How to apply rapid release definitions to a Symantec Endpoint Protection (SEP) client.

Article:TECH104979  |  Created: 2008-01-21  |  Updated: 2010-10-06  |  Article URL http://www.symantec.com/docs/TECH104979
Article Type
Technical Solution


Environment

Issue



Does applying the Rapid Release definitions work the same way as it did with the SAV 10.x product?
How do I apply rapid release definitions to an unmanaged SEP client?
How do I apply rapid release definitions to the Endpoint Protection Manager (SEPM) so they will be distributed to all clients?
I have a new virus that is not yet part of the certified definition set and I need to apply rapid release definitions in response to an infection.

 


Cause



The primary focus of the rapid release definitions are the rapid detection of newly emerging threats and they may be augmented later with more robust detection capabilities.

Rapid release definitions are not fully certified and therefore must be manually applied to clients or manually installed to their manager, as they are not applied via LiveUpdate.


Solution



Rapid release virus definitions have undergone basic quality assurance testing by Symantec Security Response. The primary focus of these definitions are the rapid detection of newly emerging threats and they may be augmented later with more robust detection capabilities. While Symantec Security Response makes every effort to ensure that all virus definitions function correctly, you should understand that rapid release-quality virus definitions do pose some risks such as the higher potential for false positives. Rapid release definitions are most useful for perimeter defenses or for all protection tiers as a means of mitigating fast spreading virus outbreaks.

Rapid Release virus definitions come in two formats:

  1. Intelligent Updater executable files - can be used to update individual SEP Clients
  2. JDB rapid release definition files - can be used to update SEPM, which in turn can distribute the definitions to all the associate clients.

Note: before applying a JDB of rapid release definitions to your SEPM, it is advisable to apply manually update some of your SEP clients with the Intelligent Updater executable to reduce the chance of false positives.

To manually update a SEP client

  1. Go to the rapid release virus definition website
  2. Download the appropriate .exe file for your SEP version and Operating System
    • symrapidreleasedefsv5i32.exe for SEP installed on 32 bits OS
    • symrapidreleasedefsv5i64.exe for SEP installed on 64 bits OS
  3. Run the file on the clients you whish to update and follow the instructions on the screen.
  4. After a successful update you should see the following message:
    •  Intelligent Updater session complete. 
  5. Open the SEP client and observe that the definitions date for the "Antivirus and Antispyware protection" has changed.

Note:

in case the Intelligent Updater executable fails, you can also locally update managed SEP clients (clients which are associated with a SEPM) with the option "Third third party content management" and a JDB file. Please consult the document "TECH104363 -  How to manually update definitions for a managed Symantec Endpoint Protection Client using the .jdb file" for more information

To update your Symantec Endpoint Protection Manager

1. Go to the rapid release virus definition website
2. Download the JDB file
3. Follow the document "TECH102607 - How to update definitions for Symantec Endpoint Protection Manager using a JDB file" to update your SEPM using the Rapid Release JDB.
4. The SEP clients that are updating from this SEPM should start getting the new version according to your LiveUpdate configuration.


 




Legacy ID



2008052116163448


Article URL http://www.symantec.com/docs/TECH104979


Terms of use for this information are found in Legal Notices