Updating the IPS definitions only on an Unmanaged Symantec Endpoint Protection client with IPS component installed only fails when using the Intelligent Updater for IPS.
search cancel

Updating the IPS definitions only on an Unmanaged Symantec Endpoint Protection client with IPS component installed only fails when using the Intelligent Updater for IPS.

book

Article ID: 162478

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You have an Unmanaged Symantec Endpoint Protection client installed with IPS component only and you are trying to update the IPS definitions using the Intelligent Updater (exe) from https://www.symantec.com/security_response/definitions/download/detail.jsp?gid=ips, but it fails with errors.

When you inspect the Log.IntelligentUpdater.txt, the following error can be seen:

- CONFIG LOAD SUCCESS: Successfully loaded the configuration file: iuConfig.xml.
-     IU INFO: File-name : 20150925-011-SONAR_IU_SEP.exe
-     IU INFO: Creation-date : 20150925
- PROCESSING ENTRY: BASH.RAR - Bash Definitions
- Entry details:
-     Update-File:             BASH.RAR
-     Update-Desc:             Bash Definitions
-     Auth DLL Name:             Norton X32 AuthDLL
-     Auth DLL Location:         local
-     Auth Content-Type:         BASHDefs
-     Deploy Content-Type:         BASHDefs
-     Deploy DLL Name:         Norton X32 DeployDLL
-     Deploy DLL Location:         local
- AUTH DLL LOCATION: IU will read the DLL location from registry - Norton X32 AuthDLL
- REG FAILURE: Failed while opening the key  from registry. Return code: 2
- DEPLOY DLL LOCATION: IU will read the DLL location from registry - Norton X32 DeployDLL
- REG FAILURE: Failed while opening the key  from registry. Return code: 2
- IGNORE ENTRY: Ignoring entry for BASH.RAR because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
- The product corresponding to this entry in iuconfig.xml is not installed on the system.
- PROCESSING ENTRY: BASH.RAR - Bash Definitions
- Entry details:
-     Update-File:             BASH.RAR
-     Update-Desc:             Bash Definitions
-     Auth DLL Name:             Norton X64 AuthDLL
-     Auth DLL Location:         local
-     Auth Content-Type:         BASHDefs
-     Deploy Content-Type:         BASHDefs
-     Deploy DLL Name:         Norton X64 DeployDLL
-     Deploy DLL Location:         local
- AUTH DLL LOCATION: IU will read the DLL location from registry - Norton X64 AuthDLL
- REG FAILURE: Failed while opening the key  from registry. Return code: 2
- DEPLOY DLL LOCATION: IU will read the DLL location from registry - Norton X64 DeployDLL
- REG FAILURE: Failed while opening the key  from registry. Return code: 2
- IGNORE ENTRY: Ignoring entry for BASH.RAR because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
- The product corresponding to this entry in iuconfig.xml is not installed on the system.
- PROCESSING ENTRY: BASH.RAR - Bash Definitions
- Entry details:
-     Update-File:             BASH.RAR
-     Update-Desc:             Bash Definitions
-     Auth DLL Name:             SAVIUAuth
-     Auth DLL Location:         local
-     Auth Content-Type:         BASHDefs
-     Deploy Content-Type:         BASHDefs
-     Deploy DLL Name:         SAVIUDeploy
-     Deploy DLL Location:         local
- AUTH DLL LOCATION: IU will read the DLL location from registry - SAVIUAuth
- REG FAILURE: Failed while opening the key  from registry. Return code: 2
- DEPLOY DLL LOCATION: IU will read the DLL location from registry - SAVIUDeploy
- REG FAILURE: Failed while opening the key  from registry. Return code: 2
- IGNORE ENTRY: Ignoring entry for BASH.RAR because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
- The product corresponding to this entry in iuconfig.xml is not installed on the system.

Cause

BASH is not installed and the Intelligent Updater (exe) needs BASH to be installed to run successfully.

Resolution

There are 2 options to resolve this issue:

Install BASH (SONAR component)

The Symantec Endpoint Protection client will need to have BASH installed to be able to use the Intelligent Updater (exe)

  1. Go to Programs and features
  2. Modify the Symantec Endpoint Protection installation
  3. Select "SONAR" as an additional installed component under "Proactive Threat Protection" (SONAR also needs Advanced Download Protection to be installed)
  4. Select "Advanced Download Protection" as an additional installed component under "Virus, Spyware and Basic Download Protection"
  5. Complete the installation.
  6. Run the Intelligent Updater (exe) from https://www.symantec.com/security_response/definitions/download/detail.jsp?gid=ips

The IPS definitions will update.

The drawback of this solution is that the client no longer has only the IPS component installed and ends up with additional components installed (PTP and Virus and Spyware).

Updating using .JDB file

If you do not want to install BASH (SONAR component), you can use a .JDB file to update the definitions on Unmanged clients:

First, you need to enable the SEP client to use "third party content management": Follow the steps outlined in Preparing unmanaged clients to receive updates from third-party distribution tools 

Once you create the registry key on the unmanaged SEP client, you can now download the .JDB file for the IPS only definitions https://www.symantec.com/security_response/definitions/download/detail.jsp?gid=ips and copy the file to the following directory:

...\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\inbox (64 bit)

The file will disappear and the IPS definitions will be updated.

Powered by Wolken Software