How will the Symantec Endpoint Protection (SEP) client update if it is configured to use both LiveUpdate and a management server (Symantec Endpoint Protection Manager) for updates?
LiveUpdate will run when the computer starts up, regardless of whether the SEP client's SMC process has started or not. Thereafter, LiveUpdate will run according to the LiveUpdate schedule it has received from its LiveUpdate policy.
On the start of the SMC process, the SEP client will communicate with its SEPM (management server) and receive the index file which indicates if newer content is available for download. It will continue to check this index file from the SEPM on each subsequent heartbeat that it communicates with the SEPM. It will update its definitions if the SEPM has newer definitions to offer.
When configuring the LiveUpdate policy, there is no option to configure LiveUpdate as a backup only in case the client can not connect to the SEPM. This can, however, be achieved through the use of different Locations.
Configuring both sources in LiveUpdate policy can cause the following problems :
The client may have to download a large full.zip set of definitions from the SEPM if it downloaded a previous revision from LiveUpdate that is not present on the SEPM (SEPM will be unable to create the appropriate delta)
If a definition roll back is configured on the SEPM, it will be ignored by LiveUpdate.
If the SEPM definitions are always behind because of definition testing, then the client will most likely always update from LiveUpdate.
As such, this configuration is usually not recommended and should only be used with a good understanding of the above.
Imported Document ID: TECH140817
Subscribing will provide email updates when this Article is updated. Login is required.