You want to know what logs can be reviewed to confirm that Symantec Endpoint Protection 12.1 (SEP) clients are downloading content from Group Update Providers (GUPs) instead of from the Symantec Endpoint Protection Manager (SEPM).
This information can be viewed both in the SEP client and also in logs on the SEPM.
Viewing this information in the SEP client:
The SEP client will log the time and source location when it downloads new content in the SEP client's System log. To open the System log, follow these steps:
Double-click the SEP system tray icon
Click View Logs
Click View Logs next to Client Management
Click System Log
Click Filter and set the time range appropriately. The default is 1 day.
Look in the Summary column for events which begin with "Downloaded new content update from Group Update Provider successfully." The full remote file path can be reviewed by clicking the event.
Note: If the SEP client downloads an update from the SEPM, it will log this event in the SEP client's System log with an event which reads "Downloaded new content update from the management server successfully."
Viewing this information in the SEPM:
The SEPM has logs which will report the time, name, and source of any content SEP clients downloads. This includes content downloaded from GUPs. To get a list of where SEP clients are downloading definitions from a centralized location, follow the steps below:
Login to the SEPM
Click Monitors > Logs
Set Log type to System
Set Log content to Client Activity
Select an appropriate time range
Click Advanced Settings
In Event source, type: sylink
In Computer, type the name of the computer to filter by (if so desired). Leaving this alone will show results for all SEP clients.
Click View Log
Review the Description column to determine where SEP clients are downloading updates. If the SEP client is successfully downloading content from a GUP, there will be entries which read "Downloaded new content update from Group Update Provider successfully."
Imported Document ID: TECH187283
Subscribing will provide email updates when this Article is updated. Login is required.