About Endpoint Security Content versions and updates
search cancel

About Endpoint Security Content versions and updates

book

Article ID: 396885

calendar_today

Updated On:

Products

Endpoint Security Endpoint Security Complete Endpoint Security for Servers

Issue/Introduction

Additional information about content, definitions and other security updates downloaded by Symantec agents as part of Symantec Endpoint Security (SES).

Resolution

There are several different types of content a Symantec agent downloads depending on the installed feature set.  To see the list of currently installed features and engine/content versions any device is using, go to the Devices page, click on a device then on the Details tab, scroll down to Feature Status.  This will list the Feature, Engine Version, Content Version, and Status.  Content Version, or commonly referred to as "definitions" update regularly for some features, while other features update less frequently.  Engine Version refers to the protection engine version being used by the feature.  The Engine version is represented by a Date or product version number.  Engine Version can closely align with a Content Version date for some features, or when a new engine is released in any given content version, but a Feature's Engine Version being older or "behind" it's Content Version does not indicate an issue with the Feature.  The Feature Status column can used for determining whether or not there is an issue with a feature.

Content Version Update Frequency

Some Feature's Content Version updates more frequently than others.  Below are general examples of how often various features update.  Content which updates on a regular schedule might see their cadence temporarily modified due to holidays or other events which that necessitate a change.

  • Malware Protection: Daily.  On Weekdays, 1-3 times per day.  On Weekends, 1 time per day.
  • Behavioral Analysis: Multiple times per week.  
  • Exploit Protection: Has its own subset of content that downloads with the Intrusion Prevention.
  • Intrusion Prevention: Daily on Weekdays.
  • Browser Protection: Daily on Weekdays.
  • Web and Cloud Access Protection: Infrequently.
  • Application (App) Control: No rigid schedule, as needed.
  • Endpoint Detection and Response: No rigid schedule, as needed.
  • Host Integrity: Infrequently.
  • Device Control:  No content.
  • Firewall: No content.
  • Threat Defense for Active Directory: Infrequently.

Content Version Direct Downloads

Some content is available for direct download for troubleshooting, lack of connectivity, or other purposes.  Content can be downloaded directly from

Virus Definitions & Security Updates
https://www.broadcom.com/support/security-center/definitions

Feature names in SES (on device details page) do not align directly with categories on the page above, but below is a mapping of what Content each type updates.

  • File-Based Protection > Malware Protection
  • Network-Based Protection (IPS) > Intrusion Prevention, Exploit Protection
  • Behavior-Based Protection > Behavioral Analysis

Not all Content Types can be downloaded directly from the link above.  For Content Types not mapped above, the Symantec agent must download the content from LiveUpdate.

Content included during installation

Depending on the type of Symantec agent installation package created, some content is bundled with the install.  For "Online" installation type all necessary content is downloaded from LiveUpdate during installation.  A "Full"  installation package contains content that was available when the Symantec agent version was added to the cloud portal.  The specific Content version depends on when the agent version was released.  However, the Symantec agent will download any new available content once installed.

 

Powered by Wolken Software