Hi.

How to update definitions for Symantec Endpoint Protection Manager (SEPM) using a .jdb file

http://www.symantec.com/business/support/index?page=content&id=TECH102607

How to manually update definitions for a managed Symantec Endpoint Protection Client using the .jdb file

http://www.symantec.com/business/support/index?pag

since your manager is 32 bit you need to download the 32 bit JDB definitions file

once you dowanlod and paste it in outbox, once its processed all your 32 and 64 bit servers / desktops wil be updated. You can see the extraction status of jdb in the liveupdate tab

To download the .jdb certified definitions:

1. In a browser, go to the "Symantec Endpoint Protection / Symantec Antivirus Corporate Edition" website at the following URL: http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce
2. There are multiple headings/product categories presented. Be aware that there is only one .jdb in the list that will need to be downloaded. This is sufficient in updating both 32 and 64 bit definitions on the SEPM.

Rafeeq, I was under the impression that this meant .jdb file was both the only one available. If this is not the case please inform me. Also, I did the manual install on the SEPM server. update went fine and the "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{535CB6A4-441F-4e8a-AB97-804CD859100E}" folder had my date. I copied the .jdb file into the outbox but nothing happens. No clients nor the other server is updated. I made sure the clients all had the "%ALLUSERSPROFILES%\Symantec\Symantec Endpoint Protection\Current Version\Inbox" folder.

Yes, It's update both of 32 bit and 64 bit.

So just put into the outbox folder ?

To download the .jdb Rapid Release definitions:

1. In a browser, go to the "Rapid Release Virus Definitions" website at the following URL: http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr
2. Download the available .jdb file and save the file to the Windows desktop.

To use the .jdb file to update definitions for SEPM:

1. After downloading, you may need to rename the file extension from ".zip" to ".jdb". (Most browsers detect the file type and automatically change the extension. This must be changed back to .jdb for use in the SEPM.)
2. Copy the .jdb file to "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming" for 32 bit operating systems and to "C:\Program Files(x86)\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming" for 64 bit operating systems. The location listed in this line is the default installation location and is presented as an example only.
3. The .jdb file will be processed, usually within one minute. As the .jdb file is processed, all files and subfolders are removed from the "Incoming" folder.

Verify that the SEPM content is updated:

1. To verify that the SEPM content has been updated, look in the following folders 
2. For SEP 11.0 - Check the following locations:
   32 bit definitions: "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}"
   64 bit definitions: "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{1CD85198-26C6-4bac-8C72-5D34B025DE35}" 
3. For SEP 12.1 - Check for the following locations:
   32 bit Definitions : "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{535CB6A4-441F-4e8a-AB97-804CD859100E}"
   64 bit Definitions : "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{07B590B3-9282-482f-BBAA-6D515D3855E2}" 
4. Typically, there will be three or more numbered folders present. The folder naming convention is "yymmddxxx". For example "100602034". This is the date and build (revision) number of the definition set installed. Please note that the definition set installed may have been published the previous day and a set for the current day may not yet be available.
5. Looking inside the folder that matches the set downloaded and installed, there should be a folder named "Full" and a zip file named "Full.zip".
6. Looking inside the "Full" folder, there should be the files typically associated with a virus definition set

Reference

http://www.symantec.com/business/support/index?page=content&id=TECH102607

While using the .jdb option is defnititely easier, it only updates the Virus definitions.  I'd personally recommend taking a look at the below articles which uses the LUA and is able  to update all of SEP's content definitions (including Virud Defs, IPS, SONAR, etc):

http://www.symantec.com/docs/HOWTO44060

http://www.symantec.com/docs/TECH106254

Okay, I just left the .jdb file in the outbox folder. we have the LiveUpdate policy enabled but it is setup to only update weekly. I need to change this as that is probably the reason it is not updating right away correct? Also, I need to check the box for enable the client to download the update from the LiveUpdate server option (sorry I forgot exactly what it says).

AMLatC ST, is LUA even an option since there is no internet?

*EDIT* - AMLatC ST, that is a VERY nice way of doing it and I may have to implement that. Thank you!

Thank you all for the help so far.

if the manager has internet connection, it should get the updates from symantec live update server.

JDB is used to manually update the definitons.

as long as you dont have internet, LU admin will not work, 

So after testing, using the .jdb file to update the SEPM worked without a hitch. CHECK

Updating the clients manually with the .jdb individually works without a hitch. CHECK

However, placing the .jdb file into the "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\" folder so it shows  "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\ad3b0a15.jdb" does not update the clients or the other server at all. I left the file in the folder for approximately 3 hours so far. Changed the LiveUpdate to use local server and set the path to the server with SEPM installed "double \ domain \ server." Changed the scheduled weekly updated to daily and set the time for different times and non worked.

 it will update the client if you place jdb in 

C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\??

I never heard of this :) 

is there a link where it states the above?

manager will be updated after placing the file in content\incoming folder

cleints will take from manager,

I never heard of this Outbox folder.. 

You: yes just paste it there, it will update it automatically :) 

Apparently I got confused. I got it to work however after a lot of trial and error. I was dumb and had the use default management server unclicked. Checked that box and all is well.