Testing engine updates before they release on Windows clients

Symantec Endpoint Protection
contains several engines that carry out parts of its functionality. These engines are binary files (.dll or .exe) and are delivered with the security definitions. Symantec updates the functionality of these engines to enhance
Symantec Endpoint Protection
's capabilities and to respond to new threats.
While Symantec updates virus definitions several times a day, the engine content is updated on a quarterly basis. Symantec provides the engine updates using LiveUpdate.
Symantec provides a special server lets you download and test the engine content before you roll out the content to your production environment. Symantec releases these updates on the Early Adopter server (EAS). Engine updates are released a few weeks before the engines are available for general release on the public LiveUpdate server.
You download the engine updates using the EAS, try them in a lab environment, and let Symantec know of any conflicts you encounter. This process lets Symantec fix these conflicts ahead of the general release.
Use the following process to test engine updates:
Step 1: Create a group of test computers to receive content
The most accurate test of engine compatibility is with the production systems that do real work. Create a permanent testing group by selecting a set of client computers to receive EAS content using the following criteria:
  • Identify the various types of critical systems within your environment. These systems may vary from each other by hardware, software, or function. For example, you might identify retail systems such as a gold desktop image, point-of-sale systems, and web servers, among other critical systems to test.
  • Use multiple systems of each type as some software conflicts may manifest only intermittently. Choose the production systems that already have the installed software that you normally use and that perform a representative load of work.
  • Configure the test client computers that receive the early release content like the production computers that you do not test. Both the clients that you test and do not test should have the same
    Symantec Endpoint Protection
    features installed and use the same policies.
If you prefer not to use production computers for testing with the EAS, you may use lab-based systems. In this case, you may want to write the automation that exercises the functions of the systems under test and simulate load.
For customers with a small number of client computers, all you need is one
Symantec Endpoint Protection Manager
and one
Symantec Endpoint Protection
for Windows client.
Step 2: Configure test computers to receive prereleased content from the Early Adopter server
For the test group, configure LiveUpdate to download the content from the Symantec Early Adopter server by performing the following steps.
To configure a site to download content from the Symantec Early Adopter LiveUpdate server
  1. In the console, click
    Admin
    >
    Servers
    .
  2. Under
    Servers
    , right-click
    Local Site
    , and then click
    Edit Site Properties
    .
  3. Under
    LiveUpdate Source Servers
    , click
    Edit Source Servers
    .
  4. In the
    LiveUpdate Servers
    dialog box, click
    Use the Symantec LiveUpdate server for prereleased content
    , and then click
    OK
    >
    OK
    .
To configure the managed clients to use the prerelease Symantec Early Adopter LiveUpdate server
  1. In the console, open a new LiveUpdate Settings policy, and click
    Policies
    >
    LiveUpdate
    .
  2. Under
    Windows Settings
    , click
    Server Settings
    >
    Use a LiveUpdate server
    >
    Use the Symantec LiveUpdate server for prereleased content
    .
  3. Click
    OK
    , and assign the policy to the test group.
As long as your LiveUpdate Settings policy gets content from the EAS, the test clients continue to receive the prereleased versions of the content.
For non-test groups, keep the LiveUpdate Settings policy configured to the LiveUpdate server that you normally use. After the engines are available for general release, all client computers receive LiveUpdate content, depending on how you configured your client computers to receive it.
For more information, see:
Step 3: Configure test and non-test computers to a particular engine version
Configure several LiveUpdate Content policies so that:
  • The test group receives the latest version of the security definitions and engines. This group downloads all future content revisions with the prerelease engine version in it.
  • The non-test groups receive an existing, safe version of the engine.
    You can also lock on an engine version. With this option, clients continue to receive the latest security definitions that are associated with a particular engine, but not the latest engine version. See:
    After you are satisfied that the test group functions normally with the prereleased content, you manually choose the next engine version for these non-test groups.
Step 4: Set up notifications for new engine releases (optional)
To get notifications for planned engine releases that LiveUpdate downloads to the
Symantec Endpoint Protection Manager
, do one of the following tasks:
  • Add a notification for when new content has been downloaded to
    Symantec Endpoint Protection Manager
    . Notifications for new content include new engine releases as well as security definitions. You receive notifications only if one or more LiveUpdate Content policies that specify a content revision by engine version are locked due to an available engine update.
    To view notifications, on the
    Home
    page, in the
    Security Status
    pane, click
    View Notifications
    .
    Updates on the EAS are as frequent as on the regular LiveUpdate server. If you feel that you receive these notifications too often, configure the notifications to not appear.
    For more information, see:
  • Premium Support Customers can log on here to the Customer Subscription Portal. See:
Step 5: Monitor the test computers after engine content is released
After Symantec publishes an engine update to the EAS, begin monitoring the computers that you configured to receive this content. Monitor the following items:
In addition, run the client after you modify the policies or run a scan to ensure that the computer functions as expected.
If you notice any unexpected behavior or suspect a software conflict exists with the engine update, contact Support for assistance. Usually, if Symantec confirms that there is a software conflict before the beginning of the phased rollout, Symantec reschedules the publishing, and works with you to correct the issue. Symantec then republishes an updated engine to EAS.