Endpoint Protection

According to this document, http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007100820002048, to get rapid release definitions into SEPM I have to download a jdb file from the ftp site and drop it in the data\inbox\content\incoming folder on the SEPM machine.

The latest jdb file name changes.  Is there a way to automatically figure out or download whatever the latest definition file is?

Thanks.

There is no way to set the SEP  manager to  automatically download the Rapid Release definitions.

I beleive this is due to the fact that rapid release-quality virus definitions do pose some risks such as the higher potential for false positives.

make the manager to get the latest defs; once in every 4 hours; will get the latest.
You can use this doc to get the rapid release

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002091816510548

Since the name changes all the time it makes it difficult to create an application that will do it. It may be possible if you are skilled but i dont see any easy way to do it.

Here is the way it was done in the previous SAV product, it may be possible to rewrite this to work for the JDB. If you can get it to work please reply with the code!!!!

@set COPY_XDB_TO="c:\Program Files\SAV\"

@set RAPIDRELEASE=0

@set XDBTEMP=%temp%

 

@rem ==============================================================================================

@rem Set RAPIDRELEASE=1 to download repidrelease definitions, RAPIDRELEASE=0 for fully QA'd definitions (standard).

@rem Change COPY_XDB_TO= to point to the SAV CE server directory (or where you want the XDB file copied)

@rem   you can also run the script directly from the SAV folder and it will copy the definitions there.

@rem XDBTEMP is the temp folder the script will use while downloading definitions, set to %temp% to use system default

@rem ==============================================================================================

@rem  Script for downloading virus definition updates for

@rem  Symantec Antivirus Corporate Edition version 8.x and 9.x

@rem  This unsupported utility is provided for your convenience only.

@rem  Symantec Technical Support cannot provide support for the creation,

@rem  use, or troubleshooting of Windows scripts.

 

@rem ==============================================================================================

@echo off

 

 

rem   ========= check that OS is win2k or better ============

if not "%OS%" == "Windows_NT" goto BADOS

if "%APPDATA%" == "" goto BADOS

 

rem   ========= make sure to be in script directory ============

if exist rtvscan.exe set COPY_XDB_TO=%CD%

for %%i in (%0) do @%%~di

for %%i in (%0) do @cd %%~pi

if exist rtvscan.exe set COPY_XDB_TO=%CD%

 

rem   =========== get name/size of last file from "xdbdown.lastfile" ============

if not exist xdbdown.lastfile goto NOLAST

for /f "tokens=1" %%f in (xdbdown.lastfile) do set lastfile=%%f

for /f "tokens=2" %%f in (xdbdown.lastfile) do set lastsize=%%f

:NOLAST

 

rem   ========= jump to temp dir ============

if not exist "%XDBTEMP%\xdbtmp" md "%XDBTEMP%\xdbtmp"

if exist "%XDBTEMP%\xdbtmp\*.xdb" del "%XDBTEMP%\xdbtmp\*.xdb"

pushd "%XDBTEMP%\xdbtmp"

 

rem   =========== make ftp script for checking xdb directory on ftp ===========

echo open ftp.symantec.com> check.txt

echo anonymous>> check.txt

echo email@address.com>> check.txt

set xdbfolder=xdb

if "%RAPIDRELEASE%" == "1" set xdbfolder=rapidrelease

echo cd AVDEFS/norton_antivirus/%xdbfolder%>> check.txt

echo dir *.xdb chk.lst>> check.txt

echo bye>> check.txt

 

rem   =========== get filename and size from ftp ============

if exist chk.lst del chk.lst

ftp -s:check.txt

if not exist chk.lst goto ERROR

for /f "tokens=9" %%f in (chk.lst) do set xdbfile=%%f

for /f "tokens=5" %%f in (chk.lst) do set xdbsize=%%f

if "%xdbfile%" == "" goto ERROR

if "%xdbsize%" == "" goto ERROR

 

rem   =========== compare ftp name/size to local ============

if not "%xdbfile%" == "%lastfile%" goto DOWNLOAD

if not "%xdbsize%" == "%lastsize%" goto DOWNLOAD

popd

echo.

echo Already downloaded latest %xdbfolder% file: %xdbfile% - size %xdbsize%

echo %date% %time%  Already downloaded latest %xdbfolder% file: %xdbfile% - size %xdbsize% >> XDBdown.log

goto END

 

:DOWNLOAD

rem   ========= make ftp script for downloading new xdb file =========

echo open ftp.symantec.com> down.txt

echo anonymous>> down.txt

echo email@address.com>> down.txt

echo cd AVDEFS/norton_antivirus/%xdbfolder%>> down.txt

echo bin>> down.txt

echo hash>> down.txt

echo get %xdbfile%>> down.txt

echo bye>> down.txt

 

rem   ============= download new file =================

ftp -s:down.txt

for %%i in (%xdbfile%) do @set newsize=%%~zi

if not "%newsize%" == "%xdbsize%" goto ERROR

move %xdbfile% %COPY_XDB_TO%

if exist %xdbfile% goto ERRORMOVE

popd

echo.

echo %xdbfile% %xdbsize% > xdbdown.lastfile

echo Downloaded new %xdbfolder% file: %xdbfile% - size %xdbsize%

echo %date% %time%  Downloaded new %xdbfolder% file: %xdbfile% - size %xdbsize% >> XDBdown.log

goto END

 

 

:ERROR

popd

echo.

echo ERROR: problem downloading %xdbfolder% definition file. xdbfile=%xdbfile% xdbsize=%xdbsize% newsize=%newsize% (lastfile=%lastfile% lastsize=%lastsize%).

echo %date% %time%  ERROR: problem downloading %xdbfolder% definition file. xdbfile=%xdbfile% xdbsize=%xdbsize% newsize=%newsize% (lastfile=%lastfile% lastsize=%lastsize%). >> XDBdown.log

type "%XDBTEMP%\xdbtmp\chk.lst" >> XDBdown.log

echo.  >> XDBdown.log

goto END

 

:ERRORMOVE

popd

echo.

echo ERROR: problem moving definition file to SAV folder. COPY_XDB_TO=%COPY_XDB_TO%  newsize=%newsize% (lastfile=%lastfile% lastsize=%lastsize%).

echo %date% %time%  ERROR: problem moving definition file to SAV folder. COPY_XDB_TO=%COPY_XDB_TO%  newsize=%newsize% (lastfile=%lastfile% lastsize=%lastsize%). >> XDBdown.log

goto END

 

:BADOS

echo.

echo ERROR: this script needs Windows 2000 or better.

echo %date% %time%  ERROR: this script needs Windows 2000 or better. >> XDBdown.log

goto END

 

:END

if exist "%XDBTEMP%\xdbtmp\check.txt" del "%XDBTEMP%\xdbtmp\check.txt"

if exist "%XDBTEMP%\xdbtmp\down.txt" del "%XDBTEMP%\xdbtmp\down.txt"

if exist "%XDBTEMP%\xdbtmp\chk.lst" del "%XDBTEMP%\xdbtmp\chk.lst"

rd "%XDBTEMP%\xdbtmp"

set COPY_XDB_TO=

set RAPIDRELEASE=

set lastsize=

set lastfile=

set newsize=

set xdbsize=

set xdbfile=

set xdbfolder=

set xdbtemp=

Note: Symantec does  not recommends this

Use the .JDB Daily Certified definitions or the .JDB Rapid Release definitions to update Symantec Endpoint Protection Manager content.
Please note that the consistent use of the Rapid Release definitions is not encouraged by Symantec and the use of the rapid release definitions is intended to be used on a case by case basis to mitigate a possible virus outbreak. Under normal conditions, Symantec strongly encourages customers to use the Daily Certified definitions for routine use


http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007100820002048

Ah ha i found the script

Copy and paste the below lines, paste in notepad and NO wordwrap, save as jdbdown.cmd

 

@Set COPY_jdb_TO="C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming"

@set RAPIDRELEASE=1

@set jdbTEMP=%temp%

 

@rem ==============================================================================================

@rem Set RAPIDRELEASE=1 to download repidrelease definitions, RAPIDRELEASE=0 for fully QA'd definitions (standard).

@rem Change COPY_jdb_TO= to point to the SEP server directory (or where you want the jdb file copied)

@rem you can also run the script directly from the SEP incoming folder and it will copy the definitions there.

@rem jdbTEMP is the temp folder the script will use while downloading definitions, set to %temp% to use system default

@rem ==============================================================================================

@rem Script for downloading virus and spyware definition updates for

@rem Symantec Endpoint Protection version 11.xx

@rem ==============================================================================================

@echo off

 

rem ========= check that OS is win2k or better ============

if not "%OS%" == "Windows_NT" goto BADOS

if "%APPDATA%" == "" goto BADOS

 

rem ========= make sure to be in script directory ============

if exist rtvscan.exe set COPY_jdb_TO=%CD%

for %%i in (%0) do @%%~di

for %%i in (%0) do @cd %%~pi

if exist rtvscan.exe set COPY_jdb_TO=%CD%

 

rem =========== get name/size of last file from "jdbdown.lastfile" ============

if not exist jdbdown.lastfile goto NOLAST

for /f "tokens=1" %%f in (jdbdown.lastfile) do set lastfile=%%f

for /f "tokens=2" %%f in (jdbdown.lastfile) do set lastsize=%%f

:NOLAST

 

rem ========= jump to temp dir ============

if not exist "%jdbTEMP%\jdbtmp" md "%jdbTEMP%\jdbtmp"

if exist "%jdbTEMP%\jdbtmp\*.jdb" del "%jdbTEMP%\jdbtmp\*.jdb"

pushd "%jdbTEMP%\jdbtmp"

 

rem =========== make ftp script for checking jdb directory on ftp ===========

echo open ftp.symantec.com> check.txt

echo anonymous>> check.txt

echo email@address.com>> check.txt

set jdbfolder=jdb

if "%RAPIDRELEASE%" == "1" set jdbfolder=rapidrelease

echo cd /public/english_us_canada/antivirus_definitions/symantec_antivirus_corp/%jdbfolder%>> check.txt

echo dir *.jdb chk.lst>> check.txt

echo bye>> check.txt

 

rem =========== get filename and size from ftp ============

if exist chk.lst del chk.lst

ftp -s:check.txt

if not exist chk.lst goto ERROR

for /f "tokens=9" %%f in (chk.lst) do set jdbfile=%%f

for /f "tokens=5" %%f in (chk.lst) do set jdbsize=%%f

if "%jdbfile%" == "" goto ERROR

if "%jdbsize%" == "" goto ERROR

 

rem =========== compare ftp name/size to local ============

if not "%jdbfile%" == "%lastfile%" goto DOWNLOAD

if not "%jdbsize%" == "%lastsize%" goto DOWNLOAD

popd

echo.

echo Already downloaded latest %jdbfolder% file: %jdbfile% - size %jdbsize%

echo %date% %time% Already downloaded latest %jdbfolder% file: %jdbfile% - size %jdbsize% >> jdbdown.log

goto END

 

:DOWNLOAD

rem ========= make ftp script for downloading new jdb file =========

echo open ftp.symantec.com> down.txt

echo anonymous>> down.txt

echo email@address.com>> down.txt

echo cd public/english_us_canada/antivirus_definitions/norton_antivirus/%jdbfolder%>> down.txt

echo bin>> down.txt

echo hash>> down.txt

echo get %jdbfile%>> down.txt

echo bye>> down.txt

 

rem ============= download new file =================

ftp -s:down.txt

for %%i in (%jdbfile%) do @set newsize=%%~zi

if not "%newsize%" == "%jdbsize%" goto ERROR

move %jdbfile% %COPY_jdb_TO%

if exist %jdbfile% goto ERRORMOVE

popd

echo.

echo %jdbfile% %jdbsize% > jdbdown.lastfile

echo Downloaded new %jdbfolder% file: %jdbfile% - size %jdbsize%

echo %date% %time% Downloaded new %jdbfolder% file: %jdbfile% - size %jdbsize% >> jdbdown.log

goto END

 

:ERROR

popd

echo.

echo ERROR: problem downloading %jdbfolder% definition file. jdbfile=%jdbfile% jdbsize=%jdbsize% newsize=%newsize% (lastfile=%lastfile% lastsize=%lastsize%).

echo %date% %time% ERROR: problem downloading %jdbfolder% definition file. jdbfile=%jdbfile% jdbsize=%jdbsize% newsize=%newsize% (lastfile=%lastfile% lastsize=%lastsize%). >> jdbdown.log

type "%jdbTEMP%\jdbtmp\chk.lst" >> jdbdown.log

echo. >> jdbdown.log

goto END

 

:ERRORMOVE

popd

echo.

echo ERROR: problem moving definition file to SAV folder. COPY_jdb_TO=%COPY_jdb_TO% newsize=%newsize% (lastfile=%lastfile% lastsize=%lastsize%).

echo %date% %time% ERROR: problem moving definition file to SAV folder. COPY_jdb_TO=%COPY_jdb_TO% newsize=%newsize% (lastfile=%lastfile% lastsize=%lastsize%). >> jdbdown.log

goto END

 

:BADOS

echo.

echo ERROR: this script needs Windows 2000 or better.

echo %date% %time% ERROR: this script needs Windows 2000 or better. >> jdbdown.log

goto END

 

:END

if exist "%jdbTEMP%\jdbtmp\check.txt" del "%jdbTEMP%\jdbtmp\check.txt"

if exist "%jdbTEMP%\jdbtmp\down.txt" del "%jdbTEMP%\jdbtmp\down.txt"

if exist "%jdbTEMP%\jdbtmp\chk.lst" del "%jdbTEMP%\jdbtmp\chk.lst"

rd "%jdbTEMP%\jdbtmp"

set COPY_jdb_TO=

set RAPIDRELEASE=

set lastsize=

set lastfile=

set newsize=

set jdbsize=

set jdbfile=

set jdbfolder=

set jdbtemp=

 

 

To use the JDBdown.cmd script to update a Symantec AntiVirus server installation

Save the script to a folder on the hard drive.

Open the script in a text editor such as Notepad.exe.

Change the @set COPY_jdb_TO line to point to the correct folder for your installation of Symantec Endpoint Protection Manager. For example:

 

@set COPY_jdb_TO="C:\ \Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming"

 

Set the line @set RAPIDRELEASE=0 to =1 if you want to use Rapid Release definitions. These are released hourly, but are not passed by a full quality analysis process. Do not use Rapid Release definitions unless there is a critical need for the newest definitions.

 

If you want the script to run unattended, use the Windows Task Scheduler to schedule it.

I agree with Rafeeq on this. Rapid Release updates are there to quickly resolve new threats and is used only in situations when there is an outbreak and you need a fix real quick.
But these updates are not fully tested which means that there is a possibility of it doing more harm than good.
You should call support for this so you'll have a case number so you'll have someone to get back to if things should go wrong.

I understand what the others are stating regarding the definitions not being fully tested, which is the difference compared to certified definitions. With that being said, with every use of Rapid release definitions in my past 4 years I have never seen something get deleted or quarantined that was not an infection.

Thanks  iofractal!  That worked great.