Video Screencast Help

How Often Does SEP 12.1 Definitions Update?

Created: 22 Mar 2013 | 6 comments

We've noticed that the virus, IPS, and Download Protection definitions are updating each day.  However, our SONAR detections appear to be stuck on 3/1/2013 r11. 

My question is does SONAR update with the other definition packages, or is 3/1/2013 r11 the most current SONAR defnition?



Operating Systems:

Comments 6 CommentsJump to latest comment

Rafeeq's picture

AV will be updated every day and revisions ,Once in every 4 hours symantec

you can check the latest defs here

latest i see here is 

Behavior-Based Protection

Definitions Released: 3/5/2013
Extended Version: 3/1/2013 rev. 11
Nate3079's picture

OK, thanks Rafeeq. Interesting that SONAR doesn't update more frequently.

We submitted a SONAR false-positive exception request on 3/2/2013, and I'm wondering how long we'll have to wait until that exception takes place. With our existing SONAR definitions are the most current (3/1/2013 r11). We'll continue to monitor for a SONAR update. Thanks again.

ᗺrian's picture

Yes, that is the correct date for SONAR. It is not updated regularly like the others. More like every couple of weeks. The piece that updates is their internal whitelist.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

Wait till you get a confirmation email from Symantec about your false positives.

They would mention the Release date of the defs where its fixed in the email. once you get that, You can update the defs.

Have  a good weekend..

Mithun Sanghavi's picture


File-based AV - Updated daily (with SEP's Multiple Daily Definitions, certified content is typically released three times a day Monday through Friday; one time per day on weekends).

Network-Based Protection (IPS)- SEP Security Updates (SU) are generally updated on Weekdays (M-F - no releases scheduled for weekend or major holidays in the United States).

Behavior-Based Protection / Proactive Threat Protection - There is no set schedule.  The article linked below contains additional information.

Reputation-Based Protection (Insight) - Continually updated as it is a cloud based detection.

For additional details please visit:


How often are Endpoint Protection definitions for IPS, SONAR, and Download Protection released?

Secondly, check this Thread :

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Chetan Savade's picture


One more helpful article

Centralized Reputation Settings 12.1" appears not to update in Symantec Endpoint Protection Manager

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<