Background:
We currently have SEPM version 12.1.2015.2015, running on Windows server 2008 R2 standard.
We have one management server installed in our environment (default mgmt. server; for policy mgmt. and updates), which suffice our requirements (as we don’t have more than 400 clients as yet). We have Live Update disabled on clients as we don’t have an internal LiveUpdate server, neither we want our internal clients to go to Symantec LiveUpdate servers (internet).
Requirement & Issue:
We are implementing Cisco ISE as NAC (Network Access Control) solution. As per our policy requirements, clients must not connect to internal network resources unless they are satisfactorily secured. One of similar requirements (through ISE posture) is to ensure Symantec Antivirus definitions are current/updated for workstations/laptops that connect to network. (We have Symantec AV client and Cisco AnyConnect client software installed on our workstations/laptops.)
The issue is…
If a workstation which has outdated AV definitions connects to our network, Cisco ISE client (AnyConnect) tries to do auto-remediation by running Live Update. Cisco AnyConnect needs to run the “SepLiveUpdate.exe” on endpoint. However, as the update is disabled, client (Any Connect) gets error: “The remediation you are attempting is reporting an access denied error. This is usually due to privilege issues. Please contact your system administrator.”
As informed by Cisco support, they need “SepLiveUpdate.exe” to run successfully in order to perform remediation of outdated AV definitions. (C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SepLiveUpdate.exe)
If we manually try to run SepLiveUpdate.exe, that gives an error as well. (LiveUpdate has been disabled. Please contact your System Administrator for more information.). This is obvious, as update is disabled..
Question
How can we enable “SepLiveUpdate.exe”? (without having an internal LiveUpdate server or pointing updates to Symantec LiveUpdates)
Regards,
