Endpoint Protection

HI ,

We are deploying SEP as part of Image . Not the problem is this Image will be deployed 6 months after it has been captured . So post deployment AV clients will have 6 months old definitons and it will try to download full updates from the server which would mean huge bandwidth usage considering we have 3000 clients .

To Counter this post Image is deployed , we are planning to deploy the definitons through Intelligent Updater through SCCM....

Question 1) Will it work

Question  2) According to the link there are 2 variants of definitons , Rapid release and Daily certified , which one shall we use

http://www.symantec.com/business/support/index?page=content&id=TECH102606

HAs anyone done this before ... let me know if this would work using SCCM or shall we using Image Task sequence ....

Ab

you can use any third party tool to push the Intelligent updater.

With latest IU for SEP 12.1 Ru3 you can update AV , SONAR and IPS definiton.

It should be ok to use Intelligent updater.

Will this intelligent updater file be new for each day ?

yes, INtelligent updater will be new for every day.

check this link

http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=savce

Pete is right, You can use sccm to deploy Intelligent updater. This is udpated everyday.

Hi,

Please follow the below, you can use SCCM or altris for updating your clients.

Configuring a LiveUpdate Settings policy to allow third-party content distribution to managed clients

If you want to use third-party distribution tools to update managed clients, you must configure the client group's LiveUpdate Settings policy to allow it. You can choose whether to disable the ability of client users to manually perform LiveUpdate.

When you are finished with this procedure, a folder appears on the group's client computers in the following locations:

·         Pre-Vista operating systems, Symantec Endpoint Protection 11.x legacy clients:

drive:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\inbox

·         Vista operating systems, Symantec Endpoint Protection 11.x legacy clients:

drive:\Program Data\Symantec\Symantec Endpoint Protection\inbox

·         Pre-Vista operating systems, version 12.1 Symantec Endpoint Protection clients

drive:\Documents and Settings\All Users\Application Data\Symantec\CurrentVersion\inbox

·         Vista operating systems, version 12.1 Symantec Endpoint Protection clients

drive:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\inbox

To enable third-party content distribution to managed clients with a LiveUpdate policy

1.    In the console, click Policies.

2.    Under Policies, click LiveUpdate.

3.    On the LiveUpdate Settings tab, under Tasks, click Add a LiveUpdate Setting Policy.

4.    In the LiveUpdate Policy window, in the Policy name and Description text boxes, type a name and description.

5.    Under Windows Settings, click Server Settings.

6.    Under Third Party Management, check Enable third party content management.

7.    Uncheck all other LiveUpdate source options.

8.    Click OK.

9.    In the Assign Policy dialog box, click Yes.

Optionally, you can cancel out of this procedure and assign the policy at a later time.

10.  In the Assign LiveUpdate Policy dialog box, check one or more groups to which to assign this policy, and then click Assign.

Regards

Ajin

Hi,

Please check mithun's comment in below thread.

https://www-secure.symantec.com/connect/forums/can-over-deployment-cause-update-issues

Hello,

I simply did not get what you expect to gain by pushing the Intelligent Updater (IU) rather than having the clients to pull the full definitions set from the SEP Manager, the IU is just the full definitions with an installer, the size, hence the traffic, will be the same...

Furthermore, according to our internal documentation (TECH177580 for reference):

a SEP client updated with IU will get a full definitions set at its next heartbeat with the manager

So, your clients will get twice the full signatures, once as IU once as full.zip.

This double complete download can be avoided by using the JDB file, but it is still a complete set of signatures, same size of a full.zip, you will gain nothing, just wasting time on how to use a JDB file in SEP clients.

Sincerly, the simplest thing you can do is to load the image a couple of days before using it, get the AV updates, clear the SEP HW ID and save it again...

Are you sure it will download full updates twice (2nd time after heartbeat is reestablished post deployment of IU) ... my point is if we deploy IU through SCCM , we can push it through SCCM which has a DP at each remote location ,

Otherwise the clients will download full updates directly from management server ,

loading the image would not be possible 2 days in advance ,

So your suggestion would be let the clients download updates from management server / because GUP ofcourse wont have updates for 6 mons ...

What i have seen in past is when so many clients (500 approx) are deployed together , and when they try to download full updates from management server , some client definitons become  corrupt and start malfunctioning .....

Dear Abhi,

what I wrote about double download is what documented in Symantec, you may eventually test it...

Anyway, if, in your plan, you replace SCCM with SEP Manager and DP with GUP, you should get the same result with less effort.

I am not aware of definitions becoming corrupted in the described scenario.

Ok , Then probably it makes more sense to let it downlaod directly from SEPM /GUP

Thanks ...

Hello,

just a reminder to flag a post as solution if you are OK.