search cancel

Endpoint Protection - Host Integrity Fails When Using "Local GUP Status Detection" Script

book

Article ID: 175878

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection (SEP) Host Integrity allows to enable Local Group Update Provider (GUP) Status Detection in the Host Integrity Policy on Symantec Endpoint Protection Manager (SEPM).

This can be configured in SEPM -> Policies -> Host Integrity -> edit "Host Integrity Policy" -> Requirements -> Add -> Use Existing Templates -> HI Sample Toolkits -> Local GUP Status Detection -> Add -> Import.

Policy has to be assigned to a group in which all clients are enabled to be GUPs. Host Integrity will then check the GUP status and will fail if GUP is not operational. More precisely, the script checks for the presence of a recent GUP.dat file which is essential to GUP operation. If the file is older than 2 days the Host Integrity check will fail.

In order for GUP to update GUP.dat file, it has to be able to access http://<SEPM_URL>:8014/content/ContentInfo.txt. Access can be verified using internet browser on the GUP itself.

 

SEP debug.log shows the following error:

2018/10/14 22:07:51.168 [6500:4104] GUProxy - downloadHelper.CreateUrlRequest failed GET://<SEPM_URL>:8014/content/ContentInfo.txt

Cause

GUP is unable to access http://<SEPM_URL>:8014/content/ContentInfo.txt

Resolution

Check if GUP can access http://<SEPM_URL>:8014/content/ContentInfo.txt if <SEPM_URL> is a Fully Qualified Domain Name (FQDN).

If http://<SEPM_URL_FQDN>:8014/content/ContentInfo.txt can be accessed from GUP then Management Server List has to be adjusted on the SEPM. Once GUP receives the updated Management Server List, it will be able to obtain ContentInfo.txt from the SEPM.

Creating and assigning a management server list for a Symantec Endpoint Protection Manager