Endpoint Protection

 View Only

  • 1.  Alternate source for virus definition updates?

    Posted Jan 10, 2023 09:09 PM
    Edited by Jason McClellan Jan 11, 2023 05:21 PM
    I support 30+ small to medium air-gapped networks running Symantec Endpoint Manager and several standalone, air-gapped machines running Symantec Endpoint Protection. No internet connection in these locations requires that virus definition updates be brought in via thumb drive. 

    Given that these definitions are updated regularly and that we always want to have the latest definitions on hand, I had a PowerShell script that would parse the HTML from this page: "https://www.broadcom.com/support/security-center/definitions/download/detail?gid=sep14" and download the latest darknet definitions for SEP and SEPM.

    However, it looks like a recent change took place to the structure of that page and the generation of those links are now wrapped in some kind of Java applet, meaning the URLs I'm looking for are no longer listed in the page's HTML document. 

    Is there any other source of method that would allow me to automatically download (via script) virus definition updates each day? I know there used to be an FTP site where they were hosted, but that seems to have been discontinued in 2019. 


  • 2.  RE: Alternate source for virus definition updates?

    Posted Jan 13, 2023 08:44 AM
    Edited by Erik Denkers Jan 13, 2023 09:12 AM

    We have a script that was doing the same thing and pulling down JBD files.  It looks like the last time that it got anything was on 12/18/2022.

    After doing a little checking into one of the file links on the page, I found that these pages have hard links to the files...

    Main virus definitions (SDS)...
    https://definitions.symantec.com/defs/sds/index.html


    IPS definitions...
    https://definitions.symantec.com/defs/ips/index.html

    SONAR definitions...
    https://definitions.symantec.com/defs/sonar/index.html

    The parent page is https://definitions.symantec.com/defs/index.html

    Our scripts would need to parse the HTML for the files with the most recent dates.



  • 3.  RE: Alternate source for virus definition updates?

    Posted Jan 19, 2023 02:49 AM
    Hi,  ..for what it's worth; I'm also interrested of an solution to this issue...

    ------------------------------
    Ivar
    ------------------------------

    Original Message


  • 4.  RE: Alternate source for virus definition updates?

    Posted Jan 19, 2023 08:43 AM
    And for what it's worth from me, I have provided an alternate source to the virus definitions in my previous post.  Just follow these links and you will find the definitions there.  You would need to update your script to use the new URLs.

    Main virus definitions (SDS)...
    https://definitions.symantec.com/defs/sds/index.html

    IPS definitions...
    https://definitions.symantec.com/defs/ips/index.html

    SONAR definitions...
    https://definitions.symantec.com/defs/sonar/index.html


    Original Message


  • 5.  RE: Alternate source for virus definition updates?

    Posted Jan 23, 2023 12:20 PM

    GOT IT. 

    I mentioned the problem to a coworker last week and he seems to have found the solution using the "Convertfrom-Json" cmdlet in PowerShell. 

    $JSON_url = 'https://www.broadcom.com/api/getjson?url=support/security-center/definitions/download/detail&locale=en-us&type=security_center&gid=sep14'
$symantec  = Invoke-Webrequest $JSON_url
$downloads = $symantec.content | Convertfrom-Json
$downloads.Groups[0].Packages.File.Url

    The last line lists all .exe and .jdb download links on the page. From there, just filter for whichever one(s) you need and feed the URL to your script. If you back up to the "Packages.Title" property, you can see which are Dark-Network or Low-Bandwidth clients more easily. 

    Hopefully this is as helpful to others as it is to me!


    Original Message


  • 6.  RE: Alternate source for virus definition updates?

    Posted Jan 23, 2023 05:26 PM

    Thanks so much for these links. Its the only progress I've seen on this issue so far. These might solve the problem for others coming to this post, but unfortunately I'm still out of luck. 

    These pages have tons of different options, but, sadly, not the ones I need. The two sets of definitions I download each day are the SEP Darknet and SEPM Darknet for RU5/RU6. The filenames and sizes are below: 

    124MB - vd646e02core15sdsn64.jdb
    112MB - 20230123-002-core15sdssepn64v5i64.exe

    I would think that there would be more entries on the main defs/index.html page, as it seems strange to have those 4 sets of definitions listed and kept up to date, but not the rest. 


    Original Message


  • 7.  RE: Alternate source for virus definition updates?

    Posted Jan 24, 2023 09:41 AM
    The JDB Files for Dark-Network Client may be found here... https://definitions.symantec.com/defs/jdb/core15sds.  However, this page appears to be a static html page and not fully up to date.  I am not sure how often this page gets updated.

    I tried using the "Convertfrom-Json" cmdlet in PowerShell that you previously posted and from what I could tell, that is probably a better option.

    Otherwise, I would say that it is up to Broadcom to provide more assistance, since they ultimately have control over the files themselves.  You may need to open a support ticket with them to get further assistance.










    Original Message