Protection Engine for Network Attached Storage

#1. Pre Requisites:

• User must have administrator privilege on machine.
• User must have the required intelligent updater IU / Rapid release RR downloaded.
• All commands are in assumption that install directory is C. Command needs to be changed as per requirement

#2. Purpose :

• The usual process of updating Scan engine for NAS is through Live Update or internal LUA.
• In scenarios of threat or where manual updated is required, this method can be used.

#3. Location:

•  RR Link: ftp://ftp.symantec.com/AVDEFS/symantec_antivirus_corp/rapidrelease/sequence/
•  IU Link: http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=savce
• The latest numbered folder is to be used.
• In case the latest one is empty the previous one can be used

#4. File Details:

• IU: YYYYMMDD-nnn-i32.exe
• RR: symrapidreleasedefsi32.exe

I How to update: Method (1)

The methodology implied will be by manually extracting the definitions file and then having it place in the definition folder. The other way is to used the definitions of SEP installed on the Scan Engine computer (if Symantec Endpoint Protection is installed on it)

1. Create a folder names ‘CSAPIDefs’
2. Extract the definition to ‘CSAPIDefs’ using the following command.

• Run the command form the location where the definition file is kept.
• IU 64 Bit: YYYYMMDD-nnn-i32.exe /EXTRACT /Q "C:\Program Files (x86)\Symantec\Scan Engine\Definitions\AntiVirus\CSAPIDefs"
• IU 32 Bit: YYYYMMDD-nnn-i32.exe /EXTRACT /Q "C:\Program Files \Symantec\Scan Engine\Definitions\AntiVirus\CSAPIDefs"
• RR 64 Bit: symrapidreleasedefsi32.exe /EXTRACT /Q "C:\Program Files (x86)\Symantec\Scan Engine\Definitions\AntiVirus\CSAPIDefs"
• RR 32 Bit: symrapidreleasedefsi32.exe /EXTRACT /Q "C:\Program Files \Symantec\Scan Engine\Definitions\AntiVirus\CSAPIDefs"

3. The above process will extract the definition files into the newly created ‘CSAPIDefs’
4. Once the presence of content is confirmed restart, the Symantec Scan Engine service.
5. The signature and version can be confirmed form the Rapid Release option in the System Tab in the  Scan engine console

• At times it has been seen that the definition are not updated and are stuck at the old definitions.
  •  Stop the Symantec Scan Engine service.
  • Rename the ‘CSAPIDefs’ with the latest numbered folder ‘VirusDefs00000XXX’ in the definitions location.
  • Once file is renamed delete all the other ‘VirusDefs00000XXX’ files.
  • Once above action is completed restart the Symantec Scan engine service.
  • The definition can be checked on the Scan Engine console.

II How to Update: Method (2)

  This method will be using the definitions of Symantec Endpoint protection to update the Scan Engine. Once the definition file is placed on the Scan engine computer, the following steps needs to be followed.

** Warning** :This process will alter the registry and from this point on the same signatures will be shared by both SEP and Scan Engine.

1. Following commands needs to be entered in the command prompt.

• For 64 Bit: C:\Program Files (x86)\Symantec\Scan Engine\Definitions\AntiVirus\setup-iu.bat enable.
• For 32 Bit: C:\Program Files \Symantec\Scan Engine\Definitions\AntiVirus\setup-iu.bat enable

2. Once the command is executed the definitions file can be executed locally.
3. Once SEP is updated with the required signature the Symantec Scan engine service needs to restarted
4. Once service is restarted the definition can be verified from Scan Engine console.

**How to Update the same in Symantec protection Engine:

•  Stop the Symantec Protection Engine service.
• Copy the content of ‘CSAPIDefs’ and replace the ones in the folder ‘VirusDefs’ in the definitions location.
• Once replaced you may start back the Protection Engine service.
• The definition can be checked on the Scan Engine console.

Reference:

Title: Intelligent Updater is not working with Symantec Scan Engine 5.2 installed on 64-bit Operating System

Web URL: http://www.symantec.com/docs/TECH98061

Title: How to apply Intelligent Updater virus definitions manually to Symantec Scan Engine 5.x

Web URL: http://www.symantec.com/docs/TECH90925