Endpoint Protection

 View Only
  • 1.  Location awareness not working

    Posted Apr 18, 2011 04:14 PM

    I have location awareness setup to detect when the Ethernet is in use and then block all wireless traffic and allow wireless traffic after the LAN cable is removed. When I switch locations I do not get a notification although notifications are enabled for the locations. So the rules for the locations do not appear to be working either. I have to turn off the wireless adapter for things to work again even though the metric for the LAN should take precedence.



  • 2.  RE: Location awareness not working

    Posted Apr 18, 2011 04:16 PM

    What version of SEP 11 are you running? A fix was included in RU6 MP3.

     

    Symantec Endpoint Protection client location awareness changes location incorrectly
    Fix ID: 2189866
    Symptom: A Symantec Endpoint Protection client with location awareness enabled changes locations incorrectly.
    Solution: If the TTL (time-to-live) on DNS responses is very short, Symantec Endpoint Protection may incorrectly detect a new location change. Symantec Endpoint Protection was modified to handle very short TTL on DNS responses.
     
     
     
     
     
    This was fixed in RU6 MP2-
     
    DHCP suffix matching now looks at the active interface and will switch locations
    Fix ID: 2077809
    Symptom: You have configured your location-based criteria to use a DHCP connection DNS suffix. The client network changes so the rule does not match, yet the client does not switch locations.
    Solution: After the computer shuts down and switches to another network interface, the offline interface's DHCP DNS suffix was still being used to choose the location. The client was modified to use the online interface suffix only.
     
    http://www.symantec.com/business/support/index?page=content&id=TECH103087&locale=en_US


  • 3.  RE: Location awareness not working

    Posted Apr 19, 2011 06:11 PM

    Hi.

    In any of your locations, do you have a criteria about contacting the SEPM server? There is an issue with RU5 where the location will only change when it contacts the SEPM server again during the next heartbeat. In our case, that was a delay of 2hrs.

    My preferred location criteria is the default gateway. This will change from wired to wireless connection && from office to office. We have two DHCP server world wide & one DNS domain. Using those criteria will not change anything for us.

    Have a look at the comment from Mithun here. There is also a TECH article 98211 for best practices.



  • 4.  RE: Location awareness not working

    Broadcom Employee
    Posted Apr 20, 2011 03:59 AM

    I strongly suggest using the latest SEP version (RU6 MP3 = 11.0.6300.803).

    To check if the location is switched correctly you can control by opening SEP interface and go to Help and Support -> Troubleshooting and see under Location if it is switched or not.

    Beffore trying locations, please ensure if the firewall rule is configured correctly:

    How to block all Wireless traffic when an Ethernet interface is active using Symantec Endpoint Protection 11.x
    http://www.symantec.com/business/support/index?page=content&id=TECH104970&locale=en_US

    There can be issues with correct working of this policy if there is a third party software which manages wireless cards



  • 5.  RE: Location awareness not working

    Broadcom Employee
    Posted Apr 25, 2011 11:50 AM

    Hi,

    Check the following articles.

    Location Awareness Logic
     
    http://www.symantec.com/business/support/index?page=content&id=TECH97097
     
    Best Practices for Symantec Endpoint Protection Location Awareness
     
    http://www.symantec.com/business/support/index?page=content&id=TECH98211