Video Screencast Help

How to manually update virus definition files on SEP v12 64-bit clients

Created: 20 Dec 2011 • Updated: 21 Mar 2012 | 8 comments
This issue has been solved. See solution.

Good  morning,

I am in need of a solution that will allow standard users to be able to manually update the virus definition files on their unmanaged SEP, version 12, 64-bit client PC.  We have many users in our organization who use computers that are NOT connected to any network and are used strictly as local workstations with local, non-administrator, login accounts.  These users use to be able manually update their SAV unmanaged client with the .xdb file, but I don't think that is an option for SEP, v12 64-bit.

I thought I found a promising article on the web, http://www.symantec.com/business/support/index?page=content&id=TECH104779&locale=en_US, but this really looks too convoluted for a standard user without admin privileges to have to do just to update virus definition files.  Since the local user has no admin privileges, they are unable to download the regular .exe file to update the definitions because policies configured on the image are set such that certain .exe files can only be run by an admin and when they attempt to do so, they are hit with the login credential box for the admin's login credentials.

I am hoping that there is a similar way with SEP to manually update the virus definition files on clients like we used with SAV, which was to download the .xdb file and burn it to a CD, then log onto the stand alone machine and copy the .xdb file into the C:\ProgramData\Symantec\Symantec Antivirus Corporate Edition\7.5.  After about 3-5 minutes, the virus definition files were updated.

Hoping that someone can help with an easy solution to this.  In the mean time, I will keep looking.

Thanks in advance,
Lawrin

Comments 8 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

How about downloading the Intelligent updater for the SEP 12.1 clients??

The Intelligent Updater is an executable file that can be used to update virus definitions for the Symantec Endpoint Protection client. To update the definitions, run either the Daily Certified or Rapid Release Intelligent Updater on the local computer.

Intelligent updater could be downloaded from:

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce

Check this Article:

How to update definitions for Symantec Endpoint Protection using the Intelligent Updater

http://www.symantec.com/docs/TECH102606

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

lwalker1958's picture

Thanks for the response.  Becuase of the way we have our machines configured, standard users are not able to usually install .exe files without admin privileges.  That is how it was under Windows Vista.  I have not tested this under Windows 7, maybe they changed something in th image.  I will test this.

Thanks

SMLatCST's picture

From the looks of the below article, you should be able to update a SEP client just by dropping a JDB file in a specific path on the target machine.

However, in order for this to work, the SEP client needs to be configured to "Enable Third Party Content Management".  As your target machine is not on the network, you cannot enable this via policy, so will have to export a new client installation package with this option already enabled.

Here's the article: http://www.symantec.com/docs/TECH104363

Hope this helps.

Mick2009's picture

IU would be the usual update method in teh circumstances described.  If that cannot work due to account permissions, dropping the .jdb file should work.

Please do keep this thread up-to-date with your progress, as I am sure future admins in teh same situation can benefit from the advice given! &: )

With thanks and best regards,

Mick

lwalker1958's picture

I think I might have this resolved.  With your input I think I figured out how to get this to work with some modifications.

First, our standard users are not able to run the IU without Admin privileges.  Second I was following the steps in the document that was provided in the link above (http://www.symantec.com/docs/TECH104363) however, in Step #6 of this document the path that is referenced does not exist on my clients. 

Then I got to reading about the Third Party Deployment so I went into my SEPM and changed the policy to also allow for that and then generated a new install package with this feature enabled, thinking that once I installed this that I would see the "inbox" folder in the path C:\Program Data\Symantec\Symantec Endpoint Protection.  Well I didn't, however, under C:\ProgramData\Symantec\Symantec Endpoint Protection\ there is a folder entitled 12.1.671.4971.105if.  There is an inbox folder under this location.  So I was logged on as a standard user to see if I could manually update the definitions with the .jdb file and when I tried I got access denied.  So I logged back on as the Administrator and changed the permissions of that folder to be full control for Everyone.  Then logged back in as the standard user and dropped the .jdb file in that folder, 

Almost immediately after dropping that file in there, another folder appeared with what looked like the name of the .jdb file followed by a series of numbers, and then almost immediately after it appeared, that folder as well as the .jdb file I dropped in there disappeared.

When I checked the dates on the definitions, they were updated to 5 Jan 12 (previously 4 Jan 12).  So I want to do some more testing on this, but I think it is working.

One note:  The client is primarily going to be stand alone, not connected to a network and unmanaged by a SEPM.  But in order to get this to work, I had to add the client to the network so that it would check in with the SEPM after I installed the package.  The shield icon in the system tray appeared with the green dot indicating that it was updated by the SEPM.  But I don't think this will have any affect on updating the client from here on out when it is off the network because I am able to drop the .jdb file to it.

So the instructions in the above referenced link worked, but the location of the inbox was not shown at the path listed in the document.  I plan to do a little more testing tomorrow and will update this post to hopefully resolve this issue.

Thanks

SOLUTION
Mick2009's picture

TPM is definitely a valuable update method that is starting to get more and more use.

Many thanks for taking the time to leave your detailed findings- these will be an excellent resource fof future admins in the same situation.

With best regards,

Mick

With thanks and best regards,

Mick

pete_4u2002's picture
  • Inbox folder path,

  • Pre-Vista operating systems, legacy clients:

    drive:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\inbox

  • Vista operating systems, legacy clients:

    drive:\Program Data\Symantec\Symantec Endpoint Protection\inbox

  • Pre-Vista operating systems, version 12.1 Symantec Endpoint Protection clients

    drive:\Documents and Settings\All Users\Application Data\Symantec\CurrentVersion\inbox

  • Vista operating systems, version 12.1 Symantec Endpoint Protection clients

    drive:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\inbox