Hello,
I recommend the .jdb over the Intelligent Updater, myself. Yes, TPM (Third Party Management) needs to be enabled first.
But with SEP 12.1 RU3 and above, it is now possible to drop on a .jdb for AV and also for SONAR ("Behavior-Based Protection") and IPS ("Network-Based Protection") definitions too. AV alone is not enough here in 2013.
Check these Articles:
How to update definitions for Symantec Endpoint Protection Manager (SEPM) using a .jdb file
http://www.symantec.com/docs/TECH102607
How to manually update definitions for a managed Symantec Endpoint Protection Client using the .jdb file
http://www.symantec.com/docs/TECH104363
Is there a file that will update non-AntiVirus content on a Symantec Endpoint Protection Manager or Symantec Endpoint Protection client?
http://www.symantec.com/docs/TECH190343
Also check the below downloads which may be of some interest to you:
Script That Downloads .JDB Automatically
Script to download Definitions from SEPM
Hope that helps!!