This article describes how and when to update Virus and Spyware Protection definitions and other content in Symantec Endpoint Protection Manager (SEPM) using a .jdb file.

Use certified virus definitions, Network-Based Protection, or Behavior-Based Protection .jdb files to update content on the Symantec Endpoint Protection Manager when it cannot access either the Internet or a LiveUpdate Administrator (LUA) server.

Use Rapid Release .jdb files in outbreak scenarios to combat new threats.

About .jdb files

Symantec Security Response distributes content in .exe and .jdb files. The .exe files update single clients, and the .jdb files update either the Symantec Endpoint Protection Manager or single clients. When you use a .jdb file to update a Symantec Endpoint Protection Manager, it then updates its managed clients.

There are two kinds of content that are distributed in .jdb files:

• Certified virus definitions (for Symantec Endpoint Protection Managers managing typical Symantec Endpoint Protection (SEP) clients)

  • "Core 1.5 SDS" Certified virus definitions for Symantec Endpoint Protection Manager 14.0 (Dark Network client only)
  • "Core 3 SDS" Certified virus definitions for Symantec Endpoint Protection Manager 14.0 (Intelligent Threat Cloud Service)

• Rapid Release virus definitions

  • "Core 1.5 SDS" Rapid Release virus definitions for Symantec Endpoint Protection Manager 14.0 (Dark Network client only)
  • "Core 3 SDS" Rapid Release virus definitions for Symantec Endpoint Protection Manager 14.0 (Intelligent Threat Cloud Service)

All content can be found on the Symantec Security Response definitions page.

About certified virus definitions

The certified definitions .jdb file updates the virus and spyware definitions on the Symantec Endpoint Protection Manager. These definitions have been through rigorous Quality Assurance (QA) testing and are recommended for regular use.

About Rapid Release virus definitions

Several times a day, Symantec Security Response compiles all new detections into a new Rapid Release virus .jdb file. The purpose of the Rapid Release virus definitions is to make the newest definitions available quickly. Use Rapid Release virus definitions when a new threat may be spreading on your network or for systems responsible for perimeter defense.

Rapid Release virus definitions undergo only basic quality assurance testing. Rapid Release virus definitions are therefore riskier to use than certified definitions. Rapid Release definitions are most useful as a means of stopping fast-spreading threat outbreaks or preventing the initial incursion of an attack at the gateway.

Several times each weekday, all new detections added as Rapid Release definitions go through the complete QA process, including testing for false positives and testing for full compatibility with Symantec Endpoint Protection. Once these definitions pass the full QA process, they are posted as Certified LiveUpdate definitions.

Please note that using Rapid Release definitions regularly, on the endpoint instead of Certified definitions is not encouraged by Symantec. Under normal conditions, Symantec recommends Certified definitions for routine use on enterprise Endpoint systems.

If you are unsure as to which definitions set you should use, please contact Symantec Support for guidance.

About Network-Based Protection and Behavior-Based Protection .jdb files

Symantec Endpoint Protection 14.0 and later can update Network-Based Protection (IPS) and Behavior-Based Protection (SONAR) content using .jdb files. Using these components in addition to the Virus and Spyware Protection component (antivirus) is strongly encouraged. Virus and Spyware Protection alone is not sufficient protection against today's sophisticated threats, even on networks that have no access to the Internet.

To download the .jdb file

1. In a browser on the computer that runs Symantec Endpoint Protection Manager, go to one or all of the following:

   • Certified definitions 14.0
   • Rapid Release definitions
   • Network-Based Protection for 14.0 or later
   • Behavior-Based Protection
     
     

2. Download the file that ends in .jdb, and save the file to the Windows desktop.

3. Most browsers rename the file from .jdb to .zip after you save it. Rename the file from .zip to .jdb.

4. Do one of the following:

   • On 32-bit operating systems, copy and paste the .jdb file to the following location:
     \Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming
   • On 64-bit operating systems, copy and paste the .jdb file to the following location:
     \Program Files(x86)\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming
     
     Be sure to copy and paste the file instead of cutting and pasting or otherwise moving it. Copying and pasting preserve the file permissions correctly, while other methods of moving the file may not.

5. Symantec Endpoint Protection Manager processes the .jdb file automatically.

To verify that the Symantec Endpoint Protection Manager content is updated

To verify that the Symantec Endpoint Protection Manager content has been updated, look in the following folders:

• 32-bit Definitions:
  • .\Symantec Endpoint Protection Manager\Inetpub\content\{1A79EE79-891B-4CB6-9A00-8D07FC6BF1FF} (Core 1.5 SEP 14 SDS)
  • .\Symantec Endpoint Protection Manager\Inetpub\content\{7C177419-4112-42B6-8CEF-094385474554} (Core 3 SEP 14 SDS Intelligent Threat Cloud Service)
    • Please review the file "ContentInfo.txt" for description of the different content monikers.  
    • This is located in the same root directory.\Symantec Endpoint Protection Manager\Inetpub\content\
• 64-bit Definitions:
  • .\Symantec Endpoint Protection Manager\Inetpub\content\{151387BE-8D1C-467D-8B7A-AC215B16A144} (Core 1.5 SEP 14 SDS)
  • .\Symantec Endpoint Protection Manager\Inetpub\content\{67F66706-F04B-4432-9947-F8354949D2A6} (Core 3 SEP 14 SDS Intelligent Threat Cloud Service)
    • Please review the file "ContentInfo.txt" for description of the different content monikers.  
    • This is located in the same root directory.\Symantec Endpoint Protection Manager\Inetpub\content\

Typically, three or more numbered folders exist. The folder naming convention is "yymmddxxx". For example, "140822034". This is the date and build (revision) number of the definition set installed.

There should be a folder named "Full" and a zip file named "Full.zip" inside the folder that matches the set that you downloaded and installed. Inside the Full folder are the files typically associated with a virus definition set.

Notes

• The Symantec Endpoint Protection Manager updater file has a .jdb extension. There should only be one .jdb listed at any time. The .jdb file updates content for both 32- and 64-bit systems.

• The .jdb files can also be used to update Symantec Endpoint Protection clients. For details on the client procedure, see How to manually update definitions for a managed Symantec Endpoint Protection client using the .jdb file.

• For details on how to manage the number of definitions maintained by the Symantec Endpoint Protection Manager , see How to change the number of downloaded content revisions retained by the manager.

Additional Clarification:

The Intelligent Updater .exe files are designed to update client installations for Symantec Endpoint Protection only. These Intelligent Updater files do not contain the required content needed by a Symantec Endpoint Protection Manager.

• The Intelligent Updater (IU) file names for Symantec Endpoint Protection clients end with "v5i32.exe" or "v5i64.exe" (32- and 64-bit respectively).

• The Intelligent Updater file names listed on the "Symantec AntiVirus" tab should only be used with those specifically listed products. Do not use these on a Symantec Endpoint Protection Manager or Symantec Endpoint Protection client.