Video Screencast Help

Creating a group for testing definitions before deployment

Created: 17 Jul 2013 • Updated: 18 Jul 2013 | 6 comments

I need help figuring out how to create a test group on which to test an AV definition package before deployment. There was one other posting on this I found, but I couldn't make sense out of the responses. The only thing I got out of it was how to enable Active Directory authentication for administrators.

We have SEPM 12.1 installed on Windows Server 2008 Ent. All the managed clients are Windows 7 Ent. This is an intranet that is not connected to the internet so I don't use LiveUpdate. I have a site I visit to download .jdb definition update files and drop them in the server /incoming folder for distribution to clients.

We only use Antivirus and Anti Spam, not the firewall, intrusion detection or other features.

What I would like to do is figure out how to create a computer group that would receive the new definition .jdb file first, in order to evaluate it for any possible conflicts or problems before deploying it to the rest of the enterprise.

I don't see an intuitive way to do this.

Does anyone have a link, tutorial, or could describe how I would do this in the environment I've described above?

Thanks for any and all assistance.

Operating Systems:

Comments 6 CommentsJump to latest comment

ᗺrian's picture

This could be challenging.

In the LU policy, uncheck the setting to use default management server for updates and assign it to your groups.

Create the new test group and uncheck inheritance and assign it a separate LU policy to get updates from the SEPM.

You can than update the SEPM using JDB file and only that test group should get updated.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Highspeedlane's picture

It’s not going to be possible in my environment. With SEPM, you must choose either the default management (SEPM) server, a Group Update Provider (which gets its updates from the DMS anyway and serves only to reduce server bandwidth load in large environments) or an internal or external LiveUpdate Server in conjunction with LiveUpdate Administrator.

The internal LiveUpdate server can be used with LiveUpdate Administrator which *does* allow the testing of definitions, but it can’t be deployed in my environment because the internal LUA needs to connect to online Symantec LUA servers at some point, and my network is completely air gap, so that’s not going to work. I can’t set up any LUA at any point along the way that would be able to connect to Symantec LUA servers.

Perhaps in future releases Symantec will incorporate the ability of SEPM to selectively distribute updates to a computer group rather than a blanket 100% distribution. This is the only solution for environments such as mine that are isolated completely from the Symantec LUA servers.

Rafeeq's picture

On your test group , Enable only Third party Management option ( this does not need to enable LU or default management option) then manually paste the jdb files on these clients

How to manually update definitions for a managed Symantec Endpoint Protection Client using the .jdb file

AjinBabu's picture


I am agreeing with rafeeq's comments.

Use third part management option to update test clients.



pete_4u2002's picture

even if you apply fault definition, you can roll back using the SEPM LU policy to the desired/working definition.

Beppe's picture


LiveUpdate Administrator is a good tool which allows to split the content deployment between a test and a production environment, here is a introduction to it:

It is not recommended to add such complexity to small environments, if you are dealing with a big network, then LUA should meet your needs in a more structured way.