Symantec location awareness changing

Posted on 2015-01-06
Medium Priority
Last Modified: 2015-01-20
I am trying to work out why multiple servers report changing location in their Symantec logs. The criteria is set to switch to external if the management server is not contactable. The servers are on the same LAN as the management server and the management server is not going down.
Also can anyone tell me the impact of a client switching locations. I don't have any firewalls configured so its not getting a new firewall policy but is there any negative impact for switching locations. Thanks
Question by:Sid_F
LVL 66

Accepted Solution

btan earned 2000 total points
ID: 40534750
It seems to have similar issue faced though it is in a (local and remote) hub and spoke context, but the running through of the symlink can be relevant as part of isolation findings.

Mostly the client relies on its sylink communications file and try to resolve the findings based on the location awareness logic (LAN vs Foreign score). If there are any dependencies in not resolving to find the mgmt srv be it DNS lookup etc, it is consider "missing" and also it first check the “Remember the last location” option so if that is resolved to past mgmt srv, it give a false impression that mgmt srv is "missing" too. Or the heartbeat to mgmt srv is slow to come back or block to come back etc..

Location Awareness Logic- How does Location Awareness determine what location to assign a Symantec Endpoint Protection (SEP) client?

Also for debugging autolocation, there can be more trail of leading events to maybe what is not alright in debug.log

Best Practices for Symantec Endpoint Protection Location Awareness

Symantec does not recommend more than seven (7) locations per group when using Location Awareness as this can affect the execution time on how long it takes the SEP client to process and ultimately connect to a valid location where all conditions have been met.

Author Closing Comment

ID: 40559961

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question