Endpoint Protection

Hi guys,

In our environment we have networks that don't have an Internet connection, and we're planning to protect them with SEP.

Since the servers hosting the SEPM will never have Internet connectivity, how can they be updated with new definitions?
We don't care so much about the update intervals (updating the definitions once a month is acceptable for us)

With the solution we're using now (Kaspersky) we send a CD-ROM to those remote/secure sites with the definition files, the admin on site copy/overwrites the files in the respective folder and it works great.

Can we do something similar with SEPM?  If the answer is yes, can you tell me how?

Thank you,
Vic

Read these KB's on using .jdb files to update definitions.

 Manager
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007100820002048?Open&docid=2007100816530248&nsf=ent-security.nsf&view=docid


Client
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008030710560348

Hello,

Check the Following KB:

How to update content on a Symantec Endpoint Protection Manager that doesn't have Internet access

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/c0d25753668907aec1257443003077d0?OpenDocument

Thanks for the reply guys, updating definitions with a .jdb file is exactly what we need.

Question 1:  Is there a way to revert to previous definitions?
Example:  If I place an older .jdb file in the incoming folder, will it overwrite the existing newer definitions?

Question 2: Once we update a SEPM with the .jdb file it updates all its clients, which is great.  My question is, can a SEPM pull definition updates from another SEPM?
Example: Our environment have one centralized location with dozens of smaller remote sites connected to it, each of the remote sites will have a SEPM server with client computers connected to it, when we perform a definition update we don't want to send the .jdb file to each of the remote sites, we want to update the SEPM server at the centralized location which in turn is going to update all the other SEPMs at the remote sites, is that possible?  If yes, can you tell how?

Thanks again,
Vic

@ Question 1: No... older JDB files will still be processed, but the SEPM only keeps the X latest defs. (X is defined in the SEPM at Admin > Servers > Highlight Local Site > Edit Site Properties > LiveUpdate > Content Revisions)
To revert clients to an older definition, follow KB 2007111515160948
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007111515160948

@ Question 2: No... the SEPM updates automatically from LiveUpdate servers only. Based on your description, it sounds like you should check out Group Update Providers (GUPs).
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009052116101548
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009050510573148

If you can allow your SEPM to connect to another computer that does have Internet access, you can use LiveUpdate Administrator to download and distribute content updates to your SEPM.

Question 1: it is possible to revert to old definition.if you paste a jdb file to incoming folder it will be removed automatically after the processing of that file.This process may take max 5 min.
Question 2: it is possible to send update from one SEPM to other by replication.You have to select replicate liveupdate content and updates for that in the properties of replication partners.there is no other way to get the updates from one SEPM for the other.What is the number of clients in your remote sites if it is not a very huge no, check the possibility of GUP(Group Update Provider) 
Have a look at this KB and article
Symantec Endpoint Protection 11.0 Group Update Provider (GUP)
How much bandwidth is used by a SEP Client in One day ?

Thanks for the reply guys.

Kaspersky antivirus can be updated with a few efort using top ten best antiviruses http://www.best-antivirus.co/.Also here you can find a review of the most important antiviruses
good luck