Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 16 replies
  • Subscribers 1 subscriber
  • Views 22957 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Updating old virus definitions - .ide files older than 3 months?

Elbow

Hi,

I've been reading through other forum posts regarding standalone updates for Sophos.

/search?q= 20195

/search?q= 982

I need to update the virus definitions only - not the client.  The website only provides files from the past three months - is there any way I can download older .ide files that that?  Will updating the .ide files only cause any compatibility issues with the client?

Ideally I'd like to be able to:

- copy in .ide files

- restart SAV service

Anything I'm missing?

Thanks in advance

:35393


This thread was automatically locked due to age.
  • 0

    Hello Elbow,

    IDE packages are cumulative, for example the IDEs for VDL 4.82 contain all for 4.83 (as of now 242) and 189 which have been consolidated into the libraries. Thus if you regularly added the IDEs (and did not delete the old ones) you'll have the "complete set".

    You've read that updating the software (libraries and engine) is recommended. The software isn't constantly developed just for the fun of it :smileywink:. I assume that eventually the engine will not be able to make full use of the new definitions. There might also be a performance penalty if you have lots of individual IDEs.

    May I ask - why don't you want to update the software?

    Final hint - the latest available and apparently maintened version is for 4.79, the URL is simple to guess.

    Christian

    :35397
  • 0

    Hi Christian,

    We'll be updating the software soon, but the initial requirement is to get the virus definitions up to date.  I'll grab the 4.82 files from the site and give it a go. 

    Thanks for the help!

    :35403
  • 0

    Just one last question - is there any way to confirm the version of the definitions that are "installed"?  Once I've copied the files in etc - is there anywhere in the client that I can use as a double check?

    I see a client version, but I don't see a definitions version.

    :35411
  • 0

    Hello Elbow,

    View product information (bottom left on the GUI home screen) shows among others AV, engine and detection data (VDL) version as well as the number of IDEs. Is this what you need?

    Christian

    :35433
  • 0

    Perfect - that was me being a bit stupid......

    Any idea what 'G' signifies at the end of a Detection Data version?

    :35439
  • 0

    I have updated the .ide files then restarted the SAV service.  Detection Data version hasn't updated though.... 

    Restarted AutoUpdate service, restarted status reporter, restarted agent - no change to version then in any of those cases.  Is this expected?

    :35441
  • 0

    Hello Elbow,

    if you "update" the IDEs the Detection Data version stays the same as the libraries are not changed/updated. That's why there are more IDEs the older the VDL version. Furthermore, as far as I know no special consistency checks are performed if you "manually" update the IDEs. 

    As for the G - it denotes the SESC (as opposed to SAV) version which supports the extra features (like Application Control) on Windows.

    Christian

    :35447
  • 0

    I really appreciate the help Christian :)

    Had another look on the site,

    http://www.sophos.com/en-us/support/knowledgebase/49479.aspx

    Not sure why it suggests the identity count should change.  Would be nice to have a confirmation that the files updated, but I guess it's not the case.

    :35455
  • 0

    Hello Elbow,

    the count should indeed change, the tag is Detection identities (below Items detected).

    As there are several hundred it's infeasible to expand the + Detection identity files node and compare the names :smileywink: - but using the [Copy] button you can grab the list for further processing.

    Christian 

    :35457
  • 0

    I mean where it says:

    Go to 'View Product Information' and ensure that the 'Detection Identites' matches the 'Number of IDEs' for the package that you downloaded from Sophos.com.

    Surely this won't always be the case, as you've mentioned previously.

    :35459