Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Symantec Endpoint Protection 11 - Live update on a standalone system with dial up

Updated: 21 May 2010 | 7 comments
mak940's picture
mak940
0 0 Votes
Login to vote

Hi,

i have several standalone computers that access the internet through dialup. I've run into a bit of a problem:
When installing Symantec Endpoint Protection 11 on the standalone computers I also manually load on that day's virus definition file (20090808-003-v5i32.exe ) from http://www.symantec.com/business/security_response... from my USB key. This way, when doing LiveUpdate, the update file size isnt enormous, since we connect through dial up.

When doing this, the "Antivirus and antispyware protection"  virus definitions get updated, however even after this, when I click the LiveUpdate button there are still about 4MB of various updates that occur (Shared components, security software, submission control signatures, security

security updates etc...).

Normally this wouldnt be a problem, but because this has to be done through dial up, it takes 15-20 minutes for each computer.

I was wondering if anyone knew where to find the daily / weekly security updates (besides 20090808-003-v5i32.exe ) so that when I click LiveUpdate for the first time when installing Symantec Endpoint Protection, it doesnt take 20 minutes to wait for the updates to complete since most of these updates will have manually been updated. 

Thanks,

discussion Filed Under:
, , , , ,

Comments

Maximilian's picture
08
Aug
2009
0 Votes 0
Login to vote
Maximilian

Hi, You can use the

Hi,
You can use the Intelligent Updater which installs the whole database to the client.

At this link you can download an executable with the whole virus database. It is about 45Mb
http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce

You can then put it on a USB key for initial update and after that enable LiveUpdate.

Here2Help's picture
08
Aug
2009
0 Votes 0
Login to vote
Here2Help
Symantec Employee

Hi, the intelligent updater

Hi, the intelligent updater (exe) only updates the Antivirus and antispyware definitions. The rest of the components still update from the Symantec liveupdate servers via liveupdate.

Also, if you have installed Proactive threat protection and Network threat protection features, the intelligent updater does not update the definitions for these components. They will update only from the Symantec liveupdate servers.

So if you have installed all the features of SEP client, I would suggest you to go with only AV/AS feature. This will restrict the number of updates being pulled down and only the exe file is sufficient to update the AV/AS definitions.

I hope this helps :-)

Regards,
AMOL BHOSALE
SCTS, MCP

Prachand's picture
08
Aug
2009
0 Votes 0
Login to vote
Prachand
Trusted Advisor

20090808-003-v5i32.exe will

20090808-003-v5i32.exe will only update the Antivirus and antispyware definitions. THIS IS BY DESIGN. The rest of the components still update from the Symantec liveupdate servers via liveupdate. Else if you want you can make these client a managed client and then we can create a package from the SEPM that has all the defintions. So they  dont take 20 minutes to wait for the updates to complete . Even if the clients are unmanaged this is possible, but then also we need to have SEPM to create a packge for the standalone clients with the latest defintion.

How to deploy the Symantec Endpoint Protection (SEP) client with current virus definitions and intrusion prevention signatures.

Export a client installation package from the Symantec Endpoint Protection Manager (SEPM) then modify the definition and intrusion prevention signatures included with that package.
 
Creating custom Client Installation packages in the Symantec Endpoint Protection Manager Console
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007110513361348
 
Gather current virus definitions and intrusion prevention signatures
 
1. Navigate to the current virus definitions within the Endpoint Manager content folder. The default path is:
     C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}
 
2. Within the "{C60DC234-65F9-4674-94AE-62158EFCA433}" folder there will be several numbered folders. Open the newest of these folders.
    To determine the age of the folders click View, then click Details. The newest folder will have the most recent Date Modified value.
 
3. Copy the file labeled "full.zip" and paste it to the desktop.
    On the desktop, rename the copy from "full.zip" to "vdefhub.zip"
 
4. Navigate to the current intrusion prevention signatures within the Endpoint Manager content folder. The default path is:
    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{D3769926-05B7-4ad1-9DCF-23051EEE78E3}
 
5. Within the "{D3769926-05B7-4ad1-9DCF-23051EEE78E3}" folder there will be several numbered folders. Open the newest of these folders.
    To determine the age of the folders click View, then click Details. The newest folder will have the most recent Date Modified value.
 
6. Copy the file labeled "full.zip" and paste it to the desktop.
     On the desktop, rename the copy from "full.zip" to "IPSDef.zip"
 
NOTE for 64-bit clients: To deploy content to 64-bit clients, use "full.zip" files in the following folders:
 
IPS signatures for 64-bit clients:
{42B17E5E-4E9D-4157-88CB-966FB4985928}
 
Virus Definitions for 64-bit clients:
{1CD85198-26C6-4bac-8C72-5D34B025DE35}
 
 
Export a client installation package
 
Export a client installation package that is not a single executable.
 
To export a client installation package please refer to the following document:
Creating custom Client Installation packages in the Symantec Endpoint Protection Manager Console
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007110513361348
 
Navigate to the exported package.
Replace vdefhub.zip and IPSDef.zip within the exported package folder with the ones created above.
 
Clients deployed using this package will install with the modified virus definition and intrusion prevention signatures.
 
To create a self extracting executable package
 
To make the up-to-date package created above into a single executable file.
 
Navigate to the exported package with up to date definitions created in the steps above.
Archive the contents of the exported package using the zip archive format.
For Operating Systems that have an integrated zip utility (Windows XP/2003/Vista/2008):
Click Edit then Select All
Click File > Sent To > Compressed (zipped) Folder
Name the archive "input.zip"
Move the input.zip file to C:\
Open a command prompt and navigate to the following directory:
      For Windows 32-bit operating systems type: cd C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\
      For Windows 64-bit operating systems type: cd C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\
Enter the following command:
makesfx.exe /zip="c:\input.zip" /sfx="output.exe" /title="Symantec Endpoint Protection" /defaultpath="$temp$\sepinst" /autoextract /delete /exec="setup.exe"
Once the command is complete the output.exe will be available at the path in step six and will run the installer when executed. (For more information on command line switches for MakeSFX.exe type "makesfx.exe /?" at the command prompt)

Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)

mak940's picture
10
Aug
2009
0 Votes 0
Login to vote
mak940

Thanks everyone for your

Thanks everyone for your help. Prachand, I will try your procedure as we would like our unmanaged clients to have all the latest updated files/components besides the AV and AS definitions.

mak940's picture
10
Aug
2009
0 Votes 0
Login to vote
mak940

Hi Prakash, I don't have

Hi Prakash, I don't have SEP Manager. Would there be another way to grab the latest components/definition files?

Prachand's picture
11
Aug
2009
0 Votes 0
Login to vote
Prachand
Trusted Advisor

If there is no SEPM then this

If there is no SEPM then this will not be possible as the .exe file will only update the AV and AVS  .This is by design.

Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)

Jay Pawaskar's picture
15
Sep
2009
0 Votes 0
Login to vote
Jay Pawaskar

Hi Prachand, Thanks a lot for

Hi Prachand,

Thanks a lot for this very useful information.

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,918