A *.jdb file can be used to update the virus definitions for SEPM. The updated SEPM will then begin to supply the updated definitions to the managed Symantec Endpoint Protection (SEP) clients that are configured to receive content from that SEPM.

The .jdb file for antivirus/antispyware does not provide updated content for the firewall, IPS, SONAR, or other features for SEP clients. SEP 12.1.3 and later support .jdb files for Network-Based Protection (IPS) and Behavior-Based Protection (SONAR); earlier versions only support antivirus/antispyware updates using the .jdb. IPS and SONAR .jdb files can be found on the Symantec Security Response Web site.

Use the .jdb certified definitions or the .jdb Rapid Release definitions to update SEPM content.

About Rapid Release virus definitions
Several times a day, all new detections are compiled into a new Rapid Release virus definition set, which is then posted to the Symantec public site. Rapid Release virus definitions are created whenever Symantec Security Response receives a new virus sample. The purpose of the Rapid Release virus definitions is to aid corporate customers in the event of a new virus infection. In a networked environment, it is possible for an undetected virus to spread quickly. Using Rapid Release virus definitions is a proactive effort to prevent the spreading of a new virus. 

Rapid Release virus definitions have undergone basic quality assurance testing by Symantec Security Response. The primary focus of these definitions is the rapid detection of newly emerging threats. The definitions may be augmented later with more robust detection capabilities. While Symantec Security Response makes every effort to make sure that all virus definitions function correctly, you should understand that Rapid Release-quality virus definitions do pose some risks, such as the higher potential for false positives. Rapid Release definitions are most useful for perimeter defenses or for all protection tiers as a means of mitigating fast spreading virus outbreaks.

Several times per weekday, all new detections added as Rapid Release definitions go through the complete QA process, including testing for false positives and testing for full compatibility with Symantec Endpoint Protection. Once the Rapid Release definitions pass the full QA process, they are then posted as Certified LiveUpdate definitions or Multiple Daily Definitions.

Please note that the consistent use of the Rapid Release definitions is not encouraged by Symantec and the use of the Rapid Release definitions is intended to be used on a case by case basis to mitigate a possible virus outbreak. Under normal conditions, Symantec strongly encourages customers to use the Daily Certified definitions for routine use.

Downloading the .jdb file

If you are unsure as to which definitions set you should use, please contact Symantec Support for guidance.

To download the .jdb certified definitions:

1. In a browser, go to the "Symantec Endpoint Protection / Symantec Antivirus Corporate Edition" website at the following URL: http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce
2. There are multiple headings/product categories presented. Be aware that there is only one .jdb in the list that will need to be downloaded. This is sufficient in updating both 32 and 64 bit definitions on the SEPM.  

To download the .jdb Rapid Release definitions:

1. In a browser, go to the "Rapid Release Virus Definitions" website at the following URL: http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr
2. Download the available .jdb file and save the file to the Windows desktop.

To use the .jdb file to update definitions for SEPM:

1. After downloading, you may need to rename the file extension from ".zip" to ".jdb". (Most browsers detect the file type and automatically change the extension. This must be changed back to .jdb for use in the SEPM.)
2. Copy the .jdb file to "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming" for 32 bit operating systems and to "C:\Program Files(x86)\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming" for 64 bit operating systems. The location listed in this line is the default installation location and is presented as an example only.
3. The .jdb file will be processed, usually within one minute. As the .jdb file is processed, all files and subfolders are removed from the "Incoming" folder.

Verify that the SEPM content is updated:

1. To verify that the SEPM content has been updated, look in the following folders 
2. For SEP 11.0 - Check the following locations:
   32 bit definitions: "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}"
   64 bit definitions: "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{1CD85198-26C6-4bac-8C72-5D34B025DE35}" 
3. For SEP 12.1 - Check for the following locations:
   32 bit Definitions : "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{535CB6A4-441F-4e8a-AB97-804CD859100E}"
   64 bit Definitions : "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{07B590B3-9282-482f-BBAA-6D515D3855E2}" 
4. Typically, there will be three or more numbered folders present. The folder naming convention is "yymmddxxx". For example "100602034". This is the date and build (revision) number of the definition set installed. Please note that the definition set installed may have been published the previous day and a set for the current day may not yet be available.
5. Looking inside the folder that matches the set downloaded and installed, there should be a folder named "Full" and a zip file named "Full.zip".

Looking inside the "Full" folder, there should be the files typically associated with a virus definition set.

Important Notes:

1. The SEPM updater file has a ".jdb" extension. There should only be one .jdb listed at any time and will update content for both 32 and 64 bit systems.
2. These .jdb files can also be used to update SEP clients. For details on the client procedure, please see How to manually update definitions for a managed Symantec Endpoint Protection Client using the .jdb file
3. The legacy SAV Parent Servers cannot be updated by a .jdb.  The SAV server updater file has a ".xdb" extension and only updates 32-bit virus definitions; SAV parent servers do not serve 64-bit definitions. 64-bit systems cannot be SAV parent servers.

For details on how to manage the number of definitions maintained by the SEPM, see 'How to change the number of downloaded content revisions that are kept in 11.0.2000 (MR2) or later.'

Additional Clarification:
The Intelligent Updater .exe files are designed to update client installs for SEP or SAV only. These Intelligent Updater files do not contain the required content needed by a SEPM.  Attempts to update a legacy SAV Parent with an Intelligent Updater will likewise fail.

1. The Intelligent Updater (IU) file names for SEP clients end with "v5i32.exe" or "v5i64.exe" (32 and 64 bit respectively).
2. The Intelligent Updater file names for legacy Symantec AntiVirus (SAV) clients end with "i32.exe" or "i64.exe" (32 and 64 bit respectively).
3. The Intelligent Updater file name that ends in "x86.exe" is only for specifically listed products and should only be used with those products.

References
This document is available in the following languages:

• Brazilian-Portuguese: http://www.symantec.com/business/support/index?page=content&id=TECH102607&locale=pt_br
• French: http://www.symantec.com/business/support/index?page=content&id=TECH102607&locale=fr_fr
• German: http://www.symantec.com/business/support/index?page=content&id=TECH102607&locale=de_de
• Italian: http://www.symantec.com/business/support/index?page=content&id=TECH102607&locale=it_it
• Spanish: http://www.symantec.com/business/support/index?page=content&id=TECH102607&locale=es_es