How to update content on a manager that does not have Internet access
search cancel

How to update content on a manager that does not have Internet access

book

Article ID: 151526

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You have a Symantec Endpoint Protection Manager (SEPM) that does not have access to the Internet. You want to update content (AntiVirus Definitions, Proactive Threat Definitions, IPS Signatures, Product Updates, etc.) on this SEPM so that it may pass these content updates down to the SEP clients it manages.

Resolution

One option is to install LiveUpdate Administrator 2.x (LUA 2.x) on a server that does have access to the Internet, and configure it to supply content at a Distribution Center (DC) that the SEPM can access. Configure the Symantec Endpoint Protection Manager to retrieve updates from this Distribution Center. See the following documents for more information:

An alternative option for updating Antivirus and Antispyware definitions is explained in How to update definitions for Symantec Endpoint Protection Manager using the .jdb file.  For releases prior to SEP 12.1 RU3, there is no way to update the Proactive Threat Protection (PTP) and Network Threat Protection (NTP) definitions on the SEPM without using LiveUpdate Administrator 2.x.  SEPMs running SEP 12.1 RU3 and above can and should update their SONAR ("Behavior-Based Protection") and IPS ("Network-Based Protection") definitions using new .jdb files available from Security Response's Virus Definitions & Security Updates page.  AntiVirus protection alone is not sufficient for complete protection against today's sophisticated threats.  The use of SEP's SONAR and IPS components is very strongly recommended, even in environments that do not have Internet access.


Please note that, without direct Internet access, some features of the SEPM will not be able to function. One example is the Security Response box on the SEPM interface.


Technical Information
The two methods described in this article (LUA 2.x and via .jdb or Intelligent Updater manually copied on removable media) will also successfully update individual SEP clients on an isolated network. If unmanaged SEP clients are to be used with LUA 2.x, be sure to update client settings via the exported Settings.Hosts.LiveUpdate file so that the SEP clients will be able to communicate and retrieve materials from the LUA server.