Symantec endpoint protection virus definitions not updating on clients
Citrix PVS is used to stream a read-only v Disk to VM’s on a Xen Server infrastructure.Since a non-persistent desktop loses all updates after a reboot the Symantec Endpoint Protection (SEP) clients’ virus definitions also resets to the moment you last updated the definition files in your image.On the client machine use the Windows Registry Editor to navigate to the following key:32 bit: HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\Current Version\public-opstate64 bit: HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\Current Version\public-opstate Criteria: If the "Latest Virus Defs Date" is older than 7 calendar days from the current date, this is a finding.Deploying Anti-Virus definition updates is most commonly done through Fixlet messages in the Client Manager for Endpoint Protection Fixlet site.Fixlet content in the site is updated frequently to help maintain current virus definition files across your network.As an alternative, the Anti-Virus Definition Update Task Wizard can be used to deploy arbitrary definition files for supported Anti-Virus applications.These files are made available to antivirus clients as they are published.Keeping virus signature files as current as possible is vital to the security of any system.
So I decided to create my own redirection solution. So here’s a Step-By-Step instruction on how to accomplish this.
Please contact TEM if your Anti-Virus application is not supported by the wizard.
The wizard currently supports the following Anti-Virus applications: The wizard will prompt you for the Anti-Virus application and for the location of the definition update file you would like to deploy.
Here’s how I did it: folder to a location on my persistent disk, made my registry changes and started the client. Follow these steps in your client OS (in Read/Write mode): Now that we’ve prepared our image for this change we have to make sure that the definition files are present on the persistent disks on all VM’s in the environment.
For this I created a Power Shell script which will do just that.
In addition, you can customize the various textfields of your task.