Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

A Tool for Remote Deployment of AntiVirus/Antispyware, IPS and IDS Definitions

Created: 09 Mar 2011 • Updated: 15 Mar 2011 | 10 comments
Mithun Sanghavi's picture
27 Agree
1 Disagree
+26 28 Votes
Login to vote

Hello,

Sometimes many computers on the network are not updating AntiVirus / Antispyware, IPS and IDS Definitions, in these cases, it becomes difficult to go to each Machine and Either Run an Intelligent Updater OR Run a Rx4DefsSEP Utility locally on the machines to get the definitions updated.

We found that there is an Article TECH104779 in regards to "How to deploy the Symantec Endpoint Protection (SEP) client Release Update 5 or later with current virus definitions and intrusion prevention signatures", suggests long steps to perform to deploy the package with current virus definitions and intrusion prevention signatures.

I would suggest Symantec to create a Tool which could help deploy the AntiVirus / Antispyware, IPS and IDS Definitions remotely either via Symantec Endpoint Protection Manager server or from any computer.

1) Tool should not only Remote Install the Definitions but also Repair the Corrupt definitions, in case.

2) The Tool should also help a new User to Download the relevant .jdb file, and incase, if the new user does not know how to update the Symantec Endpoint Protection Manager should help with the same.

3) Tool can take all the relevant Data from Symantec Endpoint Protection Manager.

 

 

Comments 10 CommentsJump to latest comment

ed16's picture

I agree.  It's silly that we you create an install package today, it doesn't include the most recent defintions automatically.  Why wouldn't it?  Isn't this version 11 of the product?  You'd think it would be mature enough to start with the most recent definitions and continue to be able to update them remotely without issue.  Isn't that the bread and butter of an antivirus solution?

0
Login to vote
josh_symc's picture

You can include latest defs today, but is manual per the KB referenced. In 12.1 this is availble in the UI upon export of a client package. There is improved corrupt definition repair in 12.1 as well:

 

–Components unable to load their content can request content repair
–Content repair will attempt to reapply content either from SEPM or via LiveUpdate
–AV, BASH and CIDS plugins will request content repair if needed
–Occurs in the background without user interaction
-12.1 content is silo'd and not shared with other Symc prods
-more efficient LiveUpdate Engine, more efficient content updates, more reliable.
-add content upon package creation in UI
 
 
I highly suggest checking out the 12.1 beta as much of what is being asked here is in 12.1:
 
0
Login to vote
shri1's picture

Yes, I agree what you are saying, there are so many thing they should considered.

0
Login to vote
Soi-Soi's picture

I also agree to you Mr. Mithun. As per my experience, It is also additional points if you have a all-in-1 tools so that symantec will become more helpful and just like what peoples say "Users Friendly". Maybe In the near future this tool will be discover by them. It will make our work easy.

 Soi    Soi    Soi    Soi                &nbsp

0
Login to vote
roger2011's picture

iam experiencing the same issue as well, any update on this tool?

0
Login to vote
cus000's picture

Is this fixed in SEP 12.1?

Seems happening in RU6 MP2

0
Login to vote
Elisha's picture

This tool is not needed with SEP 12.1 since you can add the latest defintions to a package directly using the SEPM console.

0
Login to vote
cus000's picture

Hi Elisha,

 

You mean we can remotely fix corrupt definition via console in 12.1 ?

 

Thanks.

0
Login to vote
Elisha's picture

No, SEPM cannot remotely fix corrupt defs.  But SEPM can push packages with the latest defs so you don't need to update the packages manually.

0
Login to vote
Mick2009's picture

Good news for supporters of this proposed enhancement request!

SONAR and IPS Intelligent updater (IU) are now available on :

http://www.symantec.com/security_response/definitions.jsp

NOTE: These SONAR and IPS Intelligent updater are only for SEP 12.1 RU3.

For more infromation, please see Latest Symantec Endpoint Protection Released - SEP 12.1.RU3

With thanks and best regards,

Mick

0
Login to vote