This document provides step-by-step instructions to customize the Symantec Endpoint Recovery Tool. The Symantec Endpoint Recovery Tool is a bootable ISO image provided by Symantec, typically from the http://fileconnect.symantec.com site. A SEP product serial number or registered license will be required to download from Fileconnect. The SERT disk is used to boot from a CD-ROM drive and scan a system with the main Operating System in a non-running state in order to improve chances of detecting hard to find malware.
Instructions in this whitepaper are not supported by Symantec. Instructions provided as-is.
The first objective of the document is to show how to create the SERT Disk with extra utilities for malware identification, capture and response. The second objective in this document is to make the customized SERT disk bootable from USB media.
Editing the WIM file is not necessary in the 2014 SERT --- the definitions are stored in that version under /sources/symantec_nbrt/virusdef/ and you can update the contents of that folder on the bootable SERT USB media after it is created. You can also use an ISO editor to update that folder in the SERT ISO before burning it to DVD.
Unzip the JDB file. Rename the unzipped folder to yyyymmdd.rrr (the date/revision of the definitions, found in the unzipped files at bottom of text file catalog.dat under [VerInfo]). Drop the new numbered folder into /sources/symantec_nbrt/virusdef, delete the old numbered folder, and change definfo.dat and usage dat accordingly.
Very helpful whitepaper! Thanks for posting.
The unsupported instructions in this new white paper will be of great use to security admins. "Thumbs up" from me.
For convenience, here are links to Symantec's brief articles containing the supported steps:
How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions Article: TECH131732 | Created: 2010-01-15 | Updated: 2011-04-08 | Article URL http://www.symantec.com/docs/TECH131732 How to make the Symantec Endpoint Recovery Tool boot from a USB memory stick Article: TECH131578 | Created: 2010-01-08 | Updated: 2011-12-02 | Article URL http://www.symantec.com/docs/TECH131578
How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions Article: TECH131732 | Created: 2010-01-15 | Updated: 2011-04-08 | Article URL http://www.symantec.com/docs/TECH131732
How to make the Symantec Endpoint Recovery Tool boot from a USB memory stick Article: TECH131578 | Created: 2010-01-08 | Updated: 2011-12-02 | Article URL http://www.symantec.com/docs/TECH131578