Endpoint Protection

 View Only
  • 1.  Alternate source for virus definition updates?

    Posted 25 days ago
    Edited by Jason McClellan 24 days ago
    I support 30+ small to medium air-gapped networks running Symantec Endpoint Manager and several standalone, air-gapped machines running Symantec Endpoint Protection. No internet connection in these locations requires that virus definition updates be brought in via thumb drive. 

    Given that these definitions are updated regularly and that we always want to have the latest definitions on hand, I had a PowerShell script that would parse the HTML from this page: "https://www.broadcom.com/support/security-center/definitions/download/detail?gid=sep14" and download the latest darknet definitions for SEP and SEPM.

    However, it looks like a recent change took place to the structure of that page and the generation of those links are now wrapped in some kind of Java applet, meaning the URLs I'm looking for are no longer listed in the page's HTML document. 

    Is there any other source of method that would allow me to automatically download (via script) virus definition updates each day? I know there used to be an FTP site where they were hosted, but that seems to have been discontinued in 2019. 


  • 2.  RE: Alternate source for virus definition updates?

    Posted 23 days ago
    Edited by Erik Denkers 23 days ago

    We have a script that was doing the same thing and pulling down JBD files.  It looks like the last time that it got anything was on 12/18/2022.

    After doing a little checking into one of the file links on the page, I found that these pages have hard links to the files...

    Main virus definitions (SDS)...
    https://definitions.symantec.com/defs/sds/index.html


    IPS definitions...
    https://definitions.symantec.com/defs/ips/index.html

    SONAR definitions...
    https://definitions.symantec.com/defs/sonar/index.html

    The parent page is https://definitions.symantec.com/defs/index.html

    Our scripts would need to parse the HTML for the files with the most recent dates.



  • 3.  RE: Alternate source for virus definition updates?

    Posted 17 days ago
    Hi,  ..for what it's worth; I'm also interrested of an solution to this issue...

    ------------------------------
    Ivar
    ------------------------------



  • 4.  RE: Alternate source for virus definition updates?

    Posted 17 days ago
    And for what it's worth from me, I have provided an alternate source to the virus definitions in my previous post.  Just follow these links and you will find the definitions there.  You would need to update your script to use the new URLs.

    Main virus definitions (SDS)...
    https://definitions.symantec.com/defs/sds/index.html

    IPS definitions...
    https://definitions.symantec.com/defs/ips/index.html

    SONAR definitions...
    https://definitions.symantec.com/defs/sonar/index.html




  • 5.  RE: Alternate source for virus definition updates?

    Posted 12 days ago

    GOT IT. 

    I mentioned the problem to a coworker last week and he seems to have found the solution using the "Convertfrom-Json" cmdlet in PowerShell. 

    $JSON_url = 'https://www.broadcom.com/api/getjson?url=support/security-center/definitions/download/detail&locale=en-us&type=security_center&gid=sep14'
    $symantec  = Invoke-Webrequest $JSON_url
    $downloads = $symantec.content | Convertfrom-Json
    $downloads.Groups[0].Packages.File.Url

    The last line lists all .exe and .jdb download links on the page. From there, just filter for whichever one(s) you need and feed the URL to your script. If you back up to the "Packages.Title" property, you can see which are Dark-Network or Low-Bandwidth clients more easily. 

    Hopefully this is as helpful to others as it is to me!




  • 6.  RE: Alternate source for virus definition updates?

    Posted 12 days ago

    Thanks so much for these links. Its the only progress I've seen on this issue so far. These might solve the problem for others coming to this post, but unfortunately I'm still out of luck. 

    These pages have tons of different options, but, sadly, not the ones I need. The two sets of definitions I download each day are the SEP Darknet and SEPM Darknet for RU5/RU6. The filenames and sizes are below: 

    124MB - vd646e02core15sdsn64.jdb
    112MB - 20230123-002-core15sdssepn64v5i64.exe

    I would think that there would be more entries on the main defs/index.html page, as it seems strange to have those 4 sets of definitions listed and kept up to date, but not the rest. 




  • 7.  RE: Alternate source for virus definition updates?

    Posted 12 days ago
    The JDB Files for Dark-Network Client may be found here... https://definitions.symantec.com/defs/jdb/core15sds.  However, this page appears to be a static html page and not fully up to date.  I am not sure how often this page gets updated.

    I tried using the "Convertfrom-Json" cmdlet in PowerShell that you previously posted and from what I could tell, that is probably a better option.

    Otherwise, I would say that it is up to Broadcom to provide more assistance, since they ultimately have control over the files themselves.  You may need to open a support ticket with them to get further assistance.