Sunday, January 16, 2011

Too frequent update of Symantec Endpoint Protection in Mac

I have installed Symantec Endpoint Protection (SEP) for Mac in an unmanaged mode. The problem is its LiveUpdate runs too frequently and I can't disable it or modify. Although it provides Symantec Scheduler UI, it doesn't look like working at the beginning.

It turns out SEP installs a default schedule owned by a root user, which a normal user can't see in his/her Symantec Scheduler UI. A solution is as follows:
1. Open a terminal
2. Type sudo symsched -d all
3. Setup a new schedule by using Symantec Scheduler UI or a command like,
symsched LiveUpdate "Update All Daily" 1 1 -daily 13:00 "All Products" -quiet

Reference:
http://www.symantec.com/connect/forums/sep-mac-live-update-bouncing-dock
http://www.symantec.com/business/support/index?page=content&id=TECH134203&locale=en_US
http://www.symantec.com/business/support/index?page=content&id=TECH105502

at Sunday, January 16, 2011 Print

4 comments:

Douglas Brash said...

Sounds promising.
But for those of us who are not computer science majors, how do you "open a terminal"? And is there anything else that needs to be done after typing in the command?

10:00 AM
JeanH said...

Not working for me. I have admin privileges on my Mac Pro.

sudo symsched -d all does not delete the update tasks associated with my userid; I have to type

symsched -d all

without the sudo, to make them go away.

My machine is set up with multiple accounts (my ordinary account as admin, the corporate IT guys as admin, and a "spare" standard account for troubleshooting) Your Mac may be set up for a single user. Perhaps that accounts for the difference?

12:23 PM
ME said...

Glad to know that I'm not the only one with this problem. I hope this fixes it. Thanks.

12:17 PM
Anonymous said...

Fantastic, this worked perfectly! I'd spent hours searching through the Symantec forums trying to figure out how to turn off the obnoxious frequent Live Update checks, without success. I'm very glad I finally stumbled upon these instructions.

@JeanH: You're doing something different. Any tasks that you schedule yourself (from your own userid) will show up both in the Symantec Scheduler as well as by typing just symsched -l. But the default Live Update frequency settings weren't created using your userid.. they used the root userid. So if you haven't scheduled anything yourself, typing symsched -d all won't clear out anything.

If you're trying to clear out the default Live Update schedule (which incidentally is hourly!), you have to put the sudo in front of it.

6:56 PM

Post a Comment

Subscribe to: Post Comments (Atom)