Endpoint Protection

Hi,

We have recently got SEP, and would like to update the single .EXE install package with the latest definitions, which we would recreate daily so any new builds would be as near up to date as we can get.

However, not having much luck with this. If we don't create a single .EXE package, then replacing the VDefHub.zip file that is exported with the latest one is easy, but the single .EXE is almost half the size and we'd prefer this route.

I have tried replacing the VDefHub.zip file in the following locations:

<svr>\c$\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\7a19f9a883d38469ad662ed2c32d1baf\full.zip
<svr>\c$\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\7a19f9a883d38469ad662ed2c32d1baf\full
\\mgtsep01.z.com\c$\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\714a0ad3b56f1cb8482fef9dcdcaa8f5\full.zip
\\mgtsep01.z.com\c$\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\714a0ad3b56f1cb8482fef9dcdcaa8f5\full

... but this makes no difference. I found this article from these forums some time ago, but it died without any resolution.

Can anyone help, or is having the same issues?

Thanks in advance

Joe.
 

I was trying to do this same thing for a while.  I eventually called Symantec because I had seen a thread where Paul Murgatroyd mentioned that they had a batch file to do exactly what you're trying to do.  When I contacted Symantec, tech support had no knowledge of such a file.  They told me I would have to PM Paul in order to hopefully obtain the file.  I did PM him but never got a resposne.  I think we have decided to just create full packages.  We've found that it's much easier to add the vdefhub, etc.  We also get more accurate reporting for the installs back through SCCM this way.  Also, if you put the full package in a simple .zip it does a decent job of compressing it.  For me a full package is 133mb and the same package in a .zip is 83mb.

Hi Joe,

This isn't really an answer to your question but it is the path I'm taking to solve this, and other, issues.

This what I "believe" is the process:

When the SEPM exports a package it dumps all the files it needs into a directory, runs a utility called Packlist against the directory to generate the packlist.xml which seems to be a list of all the files in the package and their checksums, etc...

After Packlist is done the whole directory is zipped (using parameters I'm not sure of). The zipped file is then run through an SFX generator called MakeSFX (again using switches I'm not %100 sure of). What comes out the other end is the Setup.exe installer package.

What I have been trying to do is breakdown the SEPM packaging process so that I can do a few things, 1) update the virus defs, 2) update the IPS sigs 3) modify setAid. Then repackage manually using the programs above.

I have made some progress, but I'm not all the way there.

I would imagine that the steps above using packlist and makeSFX are security measures put in place by Sygate to help prevent bad guys from compromising the install package.

If there is an easier way to create a modifed package, I'm unaware of it.

Someone had mentioned to me that in the SEPM you can "Add Client Install Package" and point to a directory with all the modified files...but when I've tried, I get an error about a duplicate name. I don't want to delete my standard packages, I just want to add a new one or two with custom settings.

Hope this helps,

-Mike

Thanks to you both, food for thought. I'll have a play and see what I can do with your workarounds.

Seems odd to me that Symantec haven't incorporated something so fundamental into their package creation!