Configuring Protection Engine 7.5 or later to download Rapid Release definitions from an internal FTP server.

book

Article ID: 179096

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection Engine for NAS

Issue/Introduction

 

Resolution

There is a need to regularly deploy Rapid Release definitions to Symantec Protection Engine (SPE) from a centralized internal location.  This could be due to restrictions preventing external FTP traffic or as a means to reduce bandwidth utilization.

Note:  This article is not intended as a comprehensive guide for all possible configurations.  Different technologies or tools can be leveraged within different environments to reach the same outcomes.  Please use this article as a reference only.

 

Example Environment:

Note:  There are caveats between Windows and Linux SPE installations.  These caveats will be discussed when relevent later in the article.

  • FTP -  Windows server hosting third-party FTP server.
  • SPE - Linux client hosting Symantec Protection Engine versions 7.5, 7.8, 7.9

 

FTP Setup:

Basic FTP setup instructions (SPE installed in Windows):

  1. Install FTP server to internal Windows client/server.
  2. Configure FTP user, configure password for user.
  3. Set FTP user root directory.

Basic FTP setup instructions (SPE installed in Linux):

  1. Install FTP server to internal Windows client/server.
  2. Configure FTP user, configure password for user.
  3. Set FTP user root directory.
  4. Create directory in FTP root named "binary"

The built-in script to download Rapid Release definitions when configured for a non-default Symantec path has a minor defect for Linux installations.  Instead of performing "binary" command the "cd binary" command is used.  This results in the packages being properly downloaded as binary files but the attempt is in a non-defined path.  This caveat must be taken into account or the FTP process may fail with "file not found" errors.

For example.  If you define the FTP settings to the package to be ftp://hostname/packagename.sh the package download attempt will actually be from ftp://hostname/binary/packagename.sh.

 

Downloading Definitions to the configured FTP server:

SPE 7.5.x -

  • (Linux) 32bit package - https://definitions.symantec.com/defs/rapidrelease/symrapidreleasedefscore15-unix.sh
  • (Windows) 32bit package - https://definitions.symantec.com/defs/rapidrelease/symrapidreleasedefscore15-v5i32.exe
  • Hash file - https://definitions.symantec.com/defs/rapidrelease/version-info-sha2.txt
  • Package version check - https://definitions.symantec.com/defs/rapidrelease/newdefs.txt

SPE 7.8.x & 7.9.x -

  • (Linux) 64bit package - https://definitions.symantec.com/defs/rapidrelease/symrapidreleasedefscore15-unix64.sh
  • (Windows) 64bit package - https://definitions.symantec.com/defs/rapidrelease/symrapidreleasedefscore15-v5i64.exe
  • Hash file - https://definitions.symantec.com/defs/rapidrelease/version-info-sha2.txt
  • Package version check - https://definitions.symantec.com/defs/rapidrelease/newdefs.txt

Example simple batch file for automation (SPE 7.8 / 7.9 insalled on Linux):

@echo off
REM -  Change FTProot variable to match the root directory the Rapid Release packages
REM -  should be Downloaded to.  

SET FTProot=C:\Program Files (x86)\FTPServer\FTPRoot

del /s /q "%FTProot%\binary\symrapidreleasedefscore15-unix64.sh"
del /s /q "%FTProot%\binary\version-info-sha2.txt"
del /s /q "%FTProot%\binary\newdefs.txt"
bitsadmin.exe /transfer "RRpackage" https://definitions.symantec.com/defs/rapidrelease/symrapidreleasedefscore15-unix64.sh "%FTProot%\binary\symrapidreleasedefscore15-unix.sh"
bitsadmin.exe /transfer "RRhash" https://definitions.symantec.com/defs/rapidrelease/version-info-sha2.txt "%FTProot%\binary\version-info-sha2.txt"
bitsadmin.exe /transfer "RRcheck" https://definitions.symantec.com/defs/rapidrelease/newdefs.txt "%FTProot%\binary\newdefs.txt"

 

Symantec Protection Engine (SPE) setup:

Note:  The commands below are specific to Linux SPE installations.  In Windows, from the comandline xmlmodifier.exe would be used instead of ./xmlmodifier.  See the command line reference guide for the specific product for more information.

 

Symantec Protection Engine 7.5.x:

Navigate to the location of the xmlmodifier tool and run each command seperately.  Adjust each command that contains <> values to match the values for your environment.

  • Default Location in Linux:  /opt/SYMCScan/bin
  • Default Location in Windows:  C:\Program Files (x86)\Symantec\Scan Engine

./xmlmodifier -s //liveupdate/schedules/enabled/@value false liveupdate.xml
./xmlmodifier -s //liveupdate/rapidrelease/schedule/enabled/@value true liveupdate.xml
./xmlmodifier -s //liveupdate/rapidrelease/ftpsettings/url/@value ftp://<FTP_Server_IP>/symrapidreleasedefscore15-unix.sh liveupdate.xml
./xmlmodifier -s //liveupdate/rapidrelease/ftpsettings/username/@value <FTP_Username> liveupdate.xml
./xmlmodifier -k //liveupdate/rapidrelease/ftpsettings/password/@value <FTP_User_Password> /opt/SYMCScan/bin liveupdate.xml

Symantec Protection Engine 7.8 & 7.9:

Navigate to the location of the xmlmodifier tool and run each command seperately.  Adjust each command that contains <> values to match the values for your environment.

  • Default Location in Linux:  /opt/SYMCScan/bin
  • Default Location in Windows:  C:\Program Files\Symantec\Scan Engine

./xmlmodifier -s //liveupdate/Schedule/@enabled false liveupdate.xml
./xmlmodifier -s //liveupdate/RapidRelease/Schedule/@enabled true liveupdate.xml
./xmlmodifier -s //liveupdate/RapidRelease/FTPSettings/URL/@value ftp://<FTP_Server_IP>/symrapidreleasedefscore15-unix64.sh liveupdate.xml
./xmlmodifier -s //liveupdate/RapidRelease/FTPSettings/UserName/@value <FTP_UserName> liveupdate.xml
./xmlmodifier -k //liveupdate/RapidRelease/FTPSettings/Password/@value <FTP_User_Password> /opt/SYMCScan/bin liveupdate.xml

Once the servers have been configured with the updated Rapid Release settings restarting the service will apply the changes and should immediately begin the download process from the configured internal FTP server.