By default, the Symantec Endpoint Protection Manager downloads content updates from the public Symantec LiveUpdate servers. Symantec Endpoint Protection clients then download these updates from the Symantec Endpoint Protection Manager. The content includes virus definitions, intrusion prevention signatures, and Host Integrity templates, among others.
Table: Steps to update content on the Symantec Endpoint Protection clients
Make sure that the management server has the latest content from LiveUpdate (Recommended)
By default, LiveUpdate runs as part of the Symantec Endpoint Protection Manager installation. You may need to run LiveUpdate manually in the following situations:
You skipped LiveUpdate during installation.
You must run LiveUpdate to download the Host Integrity templates and intrusion prevention signatures.
You want to run LiveUpdate before the next scheduled update.
Change how client computers get updates (Optional)
By default, Windows client computers get content updates from the management server. Other delivery methods include Group Update Providers, internal LiveUpdate servers, or third-party tool distribution. You may need to change the delivery method to support different client platforms, large numbers of clients, or network limitations.
If the management server receives too many concurrent requests for full definition packages from the clients, the network may become overloaded. You can mitigate the risk of these overloads, and stop clients from downloading full definitions.
Test engine updates before Symantec releases them (Optional)
Symantec releases engine updates on a quarterly basis. You can download the engine updates before they are released using a specific Symantec LiveUpdate server. You can then test the engine content before you roll out the content to your production environment.