How to Share Virus Definitions Between Symantec Endpoint Protection (SEP) and Symantec Mail Security for Microsoft Exchange (SMSMSE) on a 64 bit Operating System Without Internet Access

Article:TECH122702  |  Created: 2010-01-25  |  Updated: 2014-01-08  |  Article URL
Article Type
Technical Solution


You have a 64 bit system that does not have Internet access. As a result LiveUpdate cannot obtain new virus definitions.

SEP is staying up to date via a parent server (or any other method) but Symantec Mail Security for Microsoft Exchange(SMSMSE) is not. You would like a method to share definitions between the two products.




  • Server on which SMSMSE is installed has no Internet Access
  • SMSMSE version 6.0.9 and later
  • Operating System is 64 bit
  • SEP version 12.0 and lower

SEP 12.1 and higher use a virus definition structure different than SMSMSE.  This definition structure cannot be shared.



SMSMSE uses a different directory structure than SEP on 64 bit systems for the Virus Definition Hawking directory.

See the Technical Information section of following article which contains details on the SMSMSE virus definition directories: Virus Definition Update Methods Available for Symantec Mail Security for Microsoft Exchange (SMSMSE).


Use a script to copy the definitions from the SEP Hawking directory to the SMSMSE Hawking directory.

1. Download the attached Powershell script and save the file to the following directory:

Windows 2003: C:\Program Files(x86)\Common Files\Symantec Shared\SymcData\virusdefs32
Windows 2008: C:\ProgramData\Symantec\Definitions\SymcData\virusdefs32

2. Right click on the script and select Properties.
3. Click the Unblock button if it appears at the bottom of the Properties dialog box.
4. Ensure that Powershell can run unsigned scripts.

a. Start a Powershell session from a command prompt by entering the following command: powershell
b. Type the following command followed by Enterget-executionpolicy
c. If the value of this is not RemoteSigned or Unrestricted then set the policy to allow unsigned script by typing the following command followed by Enter: set-executionpolicy RemoteSigned
d. Exit the powershell command by typing exit.

Steps to Perform a One-Time Update

1. Open a command prompt (if Windows 2008 User Account Control is on run the command prompt as Administrator) and run the following command:

powershell <path>\copydefs.ps1

NOTE: Change <path> to the full path where the script is saved.  For example: C:\ProgramData\Symantec\Definitions\SymcData\virusdefs32\copydefs.ps1.

2. Open the SMSMSE console, or Refresh the console view. SMSMSE should now display the same set of definitions as the SEP client on the server.

NOTE:  When running the script you may see the following error message:

File C:\ProgramData\Symantec\Definitions\SymcData\virusdefs32\copydefs.ps1 cannot be loaded. The file C:\ProgramData\Symantec\Definitions\SymcData\virusdefs32\copydefs.ps1 is not digitally signed.

Use the following powershell command to allow running of unsigned powershell scripts:

set-executionPolicy RemoteSigned

See the following article for details on powershell script signing: Signing PowerShell Scripts.

Steps to Automate Definition Sharing OnGoing

Use Windows Task Scheduler to run the script on a regular basis.  For detailed information about the task scheduler in Windows Server 2008 see:

Windows 2008

1. Open the Task Scheduler (Control panel -> Administrative Tools -> Scheduled Tasks).
2. Under the Actions pane on the right hand side of the task scheduler, click Create Basic Task....
3. Name the task something descriptive, such as SMSMSE Virus def update and click Next.
4. Under When do you want the task to start? click When a specific event is logged and click Next.
5. Under the Log dropdown select Application.
6. Under the Source dropdown select Symantec AntiVirus.
7. In the Event ID box type the number 7 (the event id corresponding to a SEP virus definition update) and click Next.
8. Under What action do you want the task to perform? select Start a program and click Next.
9. Enter powershell.exe in the Program/script textbox.
10. Enter copydefs.ps1 in the Add Arguments textbox.
11. Enter the following directory in the Start in textbox: C:\ProgramData\Symantec\Definitions\SymcData\virusdefs32.
12. Click Next.
13. Click the Open the Properties dialog for this task when I click Finish. Then click the Finish button.
14. Select the Run whether user is logged on or not radio option.
15. If User Account Control is on check the Run with highest privileges checkbox.
16. Click the OK button to close the task.

Windows 2003

1. Open the Add Scheduled Task wizard (Start -> Control Panel -> Scheduled Tasks -> Add Scheduled Task).
2. Click Next and then click Browse...
3. Enter C:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe and click Open.
4. Give the task a descriptive name and select how often to perform the task (Daily is the most common choice).
5. Choose a time slightly after SEP's update schedule, specify Every day and leave the Start date as default and click Next.
6. Enter the credentials for a local administrator on the Exchange server and click Next.
7. Check the Open advanced properties for this task when I click Finish checkbox.
8. Click Finish.
9. In the Run textbox enter the following: C:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe C:\Program Files(x86)\Common Files\Symantec Shared\SymcData\virusdefs32\copydefs.ps1
10. Click the OK button to close the scheduled task.


Technical Information

  SMSMSE Hawking Directory SEP Hawking Directory
Windows 2003 x64 bit C:\Program Files(x86)\Common Files\Symantec Shared\SymcData\virusdefs32 C:\Program Files(x86)\Common Files\Symantec Shared\VirusDef
Windows 2008 x64 bit C:\ProgramData\Symantec\Definitions\SymcData\virusdefs32 C:\ProgramData\Symantec\Definitions\VirusDefs




Powershell script to copy definitions from SEP Hawking Directory to SMSMSE Hawking Directory
copydefs.ps1 (4 kBytes)

Supplemental Materials


Legacy ID


Article URL

Terms of use for this information are found in Legal Notices