Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SONAR and IPS intelligent updater (IU) support

Created: 13 Jun 2013 • Updated: 16 Jun 2013 | 14 comments
This issue has been solved. See solution.

Hi

I want to know how exactly this features works, is there any new way of downloading updates?

Operating Systems:

Comments 14 CommentsJump to latest comment

Ambesh_444's picture

Hello,

SONAR is a real-time protection that detects potentially malicious applications when they run on your computers. SONAR provides "zero-day" protection because it detects threats before traditional virus and spyware detection definitions have been created to address the threats.

SONAR uses heuristics as well as reputation data to detect emerging and unknown threats. SONAR provides an additional level of protection on your client computers and complements your existing Virus and Spyware Protection, intrusion prevention, and firewall protection.

SONAR uses a heuristics system that leverages Symantec's online intelligence network with proactive local monitoring on your client computers to detect emerging threats. SONAR also detects changes or behavior on your client computers that you should monitor.

Reference: http://www.symantec.com/docs/HOWTO81392

Hope that helps!!

IPS:-

Intelligent Updater is an exe file which is generated by Symantec (most probably everyday) which contains the latest virus and web protection definitions. And it cannot contain the product updates. Once you have exe in your machine you have to run and it would get synced with theantivirus definitions in the product

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

SMLatCST's picture

AFAIK, you';re meant to be able to download these from the Intelligent updater site the same way you do with AV Defs and the JDB files

http://www.symantec.com/docs/TECH102607

The problem I see is that I can't see a download link for the PTP and NTP defs, nor can I see SEP12.1RU3 in the product list on the below site:

http://www.symantec.com/security_response/definitions.jsp

I suspect it's not been updated to allow downloads of the PTP and NTP defs yet

James-x's picture

Your understanding is correct.

The product supports this functionality at this point. The website should be updated with the relevant downloads for 12.1.3 soon. Perhaps as early as next week, although I'm not in a position to commit to that.

James

The Symantec Endpoint Protection Knowledgebase

Please remember to mark the post which resolved your issue as the solution!

Jwelina's picture

Hi,

SONAR is a real-time protection that detects potentially malicious applications when they run on your computers. SONAR provides "zero-day" protection because it detects threats before traditional virus and spyware detection definitions have been created to address the threats.

SONAR uses heuristics as well as reputation data to detect emerging and unknown threats. SONAR provides an additional level of protection on your client computers and complement your existing Virus and Spyware Protection, intrusion prevention, and firewall protection.

Legacy clients do not support SONAR; however, legacy clients use TruScan proactive threat scans to provide protection against zero-day threats. TruScan proactive threat scans run periodically rather than in real time.

Go through the following helpful articles:

About SONAR

http://www.symantec.com/business/support/index?pag...

Managing SONAR

http://www.symantec.com/business/support/index?pag...

Ashish-Sharma's picture

Hi,

SONAR and IPS Defination you can update only (LUA /SEP live update).If you have update manually (JDB) NTP and PTP defination will not update.

Some of artical already provided above comments

Thanks In Advance

Ashish Sharma

Chetan Savade's picture

Hi,

Thank you for posting in Symantec community

I would be glad to answer your question.

In SEP 12.1 RU3 We have now added support for Intelligent Updater to provide content for Proactive Threat Protection and Network Threat Protection. You can download this content for Symantec Endpoint Protection 12.1.3 from the Symantec Security Response website:
http://www.symantec.com/security_response/definitions.jsp
 
Refer the SEP 12.1 RU3 releas notes for more details:
 
SONAR is a real-time protection that detects potentially malicious applications when they run on your computers. SONAR provides "zero-day" protection because it detects threats before traditional virus and spyware detection definitions have been created to address the threats.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Brɨan's picture

It doesn't appear they can be downloaded yet. It simply states for NTP and PTP, "Download: Content is downloaded by your product via LiveUpdate."

So some further clarification is needed on how to handle this. This is a great new addition and much needed, but how do we download them? What are we missing here?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SMLatCST's picture

Like I said in my post earlier, I reckon they've just not updated the site yet.

I would personally expect to see a new product option to be listed for SEP12.1RU3 in the drop-down list, but you can never tell can you? wink

Brɨan's picture

Agreed but why make it public if it's not available yet. I would be ok with a "coming soon" tag on it.

I've got techs around the world asking about it since they know it's now possible to update all three.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

James-x's picture

Hi Brian81,

Sorry for the confusion.

The website (http://www.symantec.com/security_response/definiti...) hasn't been updated with the new downloads for 12.1.3 (RU3) yet. This should go live soon, possibly as soon as next week, although I'm not in a position to commit to this timeframe.

James

EDIT: The new Intelligent Updater packages are now available at: http://www.symantec.com/security_response/definiti... Select the product "Symantec Endpoint Protection 12.1.3" to download them.

The Symantec Endpoint Protection Knowledgebase

Please remember to mark the post which resolved your issue as the solution!

SOLUTION
Chetan Savade's picture

Thanks for the update James.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Mithun Sanghavi's picture

Hello,

Let me check with the correct authority and come back to you on this.

Check this thread with similar issue:

https://www-secure.symantec.com/connect/forums/intelligent-updater-sonar-and-ips

Hope that helps!!

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Ambesh_444's picture

Hi,

Please let me know if any more help required.

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

Mithun Sanghavi's picture

Hello All,

SONAR and IPS Intelligent updater (IU) are now available on :

http://www.symantec.com/security_response/definitions.jsp

NOTE: These SONAR and IPS Intelligent updater are only for SEP 12.1 RU3.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.