Endpoint Protection

 View Only

  • 1.  akamai Technologies and SEP installs

    Posted Apr 20, 2010 02:10 PM
    Hello Team,
    Question:
    I deployed  a user with SEP RU6 today and it killed the bandwidth.
    In my troubleshooting I noticed the site install was going out akamaitechnologies.com

    Can someone please describe the relationship between the two?

    Thank you,
     


  • 2.  RE: akamai Technologies and SEP installs
    Best Answer

    Posted Apr 20, 2010 02:18 PM
    All liveupdate servers are using akamaitechnology..for definition and patch updates..

    When you run Liveupdate it goes to

    liveupdate.symantecliveupdate.com
    or liveupdate.symantec.com

    then these site search which is the closest Akamai server in your location and then from those akamai server your definitions get downloaded.

    Symantec definitions are hosted on Akamai servers.So that for liveupdate around the world everybody doesn't have to go to US Liveupdate servers.


  • 3.  RE: akamai Technologies and SEP installs

    Posted Apr 20, 2010 02:52 PM
    Is this not the case?
    Or only on install.

    I am showing that akamai was pushing 590.02 Mb in 59k packets.


  • 4.  RE: akamai Technologies and SEP installs

    Posted Apr 20, 2010 03:36 PM
    Yes Definitions doe come from SEPM but initially when defs are not there Clients do tend to connect to internet for definitions.


  • 5.  RE: akamai Technologies and SEP installs

    Posted Apr 20, 2010 04:28 PM
    Some sort of configuration? I can make?
    This would appear to be a serious flaw, because if only one client push can saturate the bandwidth, and I have thousands of clients..
    well, you get the idea.

    Could I set up a self-managed then change to self managed to avoid this?
    Would a GUP help?

    Thank you,



  • 6.  RE: akamai Technologies and SEP installs

    Posted Apr 20, 2010 05:18 PM

    How to deploy the Symantec Endpoint Protection (SEP) client Release Update 5 or later with current virus definitions and intrusion prevention signatures.

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008042213451848?Open&seg=ent



  • 7.  RE: akamai Technologies and SEP installs

    Posted Apr 20, 2010 06:05 PM
    Your policies for LiveUpdate are incorrect, and you have clients going out to the public Internet for updates.

    Fix your polices in the SEPM, and your problems will go away.


  • 8.  RE: akamai Technologies and SEP installs

    Posted Apr 20, 2010 06:21 PM
    That right..Make sure in your SEPM-Policies-Liveupdate- 
    Only first option is checked -Default liveupdate server ( Management server).
    The second option should not be checked.


  • 9.  RE: akamai Technologies and SEP installs

    Posted Apr 20, 2010 06:31 PM
    It sounds to me like your client install is launching LiveUpdate after installation, which I believe is a default setting if the "Use a Live Update Server" option is checked in the LiveUpdate policy.  You can use MSI switches to disable launching LiveUpdate after installation.

    Title: 'Post-install LiveUpdate and Reboot information for Symantec Endpoint Protection'
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008121810204648

    Title: 'MSI command line reference for Symantec Endpoint Protection 11.0'
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007101610183248

    I can't believe I couldn't find an Idea for this already:
    https://www-secure.symantec.com/connect/idea/suppress-liveupdate-session-post-sep-install

    sandra