Solved

SEP ips signatures

Posted on 2012-04-02
7
1,022 Views
Last Modified: 2012-04-07
Hello,
I have SEPM server 11.0.7101 which i apply the definination updates manually to be distributed to clients. No live update used just the SEP Management server.  The clients get the AV definitions updated but the firewall (although status is green) definitions are old.  I am making assumption that the ips signatures is what the definition date stamp is for the firewall.  Why arent the ips signatures loading?  BTW. The SEPM console also reports that the ips signatures are of the old date.  So it appears that the SEPM is not processing the ips signatures when the jdb file is loaded.  Thanks for your help.
0
Comment
Question by:coolmike2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 37799243
What is the status of your management iris definitions?
Do you have live update retrieving data?
Have you considered setting up a local live update dministrator and letting it download the updates while configuring the clients to use it for updates in addition to the management server?
Double check your manager's live update control panel to see which options/products are selected there.
0
 

Author Comment

by:coolmike2
ID: 37800754
Arnold,
not sure what iris def's are?  No live update is not running since not possible for this private lan. I place the jdb file in a particular directory on the SEPM server.
Thanks
0
 
LVL 78

Expert Comment

by:arnold
ID: 37800774
IPS not iris, it seem my word filler changed to a suggestion that I did not notice.
Downloading job files from Symantec download only deals with virus and not signatures if memory serves me right.
Check the sep management server for the version of signatures it has.  Any reason why you are not using the live update agent on the management server to update the various definitions?
0
Webinar June 1st - Attacking Ransomware  

The global cyberattack that corrupted hundreds of thousands of computer systems on May 12th had a face, name, & price tag that we’ve seen all too often in recent years: Ransomware. With the stakes – and costs – of a ransomware attack higher than ever, is your business prepared ?

 

Author Comment

by:coolmike2
ID: 37800959
I thought i had read somewhere that all feature content is included in the jdb files. could be wrong of course. The latest signature version is dated march of 2010.
I cant use the liveupdate feature because this is a private lan (no outside connectivity).  I could potentially use live update on the clients to point to the SEPM server for their updates but don't see a reason to do that since the SEPM server seems to be updating the AV defs just fine on the clients. Thanks again.
0
 
LVL 78

Accepted Solution

by:
arnold earned 400 total points
ID: 37801288
You can only download the virus definitions:
http://www.symantec.com/security_response/definitions.jsp?pid=sep11_32
Everything has to be downloaded using live update. Look at live update administrator to download the updates at night. The connect it to the private LAN for the clients to use to update.
0
 

Author Comment

by:coolmike2
ID: 37806083
Its a nice option to have but unfortunately that cant be done. So how would i be able to manually import the ips signatures into my SEPM server?
0
 
LVL 78

Expert Comment

by:arnold
ID: 37806425
I'm unaware of other options.
In a way if the systems Have no external access, anti-virus feature is all that is needed.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question