Endpoint Protection

When I try to update virus definition files (now a month old), Live Update reports all definitions are up to date.  However, the Virus Definitions File version remains at date a month ago. I am concerned that malware is blocking Live Update to prevent detection.

Is the on the client or SEPM?

Have you tried manually updating with JDB file?

How to manually update definitions for a managed Symantec Endpoint Protection Client using the .jdb file

How to update definitions for Symantec Endpoint Protection Manager (SEPM) using a .jdb file

Hello,

What version of SEP are you running? Is that SEP 11.x OR SEP 12.1?

Update the definitions via Intelligent updater.

Check these Articles:

How to update virus definitions and other content with Symantec Endpoint Protection and Symantec Network Access Control

http://www.symantec.com/docs/TECH102467

How to update definitions for Symantec Endpoint Protection using the Intelligent Updater

http://www.symantec.com/docs/TECH102606

In case you are running the Latest version of SEP 12.1 RU3, you could update the SONAR and IPS via Intelligent updater.

SONAR and IPS Intelligent updater (IU) are now available on :

http://www.symantec.com/security_response/definitions.jsp

In case, you are facing difficulty with Liveupdate defintions, try troubleshooting article:

Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart

http://www.symantec.com/docs/TECH95790

You may like to check this Downloadable Script to "Script to download Definitions from SEPM"

https://www-secure.symantec.com/connect/downloads/script-update-sep-121-installation-packages

NOTE: This is not provided neither supported by Symantec.

Hope that helps!!

Thanks for the quick comments. Before I try to implement your suggestions, is SEP the same as Symantec Corporate Antivirus (the name of the product installed on my PC)?  I can't find references to Corporate Antivirus on the website.

No, SAV is End of Life which explains why it hasn' updated. You need to move to SEP

It went EOL and no longer receives defs.

End of Life announcement for Symantec AntiVirus Corporate Edition and Symantec Client Security

http://www.symantec.com/docs/TECH178551

Although per this thread, some have received updates

https://www-secure.symantec.com/connect/forums/sym...

But either way, this is EOL and you should move to SEP.

Migrating from Symantec AntiVirus or Symantec Client Security to Symantec Endpoint Protection 12.1 or later

http://www.symantec.com/docs/HOWTO80791

Thank you.  That solves my problem.  Really appreciate the help.

Glad to help. Please don't forget to mark the post that helped as solved to help users in the future who may have the same question.

Hi,

Thank you for posting in Symantec community.

I would also strongly suggest to upgrade to the latest version of SEP.

SEP release details are available here: http://bit.ly/m0vOJp

Check this similar thread as well it can give more insight if you have SAV server as well.

https://www-secure.symantec.com/connect/forums/corporate-antivirus-101#comment-9075991

I understand that SAV 10.x is no longer supported but for those that still need definitions, I have a way for your server or stand-alone workstation running SAV 10.x to get updated defs.

Create a folder named “temp” (without quotes) and a folder named “SAV Manual Def Updates” (without quotes) on root of C. If temp folder already exists that’s OK.

Open notepad and copy the following, making sure the line breaks are as shown:

open ftp.symantec.com
anonymous
nobody@spammer.com
cd AVDEFS/norton_antivirus/static
lcd C:\temp
bin
hash
prompt
get navup8.exe
quit

Save the file as “cescript.txt” (without quotes) to C:\SAV Manual Def Updates. When we call the script it will download the master definition file (navup8.exe) from Symantec’s FTP site to C:\temp. Next we will create a batch file that calls the script and extracts the definitions (.xdb) file from navup8.exe, copies it to the local SAV def folder, then deletes navup8.exe when the extraction is complete.

Open a blank notepad file and copy the following, making sure the line breaks are as shown (del /q, etc… is a new line in case it’s hard to tell):

ftp -s:cescript.txt
call "C:\temp\navup8.exe"
move "C:\SAV Manual Def Updates\*.xdb" "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5"
del /q "C:\temp\navup8.exe"

Save the file as “cegetter.bat” (without quotes) to C:\SAV Manual Def Updates.

NOTE: You may need to modify the path the .xdb file gets copied to. This example will work if you have a stand-alone SAV 10 client like I do. You can find the path necessary for you from http://www.symantec.com/business/support/index?page=content&id=TECH100047

Finally, we need to put the batch file on a schedule. Go to Scheduled Tasks in Windows and create a new scheduled task to run the cegetter.bat file. I set mine for Sunday at 10PM. Keep in mind the file is 250MB+ so it may take a while depending on your Internet connection.

Who knows how long this workaround will work since it depends on Symantec’s FTP site and the files they continue to provide but at least you can remain protected for now as you pursue other AV options.

I hope this information is beneficial to some others in the future!

-Mike

"Thumbs up" to the information about SAV 10 going EOL.  To ensure protection of your computers, network and data, I recommend putting SEP 12.1 in place as soon as possible.

Upgrading or migrating to Symantec Endpoint Protection (SEP) 12.1
http://www.symantec.com/docs/TECH163602