Endpoint Protection

When we configured the GUP how we can verify that client are take defintion from GUP only not from SEPM.

Hello,

Check this Article:

How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)

http://www.symantec.com/docs/TECH97190

I would also suggest you to check the Articles below which may interest you:

Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP)

http://www.symantec.com/docs/TECH104539

Group Update Provider(GUP): Sizing and Scaling Guidelines

http://www.symantec.com/business/support/index?page=content&id=TECH95353&locale=en_US

SEP Content Distribution Monitor / GUP monitoring tool

http://www.symantec.com/business/support/index?page=content&id=TECH156558

GUP content monitoring tool video

https://www-secure.symantec.com/connect/videos/sep-content-distribution-monitor-introduction

and 

Link to download the SEP Content Distribution Monitor Utility 

https://www-secure.symantec.com/connect/downloads/sep-content-distribution-monitor

Hope that helps!!

Can we get the report from SEPM.

Hello,

Yes, check this Article:

How to determine what content SEP 12.1 clients are downloading from a GUP?

http://www.symantec.com/docs/TECH188574

Hope that helps!!

hi,

Check this artical

How to analyze Debug logs from GUP to determine which clients are taking definitions from GUP

https://www-secure.symantec.com/connect/articles/how-analyze-debug-logs-gup-determine-which-clients-are-taking-definitions-gup

Find the attach link

http://www.symantec.com/business/support/index?page=content&id=TECH104539&locale=en_US

How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)

http://www.symantec.com/docs/TECH97190

Check this article

https://www-secure.symantec.com/connect/articles/how-analyze-debug-logs-gup-determine-which-clients-are-taking-definitions-gup-0

Thanks above given article are helpfull for raised issue.i having 1 more query related with GUP.

Q:when we configured a client as a GUP & kept in the same group where it serving as a GUP.My question is

GUP as a antivirus client it will take definition from SEPM or it will raised definition request through the GUP.

hi,

The GUP will download definitions on-demand for itself and any clients configured to update through it. The GUP will cache all downloaded content according to the settings in its LiveUpdate policy. Clients that have been configured to use a GUP will download definitions directly from the GUP instead of SEPM. By this method, bandwidth is conserved. There must be sufficient bandwidth between the GUP and the SEPM to allow the GUP to download the full and delta definition packages being requested by SEP clients. The larger the spread of definition revisions used by the clients, the larger the bandwidth utilization between the SEPM and the GUP

Reference

http://www.symantec.com/business/support/index?page=content&id=TECH93813

A SEP client acting as a GUP will request/download content from itself.  If you look in the Client Management Log -> System logs on the GUP, you'll see logs like those below:

Hello,

The Group Update Provider was a feature request to support designating a particular client to serve as a computer that will get content updates and publish them. This is designed to provide functionality vaguely similar to configuring a legacy Symantec AntiVirus client as a secondary server.

A Group Update Provider is a client computer that receives updates from a management server. It then forwards the updates to the other client computers in the group. A Group Update Provider can update multiple groups.

The computer that is downloading and publishing the content is referred to as the “Group Update Provider.” The computers in the client group will use the designated “Group Update Provider” as a local proxy for content updates.

Note: Group Update Providers distribute all types of LiveUpdate content except client software updates. Group Update Providers also cannot be used to update policies.

Setting up a Group Update Provider is easier than setting up an internal LiveUpdate server. Group Update Providers are less resource-intensive and so reduce the load on the management servers.

This method is particularly useful for groups at remote locations with minimal bandwidth.

See Configuring Group Update Providers to distribute content .

Reference: 

http://www.symantec.com/docs/TECH102541

http://www.symantec.com/docs/HOWTO55172

http://www.symantec.com/docs/TECH96419

Hope that helps!!

You could run Wireshark on the GUP.

To see delta updates, set this display filter:

frame matches "\.[Dd][Aa][Xx]" && tcp.port==8014

To see full updates, set this display filter:

(frame matches "(?i)full.zip" ) && (tcp.srcport == 8014)

@Prem Yadav Glad you found an answer to your question.

Another option would be to use SQL to query the database directly. See my post in the SQL query thread.