Symantec Endpoint Protection (SEP) clients do not download antivirus definitions from the Group Update Provider (GUP). These clients do download and install other content properly.

Other clients in the same group are able to download the antivirus definitions.

In the debug.log from the GUP, you see proper communication with the Symantec Endpoint Protection Manager (SEPM):

09/08 09:47:32 [7464:1440] GUProxy: accepted socket 2224 for <IP address> port 1233
09/08 09:47:32 [7464:6780] GUProxy: Begin to handle accepted socket 2224
09/08 09:47:32 [7464:6780] GUPROXY - GUProxy HTTP in - GET /content/{C60DC234-65F9-4674-94AE-62158EFCA433}/110907017/Full.zip
09/08 09:47:32 [7464:6780] GUPROXY - GUProxy File - /content/{C60DC234-65F9-4674-94AE-62158EFCA433}/110907017/Full.zip
09/08 09:47:32 [7464:6780] GUPROXY - GUProxy mangled file - #content#{C60DC234-65F9-4674-94AE-62158EFCA433}#110907017#Full!zip
09/08 09:47:32 [7464:6780] GUProxy - Add request into download queue.
09/08 09:47:32 [7464:7980] GUProxy - Throttle changed to [0X00000FA0] BPS since Thread Count added to [1]
09/08 09:47:32 [7464:7980] GUPROXY - GUProxy - Requested file not in cache:  - #content#{C60DC234-65F9-4674-94AE-62158EFCA433}#110907017#Full!zip
09/08 09:47:32 [7464:7980] GUPROXY - GUProxy - Contacting the SEPM server at - <IP address>
09/08 09:47:32 [7464:7980] GUProxy - SO_RCVBUF is [8192]
09/08 09:47:32 [7464:7980] GUPROXY - GUProxy Response - HTTP/1.1 200 OK

But, the transfer of the content to the client is not confirmed by:

09/08 09:50:42 [7464:7932] GUProxy content cached - sending to client
09/08 09:50:42 [7464:7932] GUProxy send content to the client all right.

There are no errors in the log that relate to this download.

If the SEP client's content beyond the range of delta updates available on the GUP, the GUP requests a full.zip from the SEPM for that client, provided that the SEPM alsohas no delta within the needed range. The full.zip is approximately 140 MB, which the GUP downloads from the SEPM.

With the default GUP bandwidth throttling of 32Kbps, the GUP requires more than 9 hours to download the 140MB full.zip file which is too long. This does not consider the possibility of timeout issues on heavily utilized WAN links. Taking into consideration that a common user's PC runs for 8 working hours, the client may never receive this content.

In the LiveUpdate policy, increase the GUP bandwidth to a higher value. For example, 512 Kbps is a more reasonable value; however, results may vary and you may need to tune the value to your environment.

Also consider increasing the drive space used by the GUP for caching its retrieved content. This minimizes the need for the GUP to re-download content that was removed from its cache to make room for new requests. You can find this setting in the LiveUpdate Policy, under Server Settings, "Maximum disk cache size allowed for downloading updates".

Applies To

GUP bandwidth throttling is enabled and set to the default value 32 Kbps.