Endpoint Protection

HI ,

How can i update definition file of symantec co porate edition av server .

Hi zubair,

You can with LiveUpdate Administration Utility.

download the xdb files from symantec

Symantec Antivirus Server installations on Windows platforms (32-bit)

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce

Hi ZCW,

Is this one stand-alone server?  Or are there several?  And what version?

If it is updating from the internet or an internal LU server (LUAU 1.x or LUA 2.x) then LiveUpdate via HTTP or FTP will do.

If there is anotehr SAV server on the network, updates can automatically be dsitributed by a technology called VDTM.  Please supply some details and the forum community members will better be able to help you.

Final recommendation: do make sur ethat you are runnign SAV 10.1 MR10.  Earlier versions have known vulnerabilities.

Thanks and best regards,

Mick

After copying the file on the AV server we have to directly run it will update the definition on the server and to the client system also . Please revert

To download an .xdb file from Symantec

1. Go to the "xdb folder" at the following Symantec FTP site:
   ftp://ftp.symantec.com/AVDEFS/norton_antivirus/xdb/
   
   Note: You can also find the file from the following location:
   "Symantec Security Response Virus Definitions Download Page.." at:
   http://securityresponse.symantec.com/avcenter/defs.download.html
    
2. Click the .xdb file with the latest date, and select Save to disk from the dialog box.
3. If the .xdb file downloads with a .zip extension, remove the .zip extension by renaming the file.
   The file name should be similar to the following:
   vd12bc02.xdb
4. Copy the ".xdb" file to the correct location, depending on the type of installation:
   • For NetWare servers, the default location is SYS:SAV.
   • For Windows computers, the default location is C:\Program Files\SAV or C:\Program Files\SAV\Symantec AntiVirus.
     For help with this, read the "To find the Symantec AntiVirus program folder on a Symantec AntiVirus or Symantec Client Security server" section in the Technical Information section of this document.
   • For clients, the default location is C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\.
     The "Application Data" folder may be hidden. To show hidden and system folders, read the document:
     
     "How to make Windows show all files." at:
     http://service1.symantec.com/support/tsgeninfo.nsf/docid/2002092715262339

Note: This method does not apply for 64-bit versions of the client

Dear Team ,

My customer is using symantec corporate edition 10.1..5 scanengine 71.4.0.15 . ineed to clean from client system . What is the practice i need to carry down for cleaning client system . Please reply

cleaning?

definition cleaning or removing the product from the machine?

Dear Team ,

How can i update the latest definition on the client system which have SEP client install and unmanaged .

Cleaning the viruses from the systems . And also found that server is not getting updated after installing the latest definition files . Please advice .

If you are finding your systems are infected there are a few utilities you can run.

I would start with downloading the latest Rapid Release definitions.

One you have the new defs, boot into safe mode and running a Disk Cleanup (right-click the C drive, Properties, Disk Cleanup) - that will delete all the files that are in these temporary locations, as well as IE's temporary files, etc. Perform a full system scan in safe mode.

If that fails to detect and remove the threats, try running the Power Eraser tool. The Power Eraser Tool eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect.

Power Eraser tool –

http://security.symantec.com/nbrt/npe.asp?lcid=1033&origin=default

You can also run the Load Point Anaylsis Tool, this is found in the SEP support tool.

How to use the Load Point Analysis within the Symantec Support Tool to help locate suspicious files http://www.symantec.com/business/support/index?page=content&id=TECH141402

Rapid Release Virus Definitions –

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr

Keep us posted on your situation.

Delete all the TMP XDB, VDB  , JDB files and folders from /7.5 folder and VirusDefs folder then Paste the XDB files in the 7.5 folder and restart Symantec Antivirus and Symantec Antivirus definition watcher service.

Dear Team ,

My network is effected with download.b virus and i upadte the latest definition and scan with the removal tool and from syamntec download.b and installed ms patch ms08-067 .  But still systems are getting viruses found and its clean and delete . Please suggest what are the more remedies can we take to remove this virus permanently . Also all the system are critical cant bring in safe mode and scan . Kindly suggest what are remedies should i take to stop spreading on the network .

let know the URL is helpful!

http://www.symantec.com/business/support/index?page=content&id=TECH93179&locale=en_US

Here is another good KB worth reading.

Security Best Practices for Protecting a Business Environment from Common Threats

http://www.symantec.com/business/support/index?page=content&id=TECH105236&actp=search&viewlocale=en_US&searchid=1297781483653

First you need to find out attacking machines by either Risk Tracer or Netlogon Debugging or using Nmap.

Then clean those machines. Disable Task Scheduler. Patch all machines with Latest security Patches.

Check this article

https://www-secure.symantec.com/connect/articles/best-practice-downadupb-and-additional-information-same

Dear Pete ,

I had installed the ms patch and still client system keep on poping download.b virus how to block pop up and scan with d.exe removal tool it shows no virus found . Please suggest . And want to tell my client doesnt have the av installed on the few system . It is because that it is attacking by some of that sytem .

it menas it is from the system in the network that broadcasting the threat.

as mentioned in forum enable the risktracer on the system to know the source. Once detected remove the system from network and take the necessary action.

also you can enable sniffer like tool on the syetm to know the traffic.

Dear pete,

After runing risk tracer where did the logs files get save so i can get the system info which is broadcasting

i can't use the endpoint 11.0.3 deployment on windows 7.what can i do ? or which symantec version works on win7 operation system

Use 11.0.6100.645

> Use 11.0.6100.645

I recommend SEP 11 RU6 MP2, which is the latest release currently available.

Thanks and best regards,

Mick