search cancel

Using Certified Definitions to Detect and Remediate a New Threat

book

Article ID: 151629

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

To detect and remediate a new threat, Symantec Security Response has emailed to recommended the use of a specific Rapid Release definition sequence number (or later) to detect that threat.  However, corporate policy dictates the use of the more thoroughly-tested Certified Definitions.  Which set of Certified Definitions will detect the new threat?

 

 

Resolution

If a submitted sample to Security Response is classified as a new detection, the standard email sent from Security Response will contain a Rapid Release Definition sequence number that will detect and remediate the new threat.

Any future sequence numbers associated with the latest Certified Definitions will detect this threat except for in some very rare circumstances when a detection is removed due to Quality Assurance issues.

Please note that certified definition sets are currently released for Symantec Endpoint Protection (SEP) several times per day.  It may be a Multiple Daily Definition set, available via LiveUpdate, which next contains the necessary protection.

An illustration of how to check or confirm Sequence numbers is provided in the Connect article Sequence Makes Sense.


References
For additional information on Rapid Release and Certified Definitions, please see Virus Definition Update FAQ.


Information on Rapid Release Definitions, sequence numbers and detections added is available at http://www.symantec.com/business/security_response/definitions/rapidrelease/index.jsp

Information on Certified Definitions, sequence numbers and detections added is available at http://www.symantec.com/business/security_response/definitions/certified/index.jsp