Configuring mobile computers to automatically download definitions when disconnected from the Symantec Endpoint Protection 12.1 Management console
Last Updated February 13, 2015
Symantec Endpoint Protection (SEP) clients take 2 days to check for definitions when disconnected from the Symantec Endpoint Protection Manager (SEPM). Changing the update schedule to run more frequently does not help.
The default LiveUpdate Settings Policy configuration prevents SEP clients from checking the Symantec LiveUpdate servers until the definitions are 2 days old. This is designed to avoid unnecessary traffic while a client is in contact with the SEPM.
Using Location Awareness, it is possible to maintain the default policy when connected locally, but detect when the client is off-site and start checking the Symantec LiveUpdate server for updates. This can be achieved through configuration changes in the SEPM. There are two parts to setting up this feature:
Part 1: Configuring Locations and the criteria for Location switching within the applicable group(s) in the SEPM.
Part 2: Configuring a LiveUpdate Settings policy to only Use the default Symantec Liveupdate server.
Follow the steps for each part below:
Part 1: How to configure a Location and create Location switching criteria for a group in the SEPM
Click Clients in the left navigation bar of the SEPM.
Under View Clients select the group which includes your mobile computers.
At the top of the group pane, click Policies.
Under Tasks, click the Manage Locations option to launch the Manage Locations dialog box. Note: You must edit a parent group or uncheck inherit policies to edit locations.
Near the bottom of the Locations section, click Add.
Enter a Name for your location (i.e. Off-Site), a Description (if desired), and click OK.
Ensure that the Enable this location option is checked.
At the Switch to this location when: section, click Add.
In the Specify Location Criteria window, select a criteria type in the drop down menu.
To specify the conditions of the selected criteria, click Add and type the value you wish to use for the condition.
Adjust the location check interval, if desired. (120 to 300 seconds is recommended.)
If you wish a notification message to be displayed when the criteria for location change has been met, check the Enable location change notification box.
Click OK to complete the process. Your new Location appears under the Policies tab.
Part 2: How to configure a LiveUpdate Settings policy to only Use the default Symantec LiveUpdate server
Click Policies in the left navigation bar of the SEPM.
Under View Policies, click LiveUpdate.
On the LiveUpdate Settings tab, under Tasks, click Add a LiveUpdate Settings policy.
In the Overview pane, in the Policy name box, type a name for the policy. (i.e. Off-Site LiveUpdate Settings policy)
Under Windows Settings, click Server Settings.
In the Server Settings pane, uncheck Use the Default Management Server and ensure Use a LiveUpdate server is checked. Use the default LiveUpdate server should be selected.
Under Windows Settings, click Schedule, then accept or change the scheduled update interval. (4 hours is the recommended default.)
Uncheck both of the Options for Skipping LiveUpdate at the bottom of the page.
Under Windows Settings, click Advanced Settings and decide whether to keep or change the default settings. Generally, you do not want users to modify LiveUpdate settings. You may, however, want to let them manually launch a LiveUpdate session
When you have configured your policy, click OK.
In the Assign Policy dialog box click Yes to save and assign the policy to the new location in your group from Part 1. Note: You may have to expand the group using the + icon, in order to see the locations. Locations will be indicated with a compass icon. If you cannot select a nested group, that group inherits policies from its parent group, as set on the Policies tab of the Clients page.
After successful completion of these steps there should be two locations in the group and two different LiveUpdate Settings policies assigned to the group. The Default location should contain the original LiveUpdate Settings policy which is configured to Use the Default Management Server. The new, Off-Site location should contain the new Off-Site LiveUpdate Settings policy with the settings described in Part 2.
Imported Document ID: TECH177361
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe