Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Proactive Threat Protection

Created: 03 Dec 2012 | 5 comments

Hi,

How does proactive threat protection gets updated in 11.X?

If it didnt get automatically update how to update manually?

What are the basic troubleshooting steps to check why proactive threat protection are not getting update?

What is the main work of proactive threat protection?

Comments 5 CommentsJump to latest comment

W007's picture

HI,

Do you have update SEPM virus defination manually or automatic ?

When you will be Virus defination Manually update PTP and NTP defination not updating .

you can check this site for the latest definition for SEP modules,

http://www.symantec.com/security_response/definitions.jsp

It's known as "Behavior-Based Protection" on that page,

What is the main work of proactive threat protection

http://www.symantec.com/business/support/index?page=content&id=TECH102733

https://www-secure.symantec.com/connect/articles/truscan-overview

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

AravindKM's picture

 Proactive threat protection can receive updates from Internet/Internal Liveupdate server/SEPM/GUP.

You cannot update it manually.

About Proactive Threat Protection:
Proactive threat scanning provides an additional level of protection to a computer that complements existing AntiVirus, AntiSpyware, Intrusion Prevention, and Firewall protection technologies. AntiVirus and AntiSpyware scans rely mostly on signatures to detect known threats. Proactive threat scans use heuristics to detect unknown threats. The Heuristic process scan analyzes the behavior of an application or a process. The scan determines if the process exhibits the characteristics of a threat, such as Trojan horses, worms, or key loggers. The processes typically exhibit a type of behavior that a threat can exploit, such as opening a port on a user's computer. This type of protection is sometimes referred to as protection from "Zero-day attacks":
 

  • "Zero-day attack vulnerabilities" are new vulnerabilities that are not yet publicly known. Threats exploiting these vulnerabilities can evade signature based detection such as AntiSpyware and AntiSpyware definitions.
  • "Zero-day" attacks may be used in targeted attacks and in the propagation of malicious code.

Proactive Threat Protection also includes Application and Device Control Policies. Application and Device control is implemented on client computers using policies. An Application and Device Control Policy offers two types of control or protection over client computers:
 

  • Application control
  • Device control.

Is it showing us "waiting for updates" or the defs date is not new as yesterdays date? Symantec will not release updates for PTP daily.

Have a look at below URL to find the latest available update.

http://www.symantec.com/security_response/definitions.jsp

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

priyaa's picture

Hi Manish,

Virus defintion are auto updated. it gets update from SEPM SERVER.

Regards,

Priyaagopal

A new bud in symantec.

W007's picture

Hi Priyaa,

Do you have received your answer ?

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

pete_4u2002's picture

if the SEPM downloads the definition then the same content can be passed on to client.

are you having issue of clients ot updating PTP?

note the 64 bit version OS running SEP 11 client will show it as off.