Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SONAR content question on SEPM12.1

Created: 06 Aug 2014 • Updated: 08 Sep 2014 | 4 comments
D-M's picture
This issue has been solved. See solution.


I have a question about SONAR content on SEPM 12.1.

In our environment, we are running SEPM 12.1.2015 with Win7 clients, mostly on client version 11.

On version 11 clients, I am finding that the PTP content is being updated almost daily.

However, on version 12.1 client, the PTP update is not so regular. The last content update was 18/7/2014.

From the SEPM console, in LiveUpdate Downloads, i can see these items:

- SONAR scan whitelist Win64 11.0      (6/8/2014 r3)

- SONAR Heuristic engine 12.1 RU2     (18/7/2014)

So i assume that version 11 clients grap the SONAR whitelist, and version 12.1 clients grabs the Heuristic engine. Is that correct?

If so, why does version 11 content update on daily basis, whereas version 12.1 content not?



Operating Systems:

Comments 4 CommentsJump to latest comment

James007's picture

Sonar content available only SEPM 12.x and symantec not release daily basic Soanr defination.

You can view latest Sonar (PTP) defination date in below URL

Behavior-Based Protection

Behavioral-based protection technology observes actively running threats on your computer and can terminate running programs if they exhibit malicious behaviors; this technology provides proactive protection from entirely new, previously unseen attacks. Also called Proactive Threat Protection.
  • Definitions Released: 7/29/2014
  • Extended Version: 7/18/2014 rev. 13
Sumit G's picture

Both of the file system are different and a lot of changes in the both file system.

So there is not be define that both can release on same days.

PTP for both 11.x and 12.x not be release in daily base.

Behavior-Based Protection looks at the dynamic behavior of malicious activity rather than static characteristics.

11.x last release

Behavior-Based Protection

Extended Version: 8/6/2014 rev. 3

12.x last release

Definitions Released: 7/29/2014

Extended Version: 7/18/2014 rev. 13

You can check it fro there

To know about the both version go through below articles

Symantec Endpoint Protection: About Proactive Threat Protection.

Article:TECH102733  |  Created: 2007-01-25  |  Updated: 2008-01-29  |  Article URL


Article:HOWTO80968  |  Created: 2012-10-24  |  Updated: 2013-10-07  |  Article URL


Sumit G.

.Brian's picture

It shouldn't. You may have something else going on.

Run the symhelp tool on one of the affected clients to see if it points to content corruption.

Download the Symantec Help (SymHelp) diagnostic tool to detect Symantec product issues

Troubleshooting computer issues with the Symantec Help support tool

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

D-M's picture

Thanks Guys.

Got a better understanding now. Looks like it is working normally then.