Ofline
31451 days on xHamster
50209M profile views
34166K subscribers
61703 comments left

Symantec endpoint protection update policy not updating

What we know so far is that the SEP Manager Server should be set up to provide definition updates to multiple Group Update Providers (GUP's) on the Windows side and then we "may" need to stand up several Live Update Administrator Servers (LUAS) for the Mac side.At present, we don't have either of these in place and are still just using the SEPM server to generate installation packages for Win32, Win64 and Mac OS X for early testing. We were told that only three LUAS machines were needed for nearly 20,000 Macs, and that's only if pointing them all directly to Symantec for updates seems to generate too much traffic.# #################################################################################################### # # LOGGING FUNCTION # #################################################################################################### log File="/private/var/log/run SAVLive Update.log" log () #################################################################################################### # # SCRIPT CONTENTS # #################################################################################################### if [ -f "/Applications/Symantec Solutions/Live Update.app/Contents/Mac OS/Live Update" ]; then check For Logged In Users=`who | grep console` if [ "$check For Logged In Users" == "" ]; then #Nobody is logged in - Launch Live Update with a Launch Daemon log "Running Live Update using a Launch Daemon..." log " Creating Launch Daemon..." /usr/bin/defaults write '/Library/Launch Daemons/com.SAVLive Update' Label -string 'com.SAVLive Update' /usr/bin/defaults write '/Library/Launch Daemons/com.SAVLive Update' Launch Only Once -bool 'true' /usr/bin/defaults write '/Library/Launch Daemons/com.SAVLive Update' Program Arguments -array '/Applications/Symantec Solutions/Live Update.app/Contents/Mac OS/Live Update' /usr/bin/defaults write '/Library/Launch Daemons/com.SAVLive Update' Program Arguments -array-add '-update' /usr/bin/defaults write '/Library/Launch Daemons/com.SAVLive Update' Program Arguments -array-add ' LUal' /usr/bin/defaults write '/Library/Launch Daemons/com.SAVLive Update' Program Arguments -array-add '-liveupdatequiet' /usr/bin/defaults write '/Library/Launch Daemons/com.SAVLive Update' Program Arguments -array-add ' YES' /usr/bin/defaults write '/Library/Launch Daemons/com.SAVLive Update' Program Arguments -array-add '-liveupdateautoquit' /usr/bin/defaults write '/Library/Launch Daemons/com.SAVLive Update' Program Arguments -array-add ' YES' /usr/bin/defaults write '/Library/Launch Daemons/com.SAVLive Update' Limit Load To Session Type -array ' Aqua' /usr/bin/defaults write '/Library/Launch Daemons/com.SAVLive Update' Limit Load To Session Type -array-add ' Login Window' /usr/bin/defaults write '/Library/Launch Daemons/com.SAVLive Update' Run At Load -bool 'true' /usr/bin/defaults write '/Library/Launch Daemons/com.SAVLive Update' User Name -string 'root' chown root:wheel /Library/Launch Daemons/com.SAVLive Update.plist chmod 644 /Library/Launch Daemons/com.SAVLive Update.plist log " Loading Launch Daemon..." /bin/launchctl load -S Aqua -S Login Window /Library/Launch Daemons/com.SAVLive Update.plist if [ $?

Of course if it already existed, it would simple delete any schedule and reset it to our preferred settings. /bin/sh # This script will set the Symantec Live Update schedule to # download and install the latest virus definitions available from Symantec.== 0 ]; then log "Finished running Live Update." else log "There was an error running Live Update. " fi fi else log "Error: Symantec Live Update was not found on this machine." exit 1 fi My thanks to both of you for your response.Surprisingly enough, we've reverted back over to using Sophos 9 for OS X and then using their VShield product as well.# * Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution.# * Neither the name of the JAMF Software, LLC nor the # names of its contributors may be used to endorse or promote products # derived from this software without specific prior written permission.

It took me a little while to figure the whole process out, but I was able to create a silent install by putting the additional resources folder and the Symantec Endpoint installer in an embedded folder like private\tmp\sep12.12.

Please or register to post comments
If spammers comment on your content, only you can see and manage such comments Delete all
Jan 8, 2010. The fix release new definition updates, but keep the December 31, 2009 date. Question/Issue Why are the Security Content dates for Symantec Endpoint Protection SEP and Symantec Endpoint Protection Manager SEPM not progressing beyond 12/31/09? SNAC Behavior – If Host Integrity HI is being. 
17-Nov-2018 17:55
Reply
Mar 23, 2015. For Symantec 12.1, you want to isolate VDI client groups from policy changes to allow scheduled scans defined on different days or off hours. Update virus definitions using the LiveUpdate policy which will randomize client to SEP Manager communications and optimize I/O loads when they're not updating. 
17-Nov-2018 17:58
Reply
If the GUP does not have a definition it will reach out to its defined SEP Manager and download the correct update. On the next. Since differential updates are normally small, in an environment where all the traffic is on the same local LAN as the SEPM, it almost is never beneficial to use GUPs in this scenario. While some. 
17-Nov-2018 18:04
Reply
SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL. OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE. When the Symantec Endpoint Protection client detects a virus or security risk. administrator updates the policy that controls your client protection. In all environments, the client. 
17-Nov-2018 18:07
Reply
Jan 7, 2017. WSUS clients do not install approved updates from WSUS. The Symantec Endpoint Protection Manager is able to download current definitions to clients. The WSUS client computers are configured correctly to connect to WSUS and appear on the WSUS Administration console. The WSUS server is. 
17-Nov-2018 18:10
Reply
Jul 28, 2017. Right-click the Symantec Endpoint Protection notification area icon also called the system tray icon. Click Update Policy. The client requests the new policy from the manager. Once the policy has been updated the user will not be able to disable the Virus and Spyware Protection or the Network Threat. 
17-Nov-2018 18:15
Reply
Apr 2, 2013. /usr/sbin/installer -pkg "Symantec Endpoint Protection.pkg" -target / if $? -eq 0 ; then exit 0 else exit 1 fi. I uploaded both to Casper Admin. To deploy I created a Policy with the package SEP12.1.2and the script Symantec Managed with priority 'After'. For the Display and execution settings I. 
17-Nov-2018 18:19
Reply
Feb 20, 2017. This article describes an issue where Host Checker fails for Symantec Endpoint Protection Small Business Edition also known as Symantec Hosted Endpoint Protection version 3. when checking for virus definition by number of updates or days. 
17-Nov-2018 18:23
Reply
Oct 12, 2017. A. For minor updates to Mac OS X, such as 10.12 to 10.12.2, the Symantec Endpoint Protection client can remain in place. A. Windows-specific policies will not apply to Macs; only the LiveUpdate policy and the Mac Settings in the Virus and Spyware Protection and the Exceptions policy if configured for a. 
17-Nov-2018 18:27
Reply

Symantec endpoint protection update policy not updating introduction

Symantec endpoint protection update policy not updating