Download .jdb files to update definitions for Endpoint Protection Manager

book

Article ID: 151309

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This article describes how and when to update Virus and Spyware Protection definitions and other content in Symantec Endpoint Protection Manager (SEPM) using a .jdb file.

Resolution

Use certified virus definitions, Network-Based Protection, or Behavior-Based Protection .jdb files to update content on the Symantec Endpoint Protection Manager when it cannot access either the Internet or a LiveUpdate Administrator (LUA) server.

Use Rapid Release .jdb files in outbreak scenarios to combat new threats.

About .jdb files

Symantec Security Response distributes content in .exe and .jdb files. The .exe files update single clients, and the .jdb files update either the Symantec Endpoint Protection Manager or single clients. When you use a .jdb file to update a Symantec Endpoint Protection Manager, it then updates its managed clients.

There are four kinds of content that are distributed in .jdb files:

  • Certified virus definitions (for Symantec Endpoint Protection Managers managing typical Symantec Endpoint Protection (SEP) clients)

    • ​"Core 1.5" Certified virus definitions for Symantec Endpoint Protection Manager 12.1.2 and later
    • "Core 1.5 SDS" Certified virus definitions for Symantec Endpoint Protection Manager 14.0 (Dark Network client only)
    • "Core 3" Certified virus definitions for (Symantec Endpoint Protection Manager managing Symantec Endpoint Protection 12.1.6 Reduced-Size Clients only)
    • "Core 3 SDS" Certified virus definitions for Symantec Endpoint Protection Manager 14.0 (Intelligent Threat Cloud Service)
  • Rapid Release virus definitions

    • ​"Core 1.5" Rapid Release virus definitions for Symantec Endpoint Protection Manager 12.1.2 and later
    • "Core 3" Rapid Release virus definitions for (Symantec Endpoint Protection Manager managing Symantec Endpoint Protection 12.1.6 Reduced-Size Clients only)
    • "Core 1.5 SDS" Rapid Release virus definitions for Symantec Endpoint Protection Manager 14.0 (Dark Network client only)
    • "Core 3 SDS" Rapid Release virus definitions for Symantec Endpoint Protection Manager 14.0 (Intelligent Threat Cloud Service)
  • Network-Based Protection content for Symantec Endpoint Protection Manager 12.1.3 and later

  • Behavior-Based Protection content for Symantec Endpoint Protection Manager 12.1.3 and later

All content can be found on the Symantec Security Response definitions page.

For more information about the protection features and definition sets used in Symantec Endpoint Protection 14.0, review the following documents:

About certified virus definitions

The certified definitions .jdb file updates the virus and spyware definitions on the Symantec Endpoint Protection Manager. These definitions have been through rigorous Quality Assurance (QA) testing and are recommended for regular use.

About Rapid Release virus definitions

Several times a day, Symantec Security Response compiles all new detections into a new Rapid Release virus .jdb file. The purpose of the Rapid Release virus definitions is to make the newest definitions available quickly. Use Rapid Release virus definitions when a new threat may be spreading on your network or for systems responsible for perimeter defense.

Rapid Release virus definitions undergo only basic quality assurance testing. Rapid Release virus definitions are therefore riskier to use than certified definitions. Rapid Release definitions are most useful as a means of stopping fast-spreading threat outbreaks or preventing initial incursion of an attack at the gateway.

Several times each weekday, all new detections added as Rapid Release definitions go through the complete QA process, including testing for false positives and testing for full compatibility with Symantec Endpoint Protection. Once these definitions pass the full QA process, they are posted as Certified LiveUpdate definitions.

Please note that using Rapid Release definitions regularly, on the endpoint instead of Certified definitions is not encouraged by Symantec. Under normal conditions, Symantec recommends Certified definitions for routine use on enterprise Endpoint systems.

If you are unsure as to which definitions set you should use, please contact Symantec Support for guidance.

About Network-Based Protection and Behavior-Based Protection .jdb files

Symantec Endpoint Protection 12.1.3 and later can update Network-Based Protection (IPS) and Behavior-Based Protection (SONAR) content using .jdb files. Using these components in addition to the Virus and Spyware Protection component (antivirus) is strongly encouraged. Virus and Spyware Protection alone is not sufficient protection against today's sophisticated threats, even on networks that have no access to the Internet.


To download the .jdb file

  1. In a browser on the computer that runs Symantec Endpoint Protection Manager, go to one or all of the following:

  2. Download the file that ends in .jdb, and save the file to the Windows desktop.

  3. Most browsers rename the file from .jdb to .zip after you save it. Rename the file from .zip to .jdb.

  4. Do one of the following:

    • On 32-bit operating systems, copy and paste the .jdb file to the following location:
      \Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming
    • On 64-bit operating systems, copy and paste the .jdb file to the following location:
      \Program Files(x86)\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming

      Be sure to copy and paste the file instead of cutting and pasting or otherwise moving it. Copying and pasting preserve the file permissions correctly, while other methods of moving the file may not.
  5. Symantec Endpoint Protection Manager processes the .jdb file automatically.

To verify that the Symantec Endpoint Protection Manager content is updated

To verify that the Symantec Endpoint Protection Manager content has been updated, look in the following folders:

For Symantec Endpoint Protection 12.1.x:

  • 32-bit Definitions:
    • .\Symantec Endpoint Protection Manager\Inetpub\content\{535CB6A4-441F-4e8a-AB97-804CD859100E} (Core 1.5)
    • .\Symantec Endpoint Protection Manager\Inetpub\content\{4F6D9685-BCD6-43C4-A109-7399795F5D97} (Core 3 Reduced Size client only)
      • Please review the file "ContentInfo.txt" for description of the different content monikers.  
      • This is located in the same root directory.\Symantec Endpoint Protection Manager\Inetpub\content\
  • 64-bit Definitions:
    • .\Symantec Endpoint Protection Manager\Inetpub\content\{07B590B3-9282-482f-BBAA-6D515D385869} (Core 1.5)
    • .\Symantec Endpoint Protection Manager\Inetpub\content\{38B770CC-A70B-43D0-92AF-24F6CB39114B} (Core 3 Reduced Size client only)
      • Please review the file "ContentInfo.txt" for description of the different content monikers.  
      • This is located in the same root directory.\Symantec Endpoint Protection Manager\Inetpub\content\

For Symantec Endpoint Protection 14:

  • 32-bit Definitions:
    • .\Symantec Endpoint Protection Manager\Inetpub\content\{535CB6A4-441F-4e8a-A897-804CD859100E} (Core 1.5 SEP 12.1.x support)
    • .\Symantec Endpoint Protection Manager\Inetpub\content\{4F6D9685-BCD6-43C4-A109-7399795F5D97} (Core 3 SEP 12.1.x Reduced Size client only)
    • .\Symantec Endpoint Protection Manager\Inetpub\content\{1A79EE79-891B-4CB6-9A00-8D07FC6BF1FF} (Core 1.5 SEP 14 SDS)
    • .\Symantec Endpoint Protection Manager\Inetpub\content\{7C177419-4112-42B6-8CEF-094385474554} (Core 3 SEP 14 SDS Intelligent Threat Cloud Service)
      • Please review the file "ContentInfo.txt" for description of the different content monikers.  
      • This is located in the same root directory.\Symantec Endpoint Protection Manager\Inetpub\content\
  • 64-bit Definitions:
    • .\Symantec Endpoint Protection Manager\Inetpub\content\{07B590B3-9282-482f-BBAA-6D515D385869} (Core 1.5 SEP 12.1.x support)
    • .\Symantec Endpoint Protection Manager\Inetpub\content\{38B770CC-A70B-43D0-92AF-24F6CB39114B} (Core 3 SEP 12.1.x Reduced Size)
    • .\Symantec Endpoint Protection Manager\Inetpub\content\{151387BE-8D1C-467D-8B7A-AC215B16A144} (Core 1.5 SEP 14 SDS)
    • .\Symantec Endpoint Protection Manager\Inetpub\content\{67F66706-F04B-4432-9947-F8354949D2A6} (Core 3 SEP 14 SDS Intelligent Threat Cloud Service)
      • Please review the file "ContentInfo.txt" for description of the different content monikers.  
      • This is located in the same root directory.\Symantec Endpoint Protection Manager\Inetpub\content\

Typically, three or more numbered folders exist. The folder naming convention is "yymmddxxx". For example, "140822034". This is the date and build (revision) number of the definition set installed.

There should be a folder named "Full" and a zip file named "Full.zip" inside the folder that matches the set that you downloaded and installed. Inside the Full folder are the files typically associated with a virus definition set.

Notes


Additional Clarification:

The Intelligent Updater .exe files are designed to update client installations for Symantec Endpoint Protection only. These Intelligent Updater files do not contain the required content needed by a Symantec Endpoint Protection Manager.

  • The Intelligent Updater (IU) file names for Symantec Endpoint Protection clients end with "v5i32.exe" or "v5i64.exe" (32- and 64-bit respectively).

  • The Intelligent Updater file names listed on the "Symantec AntiVirus" tab should only be used with those specifically listed products. Do not use these on a Symantec Endpoint Protection Manager or Symantec Endpoint Protection client.

Attachments