About the types of content that LiveUpdate downloads

By default,
Symantec Endpoint Protection Manager
downloads all types of content from the public Symantec LiveUpdate servers. The LiveUpdate Content policy then downloads all types of content from
Symantec Endpoint Protection Manager
to the Windows and Mac clients.
If you do exclude a content type from the site but you remove the content in a LiveUpdate Content policy, that content is not delivered to the clients. Typically, you should not need to exclude the content that
Symantec Endpoint Protection Manager
downloads. Do not exclude a type of content unless you are certain that you do not need it. See:
LiveUpdate does not download updated policies.
Symantec Endpoint Protection Manager
updates policies to clients when you assign a new policy to a group or when you edit an existing policy.
The content types that you can download from LiveUpdate to the
Symantec Endpoint Protection Manager
Content type
Description
Client product updates
Includes software improvements and critical fixes against security vulnerabilities to the Windows client. For example, an attacker could bypass a
Symantec Endpoint Protection
protection feature.
LiveUpdate downloads the product updates as a full client installation package between RUx releases. Each package carries the same version number but has an updated build number. For example, the first client installation package might be labeled as 14.3.4555.2000 and the second as 14.3.5228.1000. When this option is enabled, the most recent interim package appears in the following locations in the
Version Selection
drop-down list:
  • AutoUpgrade wizard: On the
    Admin
    page >
    Install Packages
    page >
    Client Install Package
    >
    Upgrade Clients with Package
    >
    Upgrade Settings
    option >
    General
    tab. The AutoUpgrade wizard displays the most recent build only.
  • New package: On the
    Clients
    page >
    Install Packages
    tab >
    Add a Client Install Package
    >
    General
    tab.
This option does not upgrade client installation packages that are new releases and that have major features in them, such as 14.3 RU2 to 14.3 RU3. You must still upgrade using AutoUpgrade or by manually downloading and installing a full client installation package through the Broadcom Download Management page.
To update your Mac and Linux clients, you must use the
Web link and email
and
Save package
options in the
Client Deployment Wizard
.
In 14.3 RU1 MP1 and earlier, keep this setting unchecked as this option was not used. See:
Client patches
Includes the same client software improvements and security fixes as product updates, but the patches are downloaded as an incremental delta file (.dax) instead of the full client installation package.
To download the content to the clients, go to the
LiveUpdate Settings
policy >
Additional Settings
tab, and check
Download client patches
. This option lets you update client patches from LiveUpdate, the management server, or a Group Update Provider to the clients.
This option was renamed from
Client security patches
in 14.3 RU2.
Virus and Spyware definitions
Separate virus definition packages are available for the x86 and the x64 platforms. This content type also includes the Auto-Protect portal list as well as Power Eraser definitions.
SONAR heuristic signatures
Protects against zero-day attack threats.
Intrusion Prevention signatures
Protects against network threats and host vulnerabilities. Supports the intrusion prevention and detection engines and Memory Exploit Mitigation.
Host Integrity content
Includes the templates of predefined requirements that enforce updated patches and security measures on the client computer. LiveUpdate downloads templates for the computers that run Windows operating systems and Mac operating systems. See:
Submission Control signatures
Controls the flow of submissions to Symantec Security Response.
Reputation Settings
Includes the updates to the reputation data that is used in protection.
Extended File Attributes and Signatures
Used to make updating certificates and Download Insight more data-driven. These data-driven downloads help Symantec update trusted signature lists with definition-style updates.
Endpoint Detection and Response
Updates to the Endpoint Detection and Response (EDR) component, which detects and investigates suspicious activities and issues on hosts and endpoints. EDR provides this forensic information to various product components, including submissions and EDR servers. Added in version 14. See:
Common Network Transport Library and Configuration
Definitions that the entire product uses to achieve network transportation and telemetry. These definitions are necessary for reputation queries, as well as for submissions and communication with EDR. Definitions in this category include SEPM STIC and SEPC STIC, for the
Symantec Endpoint Protection Manager
and
Symantec Endpoint Protection
client, respectively.
Advanced Machine Learning
Definitions that are used in virus and spyware scans for the clients that use a low-bandwidth policy (added in 14.0.1). Use low-bandwidth mode for standard clients and embedded clients in a network with a slow Internet connection. In low-bandwidth mode, LiveUpdate downloads the definitions once per week or less frequently. To use low-bandwidth mode, you must enroll in the cloud and enable the Low Bandwidth policy. Low-bandwidth mode does not with dark network clients.
If you do not enroll the management server in the cloud console, or you do not intend on using a low-bandwidth policy, disable this option to save some bandwidth and disk space on
Symantec Endpoint Protection Manager
. See:
WSS Traffic Redirection
Definitions that the Web Security Services (WSS) Traffic Redirection feature uses. WSS Traffic Redirection uses WSS servers to provide secure proxy settings for you web browsers. (Added in 14.1 MP1.)
SymPlatform definitions (SEF)
Symantec Endpoint Foundation (SEF) is a framework that delivers future protection technologies as content through LiveUpdate. SEF enables you to download new features to your clients without needing to upgrade them.
Includes definitions for URL reputation (14.3 RU1 or later) and Auto-Protect (14.3 RU3 or later).
Application Control content
Definitions that the Application Control engine uses for the Application Control policy. You should always keep this option enabled.
This content runs on version 14.2 and later clients only. For older Windows clients, you must upgrade them to 14.2 first.
Policy Command Handler
Content used by the Policy Command Handler engine.
Endpoint Threat Defense for AD Data
Content used by the Active Directory Defense engine. Added in 14.2 RU1.
Browser Extension
Content for the IPS engine that the client uses to block malicious websites on Google Chrome. Added in 14.3 RU2.
For more information, see:
You cannot disable the following types of content in the LiveUpdate Content policy, including
Extended File Attributes and Signatures
,
Endpoint Detection and Response
,
Common Network Transport Library and Configuration
.
Features and the update content that they need
When you install an unmanaged client
When you update, you need to download these types of content
Virus and Spyware Protection
  • Virus and Spyware Definitions
  • SONAR Definitions
    When you configure content types for download in Site Properties, these are called SONAR heuristic signatures.
  • Centralized Reputation Settings
    When you configure content types for download in Site Properties, this content type is called Reputation Settings.
  • Revocation Data (downloaded by default, not configurable from
    Symantec Endpoint Protection Manager
    )
  • Symantec Allow List (Symantec Whitelist)
  • Submission Control signatures
  • Auto-Protect portal list
  • Power Eraser definitions
  • Extended File Attributes and Signatures (as of 14)
  • Endpoint Detection and Response (as of 14)
  • Common Network Transport Library and Configuration
  • Advanced Machine Learning (as of 14.1)
Virus and Spyware Protection > Download Protection
  • Virus and Spyware Definitions
  • SONAR Definitions
    When you configure content types for download in Site Properties, these are called SONAR heuristic signatures.
  • Centralized Reputation Settings
  • Revocation Data
  • Symantec Allow List (Symantec Whitelist)
  • Intrusion Prevention signatures
    When you select this option to download, it includes updates to both the Intrusion Prevention signatures and the Intrusion Prevention engines.
  • Submission Control signatures
  • Auto-Protect portal list
  • Power Eraser definitions
  • Extended File Attributes and Signatures (as of 14)
  • Endpoint Detection and Response (as of 14)
  • Common Network Transport Library and Configuration
  • Advanced Machine Learning (as of 14.1)
Virus and Spyware Protection > Outlook Scanner
  • Virus and Spyware Definitions
  • SONAR Definitions
    When you configure content types for download in Site Properties, these are called SONAR heuristic signatures.
  • Centralized Reputation Settings
  • Revocation Data
  • Symantec Allow List (Symantec Whitelist)
  • Submission Control signatures
  • Auto-Protect Portal List
  • Power Eraser Definitions
  • Extended File Attributes and Signatures
  • Endpoint Detection and Response (as of 14)
  • Common Network Transport Library and Configuration
  • Advanced Machine Learning (as of 14.1)
Virus and Spyware Protection > Notes Scanner
  • Virus and Spyware Definitions
  • SONAR Definitions
    When you configure content types for download in Site Properties, these are called SONAR heuristic signatures.
  • Centralized Reputation Settings
  • Revocation Data
  • Symantec Allow List (Symantec Whitelist)
  • Submission Control signatures
  • Auto-Protect Portal List
  • Power Eraser Definitions
  • Extended File Attributes and Signatures
  • Endpoint Detection and Response (as of 14)
  • Common Network Transport Library and Configuration
  • Advanced Machine Learning (as of 14.1)
Proactive Threat Protection > SONAR
SONAR Definitions
Submission Control signatures
Extended File Attributes and Signatures
Advanced Machine Learning
Proactive Threat Protection > Application Control
Submission Control signatures
Extended File Attributes and Signatures
Application Control content (as of 14.2)
Network Traffic Redirection policy
WSS Traffic Redirection (as of 14.1 MP1)
Network and Host Exploit Mitigation > Intrusion Prevention
  • Intrusion Prevention signatures
    When you select this option to download, it includes updates to both the intrusion prevention signatures and the Intrusion Prevention engines.
  • Submission Control signatures
  • Extended File Attributes and Signatures
  • Browser Extension (as of 14.3 RU2)
Network and Host Exploit Mitigation > Firewall
Submission Control signatures
Extended File Attributes and Signatures
Host Integrity
Host Integrity content
Submission Control signatures
Extended File Attributes and Signatures
More information