Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP - how do I install defintions for a given date

Created: 17 Dec 2013 | 9 comments

I am developing a process in which a vendor I am working with will give me the date of the virus defintions I need to use in SEP.

for example: I need to install the SEP defintions from this date:

2013-11-18 rev.2 

I have my Liveupdate server configured to download content to a network folder. My thinking is, I am going to copy the files I need out of the Liveupdate directory and copy them to a directory where the SEP Manager will see them. What files do I need from that download

to utilize the defintions from that day?

Is it only files with this in the filename?   131118002

this format breaks down:

13 year

11 month

18 day

002 revision

any help would be appreciated.

Operating Systems:

Comments 9 CommentsJump to latest comment

.Brian's picture

You can roll back to a certain date, see here:

How to Backdate Virus Definitions in Symantec Endpoint Protection Manager

Article:TECH102935  |  Created: 2007-01-15  |  Updated: 2010-01-13  |  Article URL http://www.symantec.com/docs/TECH102935

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Phil Sattele's picture

that helps thanks. Can I have it done automatically, without having to log into SEPM?

My approved defintions are going to change once a month. I don't want to have to manually update them.

.Brian's picture

I'm not aware of any method to do this automatically from the SEPM.

LUA may be able to do this since it should also have the same revision. Unfortunately. I'm not very well versed in LUA so i don't quite know if it's possible to keep defs at one date only in LUA.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

try this document

Symantec Endpoint Protection 12.1: How to roll back the BASH definitions to a known good version

Phil Sattele's picture

I'm not looking to manually roll back defintions. I'm looking for an automated process that will selectively

grab defintions for a particular date and version.

This month it's:

012114_17

meaning January 21, 2014 version 17

.Brian's picture

I believe defs are overwritten but you can check

ftp.symantec.com to see if they keep older revisions

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

Do you need more assistance with your problem or were you able to get it resolved?

If you could post an update for followers of this thread that would be most helpful.

Thanks and take care,
Brian

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Phil Sattele's picture

It appears there is not a way to automate updating the version of the SEP defintions to a specific version. We are doing it manually.

SMLatCST's picture

I know I'm a bit late to the party, but thought I'd add my 2 pence worth smiley

The easiest way I can think of to accompish this, involves utilising the Definition testing element of the LUA:

Just set the Download Schedule that's grabbing the SEPM's defs to "Must Test" as a Test Status.  Combine this with a Distribution Schedule to regularly push the same defs to a Production Distribution Centre and you're away.  Doing it this way means that no matter how many times the Distribution Schedule runs, unapproved defs will not be deployed (and therefore your SEPM will not be able to see them to grab them).

Then, when you have a set of defs ready to use, just log into the LUA and approve the relevant defs under "Manage Updates".  Once approved, the next schdeuled run of the Distribution Schedule will push the approved content to the Production Distribution Centre, where the SEPM's next schdeuled LiveUpdate attempt will see and download the content.

You just need to make sure that your LUA is configured to retain a sufficient backlog of defs for your purposes.