Video Screencast Help

Virus Definitions from a file

Created: 07 May 2010 | 7 comments

Hi guys,

In our environment we have networks that don't have an Internet connection, and we're planning to protect them with SEP.

Since the servers hosting the SEPM will never have Internet connectivity, how can they be updated with new definitions?
We don't care so much about the update intervals (updating the definitions once a month is acceptable for us)

With the solution we're using now (Kaspersky) we send a CD-ROM to those remote/secure sites with the definition files, the admin on site copy/overwrites the files in the respective folder and it works great.

Can we do something similar with SEPM?  If the answer is yes, can you tell me how?

Thank you,

Comments 7 CommentsJump to latest comment

MIKA09's picture

Kaspersky antivirus can be updated with a few efort using top ten best antiviruses here you can find a review of the most important antiviruses
good lucklaugh

Mithun Sanghavi's picture


Check the Following KB:

How to update content on a Symantec Endpoint Protection Manager that doesn't have Internet access

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

quickvic's picture

Thanks for the reply guys, updating definitions with a .jdb file is exactly what we need.

Question 1:  Is there a way to revert to previous definitions?
Example:  If I place an older .jdb file in the incoming folder, will it overwrite the existing newer definitions?

Question 2: Once we update a SEPM with the .jdb file it updates all its clients, which is great.  My question is, can a SEPM pull definition updates from another SEPM?
Example: Our environment have one centralized location with dozens of smaller remote sites connected to it, each of the remote sites will have a SEPM server with client computers connected to it, when we perform a definition update we don't want to send the .jdb file to each of the remote sites, we want to update the SEPM server at the centralized location which in turn is going to update all the other SEPMs at the remote sites, is that possible?  If yes, can you tell how?

Thanks again,

Ryan_Dasso's picture

@ Question 1: No... older JDB files will still be processed, but the SEPM only keeps the X latest defs. (X is defined in the SEPM at Admin > Servers > Highlight Local Site > Edit Site Properties > LiveUpdate > Content Revisions)
To revert clients to an older definition, follow KB 2007111515160948

@ Question 2: No... the SEPM updates automatically from LiveUpdate servers only. Based on your description, it sounds like you should check out Group Update Providers (GUPs).

If you can allow your SEPM to connect to another computer that does have Internet access, you can use LiveUpdate Administrator to download and distribute content updates to your SEPM.

AravindKM's picture

Question 1: it is possible to revert to old definition.if you paste a jdb file to incoming folder it will be removed automatically after the processing of that file.This process may take max 5 min.
Question 2: it is possible to send update from one SEPM to other by replication.You have to select replicate liveupdate content and updates for that in the properties of replication partners.there is no other way to get the updates from one SEPM for the other.What is the number of clients in your remote sites if it is not a very huge no, check the possibility of GUP(Group Update Provider) 
Have a look at this KB and article
Symantec Endpoint Protection 11.0 Group Update Provider (GUP)

How much bandwidth is used by a SEP Client in One day ?

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind