Types of virus definitions available for download

Network Threat Protection Attack Signatures

Symantec security products include an extensive database of attack signatures. An attack signature is a unique arrangement of information that can be used to identify an attacker's attempt to exploit a known operating system or application vulnerability.

Attack Signature updates are exclusive to LiveUpdate

TruScan Proactive Threat Protection Updates

Behavioral-based protection that protects against zero-day threats and threats not seen before. Unlike other heuristic-based technologies, TruScan™ Proactive Threat Scan scores both the good and bad behavior of unknown applications, providing a more accurate malware detection.

Proactive Threat Protection updates are exclusive to LiveUpdate.

Virus Definitions

Certified Multiple Daily LiveUpdate

LiveUpdate is the most trusted way of updating virus definitions. Each set is fully tested and certified by Quality Assurance. Certified Multiple Daily LiveUpdate is published several times a day and is the best protection from fast moving threats.

Customers with the newest versions of Symantec antivirus software can have Multiple Daily LiveUpdate definitions delivered automatically. Check with your product documentation to see if your product can use Multiple Daily LiveUpdate.

Certified Daily LiveUpdate

LiveUpdate is the most trusted way of updating virus definitions. Each set is fully tested and certified by Quality Assurance. Certified Daily LiveUpdate is normally published once daily, but may be published several times in a single day in response to emerging threats.

Customers with the older versions of Symantec antivirus software are limited to Daily LiveUpdate definitions. Check with your product documentation to see if your product uses Daily LiveUpdate.

Certified Weekly LiveUpdate

LiveUpdate is the most trusted way of updating virus definitions. Each set is fully tested and certified by Quality Assurance. Certified Weekly LiveUpdate definitions are usually published on Wednesday, but may be published several times in a single week in response to emerging threats.

All supported Symantec products use either Daily LiveUpdate or Multiple Daily LiveUpdate. Check with your product documentation to see if your product is limited to Weekly LiveUpdate. If your product is unable to use Daily or Multiple Daily LiveUpdate you may need to consider upgrading to a newer product.

Certified Daily Intelligent Updater

Intelligent Updater virus definitions are fully tested and certified by Quality Assurance. The Intelligent Updater is an alternate delivery method for certified daily definitions, which consists of an executable file that can be downloaded and run manually.

Intelligent Updater Definitions can be obtained here: http://www.symantec.com/avcenter/download/pages/US-SAVCE.html

Rapid Release

Rapid release virus definitions have undergone basic quality assurance testing by Symantec Security Response. The primary focus of these detection signatures is the rapid detection of newly emerging threats. While Symantec Security Response makes every effort to ensure that all virus definitions function correctly, you should understand that Rapid Release virus definitions may pose some risks such as a higher potential for false positives. Rapid release definitions are most useful for perimeter defenses or for all protection tiers as a means of mitigating fast-spreading virus outbreaks. These signatures are released once or twice per hour.

Rapid Release Definitions can be obtained here: http://www.symantec.com/avcenter/rapidrelease.download.html

Primary differences between Rapid Release Definitions and other virus definitions

All new detections are compiled into Rapid Release virus definitions as they are created. These definitions are released many times a day and represent the most current virus definitions available. Although these signatures go through a battery of tests, they do not go through the full Quality Assurance process that Daily Certified, Weekly Certified, and Intelligent Updater definitions go through. Using Rapid Release virus definitions may pose some risks, such as a higher potential for false positives.

Symantec recommends using Rapid Release virus definitions in the following circumstances:

On an Email or Gateway server, where false positives prove little or no risk.

On servers and workstations during a virus emergency, when Certified LiveUpdate definitions may not be available for the newest threats.

Important Note for users of Symantec Antivirus Version 10.1.3 and earlier

Newer versions of Symantec software are designed to use a combination of Rapid Release and the native Virus Definition Transport Method (VDTM) more efficiently than earlier versions. For more information, read Clients receive very large updates after updating Symantec AntiVirus Corporate Edition clients and servers with Rapid Release definitions.