Applying Rapid Release definitions to Endpoint Protection clients

book

Article ID: 151533

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

How do I apply Rapid Release definitions to an unmanaged SEP client?
How do I apply Rapid Release definitions to the Endpoint Protection Manager (SEPM) so they will be distributed to all clients?
I have a new threat for which there are not yet Certified Definitions and I need to apply Rapid Release definitions in response.  
 

Cause

The primary focus of Rapid Release definitions is the rapid detection of emerging threats.  They are very useful to counter threat outbreaks and to scan incoming files at the company's perimeter (in a mail security product, for example).  These Rapid Release definitions may be augmented later with more robust detection capabilities.

Rapid Release definitions are not fully certified, therefore must be manually applied to SEP clients or manually applied to the SEPM server as they cannot be applied via LiveUpdate.

For more information, please see Virus Definition Update FAQ.

Resolution

Rapid Release virus definitions come in two formats:

  1. Intelligent Updater (IU) executable files - can be used to update individual SEP Clients
  2. JDB Rapid Release definition files - can be used to update the SEPM, which in turn will distribute the definitions to all the associated SEP clients.

Note: Before applying Rapid Release JDB definitions to your SEPM, it is advisable to test.  Manually update some of your SEP clients with the Intelligent Updater executable to reduce the chance of False Positives.

To manually update a SEP client

  1. Go to the Rapid Release virus definition web site.
  2. Download the appropriate .exe file for your SEP version and Operating System
    • symrapidreleasedefscore15-v5i32.exe for 32 bit SEP 12 FULL size clients.
    • symrapidreleasedefscore15-v5i64.exe for 64 bit SEP 12 FULL size clients.
    • symrapidreleasedefscore3-v5i32.exe for 32 bit SEP 12 REDUCED size clients.
    • symrapidreleasedefscore3-v5i64.exe for 64 bit SEP 12 REDUCED size clients.
    • symrapidreleasedefscore15sds-v5i32.exe for 32 bit SEP 14 DARKNET clients.
    • symrapidreleasedefscore15sds-v5i64.exe for 64 bit SEP 14 DARKNET clients.
    • symrapidreleasedefscore3sds-v5i32.exe for 32 bit SEP 14 REDUCED SIZE and SEP 14 EMBEDDED clients.
    • symrapidreleasedefscore3sds-v5i32.exe for 64 bit SEP 14 REDUCED SIZE and SEP 14 EMBEDDED clients.
       
  3. Run the file on the clients you wish to update and follow the instructions on the screen.
  4. After a successful update you should see the following message:
    •  Intelligent Updater session complete. 
       
  5. Open the SEP client and verify that the definitions date for the AntiVirus and AntiSpyware protection has changed.

Note:

If the Intelligent Updater executable fails, you can locally update managed SEP clients (clients which are associated with a SEPM) with the option "Third third party content management" and a JDB file. Please consult the document Download .jdb files to update definitions for managed Endpoint Protection clients for more information

To update your Symantec Endpoint Protection Manager

1. Go to the Rapid Release virus definition web site.
2. Download the JDB file
3. Follow the document Download .jdb files to update definitions for Endpoint Protection Manager to update your SEPM using the Rapid Release JDB file.
4. The SEP clients that update from this SEPM should apply the Rapid Release definitions in accordance with the SEPM's LiveUpdate Policy configuration.


 

 

 

 

Attachments