Virus Definition Update FAQ
|Article:TECH103326|||||Created: 2007-01-13|||||Updated: 2010-01-29|||||Article URL http://www.symantec.com/docs/TECH103326|
The differences among the available virus definition update types.
What does “Certified” mean?
Each certified set of virus definitions is fully tested and certified by Quality Assurance on all supported Symantec security products across all operating systems currently supported by Symantec. The testing includes a large corpus of threat samples to ensure comprehensive detection and an equally large set of clean files to ensure the avoidance of false positive detections. Certified virus definitions are optimized for quality, compared with Rapid Release virus definitions, which are optimized for high frequency deployment to customers. See the section below on Rapid Release virus definitions for a more complete explanation of this additional delivery option.
Certified Multiple Daily LiveUpdate
Certified Multiple Daily LiveUpdate is published three times a day and offers the best protection from fast moving threats. Customers using Symantec Endpoint Protection are able to take advantage of this highest frequency of delivery.
Certified Daily LiveUpdate
Certified Daily LiveUpdate is published once per day and offers a high level of protection from fast moving threats. Customers using Symantec Antivirus are able to take advantage of this daily frequency of delivery.
Certified Weekly LiveUpdate
Certified Weekly LiveUpdate is published once per week and is considered a legacy level of support and therefore provides a lesser degree of protection compared with the daily and multiple daily frequencies. Given the large number of threats analyzed by Symantec Security Response each day, Symantec suggests that customers update their antivirus detection signatures at least once per day
Certified Daily Intelligent Updater
Intelligent Updater virus definitions are a batch of the Rapid Release virus definitions that have undergone full QA testing and certification. The Intelligent Updater is an alternate delivery method for certified daily definitions.
Intelligent Updater Definitions can be obtained here:
Rapid Release virus definitions are released slightly more than once per hour and are optimized for rapid deployment within an organization during a threat outbreak. They are passed through a somewhat lesser degree of testing than fully certified virus definitions, but they still maintain a relatively high level of quality. The primary risk in using Rapid Release virus definitions, although a relatively small risk, is potential false positive detections on a limited number of legitimate files. Rapid Release virus definitions are generally used as part of an overall security strategy where fully certified virus definitions are deployed under normal circumstances and Rapid Release virus definitions are deployed during outbreak situations. Most customers do not use Rapid Release virus definitions as their standard deployment package for desktops, although that is technically possible. Rapid Release virus definitions can more comfortably be deployed as a standard procedure on perimeter devices, such as email servers and web traffic gateways, as the risk posed by possible false positive detections on these systems only results in blocked traffic rather than disrupted desktop service. Rapid Release virus definitions are not available via LiveUpdate, which is the main difference between Rapid Release virus definitions and fully certified virus definitions in terms of deployment options. SAV and SEP customers can rest assured that they will be able to distribute microdefs delta packages to their endpoints when using Rapid Release packages. All versions of SEP support this capability. SAV users should read the following document for more detailed information on the use of Rapid Release virus definitions with SAV:
Rapid Release Definitions can be obtained here:
Q: What are the primary differences between Rapid Release Definitions and Daily Certified Definitions?
A: All new detections are compiled into Rapid Release as they are created. These definitions are released many times a day and represent the most current virus definitions available. Although these signatures have gone through a battery of tests, Rapid Release-quality virus definitions may pose some risks, such as the higher potential for false positives.
Q: When and where should I use Rapid Release virus definitions?
A: Symantec recommends using Rapid Release virus definitions:
On an Email or Gateway server, where false positives prove little or no risk.
On Servers and Desktops during a virus emergency, when Certified LiveUpdate definitions may not be available for new threats.
Important Note for users of Symantec AntiVirus Version 10.1.2 and earlier.
Newer versions of Symantec Software are designed to use a combination of Rapid Release and than native Virus Definition Transport Method (VDTM) more efficiently the earlier versions. For more information please read:
"Clients receive very large updates after updating Symantec AntiVirus Corporate Edition clients and servers with Rapid Release definitions."
Article URL http://www.symantec.com/docs/TECH103326