Learn how to update Symantec Endpoint Protection (SEP) with the latest virus definitions and other content updates.
For protection against the latest threats, it is important that antivirus definitions, IPS signatures, and other content is always up-to-date.
The methods for configuring an environment's update architecture include:
The best method depends on the number of clients, amount of bandwidth available, and ability of the computers to connect to Symantec's Internet-based LiveUpdate source servers.
The default behavior and best practice in most cases is to configure sites to download updates from the Symantec LiveUpdate server. When you configure a site to download updates, one or more management servers download the updates—called Symantec Endpoint Protection Manager (SEPM)—and places the updates in the database. The Endpoint Protection Manager then uses these definitions to distribute updates to clients.
In most Symantec Endpoint Protection (SEP) deployments, the Endpoint Protection Manager will download and distribute materials to all of its Windows clients efficiently.
For more information, see How to update content and definitions on the clients and Downloading content from LiveUpdate to the Endpoint Protection Manager.
In certain environments, you may want to download updates from an internal LiveUpdate server rather than obtain updates from the Internet source servers.
LiveUpdate Administrator 2.x may be preferable in:
For additional cases to use LiveUpdate Administrator see the following:
If you configure sites on your network for replication from another site, you can configure content updates (for example, Virus and Spyware Definitions) in the database of the primary site to replicate as part of the database. In this case, you only need to configure updates on the primary site.
If you choose to use product updates as well as content updates, you should not replicate product updates between sites because these updates can be quite large, and one exists for every language that you select. For more information, please see Setting up sites and replication and Specifying which data to replicate.
If an Endpoint Protection Manager cannot run LiveUpdate or has no access to Internet or internal source servers, you can update the server's Virus and Spyware Protection (antivirus) definitions by manually applying a file that you make for this purpose. For details, see Download .jdb files to update definitions for Endpoint Protection Manager.
Note: The .jdb file only contains Virus and Spyware Protection definitions and does not provide updated content for the firewall or other features for Endpoint Protection clients.
For information on how updates occur on Endpoint Protection client computers, please see Choose a distribution method to update content on clients.
To configure the behavior of a client group, use LiveUpdate client policies, which you create in the Endpoint Protection Manager. The two kinds of LiveUpdate client policies include LiveUpdate Settings policies, and LiveUpdate Content policies.
The following table shows what each type of policy controls, and to what products each applies:
|Policy type||Controls||Applies to|
The Endpoint Protection Manager applies LiveUpdate Content policies to groups and to all locations in groups. Therefore, the policy does not appear with other policies under locations in the console.
To view and change the LiveUpdate Content policy that is applied to a group
When you create a LiveUpdate Settings policy, you have the option of specifying a Group Update Provider (GUP). The Group Update Provider provides updates to clients in the group, and any subgroups that inherit policies as set on the Clients tab. If you have clients in a group at a remote location that have bandwidth issues over the WAN, make a client in the group the Group Update Provider.
The Group Update Provider must be a member of the group to which it provides updates. The Group Update Provider also lets you offload processing power from the Endpoint Protection Manager if you need that option.
When you configure a Group Update Provider, you specify a host name or IP address and a TCP port number. The default TCP port number is 2967, a port that was used in Symantec AntiVirus 10.x and Symantec Client Security 3.x network communications.
If your Group Update Provider computer receives IP addresses with DHCP, you should either assign a static IP address to the computer, or type the host name. If your Group Update Provider computer is at a remote location, and if that remote location uses network address translation (NAT), type the host name.
For more information on GUPs, see:
Third-party management refers to the management of Endpoint Protection client content updates using a distribution mechanism other than the Endpoint Protection Manager. An Endpoint Protection Manager is still required to download and package content from LiveUpdate, as well as for generating policy files.
The only thing third-party management replaces is the transfer of policies and content to the Endpoint Protection client. See Using third-party distribution tools to update client computers for details.
If a client is unmanaged (self-managed), or if a LiveUpdate Settings policy for managed clients allows, several options exist for downloading updates on individual clients.
If you configure unmanaged or local clients to allow manual updates using a LiveUpdate Settings policy, the LiveUpdate button is available in the client. Clicking this button launches a utility that downloads the latest content update.
If you configure unmanaged or local clients to allow changes to the LiveUpdate schedule using a LiveUpdate Settings policy, you can configure clients locally to download updates at specific times.
To configure the LiveUpdate schedule, please see How to schedule LiveUpdate on an Unmanaged (self-managed) client
You can update the Virus and Spyware Protection definitions (and Intrusion Prevention (IPS) definitions (Windows only) on managed or unmanaged Symantec Endpoint Protection clients using a standalone tool. See Use Intelligent Updater to update definitions for Endpoint Protection for details.
Login to Subscribe
Please login to set up your subscription.
Get support for your product, with downloads, knowledge base articles, documentation, and more.
Maximize your product competency and validate technical knowledge to gain the most benefit from your IT investments.
Set default language
Do you wish to save this as your future site?