You have an Unmanaged Symantec Endpoint Protection client installed with IPS component only and you are trying to update the IPS definitions using the Intelligent Updater (exe) from https://www.symantec.com/security_response/definitions/download/detail.jsp?gid=ips, but it fails with errors.
When you inspect the Log.IntelligentUpdater.txt, the following error can be seen:
- CONFIG LOAD SUCCESS: Successfully loaded the configuration file: iuConfig.xml.
- IU INFO: File-name : 20150925-011-SONAR_IU_SEP.exe
- IU INFO: Creation-date : 20150925
- PROCESSING ENTRY: BASH.RAR - Bash Definitions
- Entry details:
- Update-File: BASH.RAR
- Update-Desc: Bash Definitions
- Auth DLL Name: Norton X32 AuthDLL
- Auth DLL Location: local
- Auth Content-Type: BASHDefs
- Deploy Content-Type: BASHDefs
- Deploy DLL Name: Norton X32 DeployDLL
- Deploy DLL Location: local
- AUTH DLL LOCATION: IU will read the DLL location from registry - Norton X32 AuthDLL
- REG FAILURE: Failed while opening the key from registry. Return code: 2
- DEPLOY DLL LOCATION: IU will read the DLL location from registry - Norton X32 DeployDLL
- REG FAILURE: Failed while opening the key from registry. Return code: 2
- IGNORE ENTRY: Ignoring entry for BASH.RAR because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
- The product corresponding to this entry in iuconfig.xml is not installed on the system.
- PROCESSING ENTRY: BASH.RAR - Bash Definitions
- Entry details:
- Update-File: BASH.RAR
- Update-Desc: Bash Definitions
- Auth DLL Name: Norton X64 AuthDLL
- Auth DLL Location: local
- Auth Content-Type: BASHDefs
- Deploy Content-Type: BASHDefs
- Deploy DLL Name: Norton X64 DeployDLL
- Deploy DLL Location: local
- AUTH DLL LOCATION: IU will read the DLL location from registry - Norton X64 AuthDLL
- REG FAILURE: Failed while opening the key from registry. Return code: 2
- DEPLOY DLL LOCATION: IU will read the DLL location from registry - Norton X64 DeployDLL
- REG FAILURE: Failed while opening the key from registry. Return code: 2
- IGNORE ENTRY: Ignoring entry for BASH.RAR because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
- The product corresponding to this entry in iuconfig.xml is not installed on the system.
- PROCESSING ENTRY: BASH.RAR - Bash Definitions
- Entry details:
- Update-File: BASH.RAR
- Update-Desc: Bash Definitions
- Auth DLL Name: SAVIUAuth
- Auth DLL Location: local
- Auth Content-Type: BASHDefs
- Deploy Content-Type: BASHDefs
- Deploy DLL Name: SAVIUDeploy
- Deploy DLL Location: local
- AUTH DLL LOCATION: IU will read the DLL location from registry - SAVIUAuth
- REG FAILURE: Failed while opening the key from registry. Return code: 2
- DEPLOY DLL LOCATION: IU will read the DLL location from registry - SAVIUDeploy
- REG FAILURE: Failed while opening the key from registry. Return code: 2
- IGNORE ENTRY: Ignoring entry for BASH.RAR because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
- The product corresponding to this entry in iuconfig.xml is not installed on the system.
BASH is not installed and the Intelligent Updater (exe) needs BASH to be installed to run successfully.
There are 2 options to resolve this issue:
The Symantec Endpoint Protection client will need to have BASH installed to be able to use the Intelligent Updater (exe)
The IPS definitions will update.
The drawback of this solution is that the client no longer has only the IPS component installed and ends up with additional components installed (PTP and Virus and Spyware).
If you do not want to install BASH (SONAR component), you can use a .JDB file to update the definitions on Unmanged clients:
First, you need to enable the SEP client to use "third party content management": Follow the steps outlined in Preparing unmanaged clients to receive updates from third-party distribution tools
Once you create the registry key on the unmanaged SEP client, you can now download the .JDB file for the IPS only definitions https://www.symantec.com/security_response/definitions/download/detail.jsp?gid=ips and copy the file to the following directory:
...\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\inbox (64 bit)
The file will disappear and the IPS definitions will be updated.