Endpoint Protection

I tried updating symantec endpoint by using manual update.But i can see that only virus and spyware protection is updated. The PTP and NTP update date is May 14,2011.Only virus and spyware protection gets updated.The system environment is such that i cannot use internet connection.So i don't want to do live update.So how can i update the PTP and NTP using the manual updates.

 

HI,

If you are manually update (JDB Or exe) virus defination it's updated only virus and spyware protection.NTP and PTP defination not update you can try update directly internet.

You can try to run luall.exe and update direct symantec liveupdate site

manually you cannot update the PTP or NTP. you need to use LU to be run on client for these component to be updated.

You cannot do it manually. Only AV content can be done manually.

If your clients are on an isolated network, then please review the below article on how to get the other component defitniions updated:

http://www.symantec.com/docs/HOWTO44060

Ok. So i can't do manual update of PTP and NTP.Does these two play important role in protection of my PC.can i leave it with old definition only and update only the virus and spyware protection?

Yes, they provide two additional layers of security.

Is this an unmanaged or managed client?

These should be updating else there is something wrong with the client.

The PTP and NTP components are important for keeping your SEP Clients protected, and are highly recommended for most customers.

While just updating the VirusDefs is an option, it is not recommended.  The PTP and NTP defitnitions help the SEP client defend against 0-day attacks, whereas the VirusDefs only cover threats that have been seen elsewhere and had definitions created for them.

hi.. Brian

I am using unmanaged client. If i connect to internet then i can update PTP and NTP. But i want to update it without using internet or without live update.

Hi Winmansoftware,

Without Internet you can't be update PTP and NTP definations.

Another option is to use the Third Party Distribution method as detailed in the below articles.  These describe how to update all definition types on SEP clients, and does not require the clients to have a local network connection, let alone an Internet connection (i.e. you can copy the defs into a folder using a USB stick and the client will process them):

For 12.1:
http://www.symantec.com/docs/HOWTO80913

For 11:
http://www.symantec.com/docs/TECH102542

How to configure unmanaged clients to use the Thrid Party Content Distribution method:
http://www.symantec.com/docs/HOWTO55199

As you can tell from the articles, this method requires a SEPM (even one with no clients talking to it), and is more complicated method than the use of internal&external LUA servers as described in my earlier post.

I'd personally still recommend using the LUA option, but don't know enough about your environment to say if this Third Party Distribution option is more appropriate.

While this is true in a general sense that something has to connect to the internet to grab the defs, it does not necessarily have to be the SEP Clients.

As per my posts, you can grab all the required defs using the SEPM or a LUA Server, and put them on SEP Clients that are either on an isolated network with no Internet connectivity, or clients with no network access at all.