Video Screencast Help

Backdating SONAR definitions

Created: 31 Oct 2013 • Updated: 07 Nov 2013 | 7 comments
This issue has been solved. See solution.

Hi everybody

Is it possible to backdate SONAR definitions on SEP12 RU1 MP1? I know it's possible with virus definitions.

We encounter massively strange behaviours since Monday, October 28th 2013.

Any help is appreciated.


Operating Systems:

Comments 7 CommentsJump to latest comment

Rafeeq's picture

Open sepm

policies LU

on the right hand side select LU content

scroll down to sonar and select the rollback.

Document to help you

pete_4u2002's picture

yes, its possible.

In the Policies section of the manager, highlight LiveUpdate.

  •  Select the LiveUpdate content tab, and edit the LiveUpdate Content policy.
  •  Under Security Definitions, use the radio button under SONAR heuristic signatures to Select a revision.
  •  Use the edit button to select an older revision for SONAR Heuristics engine 12.1 than is currently in use.

flutti's picture

Thank you guys, seems I simply overlooked this one. I'll keep you posted!

flutti's picture

How fast are these Definitions updated after selecting an older revision of the definitions?

Rafeeq's picture

the client will communicate with SEPM based on heart beat interval, its called push mode or pullmode

check which one you have in your network based on that it will be updated.

Here it is

flutti's picture

Well well ... The promised update on this topic:

The solution worked very well - Our issue could be worked around by backdating the SONAR definitions. Subsequently, we opened a case to further investigate what effectively has been causing the issue (long log off times when using roaming profiles on w7sp1).

Thanks again for the fast response!