There is an alternative to downloading .JDB files and manually dropping them on a Symantec Endpoint Protection Manager (SEPM) to update virus definitions inside an isolated network with no outside connection.

This method may be used to allow a SEPM or Unmanaged Symantec Endpoint Protection (SEP) clients to download and process definition content, including Virus and Spyware, SONAR, and Intrusion Prevention signatures with minimal intervention required.

Initial configuration:

1. Install and Configure the source LUA following the install steps in KB Install and configure LiveUpdate Administrator.
   • Use the default product distribution center.
   • Make sure you have a download schedule and a distribution schedule set about an hour apart.
      
2. Configure the destination server to host content.
   1. Verify that the destination server has Internet Information Services (IIS) installed with at least the default web site on port 80.
      • Tomcat/Apache is a possible alternative. Adjust file paths accordingly.
   2. Create a folder inside <Drive Letter>:\Inetpub\wwwroot called clu-prod.
   3. Copy an image or a text file to the clu-prod folder and verify that it can be opened through http://<server>/clu-prod/<filename>
      • Note: Failures here may indicate an issue with IUSR and the folder permissions. Change the account or permissions as needed.
   4. For more information, see How to configure a Remote Windows Server as a Distribution Center for LiveUpdate Administrator 2.x content.
       
3. Configure the SEPM to use a local LiveUpdate server. (Unmanaged SEP clients, see step 4.)
   1. Open the Admin page of the SEPM, then click Servers.
   2. Highlight the Local Site (site name) entry.
   3. Click Configure site properties.
   4. Switch to the LiveUpdate tab and edit the schedule as desired.
   5. Click Edit Source Servers...
   6. Select Use a specified internal LiveUpdate server
   7. Click Add and give the server entry a name.
   8. In the url, enter: http://<server>/clu-prod/
   9. Provide a user and password, if required, then click OK three times.
       
4. Configure unmanaged SEP clients to use a local LiveUpdate server. (Skip this step for managed clients.)
   1. In the LUA, create a production Distribution Center that specifies the location of the destination server. 
      (See Adding distribution centers in LiveUpdate Administrator Users Guide.pdf.)
      • This Distribution Center should not have a schedule and the console will show that it is unreachable.
   2. Next, click the Configure tab.
   3. Click Client Settings.
   4. Highlight the destination Distribution Center.
   5. Click Export Windows Settings and save the Settings.Hosts.LiveUpdate file.
   6. If the client does not have access to this LiveUpdate server and you are using your own hosting, updated the settings.hosts.liveupdate file with the IP/path for your server, maintaining formatting. This would be the same path as in step 3h above.
   7. Copy the file to a removable drive and move it to the unmanaged client.
   8. Paste the file in the LiveUpdate folder:
       
      • Symantec Endpoint Protection 14.x:
        
        • <Drive Letter>:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config
           
   9. LiveUpdate can then be manually launched from the SEP client GUI or configure the download schedule from: Change Settings, Client Management - Configure Settings, Scheduled Updates.)
       

Daily Maintenance

1. Copy content from the source LUA to the destination server.
   1. On the source server, copy the <Drive Letter>:\Program Files\Symantec\LiveUpdate Administrator\clu-prod folder to a removable media. (Path may vary slightly by OS.)
   2. On the destination server, copy the contents of the clu-prod folder from the removable media to <Drive Letter>:\Inetpub\wwwroot\clu-prod or your Tomcat/Apache htdocs\clu-prod folder.
       
2. Update the SEPM. (Skip this step for unmanaged clients.)
   1. If there is an already configured LiveUpdate schedule, allow it to update at the next scheduled time. (Default is every 4 hours).
   2. To update immediately:
      1. Open the Admin page of the SEPM, then click Servers.
      2. Highlight the Local Site (site name) entry.
      3. Click "Download LiveUpdate Content", then click Download on the popup window.