Manually Installing SAV Signatures with Deployment Server
carubin
March 31st, 2009
In our organization we have always thought of Symantec Antivirus and the Altiris workstation management products as complementary products. Since the major justifications for these systems are client security we felt that if the Symantec servers were somehow compromised we could turn to Altiris to make sure that our workstations are up to date in their virus signatures.
This document describes a method of manually updating Symantec virus signatures. This method can be done on a machine by machine basis or can be packaged for distribution by a software delivery mechanism such as Altiris.
1. In a web browser go to http://securityresponse.symantec.com/avcenter/download/pages/US-SAVCE.html
2. If you are trying to update a 32 bit Windows client, scroll to the section headed
Symantec Endpoint Protection Client installations on Windows platforms (32-bit)
click on the file that ends in i32.exe and save it to c:\temp (if it doesn’t exist, create it)
If you are trying to update a 64 bit Windows client, scroll to the section headed
Symantec Endpoint Protection Client installations on Windows platforms (64-bit)
click on the file that ends in i32.exe and save it to c:\temp (if it doesn’t exist, create it)
3. On the computer that you need to install the update the virus definitions make the that the directory c:\program files\common files\symantec shared\virusdefs\incoming exists. If it does not exist create it.
4. Run the executable created in step 2 with the following switches:
/extract /Q "c:\program files\common files\symantec shared\virusdefs\incoming"
For example:
c:\temp\20071105-016-i32.exe /extract /Q "c:\program files\common files\symantec shared\virusdefs\incoming"
This will silently search the drive for instances of Symantec Antivirus and updated the virus definition files
We have an Altiris job on our DS server that has the following steps
a) mkdir "c:\program files\common files\symantec shared\virusdefs\incoming"
b) .\Virussigs\20080128-018-x86.exe with parameters /extract /Q "c:\program files\common files\symantec shared\virusdefs\incoming" (where the signature file is named in step 2 above and has been copied to the Virssigs folder on the eXpress share).
In this way we have managed a quick and monitored roll out of signatures to our more mission critical workstations
Busy with Dwndp...
Great tip!
We are busy with Dwndp threat and it's a good way to double the chance to update asap the systems.
Thx!
virus on my pc
We are using symantec endpoint in our network and we still find viruses in our network what is cousing that.I need help to rid my network of virus infestation.
Regards
pruence
This is interesting...
Interesting concept but I have a question, are your machines managed or unmanaged? We have been using the SEPIC Component and as our machines are managed we can pretty much update defs as soon as they are released to Live Update Administrator.
We too mave the latest
We too mave the latest release: MR4 MP1a and religiously update virus definitions but still have infections. But the good thing is that SEPMv11 takes action by either cleaning or quarrantine the infection.
Thanks.
Nel Ramos
How to get the antivirus client 10.2 to recognize the new SAV?
Hi,
I have followed your guidance and notice files are expanded to the 'incoming' folder.
But, when I launch the anitvirus client 10.2 on my Windows 2008 64bt, it is still showing signature with date stamp of Oct08.
After rebooting the server, it is still showing signature file of Oct08.
Thanks in advance for your response.
Just read this article
Just read this article now...
Very informative...
many thanks...
Nel Ramos
Would you like to reply?
Login or Register to post your comment.