Endpoint Protection

Hi,

I support and design a secure system that does not have an Internet connection and therefore Live Update will not work, I have found out how to manually download the Virus Definition and get it into SEP but cannot find a way to get the Intrusion Prevention Signature Definition let alone how to get it into SEP.

So far I am only doing this in a trial version as this is an eval before we decide to use this product on customer sites and getting a big red X on the home page is unacceptable, I suppose I could turn it off somehow but would prefer to just manually supply a file to it.

Does anyone know a way to get this file without having a machine somewhere else running Live Update?

Thanks,
Paul.

as i assume the client machine is unamanaged...

configue  the macine accessing the internet as a SEPm and let this computer be managed client which will only download definition from SEPM.

Cheers
Pete!

Actually this is a fully managed install of 10 odd servers and 50 odd clients.

However none have Internet connection, going to a web page and downloading an update is easy but installing software on a machine just to get updates is a little more difficault.

FYI, we are talking police level security here.

Thanks,
Paul.

ok you mean to say that the clients are managed, and even the SEPM is not allowed to connect internet!!!

As far my knowledge goes only only virus definition can be downloaded, other signatures 9 NTP and PTP) cannot be downloaded ( as we download jdb).

Cheers
Pete!

Could you run Liveupdate administrator on a dual homed system with one NIC on the network that does not have Internet access?

Cheers,
Thomas

PTP and NTP (Intrution prevention) signatures cannot be downloaded as of now.
You can update virus definitons using JDB.
So the only option for you is to have LUA some on the internet and SEPM will retreive the defs from LUA and distribute it to the clients.NTP definitions are not released daily its weeklyor sometimes even more than that.So once you have IP update you can connect your sepm to LUA

SO have your sepm replicate to any other sepm which is on internet.

I have the same issue - except my systems are not managed anyway, but none can connect to the Internet.

If I were to standup a server with the management software installed, and then downloaded the updates, would I be able to then export them and cut them to a CD and update my systems that way?

Does anyone know if Symantec has anything in the works to rectify this situation?  Considering all of the government and businesses who operate on closed networks, I think this is a very poorly thought-out arrangement.  It seems to me that there must be a way to get the updates without connecting the systems.

 Keep in mind that is is only NTP (Network Threat Protection) and PTP (Proactive Threat Protection) that can't be downloaded and distributed manually. For your anti-virus definitions you can download the jdb and give that to the clients to update them without an Internet connection. As for if Symantec is working on letting you update NTP and PTP in the same way, I can't say. I am just not sure if this is in the works right now. I will be checking in on this though. Realistically though if you are on a completely closed network then NTP and PTP are somewhat overkill. Theoretically though I guess if one machine is on the network got infected somehow (maybe USB drive) it could bounce around the network and it would be useful to have NTP and PTP then. But I would think this is rare on a closed system as long as you have good practices set in place for all of your users. I think we should suggest NTP and PTP being able to download manually in our new Ideas section of this website. If someone suggest it I will definitely vote yes for it.

Thanks
Grant

Have  you  tried to download from FTP server of symantec, i.e ftp://ftp.symantec.com/AVDEFS/symantec_antivirus_corp      from there you can select the appropriate definition like 20090529-045-V5i32.exe or 20090529-045-V5i64.exe

Hi Paul,

It real depends how efficiently you use IPS solution with in your network.

In your network you can deploy the Symantec End Point with only Antivirus and Antispyware solution.

Just create the client installation package for antivirus and antispyware.

I haven't tried that.  I don't suppose you know which files are which?  Are the V5i32.exe the files to update the Proactive Threat and Network Threat Protections?

Thank you.

Honestly, we use different host-based IPS and firewall on our systems, but here is the thing....  If we have software installed, it needs to be up-to-date, and if we have a big red "X" in the AV application, people get very nervous.  It really doesn't matter if we need it or not.  Does that make sense?  I may just turn them both off (Proactive and Network Threat Protection), but I am still testing it to see if they can offer anything above and beyond what we currently have, and what conflicts, if any, we can expect from keeping them turned on.

From my initial look though, I would want the Proactive Threat Protection (PTP) before the Network Threat Protection I think, even though we are on a closed network, users will always be the weakest link, and if they bring in infected media, then we have an issue.  I'm not saying it is common, but if there is even a chance, we have to address the possibility.  Also, some users have the ability to install software - and have to have that for their jobs.  It is always possible that software could be infected.

No it makes total sense that you don't want anything to be out of date, and your right the big red x does indeed make people nervous. I really do hope  we are able to manually distribute the definitions in the future. I was just trying to ease your mind since you are on a closed network and NTP and PTP would not be as necessary in that environment (especially if you are teaching users good policies to follow). As you mentioned users will be your biggest problem, but you also make a good point about how there is nothing you can really do to protect against the possibility of infected software being introduced to your network. Hope everything works out, and I hope to see PTP and NTP definitions being able to be manually downloaded in the future.

Grant