Video Screencast Help

How to Customize Symantec Endpoint Recovery Tool (3rd Party Utility Integration)

Created: 21 Jun 2012 • Updated: 21 Jun 2012 | 3 comments
Language Translations
EfrainO's picture
+5 5 Votes
Login to vote

 This document provides step-by-step instructions to customize the Symantec Endpoint Recovery Tool. The Symantec
Endpoint Recovery Tool is a bootable ISO image provided by Symantec, typically from the
site. A SEP product serial number or registered license will be required to download from Fileconnect. The SERT disk is used to
boot from a CD-ROM drive and scan a system with the main Operating System in a non-running state in order to improve
chances of detecting hard to find malware.

Instructions in this whitepaper are not supported by Symantec. Instructions provided as-is.

The first objective of the document is to show how to create the SERT Disk with extra utilities for malware identification, capture and response.
The second objective in this document is to make the customized SERT disk bootable from USB media.

Comments 3 CommentsJump to latest comment

Mick2009's picture

The unsupported instructions in this new white paper will be of great use to security admins. "Thumbs up" from me.

For convenience, here are links to Symantec's brief articles containing the supported steps:

How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions
Article: TECH131732   |  Created: 2010-01-15   |  Updated: 2011-04-08   | 
Article URL

How to make the Symantec Endpoint Recovery Tool boot from a USB memory stick
Article: TECH131578   |  Created: 2010-01-08   |  Updated: 2011-12-02   | 
Article URL 

With thanks and best regards,


Login to vote
ℬrίαη's picture

Very helpful whitepaper! Thanks for posting.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Login to vote
Ed A's picture

Editing the WIM file is not necessary in the 2014 SERT --- the definitions are stored in that version under /sources/symantec_nbrt/virusdef/ and you can update the contents of that folder on the bootable SERT USB media after it is created. You can also use an ISO editor to update that folder in the SERT ISO before burning it to DVD.

Unzip the JDB file. Rename the unzipped folder to yyyymmdd.rrr (the date/revision of the definitions, found in the unzipped files at bottom of text file catalog.dat under [VerInfo]). Drop the new numbered folder into /sources/symantec_nbrt/virusdef, delete the old numbered folder, and change definfo.dat and usage dat accordingly.

Login to vote