How manual update of SEPM signatures work.
search cancel

How manual update of SEPM signatures work.

book

Article ID: 258291

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

What to expect and where to search for the logs once doing manual update of SEPM definitions.

Environment

SEPM console without access to internet and possibility to update via liveupdate.

Resolution

  • Fresh installed  SEPM 14.3 RU4 with no liveupdate possibility contains those entries in:
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\ContentInfo:

{01033000-3200-0000-0000-000001430400}: SESC AntiVirus Client Security Fix Win32 - 14.3 RU4 - English

{01033000-6400-0000-0000-000001430400}: SESC AntiVirus Client Security Fix Win64 - 14.3 RU4 - English

 

  • After manually apply sample file (according to https://knowledge.broadcom.com/external/article?legacyId=TECH102607), vd645802core3sdsi64.jdb:

{01033000-3200-0000-0000-000001430400}: SESC AntiVirus Client Security Fix Win32 - 14.3 RU4 - English

{01033000-6400-0000-0000-000001430400}: SESC AntiVirus Client Security Fix Win64 - 14.3 RU4 - English

{03E7C203-78AA-448B-A844-3587B103EE5C}: SEPC Virus R Definitions SDS Win64 (x64) 14.3 RU4 - MicroDefsB.CurDefs - SymAllLanguages

 

  • Applied file: 20230111-071-IPS_IU_SEP_14.3_RU3.jdb:

{01033000-3200-0000-0000-000001430400}: SESC AntiVirus Client Security Fix Win32 - 14.3 RU4 - English

{01033000-6400-0000-0000-000001430400}: SESC AntiVirus Client Security Fix Win64 - 14.3 RU4 - English

{03E7C203-78AA-448B-A844-3587B103EE5C}: SEPC Virus R Definitions SDS Win64 (x64) 14.3 RU4 - MicroDefsB.CurDefs - SymAllLanguages

{0804A6AB-0A43-296F-5097-FFE2FCCB741A}: SEPC CIDS Signatures 14.3 RU4 - MicroDefsB.CurDefs - SymAllLanguages

 

  • Applied file: 20230110-001-SONAR_IU_SEP_14_3_RU3.jdb:

{01033000-3200-0000-0000-000001430400}: SESC AntiVirus Client Security Fix Win32 - 14.3 RU4 - English

{01033000-6400-0000-0000-000001430400}: SESC AntiVirus Client Security Fix Win64 - 14.3 RU4 - English

{03E7C203-78AA-448B-A844-3587B103EE5C}: SEPC Virus R Definitions SDS Win64 (x64) 14.3 RU4 - MicroDefsB.CurDefs - SymAllLanguages

{01C24C71-0A43-296F-5097-FFE2CD742E9E}: SEPC Behavior And Security Heuristics 14.3 RU4 - MicroDefsB.CurDefs - SymAllLanguages

{0804A6AB-0A43-296F-5097-FFE2FCCB741A}: SEPC CIDS Signatures 14.3 RU4 - MicroDefsB.CurDefs - SymAllLanguages

 

Thus ContentInfo file contains entries that comes also from manual source. You can also apply multiple files same time - they will be extracted and processed one by one.

Troubleshooting for those actions is to review files:

  • C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\RapidResponseContentTask - this will contain files name and actions related to extract the file, for example entry:

2023-01-12 23:37:01.158 THREAD 44 INFO: Rapid response content will be extracted to the folder of C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming\vd645617core3sds.jdb.2023-01-12-23-37-01

  • C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\SesmLu - this contains more details what is inside the file etc.

 

 

Powered by Wolken Software