Is it Possible for LiveUpdate Clients to Retrieve Content via HTTPS?

book

Article ID: 156533

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

An internal update infrastructure is being designed so that all Symantec Endpoint Protection 11 (SEP 11) clients and Symantec Endpoint Protection Managers (SEPMs) retrieve content from LiveUpdate Administrator 2.x (LUA 2.x) Distribution Centers throughout the company network.  It is possible to configure the HTTPS protocol for connections between the LUA server and its Distribution Centers (DCs).  Is it also possible that the SEP and SEPM computers retrieve their contents from these DCs over HTTPS?    

Resolution

SEP clients and SEPMs may retrieve their updates using the HTTP protocol or the FTP protocol.  As stated in the Client Guide for Symantec Endpoint Protection and Symantec Network Access Control (client_guide.pdf), HTTP is supported for LiveUpdate communication, but HTTPS is not supported.

LiveUpdate contents are protected from manipulation or corruption by in-built security features.  Updates will not be "trusted" and processed by SEP client or SEPM if the file received is not an exact match for the file generated by Symantec.  With these defenses in place, there is no need to further encrypt them via HTTPS.