Symantec Endpoint Protection clients are not able to download antivirus definitions from the Group Update Provider.

book

Article ID: 155058

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection (SEP) clients are not able to download antivirus definitions from the Group Update Provider (GUP). Other content is properly downloaded and installed.

Some clients in the same group are able to download the antivirus definitions.

In the debug.log from the GUP, it is possible to see a proper communication with the Symantec Endpoint Protection Manager (SEPM):

09/08 09:47:32 [7464:1440] GUProxy: accepted socket 2224 for <IP address> port 1233
09/08 09:47:32 [7464:6780] GUProxy: Begin to handle accepted socket 2224
09/08 09:47:32 [7464:6780] GUPROXY - GUProxy HTTP in - GET /content/{C60DC234-65F9-4674-94AE-62158EFCA433}/110907017/Full.zip
09/08 09:47:32 [7464:6780] GUPROXY - GUProxy File - /content/{C60DC234-65F9-4674-94AE-62158EFCA433}/110907017/Full.zip
09/08 09:47:32 [7464:6780] GUPROXY - GUProxy mangled file - #content#{C60DC234-65F9-4674-94AE-62158EFCA433}#110907017#Full!zip
09/08 09:47:32 [7464:6780] GUProxy - Add request into download queue.
09/08 09:47:32 [7464:7980] GUProxy - Throttle changed to [0X00000FA0] BPS since Thread Count added to [1]
09/08 09:47:32 [7464:7980] GUPROXY - GUProxy - Requested file not in cache:  - #content#{C60DC234-65F9-4674-94AE-62158EFCA433}#110907017#Full!zip
09/08 09:47:32 [7464:7980] GUPROXY - GUProxy - Contacting the SEPM server at - <IP address>
09/08 09:47:32 [7464:7980] GUProxy - SO_RCVBUF is [8192]
09/08 09:47:32 [7464:7980] GUPROXY - GUProxy Response - HTTP/1.1 200 OK

The transfer of the content to the client is not confirmed by:

09/08 09:50:42 [7464:7932] GUProxy content cached - sending to client
09/08 09:50:42 [7464:7932] GUProxy send content to the client all right.

No errors.

Cause

If the SEP client's content is out of date beyond the range of delta updates available on the GUP, the GUP will request a full.zip from the SEPM for that client, provided the SEPM also does not have a delta within that range as well.  The full.zip is approximately 140 MB, which the GUP downloads from the SEPM.

With the default GUP bandwidth throttling of 32Kbps, the GUP requires more than 9 hours to download the 140MB full.zip, file which is too long (this is not considering timeout issues on heavily utilized WAN links either). Taking in consideration that a common user's PC runs for 8 working hours, the client may never receive this content.

 

Resolution

In the LiveUpdate policy, increase the GUP bandwidth to a higher value.  For example, 512 Kbps is a more reasonable value, however results may vary; tuning the value will be necessary.

Also consider increasing the drive space used by the GUP for caching its retrieved content.  This would minimize the need for the GUP to re-download content that has had to be removed from its cache to make room for new requests. You can find this setting in the Live Update Policy, Server Settings, "Maximum disk cache size allowed for downloading updates".

 

Applies To

 

GUP bandwidth throttling is enabled and set to the default value 32 Kbps.