How to slipstream newer virus definitions into the Symantec Endpoint Protection for Macintosh installer package

Article:TECH144098  |  Created: 2010-11-12  |  Updated: 2014-05-02  |  Article URL http://www.symantec.com/docs/TECH144098
Article Type
Technical Solution


Issue



The current installer for Symantec Endpoint Protection (SEP) 11/12.1 for Macintosh does not include up to date virus definitions. As a result, after the client is installed, a LiveUpdate download of the current virus definitions is required to get the client up to date with virus protection.


Environment



Mac OS X


Solution



A current set of virus definitions can be slipstreamed into the installer for Symantec Endpoint Protection for Macintosh (SEP for Macintosh) before deployment to the client. The install package can be either the managed package exported from the Symantec Endpoint Protection Manager (SEPM), or the unmanaged package found in the current SEP download.

Note that in future versions of SEP for Macintosh, it may not be possible to do this and you may want to consider an alternate method of including new defintions with your deployment, such as copying definitions from an existing up-to-date client.

To slipstream the virus definitions in SEP 12.1 RU3 or older, download the current Macintosh virus definitions Intelligent Updater for Symantec Endpoint Protection for Macintosh from http://securityresponse.symantec.com and follow instructions below.

SEP 12.1 RU4

The Intelligent Updater is not compatible with SEP 12.1 RU4 for Macintosh, but you can copy definitions from an up-to-date SEP for Macintosh client and update the installer using the following steps:

  1. On an existing up-to-date SEP for Macintosh installation, navigate to:
    /Library/Application Support/Symantec/AntiVirus/
    ... and copy the engine.mfst file and the newest numbered folder (they are named in yyyymmdd.rev format)
     
  2. Go to the SEP for Macintosh installer; right-click on the "Symantec Endpoint Protection Installer" and choose "Show Package Contents"
     
  3. Go to Contents/Additional Resources/ and double-click on the SEPDEFS.zip to expand it.
     
  4. Go to SEPDEFS/Symantec/tmp/ and delete the numbered folder there and replace it with the one copied in step one. Edit the itemseqdata file with a text editor and change the entry there to reflect the new numbered folder name.
     
  5. Go to SEPDEFS/Application Support/AntiVirus/ and delete engine.mfst and replace it with the file copied in step one. Rename the new file to engine.mfst.backup.
     
  6. Go to root of SEPDEFS folder, select all folders there (Application Support and Symantec), right-click, and Compress. Rename Archive.zip to SEPDEFS.zip and use this file to replace the one in "Additional Resources" of step three.
     
  7. Delete the expanded SEPDEFS folder in "Additional Resources"

SEP 12.1 RU2 to RU3

On a Macintosh:

  1. Unzip both the the Intelligent Updater (SymantecAVDefs_Intel.pkg) and the SEP for Mac installer package.
  2. Right-click and choose "Show Contents" of  the SymantecAVDefs_Intel.pkg
  3. Extract Contents/Archive.pax.gz by double-clicking... should create a Contents/Library folder
  4. Copy the files under Library/Application Support/NAVEngineTmp/
  5. Go to the SEP for Mac installer files and the "Additional Resources" folder
  6. Extract SEPDEFS.zip by double-clicking.
  7. Replace files in the SEPDEFS/Symantec/tmp/Engine/ with those copied in step 4
  8. Recreate the SEPDEFS.zip to include the folder tree correctly as before; e.g. select all folders within SEPDEFS, right click, and choose "Compress"... rename Archive.zip to SEPDEFS.zip, use it to replace original zip file, and remove the SEPDEFS folder.

Your SEP for Mac installer files now included updated definitions.

Older versions of SEP

On a Macintosh:

  1. Unzip both the the Intelligent Updater and the SEP for Mac installer package.
  2. Right click (or Control-click) on the Intelligent Updater installer (SymantecAVDefs_Intel.pkg for Intel, SymantecAVDefs_ppc.pkg for PowerPC) and select "Show Package Contents."
  3. Open the Contents folder and select all files in Contents along with the Resources folder.
  4. Right click (or Control-click) on the selected files and folder and select "Copy," or from the Edit menu in the menu bar select "Copy."
  5. Close the Intelligent Updater installer package.
  6. Right click (or Control-click) on the SEP for Mac installer and select "Show Package Contents."
  7. Open the Contents folder.
  8. Open the Resources folder.
  9. Right click (or Control-click) on the NAVDefs.pkg file and select "Show Package Contents."
  10. Open the Contents folder.
  11. In the Contents folder, Right click (or Control-click) and select "Paste" or select "Paste" from the Edit menu of the menu bar.
  12. When prompted by the Copy process about older files with the same name existing in the copy destination, check "Apply to All" and click "Replace."
  13. Once the file copy process is complete, open the Resources folder.
  14. In the Resources folder, delete the file "verschk."
  15. Close the SEP for Macintosh installer package. You are now ready to deploy or otherwise install SEP for Macintosh with current virus definitions to the client workstation.

On a Windows-based system:

  1. Unzip both the the Intelligent Updater and the SEP for Mac installer package. On a Windows system, the installer packages will appear as folders.
  2. Open the Intelligent Updater installer (SymantecAVDefs_Intel.pkg for Intel, SymantecAVDefs_ppc.pkg for PowerPC) folder.
  3. Open the Contents folder and select all files in Contents along with the Resources folder.
  4. Right click on the selected files and folder and select "Copy," or from the Edit menu in the menu bar select "Copy."
  5. Close the Intelligent Updater installer folder.
  6. Open the folder representing the SEP for Mac installer.
  7. Open the Contents folder.
  8. Open the Resources folder.
  9. Open the NAVDefs.pkg folder
  10. Open the Contents folder.
  11. In the Contents folder, Right click and select "Paste" or select "Paste" from the Edit menu of the menu bar.
  12. When prompted by the Copy process about older files with the same name existing in the copy destination, allow the files to be overwritten.
  13. Once the file copy process is complete, open the Resources folder.
  14. In the Resources folder, delete the file "verschk."
  15. Close the SEP for Macintosh installer folder. You are now ready to deploy or otherwise install SEP for Macintosh with current virus definitions to the client workstation.

 


Supplemental Materials

SourceETrack
Value3500952
Description

How to slipstream current defs into SEP for Mac installer





Article URL http://www.symantec.com/docs/TECH144098


Terms of use for this information are found in Legal Notices