When Download Randomization is enabled in the Communication Settings for a client group policy how is that confirmed in a Sylink.log. How do you confirm that Randomization is working.

 

For this test the Heartbeat is set at 30 minutes on a Pull setting and the Randomization is set to 3 hours.

1. Below we see the randomization set after heartbeat stops:

04/01 03:13:14 [3808] <CheckHeartbeatTimer>====== Heartbeat loop stops at 03:13:14 ======

2. 21 Milliseconds later the randomization timer is set.

04/01 03:13:35 [3812] <CRandomDelay::CRandomDelay()>
04/01 03:13:35 [3812] Random delay window: 3hour 0min 0sec
04/01 03:13:35 [3812] Computed random delay:1hour 19min 8sec 0millisec
04/01 03:13:35 [3812] </CRandomDelay::CRandomDelay()>
04/01 03:13:35 [3812] <LUThreadProc>Waiting for: 4748000 milliseconds to start downloading LU contents 4748000 ms = 79.13 Minutes until client responds to get update

3. Move ahead in the log 79.13 minutes to 4:32:44 we see the client updating from SEPM.

4/01 04:32:44 [3812] <LUThreadProc>Starting LU download.
04/01 04:32:44 [3812] <SetupTempLUFilePath:>NEW download: C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF{C60DC234-65F9-4674-94AE-62158EFCA433}1003310481003310347.TMP
04/01 04:32:44 [3812] <CHttpFileDownload::CHttpFileDownload()>
04/01 04:32:44 [3812] </CHttpFileDownload::CHttpFileDownload()>
04/01 04:32:44 [3812] <CHttpFileDownload::Do()>
04/01 04:32:44 [3812] <CHttpFileDownload::getRemainingBytesToDownload()>
04/01 04:32:44 [3812] Remaining bytes to download: 169835
04/01 04:32:44 [3812] </CHttpFileDownload::getRemainingBytesToDownload()>
04/01 04:32:44 [3812] <CHttpConnector::SendRequest()>
04/01 04:32:44 [3812] Request> http://10.0.31.102:8014/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/100331048/xdelta100331034.dax  (The log is much longer here and has been shortened)

4. During this 79.13 minute wait there were  4 complete heartbeats to the SEPM

04/01 02:43:12 [3808] <CheckHeartbeatTimer>====== Heartbeat loop stops at 02:43:12 ======
04/01 03:13:14 [3808] <CheckHeartbeatTimer>====== Heartbeat loop stops at 03:13:14 ======
04/01 03:43:17 [3808] <CheckHeartbeatTimer>====== Heartbeat loop stops at 03:43:17 ======
04/01 04:13:20 [3808] <CheckHeartbeatTimer>====== Heartbeat loop stops at 04:13:20 ======

The above outlined process will begin again when the SEPM next has new content to update the clients with.  At that time a new randomized time is selected.  I have pasted examples from earlier logs showing this behavior.

03/30 14:38:00 [2532] <CRandomDelay::CRandomDelay()>
03/30 14:38:00 [2532] Random delay window: 3hour 0min 0sec
03/30 14:38:00 [2532] Computed random delay:2hour 21min 48sec 0millisec
03/30 14:38:00 [2532] </CRandomDelay::CRandomDelay()>
03/30 14:38:00 [2532] <LUThreadProc>Waiting for: 8508000 milliseconds to start downloading LU contents
----------------------------------------------------------------------------------------------------------------------------------
03/30 18:41:05 [2532] <CRandomDelay::CRandomDelay()>
03/30 18:41:05 [2532] Random delay window: 3hour 0min 0sec
03/30 18:41:08 [2532] Computed random delay:0hour 41min 6sec 0millisec
03/30 18:41:08 [2532] </CRandomDelay::CRandomDelay()>
03/30 18:41:08 [2532] <LUThreadProc>Waiting for: 2466000 milliseconds to start downloading LU contents
----------------------------------------------------------------------------------------------------------------------------------
03/31 02:43:08 [2532] <CRandomDelay::CRandomDelay()>
03/31 02:43:08 [2532] Random delay window: 3hour 0min 0sec
03/31 02:43:11 [2532] Computed random delay:2hour 35min 30sec 0millisec
03/31 02:43:11 [2532] </CRandomDelay::CRandomDelay()>
03/31 02:43:11 [2532] <LUThreadProc>Waiting for: 9330000 milliseconds to start downloading LU contents

> References: 

Title: 'Best Practices for Symantec Endpoint Protection in virtual environments'
Document ID: 2009073014541948
> Web URL: https://support.symantec.com/en_US/article.TECH95300.html​