Endpoint Protection

Hello,

I needed to install Symantec Endpoint Protection v12.1 on an isolated network server.  This server (and the netwrok) does not and will not touch the internet in any shape or form.  I have contractors and other personnel that connect their laptops to this isolated network and because of this I must install an anti-virus server (and anti-virus on the clients and other servers in this network) as per company policy.  I have already removed Endpoint version 10.1 since it is EOL.  What I was given to use is Symantec Endpoint Protection v12.1 as the replacement. 

1st question is; how do I stop the Symantec Endpoint Protection v12.1 Manager from wanting to do a live update?

2nd question is; where do I place the anti-virus definisions I download from the internet on the Management Server?  (Or should I download the CM-XXXXXX-savjdb.exe instead??)

On Symantec Endpoint Protection v10.1 there was a folder location for me to place these definision files and the server would do the rest.  I don't see one in the 1045 page manual for Symantec Endpoint Protection v12.1 Implementation Guide!!  Nor does it tell me how to answer my 1st question either.  (Or is it buried somewhere and I can't find it!)

Any help solving both questions would be greatly appreciated.  Thank you.

v/r

Tom

1st question is; how do I stop the Symantec Endpoint Protection v12.1 Manager from wanting to do a live update?

Since it does not connect to Symantec Liveupdate even running LIveupdate will not help as it will not getthe updates.

2nd question is; where do I place the anti-virus definisions I download from the internet on the Management Server?  (Or should I download the CM-XXXXXX-savjdb.exe instead??)

 you can download the jdb file and update SEPM

How to update definitions for Symantec Endpoint Protection Manager using a JDB file
http://symantec.com/docs/TECH102607
 

or you can install internal LU administrator and configure SEPM to get the updates.

Thanks, Pete for the reply, I have an identical scenario to Tom and following the instructions you give I've been able to update SEPM using a JDB file.

Regarding the 1st question, SEPM keeps attempting to make live updates and since the network is not connected to internet it keeps giving errors in spite of having the updated definitions. How can I keep SEPM from attempting to connect to a LiveUpdate server?

Thanks for your help,

Ralph

Why not disable the Live Update service?

Since you are not using Live Update either way and are updating using JDB files.

Thanks for the fast response, 

- Do I disable it from the Computer Management Console? SEPM is installed on a pc running Windows XP SP3.

- After it is disabled, how do I change the status in the SEPM console? 

I would do it straight from the MMC or services.msc console.

Set it from manual to disabled.

* * * * *

What status do you want to change in the SEPM console?

Hi Tom,

I really would not recommend relying on .jdb's as a permanent solution.  JDB's contain traditional AV definitions, but that is all.  There's no IPS definitions, updates for the heuristic components, etc is a .JDB.  That means you'll realy be using outdated components or  jst AV alone, which is liek fighting with one arm tied behind your back.

It is possible to download all the SEPM definitions types using LiveUpdate Administrator 2.x, then copy them over to the isolated network via USB.  The SEPM can be configured to run and retrieve those updates from a location on the isolated network.  Here's an article with more info:

Updating downloads in an internal LiveUpdate Administrator 2.x Server using the downloads from an external LiveUpdate Server

Article: TECH106254

Article URL http://www.symantec.com/docs/TECH106254

This solution does require establishing a LUA server on an internet-facing machine, but will result in much more comprehensive protection for all the clients on that isolated network.

Hope this helps!

Thanks

****

The 'security status' and the 'endpoint status' that appear on the home dashboard