Symantec Endpoint Protection clients are not getting content updates from configured Group Update Providers


Article ID: 178144


Updated On:


Endpoint Protection


Some or all Symantec Endpoint Protection 11.0.5002 (RU5) clients or higher are not getting content updates from configured Group Update Providers.

A group of Symantec Endpoint Protection 11.0.5002 (RU5) clients or higher are configured with a "Single" or "Optional" Group Update Provider (GUP).

  • There are no Group Update Providers on the local subnet of the affected clients, so the Single or Optional GUP is required for the client updates.
  • The same LiveUpdate Settings policy is configured to allow the clients to fail over from the GUP to the Symantec Endpoint Protection Manager (SEPM).



Under the very specific circumstance set out in the above Symptoms section, a client does not attempt to contact the GUP.



This problem is fixed in Symantec Endpoint Protection 11.0.6300.803 (RU6-MP3). For information on how to obtain the latest build of Symantec Endpoint Protection, read Obtaining an upgrade or update for Symantec Endpoint Protection -

Technical Information

In the client sylink log, you will see the client obtain the GUP list from the SEPM.  Since no GUP is on the client's subnet, it will not use any GUP from the GUP list.  At this point the client should instead use the GUP assigned as the "Single" or "Optional" GUP.  Instead, it re-randomized the download timer (if download randomization is configured) and requests the GUP list again.  This will repeat until the client fails over to the SEPM after the configured bypass timer configuration.

If the GUP bypass timer is configured for "Never", the client will immediately access the Single/Optional GUP once it determines that none of the GUPs contained within the GUP list are on the same subnet as the client.