I have HostChecker working in my lab environment so that it automatically remediates an out of date Symantec Endpoint Virus definitions. However, I have noticed the below message just runs all day with no actual update occuring. I have logging turned on my firewall in the lab and really do not see traffic leaving my remediation network to untrust. If you fail host checker you are put on a "visitors" network by default.
That said, does anyone know what the traffic flow is? Does the PULSE client locally on the system go out to the interenet to Symantec to grab the latest defs or does the IC initiate the communication out to Symantec and then passes along that data to the client?
We use Sep 11.x and will be upgrading to Sep 12.x later this year. If anyone uses this in their envirnoment and has aooutomatic remediation working, I would love the input.
Also if anyone has a better way of updating virus defs once laptop/PULSE client fails host checker... Is there a way to kick off a script automatically or add a link to a local script on my network (which can be accessed from my visitors network) that the end user will click on to either go to Symantec to donwload the defs or to our in house SEPM server. I do know there is a script floating around for SEP 12.x, but from my understanding can only be used as a logon scrtipt.
I am running IC4500 with code level 4.3r4.4. and eap version 2.6.1. The virus signatures are being downloaded from Juniper with no issue.