Symantec Endpoint Protection 11.0.x: How to manually force the creation of content deltas

Article:TECH106032  |  Created: 2008-01-25  |  Updated: 2013-01-16  |  Article URL
Article Type
Technical Solution


Is there a way to manually generate a content delta request (for definitions) or client update patches (for Symantec Endpoint Protection client upgrades) on the Symantec Endpoint Protection Manager (SEPM)?




When Symantec Endpoint Protection (SEP) clients check in with their Symantec Endpoint Protection Manager (SEPM) during a heartbeat, they compare versions of available content (definitions) on the SEPM with what is on the SEP client.  If newer materials are available on the SEPM, they can often receive a small "delta" update that includes the changes, rather than having to download the full update .zip.  The SEPM generates these deltas automatically as clients request them.  If an upgrade package is assigned to the client group, the same process can be done to provide a small package to auto-upgrade the client from one version of SEP to a newer release.

This page describes how to manually request the SEPM to generate a delta of either content or client update packages using a web browser to invoke the service, rather than allow the deltas to be generated automatically.

Note: This only works when using Internet Explorer on the computer hosting the Symantec Endpoint Protection Manager server.

Format of a content delta request

The URL follows this format:
http://localhost:9090/servlet/AgentServlet?ActionType=GenerateDelta&Method=<deltaMethod>&Moniker=<moniker>&SrcSeq=<src sequence number>&DstSeq=<destination sequence number>

Symantec Endpoint Protection 11.0 RTM (11.0.780) through MR2 (11.0.2) did not support the XDelta method so for these versions do not include the Method parameter:
http://localhost:9090/servlet/AgentServlet?ActionType=GenerateDelta&Moniker=<moniker>&SrcSeq=<src sequence number>&DstSeq=<destination sequence number>

The <src sequence number> is the folder name under the specific content moniker directory. Likewise for the <destination sequence number>.

The valid values for the Method parameter are defined below. Method=4 is recommended for Symantec Endpoint Protection Manager 11.0 MR3 (11.0.3) and later since it is considerably faster.

// @deprecated - Symantec Endpoint Protection 11.0 through 11.0 MR2 pass this value
const DWORD FULL = 1;
// Force server to return full content - used for testing only
const DWORD MDEF = 2;
// Mdef25builder package that can be decompressed by clients using patch25.dll
const DWORD XDELTA = 4;
// Xdelta package used by Symantec Endpoint Protection 11.0 MR3 and later clients // Additional values must be twice previous value to form a valid bitmask field (ex. 8, 16, 32).

Content Example

The x32 VirusDefs folder(Moniker={C60DC234-65F9-4674-94AE-62158EFCA433}):

    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}

Source Directory (SrcSeq=71218052):

    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}\71218052

Destination Directory (DstSeq=71219007):

    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}\71219007

Example of a content delta request:


Also, if there is a zero byte deltaXXX.dax file in the destination folder, this will block deltas. Delete it.

The ContentInfo.txt provides the monikers and what they "mean":

{C60DC234-65F9-4674-94AE-62158EFCA433}: SESC Virus Definitions Win32 v11 - MicroDefsB.CurDefs - SymAllLanguages
{1CD85198-26C6-4bac-8C72-5D34B025DE35}: SESC Virus Definitions Win64 (x64) v11 - MicroDefsB.CurDefs - SymAllLanguages
{C25CEA47-63E5-447b-8D95-C79CAE13FF79}: Symantec Known Application System - 1.5.0 - SymAllLanguages
{812CD25E-1049-4086-9DDD-A4FAE649FBDF}: Symantec Security Content A1 - MicroDefsB.CurDefs - SymAllLanguages
{E1A6B4FF-6873-4200-B6F6-04C13BF38CF3}: Symantec Security Content A1-64 - MicroDefsB.CurDefs - SymAllLanguages
{E5A3EBEE-D580-421e-86DF-54C0B3739522}: Symantec Security Content B1 - MicroDefsB.CurDefs - SymAllLanguages
{CC40C428-1830-44ef-B8B2-920A0B761793}: Symantec Security Content B1-64 - MicroDefsB.CurDefs - SymAllLanguages
{D3769926-05B7-4ad1-9DCF-23051EEE78E3}: SESC IPS Signatures Win32 - 11.0 - SymAllLanguages
{42B17E5E-4E9D-4157-88CB-966FB4985928}: SESC IPS Signatures Win64 - 11.0 - SymAllLanguages
{4F889C4A-784D-40de-8539-6A29BAA43139}: SESC Submission Control Data - 11.0 - SymAllLanguages

Client Update Patches

Client Patches work in a similar fashion, but with minor differences.

First, the ActionType should be changed from "GenerateDelta" to "GeneratePackageDelta".

Second, the main folder is this:

    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\

Third, the folder structure does not give one the moniker needed for the URL. One would have to use the LuSesmContentCatalog.xml (located in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\content).

Fourth, the SrcSeq and DstSeq fields of the URL are filled by the source and destination "ID" named folders:

    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\c8abbff8e87242e6259d0e0102ea1a34


http://localhost:9090/servlet/AgentServlet?ActionType=GeneratePackageDelta&Method=4&Moniker=<moniker>&SrcSeq=<src id>&DstSeq=<destination id>




Legacy ID


Article URL

Terms of use for this information are found in Legal Notices