Clients keep downloading virus definitions from SEPM via proxy when SEPM and SEP are in the same local network.

book

Article ID: 178074

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction



Symptoms
High load observed on proxy. Proxy logs indicate that local traffic traversing the proxy is communication traffic between client and the SEPM.


 

Cause

Clients are not configured to bypass the proxy correctly. Proxy servers are detectable by clients configured to auto-detect proxy servers. This has been seen to happen with Blue Coat proxies. Proxy servers are networked to proxy all traffic regardless of client configuration.

Resolution

Ensure that the clients are configured to bypass the proxy.

  1. Open Internet Explorer.
  2. Tools > Internet Options > Connections > LAN settings.
  3. Uncheck "Automatically detect settings".
  4. Under proxy server, click "Advanced".
  5. Under Exceptions, enter in the SEPM IP address and hostname.
    Note: Also can add the local network for example: 10.*.*.* or 192.168.*.* depending on the addressing of the local network.
  6. Reboot and test.


Note: If clients are still communicating through the proxy after configuring to bypass the proxy, add exceptions to the proxy server to "no authentication" for any request going to the management servers. Traffic that traverses the proxy going to the SEPM should now be ignored.

Http error 407 is seen in the sylink log:
This can be caused by a change in proxy configuration. But the change did not consistently change in all the places the configuration is stored in the registry. Proxy configuration can be refreshed by deleting the these registry keys and rebooting. After reboot the operating system will repopulate the proxy configuration in the registry. For steps on how to do this please refer to the following KB.

Client is not appearing in Symantec Endpoint Protection Manager (SEPM), error: HTTP returns status code=407
http://service1.symantec.com/support/ent-security.nsf/docid/2008051309225748


References
Client is not appearing in Symantec Endpoint Protection Manager (SEPM), error: HTTP returns status code=407
http://service1.symantec.com/support/ent-security.nsf/docid/2008051309225748

SEP MR4 MP1A loses communication with SEPM servers after IE8 is installed
http://www.symantec.com/connect/forums/sep-mr4-mp1a-loses-communication-sepm-servers-after-ie8-installed