Endpoint Protection

 View Only

  • 1.  SONAR Definitions on Symantec Website don't match.

    Posted Sep 24, 2013 04:22 PM

    Since the majority of machines at our site are now up to 12.1.3, I have been asked to start downloading the SONAR Definitions from here: http://www.symantec.com/security_response/definitions.jsp?pid=sep1213 on a daily basis (yes, I realize that they are not updated daily). As I look at this link today: http://www.symantec.com/security_response/definitions.jsp?pid=sep1213 I see the current SONAR definitions to be the following:

    LevelOneSonar.jpg

    But when I click on the "Definitions" link, I see that the version dates do not match by almost a month.

    LevelTwoSonar.jpg

    Is this common? I would assume that the webpage versions should match. No?

    Any suggestions would be great...or if someone has the FTP site to grab the *-SONAR_IU_SEP.exe file directly, that would be even better.

    Thanks for your time,

    -Mike

     



  • 2.  RE: SONAR Definitions on Symantec Website don't match.

    Posted Sep 24, 2013 04:36 PM

    The Extended version is the only one you need to be concerned with. That is the date it will show on the client. I don't believe the defs are broken out. They're all in Intelligent Updater file as one.



  • 3.  RE: SONAR Definitions on Symantec Website don't match.

    Posted Sep 24, 2013 05:25 PM

    Hi Brian,

    Thanks for the reply. Yep, I agree...I only need to look at the date on the extended version.

    The problem I have with the two screen shots above (both taken about an hour ago) is that the top level webpage shows the current extended version to be 09/13/13 rev.14, after I click on the "Definitions" link, that next page (where I actually download the file) shows the extended version (creation date?) to be 08/22/13, that is my second screenshot. When I downlowd the .exe, I get old SONAR defs from August, not the September Defs as listed on this page: http://www.symantec.com/security_response/definitions.jsp?pid=sep1213

    Does that make sense? Am I missing something? Or has Symantec just neglected to update their SONAR files?

    Thanks again,

    -Mike

     



  • 4.  RE: SONAR Definitions on Symantec Website don't match.

    Posted Sep 24, 2013 05:38 PM

    Good catch and very interesting as to why. Not sure how their update process works (I assume automatically) but yea it appears to be missing the latest.



  • 5.  RE: SONAR Definitions on Symantec Website don't match.

    Posted Sep 26, 2013 02:19 AM

    I believe the mixup in versions you see on the webpage may have something to do with the SONAR defs roll-back to Sep-13 rev 14 cause of the issue with the newer drivers causing BSODs on XP and 2003:

    Blue screen error in SONAR Driver on Windows XP or Windows 2003 after September 16, 2013 update

    Article:TECH210621  |  Created: 2013-09-17  |  Updated: 2013-09-17  | 

    Article URL http://www.symantec.com/docs/TECH210621

     

    Following this it seems the webpage was not updated yet with the Intelligent Updater for the 13.09 rev 14 defs oor simply the wrong link has been pasted - I am sure the relevant teams will correct this shortly but in case you need those definitions right now please contact the Symantec Support and I am sure colleagues will be able support you with providing the necessary file.