How to Backdate Virus Definitions in Endpoint Protection Manager
search cancel

How to Backdate Virus Definitions in Endpoint Protection Manager

book

Article ID: 151350

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You suspect that the virus definitions currently in use by Symantec Endpoint Protection (SEP) clients are corrupt, and would like to roll back to a previous virus definition set. These clients are managed by a Symantec Endpoint Protection Manager (SEPM).

This example shows reverting AntiVirus definitions to an earlier version.  The procedure works with other SEP components as well (reverting to an earlier release of IPS definitions, etc)
To rollback definitions, the [LiveUpdate Settings] policy -> Server settings -> [Use default management server] must be enabled.

Cause

The method described below can also be used to circumvent a confirmed False Positive (FP) until definitions are available that remove the detection.  
In the case of False Positives, though, creating a specific exclusion or awaiting new Rapid Release definitions is the recommended approach. As each set of new definitions includes protection against new threats, reverting to an older revision will always introduce security risk into an organization.

Resolution

Follow the steps below to roll back virus definitions in SEPM:

  1. Click Policies
  2. Select View Policies
  3. Click LiveUpdate.
  4. Double-click your current LiveUpdate Content Policy Under the "LiveUpdate Content" tab. The LiveUpdate Content Policy Overview dialog box appears.
  5. From the "LiveUpdate Content" section, click Security Definitions.
  6. Enable the Select a revision option located in the "AntiVirus and AntiSpyware definitions" section,
  7. Click the Edit button. The Select Revision - Antivirus and AntiSpyware definitions dialog box appears.
  8. Expand the drop-down list and browse to the appropriate (32-bit or 64-bit) definition set.
  9. Click the desired rollback definition date.
  10. Click OK.
  11. Click OK to close the "Security Definitions" dialog box and return to the "Policies" tab.

Note: Remember to later return to your LiveUpdate Content Policy and change back to the Use latest available option.  Definitions on all endpoints must be kept current in order to protect against the latest threats in circulation.

Additional Information