Hello,

Is there a way to add updates from the most recent VIRSCAN.zip to a silent install of SEP 12.1.5? We deploy our Windows 7 image in the field from MDT and would like to have the mose current definition file "slipstreamed" into the inital install. We currently add the update as a second applcation in MDT, after the main install. We download the update from http://www.symantec.com/security_response/definitions.jsp

Any quesitons let me know.

Thanks.

I don't see a content folder in the install folder. I tried putting it at the same level as setup.exe and the other .zip files. The updates were not installed.

Yes you can acheive this but its a lit tricky and time comsuming job. everytime before you deploy new image via MDT, you have export a new MSI package from SEPM with full contect. now copy the virusscan.zip file into the existing image deployment.

the other possible way that I can come up with is, you can download the latest inteligent updater from here and set it to run as the third application after the sep installation from the MDT image if its possible. let me know of any questions.

Edit: the file name would be VDefs.zip

Hi,

There isn't any supported way to slipstream newer virus definitions into the Endpoint Protection for Windows package because SEPMs running SEP 12.1 automatically include the latest definitions when creating a client package.

You can do it for MAC clients only & supported only up to version 12.1 RU4 & Newer versions of SEP for MAC installer will not support slipstreamed definitions & will need updating immediately after installation, from Symantec LiveUpdate or an internal LiveUpdate Administrator server

Check this article: How to copy virus definitions from an up-to-date SEP 12.1 for Macintosh client

http://www.symantec.com/docs/TECH217229

To summarize either you will have update image regularly or continue with your existing plan, add the update as a second application in MDT, after the main install.

Create a install package with No defs. 

How to export Symantec Endpoint Protection (SEP) client install packages without any definitions or package with Basic Content.

https://support.symantec.com/en_US/article.TECH178698.html

use  powershell script to download Intelligent updater from internet once the install is complete.

this scirpt is for JDB , you can replace that with Intelligent updater and supress the write out, if you like to.

https://www-secure.symantec.com/connect/downloads/script-downloads-jdb-automatically

Yup, and it's easy enough to do.  It requires that you deploy SEP using the full unzipped package though (i.e. do not tick the "single .exe" option).

In the exported folder, you'll find the vdefs.zip file.  All you have to do is replace this with the full.zip file from your SEPM (i.e. delete vdefs.zip, copy across full.zip into the package, and rename it as vdefs.zip).

You can grab the full.zip file from the below locations:

32bit Defs from:
X:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{535CB6A4-441F-4e8a-A897-804CD859100E}\<Latest Definitions Revision>\full.zip

64bit defs from:
X:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{07B590B3-9282-482f-BBAA-6D515D385869}\<Latest Definitions Revision>\full.zip

Once replaced, just install the package as normal and it'll run with the latest defs from the get go.