Note: This article is no longer being updated. The following article replaces it. Update your links or bookmarks to:
How to update content and definitions on the clients
Learn how to update Symantec Endpoint Protection (SEP) with the latest virus definitions and other content updates.
For protection against the latest threats, it is important that antivirus definitions, IPS signatures, and other content is always up-to-date.
The methods for configuring an environment's update architecture include:
The best method depends on the number of clients, amount of bandwidth available, and ability of the computers to connect to Symantec's Internet-based LiveUpdate source servers.
Configure a site to download updates (default, best practice)
The default behavior and best practice in most cases is to configure sites to download updates from the Symantec LiveUpdate server. When you configure a site to download updates, one or more management servers download the updates—called Symantec Endpoint Protection Manager (SEPM)—and places the updates in the database. The Endpoint Protection Manager then uses these definitions to distribute updates to clients.
In most Symantec Endpoint Protection (SEP) deployments, the Endpoint Protection Manager will download and distribute materials to all of its Windows clients efficiently.
For more information, see How to update content and definitions on the clients and Downloading content from LiveUpdate to the Endpoint Protection Manager.
Configure the Endpoint Protection Manager server to run LiveUpdate from an internal server
In certain environments, you may want to download updates from an internal LiveUpdate server rather than obtain updates from the Internet source servers.
LiveUpdate Administrator 2.x may be preferable in:
- High-security "air-locked" environments
- Environments with many different Symantec products
- On corporate networks where all updates must be tested before widespread deployment
- Environments with 10,000 endpoints or more
- Environments with many Macintosh or Linux clients
These clients cannot receive definitions directly from the Endpoint Protection Manager, and must download either from internal or external LiveUpdate source servers or through configuring the Endpoint Protection Manager server to act as a reverse proxy. See Enabling Mac and Linux clients to download LiveUpdate content using the Apache web server as a reverse proxy
For additional cases to use LiveUpdate Administrator see the following:
- When to use LiveUpdate Administrator
- LiveUpdate Administrator best practices
- A Helpful LiveUpdate Administrator 2.x Analogy
Site replication and content updates
If you configure sites on your network for replication from another site, you can configure content updates (for example, Virus and Spyware Definitions) in the database of the primary site to replicate as part of the database. In this case, you only need to configure updates on the primary site.
If you choose to use product updates as well as content updates, you should not replicate product updates between sites because these updates can be quite large, and one exists for every language that you select. For more information, please see Setting up sites and replication and Specifying which data to replicate.
Update definitions for the manager using a JDB file
If an Endpoint Protection Manager cannot run LiveUpdate or has no access to Internet or internal source servers, you can update the server's Virus and Spyware Protection (antivirus) definitions by manually applying a file that you make for this purpose. For details, see Download .jdb files to update definitions for Endpoint Protection Manager.
Note: The .jdb file only contains Virus and Spyware Protection definitions and does not provide updated content for the firewall or other features for Endpoint Protection clients.
For information on how updates occur on Endpoint Protection client computers, please see Choose a distribution method to update content on clients.
Configure how groups of clients download updates
To configure the behavior of a client group, use LiveUpdate client policies, which you create in the Endpoint Protection Manager. The two kinds of LiveUpdate client policies include LiveUpdate Settings policies, and LiveUpdate Content policies.
The following table shows what each type of policy controls, and to what products each applies:
|Policy type||Controls||Applies to|
View and change the LiveUpdate Content policy that is applied to a client group
The Endpoint Protection Manager applies LiveUpdate Content policies to groups and to all locations in groups. Therefore, the policy does not appear with other policies under locations in the console.
To view and change the LiveUpdate Content policy that is applied to a group
- In the console, click Policies > LiveUpdate.
- Create at least two LiveUpdate Content policies.
- Apply one of the policies to a group.
- Click the Clients tab, and then click the group that you want to view.
- While still on the Clients tab, in the right pane, click Policies, and under Location-independent Policies and Settings, under Settings, click LiveUpdate Content Policy Settings.
- From the drop-down menu, specify the LiveUpdate Content Policy to use for the group, and then click OK.
Group Update Providers (GUPs)
When you create a LiveUpdate Settings policy, you have the option of specifying a Group Update Provider (GUP). The Group Update Provider provides updates to clients in the group, and any subgroups that inherit policies as set on the Clients tab. If you have clients in a group at a remote location that have bandwidth issues over the WAN, make a client in the group the Group Update Provider.
The Group Update Provider must be a member of the group to which it provides updates. The Group Update Provider also lets you offload processing power from the Endpoint Protection Manager if you need that option.
When you configure a Group Update Provider, you specify a host name or IP address and a TCP port number. The default TCP port number is 2967, a port that was used in Symantec AntiVirus 10.x and Symantec Client Security 3.x network communications.
If your Group Update Provider computer receives IP addresses with DHCP, you should either assign a static IP address to the computer, or type the host name. If your Group Update Provider computer is at a remote location, and if that remote location uses network address translation (NAT), type the host name.
For more information on GUPs, see:
Third-party management refers to the management of Endpoint Protection client content updates using a distribution mechanism other than the Endpoint Protection Manager. An Endpoint Protection Manager is still required to download and package content from LiveUpdate, as well as for generating policy files.
The only thing third-party management replaces is the transfer of policies and content to the Endpoint Protection client. See Using third-party distribution tools to update client computers for details.
If a client is unmanaged (self-managed), or if a LiveUpdate Settings policy for managed clients allows, several options exist for downloading updates on individual clients.
Run LiveUpdate manually
If you configure unmanaged or local clients to allow manual updates using a LiveUpdate Settings policy, the LiveUpdate button is available in the client. Clicking this button launches a utility that downloads the latest content update.
If you configure unmanaged or local clients to allow changes to the LiveUpdate schedule using a LiveUpdate Settings policy, you can configure clients locally to download updates at specific times.
To configure the LiveUpdate schedule, please see How to schedule LiveUpdate on an Unmanaged (self-managed) client
Use Intelligent Updater (IU)
You can update the Virus and Spyware Protection definitions (and Intrusion Prevention (IPS) definitions (Windows only) on managed or unmanaged Symantec Endpoint Protection clients using a standalone tool. See Use Intelligent Updater to update definitions for Endpoint Protection for details.
Imported Document Id