You have a Symantec Endpoint Protection Manager (SEPM) that does not have access to the Internet. You want to update content (AntiVirus Definitions, Proactive Threat Definitions, IPS Signatures, Product Updates, etc.) on this SEPM so that it may pass these content updates down to the SEP clients it manages.
One option is to install LiveUpdate Administrator 2.x (LUA 2.x) on a server that does have access to the Internet, and configure it to supply content at a Distribution Center (DC) that the SEPM can access. Configure the Symantec Endpoint Protection Manager to retrieve updates from this Distribution Center. See the following documents for more information:
- Installing and configuring LiveUpdate Administrator 2.x
- How to configure LiveUpdate to use alternate sources through the Symantec Endpoint Protection Manager Console
An alternative option for updating Antivirus and Antispyware definitions is explained in How to update definitions for Symantec Endpoint Protection Manager using the .jdb file. For releases prior to SEP 12.1 RU3, there is no way to update the Proactive Threat Protection (PTP) and Network Threat Protection (NTP) definitions on the SEPM without using LiveUpdate Administrator 2.x. SEPMs running SEP 12.1 RU3 and above can and should update their SONAR ("Behavior-Based Protection") and IPS ("Network-Based Protection") definitions using new .jdb files available from Security Response's Virus Definitions & Security Updates page. AntiVirus protection alone is not sufficient for complete protection against today's sophisticated threats. The use of SEP's SONAR and IPS components is very strongly recommended, even in environments that do not have Internet access.
Please note that, without direct Internet access, some features of the SEPM will not be able to function. One example is the Security Response box on the SEPM interface.
The two methods described in this article (LUA 2.x and via .jdb or Intelligent Updater manually copied on removable media) will also successfully update individual SEP clients on an isolated network. If unmanaged SEP clients are to be used with LUA 2.x, be sure to update client settings via the exported Settings.Hosts.LiveUpdate file so that the SEP clients will be able to communicate and retrieve materials from the LUA server.