Endpoint Protection

This is the standard interface to enter Explicit Group Update Providers in SEP 12.2.x: 

This interface is servicable enough with a small number of entries, but when you are entering in hundreds of entries, this interface can be time consuming.  Using instructions similar to the KB article "How can I add a large number of hosts to a Host Group in Symantec Endpoint Protection", we can enter in multiple entries easily into the Explicit Group Update Provider List (or the multiple Group Update Provider list).  Here are the instructions that are based off the ones in the linked knowledge based article. 


1. Login into your SEPM management console

2.  Go to Policies - Live Update

3. Export an existing Live Update policies that includes at least one explicit GUP in it that you want to bulk add GUP's to. 

4. Rename the exported policy from *.dat to *.zip

5.  Open up the zip archive and extract the main.xml file

6. Open the main.xml file

7.  Find the section marked <ExplicitGUPMapping> and copy the whole section. 

8. Create a new excel document 

9.  Add a list of subnets in Column B of of the document and a list of the corresponding GUPs per subnet in Column D

10.  In Column F you will need to paste in a list of unique 128 bit Hex keys that are as long as your list of hosts

11. Add the beginning XML tag to Column A (example:  <ExplicitGupEntry ClientSubnet=")

12.  In Column C place the tag information that occurs after the subnet, but before the IP address (example: " GupMappingType=GUP_IPADDRESS" GupMappingValue=")

13. In Column E we place the XML tag information that happens after the IP addres, but before the unique key (example: " Port=2967" _d="false" _i=")

13. In Column G you paste in the closing tag information (example: " _t="1354330697081" _v="6"/>)

Things to be aware of in this step as an FYI:

o   _v  parameters can all be the same

o   _t  parameters can all be the same

14. Use Excel to fill in Columns A, C, E, G with the information you placed in the first row. 

15.  Copy Columns A through G and paste them into your text editor of choice.   You will have to remove the the tabs in the document to get the formatting correct.  If you are using Notepad copy one of the tabs and use Find/Replace to remove the tabs.   After you are finished you will have a list that looks like this:

16.  Copy and past this into the explicit GUP section of the main.xml file

17.  Save the main.xml file and zip it up.  

18.  Rename the .zip file to a .dat file

19.  Import this policy into your SEPM and have an updated list of GUP providers.  

This method should only be used if you are dealing with an extremely large number of GUPs.   For a handful of GUPs any time savings you gained from this method would be minimal.  

This same method can be used for inputting multiple GUPs into the SEPM by using the steps listed (altered for the XML) and going under the GUPRuleSet section of the main.xml file.   For this section you will only need 4 columns.  Column A will be the beginning of the XML tag, Column B will be the hex string that occurs after i=", Column C you can copy everything before the IP address, Column D will be your GUP IP Addresses, and Column E will be the closing of your XML tag following the IP address. 


 

Brent Gueth
Security Consultant
Conventus Corporation

 

I also forgot to add, please test this in your development environment before importing it directly into your production environment. 


Brent Gueth
Security Consultant
Conventus Corporation

Please add this as an article as well so it won't get lost in the shuffle of all the posts on here. Thanks for posting this.

Good Idea..You can post in Ideas or Article Sections.

I was just wondering about one of the steps?

In step 10 you write:

"In Column F you will need to paste in a list of unique 128 bit Hex keys that are as long as your list of hosts"

How do i determine the hex value based on my number of hosts? The number of host can also vary from day to day. Is this a problem?

Best Regards

Torb

"In Column F you will need to paste in a list of unique 128 bit Hex keys that are as long as your list of hosts"

This is a wonderful article, except I have no way of creating a list of unique 128bit Hex keys

And, even if I can create these Hex keys, how do I know they are already NOT in use within SEPM?

In response to RSASAKA - There are many 128bit Hex generators online or a VB script programmer to generate them for you. You are unlikely to generate a collision based on the number of possiblities available, but it is my understanding the numbers on this list are specific to the GUPs listed and do not have any correlation to other keys in the SEPM. 

in response to Torb above - if you are changing the number of explicit GUPs on a daily basis, then this method would only be useful for your static list of GUPs.   Addtionaly GUPs would still have to be manually added or removed. 

Brent Gueth
Security Consultant
Conventus Corporation

There is a tool I created to help you build a LiveUpdate policy with multiple explicit GUPS.  Check out this page for details on the tool:

https://www-secure.symantec.com/connect/downloads/generate-liveupdate-policies-have-many-gup-subnets

Good to know !!!

Really a good one Elisha and Brent

Hi Brent,

Good to see your post, Nice post i hope this post will help.