You need to set up an internal LiveUpdate Administrator server to download updates and virus definitions for Symantec Endpoint Protection for Macintosh (SEP for Mac) clients.
An internal LiveUpdate server, facilitated by the LiveUpdate Administrator 2.x (LUA 2.x), can download product updates and virus definitions for Symantec Macintosh products.
This document presumes LUA has already been installed and configured for updates to Windows-based Symantec products. Please see Technical Information for installation/configuration documents for LUA.
To download updates for Macintosh products
NOTE: Due to issues with the methods used to handle Macintosh definitions with earlier version of LUA, update to the latest version of LUA. See Downloading LiveUpdate Administrator.
- The version will appear on the screen when you log into LUA.
- Otherwise, after logging in, click on About in the top right corner of the screen.
- If the version is listed is at least 2.1.3, then you will be able to obtain definitions for SEP for Macintosh.
- If the version is earlier than 2.1.3, then use the LiveUpdate link to obtain updates for LUA itself.
- Once updated, log back in, select Configure, then to the left, choose Update Symantec Product Catalog.
Add Macintosh updates to the product list
- Select Configure in the menu bar.
- On the My Symantec Products window, click Add New Products.
- Select Symantec Endpoint Protection
- Under All Products, select Symantec Endpoint Protection v12.1 and/or if appropriate Symantec Endpoint Protection v.11.0. You can also at this time choose specific localized languages for the definitions to download. Sub components (including product updates and definitions) are not visible at this point, but can later be selected in the Download and Distribute Schedule configuration windows.
- Click OK.
Configure the LUA to download only the Macintosh updates
- Select Download & Distribute
- Under Add Download Schedule, give the schedule a name (e.g. Macintosh content downloads)
- Under Select Products click Add
- At this point you can check the full product family to get all definition sets, including Macintosh definitions, OR
- Click the + symbol next to the product name to expand the list of available updates to download
- Click the + symbol again next to Content Updates to get the full list of virus definition content updates
- For Symantec Endpoint Protection v12.1, click the check box next to Client - Virus Definitions Mac, and Client - Network Threat Protection (IPS) (Mac) * (Note: You may need to add 12.1 RU4 to see the option for (IPS) (Mac))
- For Symantec Endpoint Protection v11.0, click the checkbox next to the following:
Symantec Endpoint Protection for Mac Virus Defs
Symantec Endpoint Protection for Mac Virus Defs V2
- Click the Add button
- Under Set Schedule, choose the appropriate frequency for the virus definition content updates (on a time, Daily, Weekly, Monthly or just once)
The products will then need to be added to a Distribution Center for clients to be able to download them. Please refer to "Installing and configuring LiveUpdate Administrator 2.1" for guidance on how to do this.
NOTE: Windows IIS serves only files with extensions registered in the MIME types list; if you are using a distribution center via IIS to serve updates, be sure to register all extensions that are present in the download folder. Please see "There was an error performing the update" when running Macintosh LiveUpdate retrieving updates from an IIS server' for more information.
To set up clients to download updates from the internal LiveUpdate server
For Managed SEP for Mac Clients
- Within the SEPM, choose Policies in the left pane.
- Under View Policies, highlight LiveUpdate.
- Either edit the preexisting LiveUpdate policy assigned to the group to which your Macintosh clients belong, or create a new policy under Tasks > Add a LiveUpdate Settings Policy..., to be assigned after the policy is saved.
- In the new window that appears, click on Server Settings.
NOTE: In Symantec Endpoint Protection Manager v11.0, the following policy changes will affect both Windows and Macintosh users in the group the policy is assigned to. In Symantec Endpoint Protection Manager v12.1 and later, there is a separate Mac Settings area of the policy that includes a Server Settings that will be separate than what is used by Windows clients. Be sure to choose the appropriate Server Settings section for Mac clients if you are using v12.1 or later.
- Ensure that Use a LiveUpdate server is checked, select the button next to Use a specified internal LiveUpdate server, then choose Add....
- Fill in the following information:
- Server Name: a name to identify the LUA server. This is not the path from which clients will be updating.
- Description (optional): more information on the LUA server.
- URL: The URL must appear as an HTTP or FTP path, not the local or network path to the folder on your LiveUpdate Server. For LUA, the default production distribution center for LUA 2.2 or higher would be:
(server IP address):7070/clu-prod
You can confirm by looking in the LUA console under Configure, then Client Settings.
NOTE: LUA by default uses a separate web server; if you are using a Windows IIS web site to serve Macintosh updates, be sure to register all extensions with the MIME types list.
- User name / Password: only needed if your server requires these for access.
- Click OK, then OK again to save the changes. If this is a new policy, you will be asked to assign the policy to a group; click on Yes, then assign it to the group containing the Macintosh clients.
- Macintosh clients will get the updated policy depending on communication settings and frequency of heartbeat. You can view the Policy Serial Number by looking under the QuickMenu, under Management.
For Unmanaged Clients
- From the LiveUpdate Administrator 2.x console, export the client settings host file, liveupdt.hst file, used by Java LiveUpdate clients. To generate a host file:
- On the Configure tab, click Client Settings, and then select the Distribution Center that you want your LiveUpdate clients to use.
- Click Export Java Settings to create the liveupdt.hst file.
- Copy the file to \Library\Application Support\Symantec\LiveUpdate on the Macintosh client computers. When the LiveUpdate client runs, it will use the host file for information on where to download updates.
- Modify the liveupdate.conf file directly.
- Open a Terminal window.
- Navigate to /etc by typing
sudo pico liveupdate.confto launch the text editor with Root user permissions. Authenticate with the administrator password when prompted. Command shortcuts are listed at the bottom of the screen; ^represents the Control key.
- Comment out the existing
hosts/0/url, hosts/1/urland hosts/2/urlentries by typing a # at the beginning of each line.
- On a new line, type in
hosts/0/url=then the address (fully qualified domain name or IP address) of the machine where your internal LiveUpdate updates are kept. Using the same examples given above, the format would be:
hosts/0/url=http://(server IP address):7070/clu-prod
- When finished, save your changes and exit (
^oto save changes; ^xto exit (say Yto "save modified buffer" if you have not yet already saved changes)).
If you are not comfortable using the command line text editor, please see the instructions for unmanaged clients on "How to set up clients to download updates from the internal LiveUpdate server".
To confirm clients are updating from the internal LUA server
You can verify by looking at the following files on the Macintosh client:
- The LiveUpdate Configuration file:
- The LiveUpdate Log:
Versions of LUA 2.x prior to 2.2 used port 8080 for the default Distribution Center.