Endpoint Protection

 View Only

  • 1.  Confused about dates on IPS defintions

    Posted Apr 03, 2010 01:04 AM
    On one SEPM server the date for the Intrusion Prevention signatures (Admin --> Servers --> Show LiveUpdate Downloads) says 2010-3-20.    See the screenshot below.

    My understanding is this page http://www.symantec.com/business/security_response/securityupdates/list.jsp?fid=sep&pvid=sep11_32 lists the IPS signature releases, and it shows the most current release is dated 2010-3-17.  How can my SEPM have a date that is more recent than the latest release??

    Clients that communicate with this SEPM show Network Threat Protection definitions dated 2010-3-20
    (NTP definitions are the same as IPS definitions, correct?)

    Both SEPM and client are RU5.  The SEPM is configured to pull updates directly from Symantec.



  • 2.  RE: Confused about dates on IPS defintions

    Posted Apr 04, 2010 05:30 AM
    Hi Ohio,

    I would not be worried about this - one of the dates represents when the definitions were probably compiled and sent to Symantec's internal QA, one date shows when it was OK'ed and made available via LiveUpdate.  There are different dates even on the page you have specified: 

    Date Name LiveUpdate Defs ID
    3/27/10 Security Update 140 20100317.001


    As long as all clients are correctly up-to-date with the latest revision, all is downloading and distributing well.


    Thanks and best regards,

    Mick



  • 3.  RE: Confused about dates on IPS defintions

    Posted Apr 04, 2010 08:02 PM
    >> As long as all clients are correctly up-to-date with the latest revision, all is downloading and distributing well.

    But how do I know if the clients are up-to-date when one of SEPM servers has IPS definitions dated 2010-03-17 (which matches the Symantec web page) but the other SEPM server has IPS definitions dated 2010-03-20 ??  The clients have different dates on them depending on which SEPM them communicate with. 


  • 4.  RE: Confused about dates on IPS defintions

    Trusted Advisor
    Posted Apr 05, 2010 12:42 AM
    Hello,

    Just to let you know that AntiVirus/ Antispyware Definitions are updated daily and in certain exceptional case 2-3 times daily. However, the same is not with Proactive Threat Protection Definitions or Network Threat Protection Definitions. The same gets updated 1-2 times a week.

    You are correct about,

    http://www.symantec.com/business/security_response/securityupdates/list.jsp?fid=sep&pvid=sep11_32

    which can be used to check for the latest security updates for Symantec Endpoint Protection.

    Also,

    How can I check for the latest Intrusion Prevention Signature (IPS) version?

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/99ba826e4a26c0418825751a00559d3d?OpenDocument


    Hope that Answers your Doubts. :)