Determining the definitions available to clients on a Symantec Endpoint Protection Manager (SEPM)

Article:TECH92113  |  Created: 2009-01-30  |  Updated: 2012-05-18  |  Article URL http://www.symantec.com/docs/TECH92113
Article Type
Technical Solution


Issue



How to verify the current set of definitions/content available on a given SEPM in order to verify a client's health.


Solution



The content updates that a particular Symantec Endpoint Protection Manager has to offer to the clients that communicate with it are found in two places:

  1. SEPM Database
    First there is the database that the Manager is connected to. All Managers in a site have access to that site's database storage of content definitions. When one Manager's run of LiveUpdate succeeds in downloading new content, this is written to the database and is thereby made available to all other Managers in the site.


The content updates stored in the database can be viewed in the Manager under Admin > Servers > Local Site > Show LiveUpdate Downloads.


 

  1. IIS shared Content folder on SEPM
    If there is a particular suspicion that a Manager is failing to publish updates from the database properly, the next place to consider is the Manager's IIS content share folder located at:


C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content

This directory is where the definitions are published for client download. In this directory are subfolders corresponding to each of the different content types. The names of the folders are a long string of alphanumeric characters called a moniker. For example, {C60DC234-65F9-4674-94AE-62158EFCA433} corresponds to the 32bit Antivirus and Antispyware definitions. These monikers do not change with each content update; they remain the same over time but contain individual subfolders which contain different updates of that content.



Also in the ...Inetpub\content\ directory is the file ContentInfo.txt. This file maps the monikered folders to their human-readable content type. To determine what content the Manager has available to deliver to its clients you must open each content type-monikered folder and examine the numeric names of the subfolders contained therein.

The subfolders are named with the following convention:
ymmddrrr
where y = year, mm = month, dd = day and rrr = revision
 

Example of Monikers (ContextInfo.txt) from SEP 11.x:

{C60DC234-65F9-4674-94AE-62158EFCA433}: SESC Virus Definitions Win32 v11 - MicroDefsB.CurDefs - SymAllLanguages
{1CD85198-26C6-4bac-8C72-5D34B025DE35}: SESC Virus Definitions Win64 (x64) v11 - MicroDefsB.CurDefs - SymAllLanguages
{ECCC5006-EF61-4c99-829A-417B6C6AD963}: Decomposer - 1.0.0 - SymAllLanguages
{C13726A9-8DF7-4583-9B39-105B7EBD55E2}: SEP PTS Engine Win32 - 6.1.0 - SymAllLanguages
{DB206823-FFD2-440a-9B89-CCFD45F3F1CD}: SEP PTS Engine Win64 - 6.1.0 - SymAllLanguages
{EA960B33-2196-4d53-8AC4-D5043A5B6F9B}: SEP PTS Content - 6.1.0 - SymAllLanguages
{C25CEA47-63E5-447b-8D95-C79CAE13FF79}: Symantec Known Application System - 1.5.0 - SymAllLanguages
{812CD25E-1049-4086-9DDD-A4FAE649FBDF}: Symantec Security Content A1 - MicroDefsB.CurDefs - SymAllLanguages
{E1A6B4FF-6873-4200-B6F6-04C13BF38CF3}: Symantec Security Content A1-64 - MicroDefsB.CurDefs - SymAllLanguages
{E5A3EBEE-D580-421e-86DF-54C0B3739522}: Symantec Security Content B1 - MicroDefsB.CurDefs - SymAllLanguages
{CC40C428-1830-44ef-B8B2-920A0B761793}: Symantec Security Content B1-64 - MicroDefsB.CurDefs - SymAllLanguages
{D3769926-05B7-4ad1-9DCF-23051EEE78E3}: SESC IPS Signatures Win32 - 11.0 - SymAllLanguages
{42B17E5E-4E9D-4157-88CB-966FB4985928}: SESC IPS Signatures Win64 - 11.0 - SymAllLanguages
{4F889C4A-784D-40de-8539-6A29BAA43139}: SESC Submission Control Data - 11.0 - SymAllLanguages


Example of Monikers (ContextInfo.txt) from SEP 12.1:

{535CB6A4-441F-4e8a-A897-804CD859100E}: SEPC Virus Definitions Win32 v12.1 - MicroDefsB.CurDefs - SymAllLanguages
{07B590B3-9282-482f-BBAA-6D515D385869}: SEPC Virus Definitions Win64 (x64) v12.1 - MicroDefsB.CurDefs - SymAllLanguages
{C13726A9-8DF7-4583-9B39-105B7EBD55E2}: SEP PTS Engine Win32 - 6.1.0 - SymAllLanguages
{DB206823-FFD2-440a-9B89-CCFD45F3F1CD}: SEP PTS Engine Win64 - 6.1.0 - SymAllLanguages
{EA960B33-2196-4d53-8AC4-D5043A5B6F9B}: SEP PTS Content - 6.1.0 - SymAllLanguages
{D6AEBC07-D833-485f-9723-6C908D37F806}: SEPC Behavior And Security Heuristics v12.1 - MicroDefsB.CurDefs - SymAllLanguages
{C25CEA47-63E5-447b-8D95-C79CAE13FF79}: Symantec Known Application System - 1.5.0 - SymAllLanguages
{812CD25E-1049-4086-9DDD-A4FAE649FBDF}: Symantec Security Content A1 - MicroDefsB.CurDefs - SymAllLanguages
{E1A6B4FF-6873-4200-B6F6-04C13BF38CF3}: Symantec Security Content A1-64 - MicroDefsB.CurDefs - SymAllLanguages
{E5A3EBEE-D580-421e-86DF-54C0B3739522}: Symantec Security Content B1 - MicroDefsB.CurDefs - SymAllLanguages
{CC40C428-1830-44ef-B8B2-920A0B761793}: Symantec Security Content B1-64 - MicroDefsB.CurDefs - SymAllLanguages
{D3769926-05B7-4ad1-9DCF-23051EEE78E3}: SESC IPS Signatures Win32 - 11.0 - SymAllLanguages
{42B17E5E-4E9D-4157-88CB-966FB4985928}: SESC IPS Signatures Win64 - 11.0 - SymAllLanguages
{55DE35DC-862A-44c9-8A2B-3EF451665D0A}: SEPC CIDS Signatures v12.1 - MicroDefsB.CurDefs - SymAllLanguages
{4F889C4A-784D-40de-8539-6A29BAA43139}: SESC Submission Control Data - 11.0 - SymAllLanguages
{B6DC6C8F-46FA-40c7-A806-B669BE1D2D19}: SEPC Submission Control Data - 12.1 - SymAllLanguages
{EDBD3BD0-8395-4d4d-BAC9-19DD32EF4758}: SEPC Iron Whitelist v12.1 - MicroDefsB.CurDefs - SymAllLanguages
{810D5A61-809F-49c2-BD75-177F0647D2BA}: SEPC Iron Revocation List v12.1 - MicroDefsB.CurDefs - SymAllLanguages
{263395A0-D3D8-4be4-80B5-202C94EF4AA0}: SEPC Iron Settings v12.1 - MicroDefsB.CurDefs - SymAllLanguages



Legacy ID



2009013010395248


Article URL http://www.symantec.com/docs/TECH92113


Terms of use for this information are found in Legal Notices