 1440 minutes between Discovery attempts. A new Discovery is skipped if the last Discovery is still running. For example, if you have Discovery set to run once a minute, and Discovery takes 20 minutes, 19 Discovery attempts are skipped.
     
    Using the Refresh feature
     
    In the Symantec System Center console, you can refresh the information in the console at the system hierarchy, server group, or server level to validate active communication with the list of currently displayed servers. If the refresh determines that a server that previously appeared in the server group view is nolonger communicating, the unavailable server icon appears.
     
    Note: The Refresh feature does not find servers or server groups that may havebeen added since the current session of the Symantec System Center started.


  • 3.  RE: SAV 10.1.4 - Discovery Service

    Posted Nov 26, 2009 08:01 AM
    Thanks Prachand,

    So if there is a newer def at this interval (when communication occurs between client and server), the client will attmept to download from PArent server, correct?

    So reading that, is the answer YES, the discovery time is the check in time of client?  I am word it wrong I guess, Check in suggest 'pull', but I think as described above SAV is push.

    The check in colum can be seen int eh default SEP view - this is when SAV communicates with clients - every xx minutes.


  • 4.  RE: SAV 10.1.4 - Discovery Service

    Posted Nov 26, 2009 08:30 AM
    Reading that again.
    Is that just the discvofery/fresh itnerval of AV SERVERS not clients?

    Where is the client check in defined?


  • 5.  RE: SAV 10.1.4 - Discovery Service

    Posted Nov 26, 2009 08:37 AM

    Client Checkin

    63

    GL_EVENT_CLIENT_CHECKIN

    Occurs when a client checks in with its parent server for configuration changes.

    Title: 'Symantec AntiVirus 10.x and Symantec Client Security 3.x event log entries'
    Document ID: 2008070809521648
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008070809521648?Open&seg=ent


  • 6.  RE: SAV 10.1.4 - Discovery Service
    Best Answer

    Posted Nov 26, 2009 08:41 AM
     
    By default, clients are configured to check in for configuration updates every 60 minutes. Configuring clients to be skipped if they are late checking in should result in faster performance during rollouts; if they are not skipped, the thread that is used for each offline client is tied up until it times out. Clients receive the appropriate updates after they check in. Checking this option is not recommended in environments in which multiple clients are offline frequently, such as when many clients use VPN tunnels.
     
     
    Showing when clients are offline
     
    You can configure the Symantec System Center console to show when computers running Symantec Client Security client software are not currently connected to the network. client is offline.
     
    To show when clients are offline
     
    1 On the Tools menu, click SSC Console Options.
     
    2 In the SSC Console Options Properties dialog box, on the Client Display tab, under Client Configuration Options, check Indicate when clients are offline.
    This option is unchecked by default.


  • 7.  RE: SAV 10.1.4 - Discovery Service

    Posted Nov 26, 2009 08:45 AM

    Hi

    clients check in times are those which you have set for virus updates.Its only at this time interval the client been set to talk to the server

    Troubleshooting communication problems with Symantec Client Security 3.x or Symantec AntiVirus Corporate Edition 10.x

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2005033015282148?Open&src=tranus_con_sl



  • 8.  RE: SAV 10.1.4 - Discovery Service

    Posted Nov 26, 2009 12:04 PM
    Discovery Service is used to discover the server not the client.

    Client will connect to server based on the time interval mentioned.

    You can force a client to check in using the SSC console(Right client on the client and you can update virus definition or do other action)