Video Screencast Help

[SOLVED] SEPM not pushing virus definitions to SEP clients

Created: 06 Dec 2012 • Updated: 06 Dec 2012 | 16 comments
This issue has been solved. See solution.

We are running SEPM 12.1 on Windows 2008 server (not R2) (32-bit),SEP 12.1 on Windows 2008 server (not R2) (32-bit) and SEP 12.1 on Windows 7 clients (64-bit). All of these are on CRN so no internet is possible. We have just gotten the server to see the clients by using the export communication settings method. We are wanting to load the definitions into SEPM and push for all the SEP clients. I have seperated the clients into groups for 32-bit and 64-bit. The issue is I have just been handed this project and cannot find a solution anywhere. I believe the folder I want to place the definitions into is "SEPM\data\outbox" ? Can someone point me in the right direction to get this working otherwise we have to go to each computer and use the intelliupdater disk we burn to update individually.  Thank you.

Comments 16 CommentsJump to latest comment

W007's picture

Hi.

How to update definitions for Symantec Endpoint Protection Manager (SEPM) using a .jdb file

http://www.symantec.com/business/support/index?page=content&id=TECH102607

How to manually update definitions for a managed Symantec Endpoint Protection Client using the .jdb file

http://www.symantec.com/business/support/index?pag

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Rafeeq's picture

since your manager is 32 bit you need to download the 32 bit JDB definitions file

once you dowanlod and paste it in outbox, once its processed all your 32 and 64 bit servers / desktops wil be updated. You can see the extraction status of jdb in the liveupdate tab

Douglas86's picture

To download the .jdb certified definitions:

  1. In a browser, go to the "Symantec Endpoint Protection / Symantec Antivirus Corporate Edition" website at the following URL: http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce
  2. There are multiple headings/product categories presented. Be aware that there is only one .jdb in the list that will need to be downloaded. This is sufficient in updating both 32 and 64 bit definitions on the SEPM.

Rafeeq, I was under the impression that this meant .jdb file was both the only one available. If this is not the case please inform me. Also, I did the manual install on the SEPM server. update went fine and the "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{535CB6A4-441F-4e8a-AB97-804CD859100E}" folder had my date. I copied the .jdb file into the outbox but nothing happens. No clients nor the other server is updated. I made sure the clients all had the "%ALLUSERSPROFILES%\Symantec\Symantec Endpoint Protection\Current Version\Inbox" folder.

W007's picture

Yes, It's update both of 32 bit and 64 bit.

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Rafeeq's picture

yes just paste it there, it will update it automatically :) 

W007's picture

To download the .jdb Rapid Release definitions:

  1. In a browser, go to the "Rapid Release Virus Definitions" website at the following URL: http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr
  2. Download the available .jdb file and save the file to the Windows desktop.

To use the .jdb file to update definitions for SEPM:

  1. After downloading, you may need to rename the file extension from ".zip" to ".jdb". (Most browsers detect the file type and automatically change the extension. This must be changed back to .jdb for use in the SEPM.)
  2. Copy the .jdb file to "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming" for 32 bit operating systems and to "C:\Program Files(x86)\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming" for 64 bit operating systems. The location listed in this line is the default installation location and is presented as an example only.
  3. The .jdb file will be processed, usually within one minute. As the .jdb file is processed, all files and subfolders are removed from the "Incoming" folder.

Verify that the SEPM content is updated:

  1. To verify that the SEPM content has been updated, look in the following folders 
  2. For SEP 11.0 - Check the following locations:
    32 bit definitions: "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}"
    64 bit definitions: "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{1CD85198-26C6-4bac-8C72-5D34B025DE35}" 
  3. For SEP 12.1 - Check for the following locations:
    32 bit Definitions : "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{535CB6A4-441F-4e8a-AB97-804CD859100E}"
    64 bit Definitions : "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{07B590B3-9282-482f-BBAA-6D515D3855E2}" 
  4. Typically, there will be three or more numbered folders present. The folder naming convention is "yymmddxxx". For example "100602034". This is the date and build (revision) number of the definition set installed. Please note that the definition set installed may have been published the previous day and a set for the current day may not yet be available.
  5. Looking inside the folder that matches the set downloaded and installed, there should be a folder named "Full" and a zip file named "Full.zip".
  6. Looking inside the "Full" folder, there should be the files typically associated with a virus definition set

Reference

http://www.symantec.com/business/support/index?page=content&id=TECH102607

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SMLatCST's picture

While using the .jdb option is defnititely easier, it only updates the Virus definitions.  I'd personally recommend taking a look at the below articles which uses the LUA and is able  to update all of SEP's content definitions (including Virud Defs, IPS, SONAR, etc):

http://www.symantec.com/docs/HOWTO44060

http://www.symantec.com/docs/TECH106254

Douglas86's picture

Okay, I just left the .jdb file in the outbox folder. we have the LiveUpdate policy enabled but it is setup to only update weekly. I need to change this as that is probably the reason it is not updating right away correct? Also, I need to check the box for enable the client to download the update from the LiveUpdate server option (sorry I forgot exactly what it says).

 

AMLatC ST, is LUA even an option since there is no internet?

*EDIT* - AMLatC ST, that is a VERY nice way of doing it and I may have to implement that. Thank you!

 

Thank you all for the help so far.

SMLatCST's picture

No problems.  Like I said, I'd definitely recommend this option over just using the JDB files, as it would be far more secure to utilise all of SEP's technologies if possible 

Rafeeq's picture

if the manager has internet connection, it should get the updates from symantec live update server.

JDB is used to manually update the definitons.

as long as you dont have internet, LU admin will not work, 

Douglas86's picture

So after testing, using the .jdb file to update the SEPM worked without a hitch. CHECK

Updating the clients manually with the .jdb individually works without a hitch. CHECK

However, placing the .jdb file into the "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\" folder so it shows  "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\ad3b0a15.jdb" does not update the clients or the other server at all. I left the file in the folder for approximately 3 hours so far. Changed the LiveUpdate to use local server and set the path to the server with SEPM installed "double \ domain \ server." Changed the scheduled weekly updated to daily and set the time for different times and non worked.

Rafeeq's picture

 it will update the client if you place jdb in 

C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\??

I never heard of this :) 

is there a link where it states the above?

manager will be updated after placing the file in content\incoming folder

cleints will take from manager,

I never heard of this Outbox folder.. 

Douglas86's picture

Me: So just put into the outbox folder ?

You: yes just paste it there, it will update it automatically :) 

Apparently I got confused. I got it to work however after a lot of trial and error. I was dumb and had the use default management server unclicked. Checked that box and all is well.

Rafeeq's picture

:) you just need to put the JDB inside

"C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming

Folder

=================================================

However, placing the .jdb file into the "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\" folder so it shows  "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\ad3b0a15.jdb" does not update the clients or the other server at all.

Placing JDB in outbox folder  wil not work.

================================================

SOLUTION
Douglas86's picture

Got it. I learned a very valuable 6 hour lesson today. Thank you so much for the help. I hope if someone runs into this issue they can find this thread.