Endpoint Protection

 View Only

How-To: Automatically download and install Rapid Updates for SEP Manager 

Mar 31, 2016 12:56 PM

In SEP Manager UI, there is no settings available to set whether the system should download Rapid virus definitions automatically. These definitions can be downloaded manually, The latest Rapid definitions can be installed by downloading and copying to a certain folder manually. Sometimes it might be crucial to automatically install the latest Rapid definitions, e. g. when a fast mutating virus emerges or when a previously unknown virus outbreak happens to meet your systems.

To solve this problem, here is a PowerShell script. On the server, in the Task Scheduler, schedule it to automatically run in a given interval, e. g. every 3 hours. The script checks the Symantec FTP for Rapid definitions, and downloads them if they are newer than the last one downloaded previously. It copies the downloaded definitions into SEPM incoming folder (e. g.: „D:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming”), where SEP Manager automatically detects and installs it. After this, it saves the last definitions name into a simple text file, later used to identify if there were any updates.

If the situation normalizes and the virus attacks fall back to the usual numbers, simply disable the script in Task Scheduler, so the system will only install only the certified definitions again.

 

The script's contents, copy it to your directory of choosing (e.g.: "D:\_scripts"):

$proto='ftp://'

$fqdn='ftp.symantec.com'

$docLibURN='/public/english_us_canada/antivirus_definitions/norton_antivirus/rapidrelease/'

$usr='anonymous'

$pwd='pass'

$dstFolder='D:\_RapidRelease'

$RelVersion =$dstFolder+'\ReleaseVersion.txt'

$TargetFolder='D:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming'

$verinfo = get-content $RelVersion

$verinfolast = $verinfo | sort-object | select-object -last 1

$docList=@{}

$proxy = [System.Net.WebRequest]::GetSystemWebProxy()

$proxy.Credentials = [System.Net.CredentialCache]::DefaultCredentials

$req = [system.Net.WebRequest]::Create($proto+$fqdn+$docLibURN)

$req.Credentials = new-object System.Net.NetworkCredential($usr, $pwd);

#$req.PreAuthenticate = $true

$req.proxy = $proxy

$req.Method = [System.Net.WebRequestMethods+FTP]::ListDirectoryDetails


try {

  $res = $req.GetResponse()

  $sr = [Io.StreamReader]($res.GetResponseStream())

  $webpage = $sr.ReadToEnd()

  $sr.Close()

  $res.Close()

  $weblines=$webpage -split "`r`n|`r|`n"

  switch -regex ($weblines) {

    '.*href="(?<docRelPath>.*\.jdb)".*\>(?<docFolderName>.*)\<.*' {

       $docList[$matches.docFolderName]=$matches.docRelPath

    }

  }


  $webclient = New-Object System.Net.WebClient

  $webclient.Credentials = new-object System.Net.NetworkCredential($usr, $pwd);

  $webclient.proxy = $proxy

  $docList.keys | sort-object | select-object -last 1 | % {

    if ($verinfolast -eq $_)

       {

           write-host ($dstFolder+'\'+$_+' Exists')

       }

       else

       {

        $webclient.DownloadFile($($proto+$fqdn+$docList.Item($_)),$dstFolder+'\'+$_)

        echo $_ >>$RelVersion

        Move-Item $dstFolder\*.jdb $TargetFolder

       }

  }


} catch [System.Net.WebException]  {

    $res = $_.Exception.Response

}

 

Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Aug 19, 2016 04:49 PM

If you are using Symantec Protection Engine can do this without script,

You can schedule Rapid Release updates to occur automatically at a specified time interval to ensure that Symantec Protection Engine always has the most current definitions. Scheduled Rapid Release updates are disabled by default. To receive automatic Rapid Release updates, you must enable and schedule Rapid Release. When Rapid Release is scheduled, Rapid Release runs at the specified time interval that you select.

Reference: Configuring Rapid Release updates to occur automatically

http://www.symantec.com/docs/HOWTO79715

Apr 07, 2016 10:09 AM

Very handy, thanks for sharing.

But one thing to be aware is that this Rapid definitions are not 100% fully tested, just a basic test. So you may find some applications being picked up incorrectly as viruses.

So something to be aware of. But this is a good tool. :)

Related Entries and Links

No Related Resource entered.