Symantec security products include an extensive database of attack signatures. An attack signature is a unique arrangement of information that can be used to identify an attacker's attempt to exploit a known operating system or application vulnerability.
Attack Signature updates are exclusive to LiveUpdate
Behavioral-based protection that protects against zero-day threats and threats not seen before. Unlike other heuristic-based technologies, TruScan™ Proactive Threat Scan scores both the good and bad behavior of unknown applications, providing a more accurate malware detection.
Proactive Threat Protection updates are exclusive to LiveUpdate.
LiveUpdate is the most trusted way of updating virus definitions. Each set is fully tested and certified by Quality Assurance. Certified Multiple Daily LiveUpdate is published several times a day and is the best protection from fast moving threats.
Customers with the newest versions of Symantec antivirus software can have Multiple Daily LiveUpdate definitions delivered automatically. Check with your product documentation to see if your product can use Multiple Daily LiveUpdate.
LiveUpdate is the most trusted way of updating virus definitions. Each set is fully tested and certified by Quality Assurance. Certified Daily LiveUpdate is normally published once daily, but may be published several times in a single day in response to emerging threats.
Customers with the older versions of Symantec antivirus software are limited to Daily LiveUpdate definitions. Check with your product documentation to see if your product uses Daily LiveUpdate.
LiveUpdate is the most trusted way of updating virus definitions. Each set is fully tested and certified by Quality Assurance. Certified Weekly LiveUpdate definitions are usually published on Wednesday, but may be published several times in a single week in response to emerging threats.
All supported Symantec products use either Daily LiveUpdate or Multiple Daily LiveUpdate. Check with your product documentation to see if your product is limited to Weekly LiveUpdate. If your product is unable to use Daily or Multiple Daily LiveUpdate you may need to consider upgrading to a newer product.
Intelligent Updater virus definitions are fully tested and certified by Quality Assurance. The Intelligent Updater is an alternate delivery method for certified daily definitions, which consists of an executable file that can be downloaded and run manually.
Intelligent Updater Definitions can be obtained here: http://www.symantec.com/avcenter/download/pages/US-SAVCE.html
Rapid release virus definitions have undergone basic quality assurance testing by Symantec Security Response. The primary focus of these detection signatures is the rapid detection of newly emerging threats. While Symantec Security Response makes every effort to ensure that all virus definitions function correctly, you should understand that Rapid Release virus definitions may pose some risks such as a higher potential for false positives. Rapid release definitions are most useful for perimeter defenses or for all protection tiers as a means of mitigating fast-spreading virus outbreaks. These signatures are released once or twice per hour.
Rapid Release Definitions can be obtained here: http://www.symantec.com/avcenter/rapidrelease.download.html
All new detections are compiled into Rapid Release virus definitions as they are created. These definitions are released many times a day and represent the most current virus definitions available. Although these signatures go through a battery of tests, they do not go through the full Quality Assurance process that Daily Certified, Weekly Certified, and Intelligent Updater definitions go through. Using Rapid Release virus definitions may pose some risks, such as a higher potential for false positives.
On an Email or Gateway server, where false positives prove little or no risk.
On servers and workstations during a virus emergency, when Certified LiveUpdate definitions may not be available for the newest threats.
Newer versions of Symantec software are designed to use a combination of Rapid Release and the native Virus Definition Transport Method (VDTM) more efficiently than earlier versions. For more information, read Clients receive very large updates after updating Symantec AntiVirus Corporate Edition clients and servers with Rapid Release definitions.