This article describes how to download and update definitions for Symantec Endpoint Protection (SEP) clients using .jdb files.
In a managed environment, the Daily Certified or Rapid Release .jdb file can be used to update virus definitions for the SEP client. SEP clients will need to have third-party content management enabled before a .jdb can be applied.
- The antivirus .jdb file contains only antivirus/antispyware definitions and will not provide updated content for the firewall, IPS, SONAR and other features for the Symantec Endpoint Protection (SEP) clients.
- For SEP 12.1 RU2 and earlier, only virus definitions can be updated by downloading a standalone file such as a .jdb file or an IU. All other content types must be downloaded using LiveUpdate.
- For SEP 12.1 RU3 and later, .jdb and .exe standalone updaters are available for SONAR ("Behavior-Based Protection") and IPS ("Network-Based Protection") definitions. These are now available from Security Response's Virus Definitions & Security Updates page.
- In the Symantec Endpoint Protection Manager (SEPM), go to Clients.
- Select the group in which the client or clients can be found that need to be updated manually.
- Edit the LiveUpdate Settings Policy.
- In the LiveUpdate Policy, choose Server Settings in the left pane.
- In the right pane, under Third Party Management, enable the option "Enable third party content management".
- On the SEP client, make sure that the client received the policy change by checking for the existence of the 'inbox' directory as following paths:
%ALLUSERSPROFILE%\Symantec\Symantec Endpoint Protection\CurrentVersion\inbox
Note: On SEP 12.1.x clients, the \inbox directory is always present. Please check the Policy serial number to ensure it is matching the serial number published by SEPM.
%ALLUSERSPROFILE%\Symantec\Symantec Endpoint Protection\inbox
- Download the .jdb file from the Symantec Security Response Website:
- For each SEP client that needs to be updated, copy the .jdb file into the folder noted in #6 above.
- After a few minutes the .jdb file will be automatically processed. When complete, the client should reflect new antivirus definitions.
If a third-party management update fails, the content copied to the inbox will be moved to a folder called "invalid". Possible reasons for failure include:
- Third-party management has not been enabled.
- The file type is not supported.
- The file structure is incorrect.
- The content being installed via third-party management is already installed or is older than what is installed.
For more details on third-party managementand updates regarding SEP 12.1 clients, see Using third-party distribution tools to update client computers.