Download .jdb files to update definitions for Endpoint Protection Manager

Article:TECH102607  |  Created: 2007-01-08  |  Updated: 2014-11-20  |  Article URL
Article Type
Technical Solution


This article describes how and when to update antivirus definitions and other content in Symantec Endpoint Protection Manager (SEPM) using a .jdb file.


Use certified virus definition, Network-Based Protection, or Behavior-Based Protection .jdb files to update content on the SEPM when the SEPM cannot access either the internet or a LiveUpdate Administrator (LUA) server.

Use Rapid Release .jdb files in outbreak scenarios to combat new threats.


About .jdb files

Symantec Security Response distributes content in .exe and .jdb files. The .exe files update single clients, and the .jdb files update either the SEPM or single clients. When you use a .jdb file to update a SEPM, the SEPM updates its managed clients.

There are four kinds of content that are distributed in .jdb files:

  • Certified virus definitions

  • Rapid Release virus definitions

  • Network-Based Protection content

  • Behavior-Based Protection content

All content can be found on the Symantec Security Response definitions page.


About certified virus definitions

The certified defintions .jdb file updates the virus and spyware definitions on the SEPM. These definitions have been through rigorous Quality Assurance (QA) testing and are recommended for regular use.


About Rapid Release virus definitions

Several times a day, Symantec Security Response compiles all new detections into a new Rapid Release virus .jdb file. The purpose of the Rapid Release virus definitions is to make the newest definitions available quickly. Use Rapid Release virus definitions when a new threat may be spreading on your network.

Rapid Release virus definitions undergo only basic quality assurance testing. Rapid Release virus definitions are therefore riskier to use than certified definitions. Rapid Release definitions are most useful as a means of stopping fast-spreading threat outbreaks.

Several times each weekday, all new detections added as Rapid Release definitions go through the complete QA process, including testing for false positives and testing for full compatibility with Symantec Endpoint Protection. Once the Rapid Release definitions pass the full QA process, they are posted as Certified LiveUpdate definitions or Multiple Daily Definitions.

Please note that using Rapid Release definitions regularly instead of Certified definitions is not encouraged by Symantec. Rapid Release definitions are intended to be used as needed to stop a possible virus outbreak. Under normal conditions, Symantec strongly recommends Daily Certified definitions for routine use.

If you are unsure as to which definitions set you should use, please contact Symantec Support for guidance.


About Network-Based Protection and Behavior-Based Protection .jdb files

Symantec Endpoint Protection 12.1.3 and later can update Network-Based Protection (IPS) and Behavior-Based Protection (SONAR) content using .jdb files.

To download the .jdb file

  1. In a browser on the computer that runs SEPM, go to the desired page:

  2. Download the file that ends in .jdb, and save the file to the Windows desktop.

  3. Most browsers rename the file from .jdb to .zip after you save it. Rename the file from .zip to .jdb.

  4. Do one of the following:

    • On 32-bit operating systems, copy and paste the .jdb file to the following location:
      \Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming
    • On 64-bit operating systems, copy and paste the .jdb file to the following location:
      \Program Files(x86)\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming

      Be sure to copy and paste the file instead of cutting and pasting or otherwise moving it. Copying and pasting preserves the file permissions correctly, while other methods of moving the file may not.
  5. SEPM processes the .jdb file automatically.


To verify that the SEPM content is updated

To verify that the SEPM content has been updated, look in the following folders:

  • For SEP 12.1.x:
    32-bit Definitions: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{535CB6A4-441F-4e8a-AB97-804CD859100E}
    64-bit Definitions: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{07B590B3-9282-482f-BBAA-6D515D3855E2}      
  • For SEP 11.x:
    32-bit definitions: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}"
    64-bit definitions: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{1CD85198-26C6-4bac-8C72-5D34B025DE35}" 

Typically, three or more numbered folders exist. The folder naming convention is "yymmddxxx". For example, "140822034". This is the date and build (revision) number of the definition set installed.

There should be a folder named "Full" and a zip file named "" inside the folder that matches the set that you downloaded and installed. Inside the Full folder are the files typically associated with a virus definition set.


For details on how to manage the number of definitions maintained by the SEPM, see How to change the number of downloaded content revisions that are kept in 11.0.2000 (MR2) or later.

Additional Clarification:

The Intelligent Updater .exe files are designed to update client installs for SEP only. These Intelligent Updater files do not contain the required content needed by a SEPM.

  • The Intelligent Updater (IU) file names for SEP clients end with "v5i32.exe" or "v5i64.exe" (32- and 64-bit respectively).

  • The Intelligent Updater file names listed on the Symantec AntiVirus Corporate Edition tab should only be used with those specifically listed products.


Supplemental Materials


Legacy ID


Article URL

Terms of use for this information are found in Legal Notices