Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SEP ips signatures

Posted on 2012-04-02
7
Medium Priority
?
1,035 Views
Last Modified: 2012-04-07
Hello,
I have SEPM server 11.0.7101 which i apply the definination updates manually to be distributed to clients. No live update used just the SEP Management server.  The clients get the AV definitions updated but the firewall (although status is green) definitions are old.  I am making assumption that the ips signatures is what the definition date stamp is for the firewall.  Why arent the ips signatures loading?  BTW. The SEPM console also reports that the ips signatures are of the old date.  So it appears that the SEPM is not processing the ips signatures when the jdb file is loaded.  Thanks for your help.
0
Comment
Question by:coolmike2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 79

Expert Comment

by:arnold
ID: 37799243
What is the status of your management iris definitions?
Do you have live update retrieving data?
Have you considered setting up a local live update dministrator and letting it download the updates while configuring the clients to use it for updates in addition to the management server?
Double check your manager's live update control panel to see which options/products are selected there.
0
 

Author Comment

by:coolmike2
ID: 37800754
Arnold,
not sure what iris def's are?  No live update is not running since not possible for this private lan. I place the jdb file in a particular directory on the SEPM server.
Thanks
0
 
LVL 79

Expert Comment

by:arnold
ID: 37800774
IPS not iris, it seem my word filler changed to a suggestion that I did not notice.
Downloading job files from Symantec download only deals with virus and not signatures if memory serves me right.
Check the sep management server for the version of signatures it has.  Any reason why you are not using the live update agent on the management server to update the various definitions?
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 

Author Comment

by:coolmike2
ID: 37800959
I thought i had read somewhere that all feature content is included in the jdb files. could be wrong of course. The latest signature version is dated march of 2010.
I cant use the liveupdate feature because this is a private lan (no outside connectivity).  I could potentially use live update on the clients to point to the SEPM server for their updates but don't see a reason to do that since the SEPM server seems to be updating the AV defs just fine on the clients. Thanks again.
0
 
LVL 79

Accepted Solution

by:
arnold earned 1200 total points
ID: 37801288
You can only download the virus definitions:
http://www.symantec.com/security_response/definitions.jsp?pid=sep11_32
Everything has to be downloaded using live update. Look at live update administrator to download the updates at night. The connect it to the private LAN for the clients to use to update.
0
 

Author Comment

by:coolmike2
ID: 37806083
Its a nice option to have but unfortunately that cant be done. So how would i be able to manually import the ips signatures into my SEPM server?
0
 
LVL 79

Expert Comment

by:arnold
ID: 37806425
I'm unaware of other options.
In a way if the systems Have no external access, anti-virus feature is all that is needed.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question