Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

offline update symantec endpoint protection manager

Created: 06 Jan 2011 • Updated: 09 Mar 2011 | 10 comments
This issue has been solved. See solution.

i have a lan that not connect to internet and install  symantec endpoint protection manager  on server domain and instal  symantec endpoint protection  client on clients

now i have update symantec endpoint protection manager offline that clients too update 

plese help me . but befor test it becaus some body help me in metod that not work

Comments 10 CommentsJump to latest comment

P_K_'s picture

There are 2 alternative

1. Use jdb (Jdb would only update the AV and AVS defs)

2. USe LUA

 How to update definitions for Symantec Endpoint Protection Manager using a JDB file

http://www.symantec.com/docs/TECH102607

OR

Install LiveUpdate Adminstrator on a machine that has acess to the internt  and configure the SEPM' to download updates from LUA 

 

Best Practices for LiveUpdate Administrator (LUA) 2.x

http://www.symantec.com/docs/TECH93409

 

How to update content on a Symantec Endpoint Protection Manager that doesn't have Internet access 

http://www.symantec.com/docs/TECH104893

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

SOLUTION
sandeep_sali's picture

 

One option is to install LiveUpdate Administrator 2.x (LUA 2.x) on a server that does have access to the Internet, and configure it to supply content at a Distribution Center (DC) that the SEPM can access. Configure the Symantec Endpoint Protection Manager to retrieve updates from this Distibution Center. See the following documents for more information:

An alternative option for updating Antivirus and Antispyware definitions only are explained in the following document:

 

Without using Liveupdate Administrator 2.x, there currently is no way to update the Proactive Threat Protection (PTP) and Network Threat Protection (NTP) definitions on the Endpoint Protection Manager.

Please note that, without direct Internet access, some features of the SEPM will not be able to function. One example is the Security Response box on the SEPM interface.

 

The file *. JDB can be used to update the virus definitions for Symantec Endpoint Protection Manager. 
Please note that the .JDB file only contains antivirus/antispyware definitions and will not provide updated content for the firewall component for the SEP clients.

Use the .JDB Daily Certified definitions or the .JDB Rapid Release definitions to update Symantec Endpoint Protection Manager content. Please note that the consistent use of the Rapid Release definitions is not encouraged by Symantec and the use of the Rapid Release definitions is intended to be used on a case by case basis to mitigate a possible virus outbreak. Under normal conditions, Symantec strongly encourages customers to use the Daily Certified definitions for routine use. 

If you are unsure as to which definitions set you should use, please contact Symantec Support for guidance.

To Download the .JDB Daily Certified definitions:

  1. In a browser, go to the following URL: http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce
  2. On the next web page, "Symantec Endpoint Protection / Symantec Antivirus Corporate Edition", there are multiple headings/product categories presented. Be aware that each set of definitions available are grouped by 32 bit or 64 bit product installation sets. Download the correct (32 bit or 64 bit) .JDB file according to the Windows platform where the Symantec Endpoint Protection Manager is installed and save the file to the Windows desktop.

To Download the .JDB Rapid Release definitions:

  1. In a browser, go to the following URL: http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr
  2. Download the available .JDB file and save the file to the Windows desktop.

To use the .JDB file to update definitions for Symantec Endpoint Protection Manager:

  1. After downloading, rename the file extension from ".zip" to ".jdb". (Most browsers detect the file type and automatically change the extension. This must be changed back to .JDB for use in the SEPM.)
  2. Copy the .JDB file to the "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming" (The location listed in this line is the default installation location and is presented as an example only).
  3. In a period of time from 30 seconds to a minute, the .JDB file will be processed. As the .JDB file is processed, all files and subfolders are removed from the "Incoming" folder.

Verify that the SEPM content is updated:

  1. To verify that the SEPM content has been updated, look in the following folders:
    32-bit definitions: "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}"
    64-bit definitions: "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{1CD85198-26C6-4bac-8C72-5D34B025DE35}"
  2. Typically, there will be 3 numbered folders present. The folder naming convention is "yymmddxxx". For example "100602034". This is the date and build (revision) number of the definition set installed. Please note that the definition set installed may have been published the previous day and a set for the current day may not yet be available.
  3. Looking inside the folder that matches the set downloaded and installed, there should be a folder named "Full" and a zip file named "Full.zip".
  4. Looking inside the "Full" folder, there should be the files typically associated with a virus definition set.

Important Notes:

  1. For the 32-bit Intelligent Updater files for clients, the file names end with "i32.exe" and the 64-bit client file names end with "i64.exe".
  2. The Intelligent Updater file names for SAV clients end with "i32.exe" or "i64.exe".
  3. The Intelligent Updater file names for SEP clients end with "v5i32.exe" or "v5i64.exe".
  4. The Intelligent Updater file name that ends in "x86.exe" is only for certain products and should only be used with those products.
  5. The SEPM updater file has a ".JDB" extension.
  6. The SAV Parent updater file has a ".XDB" extension and only updates 32-bit virus definitions; SAV parent servers do not serve 64-bit definitions. 64-bit systems cannot be SAV parent servers.
  7.  

Thanks & Regards

Sandeep C Sali

Mithun Sanghavi's picture

Hi Sandip,

Thats a Correct and Accurate answer with right choices.

How to update virus definitions and other content with Symantec Endpoint Protection 11 and Symantec Network Access Control 11

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

mrezap2000@yahoo.com's picture

i test Use jdb and folde create then remove but version update not change not in server and not in client

i install USe LUA but which of update i download  and how send it in local lan

P_K_'s picture

Select Symantec Endpoint Protection 11.0  in LUA

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

Rafeeq's picture

jdb will work, you may need to clear the old definitions before u put the new jdb file

you need to paste the jdb inside incoming folder

wait for few mins, it will be updated, u can check that under admin=servers=local site

show liveupdate downloads

https://www-secure.symantec.com/connect/articles/how-clear-corrupt-virus-definitions-sepm

P_K_'s picture

But , jdb would only update Av and AVs ,if the user wnats to Update all the defs, including PTP and NTP the better choice is to go for LUA.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

Rafeeq's picture

yes prachand is right, if u have all the component installed then use luadmin

if u have only av/as then use jdb...

Mithun Sanghavi's picture

Hello Correct,

 

Please Install LUA on a specific computer with Internet connection, so that all the components could be updated with their latest definitions.

.JDB will update only AV/AS def's.

 

As an administrator, Installing LUA on a specific computer with Internet connection is the correct decision.

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.