This article describes how and when to update Virus and Spyware Protection definitions and other content in Symantec Endpoint Protection Manager (SEPM) using a .jdb file.
Use certified virus definitions, Network-Based Protection, or Behavior-Based Protection .jdb files to update content on the Symantec Endpoint Protection Manager when it cannot access either the Internet or a LiveUpdate Administrator (LUA) server.
Use Rapid Release .jdb files in outbreak scenarios to combat new threats.
About .jdb files
Symantec Security Response distributes content in .exe and .jdb files. The .exe files update single clients, and the .jdb files update either the Symantec Endpoint Protection Manager or single clients. When you use a .jdb file to update a Symantec Endpoint Protection Manager, it then updates its managed clients.
There are four kinds of content that are distributed in .jdb files:
Certified virus definitions (for Symantec Endpoint Protection Managers managing typical Symantec Endpoint Protection (SEP) clients)
Rapid Release virus definitions
Network-Based Protection content for Symantec Endpoint Protection Manager 12.1.3 and later
Behavior-Based Protection content for Symantec Endpoint Protection Manager 12.1.3 and later
All content can be found on the Symantec Security Response definitions page.
For more information about the protection features and definition sets used in Symantec Endpoint Protection 14.0, review the following documents:
About certified virus definitions
The certified definitions .jdb file updates the virus and spyware definitions on the Symantec Endpoint Protection Manager. These definitions have been through rigorous Quality Assurance (QA) testing and are recommended for regular use.
About Rapid Release virus definitions
Several times a day, Symantec Security Response compiles all new detections into a new Rapid Release virus .jdb file. The purpose of the Rapid Release virus definitions is to make the newest definitions available quickly. Use Rapid Release virus definitions when a new threat may be spreading on your network or for systems responsible for perimeter defense.
Rapid Release virus definitions undergo only basic quality assurance testing. Rapid Release virus definitions are therefore riskier to use than certified definitions. Rapid Release definitions are most useful as a means of stopping fast-spreading threat outbreaks or preventing initial incursion of an attack at the gateway.
Several times each weekday, all new detections added as Rapid Release definitions go through the complete QA process, including testing for false positives and testing for full compatibility with Symantec Endpoint Protection. Once these definitions pass the full QA process, they are posted as Certified LiveUpdate definitions.
Please note that using Rapid Release definitions regularly, on the endpoint instead of Certified definitions is not encouraged by Symantec. Under normal conditions, Symantec recommends Certified definitions for routine use on enterprise Endpoint systems.
If you are unsure as to which definitions set you should use, please contact Symantec Support for guidance.
About Network-Based Protection and Behavior-Based Protection .jdb files
Symantec Endpoint Protection 12.1.3 and later can update Network-Based Protection (IPS) and Behavior-Based Protection (SONAR) content using .jdb files. Using these components in addition to the Virus and Spyware Protection component (antivirus) is strongly encouraged. Virus and Spyware Protection alone is not sufficient protection against today's sophisticated threats, even on networks that have no access to the Internet.
To download the .jdb file
In a browser on the computer that runs Symantec Endpoint Protection Manager, go to one or all of the following:
Download the file that ends in .jdb, and save the file to the Windows desktop.
Most browsers rename the file from .jdb to .zip after you save it. Rename the file from .zip to .jdb.
Do one of the following:
Symantec Endpoint Protection Manager processes the .jdb file automatically.
To verify that the Symantec Endpoint Protection Manager content is updated
To verify that the Symantec Endpoint Protection Manager content has been updated, look in the following folders:
For Symantec Endpoint Protection 12.1.x:
For Symantec Endpoint Protection 14:
Typically, three or more numbered folders exist. The folder naming convention is "yymmddxxx". For example, "140822034". This is the date and build (revision) number of the definition set installed.
There should be a folder named "Full" and a zip file named "Full.zip" inside the folder that matches the set that you downloaded and installed. Inside the Full folder are the files typically associated with a virus definition set.
The Symantec Endpoint Protection Manager updater file has a .jdb extension. There should only be one .jdb listed at any time. The .jdb file updates content for both 32- and 64-bit systems.
The .jdb files can also be used to update Symantec Endpoint Protection clients. For details on the client procedure, see How to manually update definitions for a managed Symantec Endpoint Protection client using the .jdb file.
For details on how to manage the number of definitions maintained by the Symantec Endpoint Protection Manager , see How to change the number of downloaded content revisions retained by the manager.
The Intelligent Updater .exe files are designed to update client installations for Symantec Endpoint Protection only. These Intelligent Updater files do not contain the required content needed by a Symantec Endpoint Protection Manager.
The Intelligent Updater (IU) file names for Symantec Endpoint Protection clients end with "v5i32.exe" or "v5i64.exe" (32- and 64-bit respectively).
The Intelligent Updater file names listed on the "Symantec AntiVirus" tab should only be used with those specifically listed products. Do not use these on a Symantec Endpoint Protection Manager or Symantec Endpoint Protection client.