Symantec endpoint protection clients not updating from management server
Related Content: Take Your SEP Reporting to the Next Level with SOLVE Brent M.Gueth is a Senior Security Consultant with Conventus specializing in Symantec Endpoint Protection and Symantec Data Center Security.In an environment where a GUP is configured, clients designated to use GUPs will reach out on port 2967/TCP to see if there is a definition update available.If the GUP does not have a definition it will reach out to its defined SEP Manager and download the correct update.In this scenario one serious discussion should be if it is better engineered to have all clients retrieve their definitions directly through the Internet to Symantec’s public Live Update servers.Since differential updates are normally small, in an environment where all the traffic is on the same local LAN as the SEPM, it almost is never beneficial to use GUPs in this scenario.This document explains how to update Symantec Endpoint Protection definitions by running Live Update.TEM managed clients should receive updates automatically from the server.
On a subnet over a WAN link, you would have a single client retrieving definitions from the SEPM.
Depending on how you publish definitions within your environment, something else to consider is the difference between cheap and expensive bandwidth.
In some environments client communication will go over the WAN while Internet traffic will traverse through a cheaper local ISP.
He has worked in the IT Security field for over a decade including positions with Symantec and NASA.
He has consulted for many Fortune 500 companies and assisted them with their security needs.