How to manually update definitions for a managed Symantec Endpoint Protection Client using the .jdb file

Article:TECH104363  |  Created: 2008-01-07  |  Updated: 2014-09-09  |  Article URL http://www.symantec.com/docs/TECH104363
Article Type
Technical Solution



Issue



You would like to know how to update definitions for the Symantec Endpoint Protection (SEP) client using the .jdb file.

 


Cause



Please note that the antivirus .jdb file contains only antivirus/antispyware definitions and will not provide updated content for the firewall, IPS, SONAR and other features for the Symantec Endpoint Protection (SEP) clients.  

For releases prior to SEP 12.1 RU3, only AntiVirus definitions can be updated by downloading a standalone file such as a .JDB file or an IU. All other content types must be downloaded using LiveUpdate.

For SEP 12.1 RU3 and above, .jdb and .exe standalone updaters are available for SONAR ("Behavior-Based Protection") and IPS ("Network-Based Protection") definitions.  These are now available from Security Response's Virus Definitions & Security Updates page.

 


Solution



In a managed environment, the Daily Certified or Rapid Release .jdb file can be used to update virus definitions for the SEP client.  SEP clients will need to have third party content management enabled before a .jdb can be applied.

To update a managed client with a .jdb file:

  1. In the Symantec Endpoint Protection Manager (SEPM), go to Clients.
  2. Select the group in which the client or clients can be found that need to be updated manually.
  3. Edit the LiveUpdate Settings Policy.
  4. In the LiveUpdate Policy, choose Server Settings in the left pane.
  5. In the right pane, under Third Party Management, enable the option "Enable third party content management".
  6. On the SEP client, make sure that the client received the policy change by checking for the existence of the 'inbox' directory as following paths:

    SEP 11.x:
    %ALLUSERSPROFILE%\Symantec\Symantec Endpoint Protection\inbox

    SEP 12.1.x:
    %ALLUSERSPROFILE%\Symantec\Symantec Endpoint Protection\CurrentVersion\inbox

    (Please note that on SEP 12.1.x clients the \inbox directory is always present, please check the Policy serial number to ensure it is matching the serial number published by SEPM)

     
  7. Download the .jdb file from the Symantec Security Response Website:
    - http://www.symantec.com/avcenter/defs.download.html for Certified Definitions.
    - http://www.symantec.com/avcenter/rapidrelease.download.html for Rapid Release Definitions.
    Note: the file extension may change to .zip upon download. If this is occurs, change it back to .jdb.
  8. For each SEP client that needs to be updated, copy the .jdb file into the folder noted in #6 above.
  9. After a few minutes the .jdb file will be automatically processed. When complete, the client should reflect new antivirus definitions.

 

Troubleshooting


If a TPM update fails, the content copied to the inbox will be moved to a folder called "invalid". Possible reasons:
 

  •     TPM has not been enabled
  •     The file type is not supported
  •     The file structure is incorrect
  •     The content being installed via TPM is already installed or is older than what is installed

 

For more details on TPM and updates regarding SEP 12.1 clients, see HOWTO55228, "Using third-party distribution tools to update client computers"

 

 




Legacy ID



2008030710560348


Article URL http://www.symantec.com/docs/TECH104363


Terms of use for this information are found in Legal Notices