savin st

8/12/2019 Savin St

1/225

Symantec AntiVirus

Installation Guide

10517969

8/12/2019 Savin St

2/225

Symantec AntiVirus Installation Guide

Thesoftware described in this book is furnished under a license agreement and maybe used

only in accordance with the terms of the agreement.

Documentation version 10.1

PN: 10517969

Legal Notice

Copyright 2006 Symantec Corporation.

All rights reserved.

Federal acquisitions: Commercial Software - Government Users Subject to Standard License

Terms and Conditions.

Symantec, the Symantec logo, LiveUpdate, Norton AntiVirus,Symantec AntiVirus, Symantec

Client Security, Symantec Security Response, and Symantec System Center are trademarks

or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other

countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use,

copying, distribution, and decompilation/reverse engineering. No part of this document

may be reproduced in any form by any means without prior written authorization of

Symantec Corporation and its licensors, if any.

THEDOCUMENTATIONIS PROVIDED"AS IS"ANDALL EXPRESS ORIMPLIEDCONDITIONS,

REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF

MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO

BELEGALLY INVALID.SYMANTECCORPORATIONSHALLNOTBELIABLEFORINCIDENTAL

ORCONSEQUENTIALDAMAGESINCONNECTIONWITHTHE FURNISHINGPERFORMANCE,

OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS

DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

TheLicensed SoftwareandDocumentation are deemedtobe "commercial computer software"

and "commercial computer software documentation" as defined in FAR Sections 12.212 and

DFARS Section 227.7202.

Symantec Corporation 20330 Stevens Creek Blvd. Cupertino, CA 95014 USA

http://www.symantec.com

Printed in the United States of America.

10 9 8 7 6 5 4 3 2 1

8/12/2019 Savin St

3/225

Technical Support

Symantec Technical Support maintains support centers globally. Technical

Supports primary role is to respond to specific queries about product feature and

function, installation, and configuration.The TechnicalSupport group alsoauthors

content for our online Knowledge Base. The Technical Support group works

collaboratively with the other functional areas within Symantec to answer your

questions in a timely fashion. For example, the Technical Support group works

with Product Engineering and Symantec Security Response to provide alerting

services and virus definition updates.

Symantecs maintenance offerings include the following:

A range of support options that give you the flexibility to select the right

amount of service for any size organization A telephone and web-based support that provides rapid response and

up-to-the-minute information

Upgrade insurance that delivers automatic software upgrade protection

Global support that is available 24 hours a day, 7 days a week worldwide.

Support is provided in a variety of languages for those customers that are

enrolled in the Platinum Support program

Advanced features, including Technical Account Management

For information about Symantecs Maintenance Programs, you can visit our Web

site at the following URL:

www.symantec.com/techsupp/ent/enterprise.html

Select your country or language under Global Support. The specific features that

are available may vary based on the level of maintenance that was purchased and

the specific product that you are using.

Contacting Technical Support

Customers with a current support agreement may contact the Technical Support

group via phone or online at www.symantec.com/techsupp.

Customers with Platinum support agreements may contact Platinum Technical

Support via the Platinum Web site at www-secure.symantec.com/platinum/.

When contacting the Technical Support group, please have the following:

Product release level

Hardware information

Available memory, disk space, NIC information
http://www.symantec.com/techsupp/ent/enterprise.htmlhttp://www.symantec.com/techsupp/ent/enterprise.html

8/12/2019 Savin St

4/225

Operating system

Version and patch level

Network topology Router, gateway, and IP address information

Problem description

Error messages/log files

Troubleshooting performed prior to contacting Symantec

Recent software configuration changes and/or network changes

Licensing and registration

If your Symantec productrequires registration or a license key, access ourtechnicalsupport Web page at the following URL:

www.symantec.com/techsupp/ent/enterprise.html

Selectyour regionor language under GlobalSupport, and thenselectthe Licensing

and Registration page.

Customer Service

To contact Enterprise Customer Service online, go towww.symantec.com, select

the appropriate Global Site for your country, then choose Service and Support.

Customer Service is available to assist with the following types of issues: Questions regarding product licensing or serialization

Product registration updates such as address or name changes

General product information (features, language availability, local dealers)

Latest information on product updates and upgrades

Information on upgrade insurance and maintenance contracts

Information on Symantec Value License Program

Advice on Symantec's technical support options

Nontechnical presales questions

Missing or defective CD-ROMs or manuals

Pleasevisit ourWeb sitefor current information on Support Programs. Thespecific

features available may vary based on the level of support purchased and the

specific product that you are using.
http://www.symantec.com/techsupp/ent/enterprise.htmlhttp://www.symantec.com/http://www.symantec.com/http://www.symantec.com/techsupp/ent/enterprise.html

8/12/2019 Savin St

5/225

Maintenance agreement resources

If you want to contact Symantec regarding an existing maintenance agreement,

please contact the maintenance agreement administration team for your region

as follows:

Asia-Pacific and Japan:[email protected]

Europe, Middle-East, and Africa:[email protected]

North America and Latin America:[email protected]

Additional Enterprise services

Symantec offers a comprehensive set of services that allow you to maximize your

investment in Symantec products and to develop your knowledge, expertise, and

global insight, which enable you to manage your business risks proactively.

Enterprise services that are available include the following:

These solutions provide early warning of cyber

attacks, comprehensive threat analysis, and

countermeasures to prevent attacks before theyoccur.

SymantecEarly Warning Solutions

These services remove the burden of managing and

monitoring security devices and events, ensuring

rapid response to real threats.

Managed Security Services

Symantec Consulting Services provide on-site

technical expertise from Symantec and its trusted

partners.Symantec Consulting Servicesoffer a variety

of prepackaged and customizable optionsthatinclude

assessment, design, implementation, monitoring and

management capabilities,eachfocused on establishing

and maintaining the integrity and availabilityof your

IT resources.

Consulting Services

Educational Services provide a full array of technical

training, security education, security certification,

and awareness communication programs.

Educational Services

To access more information about Enterprise services, please visit our Web siteat the following URL:

www.symantec.com

Select your country or language from the site index.
http://localhost/var/www/apps/conversion/tmp/scratch_1/[email protected]://localhost/var/www/apps/conversion/tmp/scratch_1/[email protected]://localhost/var/www/apps/conversion/tmp/scratch_1/[email protected]://www.symantec.com/http://www.symantec.com/http://localhost/var/www/apps/conversion/tmp/scratch_1/[email protected]://localhost/var/www/apps/conversion/tmp/scratch_1/[email protected]://localhost/var/www/apps/conversion/tmp/scratch_1/[email protected]

8/12/2019 Savin St

6/225

8/12/2019 Savin St

7/225

Technical Support

Chapter 1 Introducing Symantec AntiVirus

About Symantec AntiVirus... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . .13

What's new in this release.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . .14

Components of Symantec AntiVirus.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . .17

How Symantec AntiVirus works.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . .19Symantec AntiVirus servers and clients.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .20

Managed and unmanaged environments.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..20

Client groups.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

How clients and servers interact.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . .21

Server groups.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

How to choose a primary management server.. . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

Managing your SymantecAntiVirus network with the Symantec

System Center.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

How the Digital Immune System works.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . .23

What you can do with Symantec AntiVirus.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .24

Where to get more information about Symantec AntiVirus.. . . . . . . . . . . . . . . . . .25

Chapter 2 Planning the installation

Plan your network architecture.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .27

Network and system requirements.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .31

About setting administrative rights to target computers.. . . . . . . . . . . . . . .31

About customizing installations by using .msi options.. . . . . . . . . . . . . . . . .32

About configuring user rights with Active Directory.. . . . . . . . . . . . . . . . . . . .32

System time requirements.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . .32

System requirements.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . .32

About Desktop firewalls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

About Windows XP and Windows 2003 firewalls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40

Disabling Internet Connection Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . .40

Disabling Windows Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .41

Prepare your clients and servers for installation.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41

Create a list of computers that you want to protect.. . . . . . . . . . . . . . . . . . . . . .42

Remove virus threats and security risks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . .42

Evaluate antivirus and anti-adware or spyware software.. . . . . . . . . . . . . . .42

Contents

8/12/2019 Savin St

8/225

Determine the programs that you can migrate.. . . . . . . . . . . . . . . . . . . . . . . . . . . .43

How to restructure your Symantec AntiVirus network.. . . . . . . . . . . . . . . . . .43

Install Symantec AntiVirus in stages.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .43

Chapter 3 Installing Symantec AntiVirus for the first time

Before you install. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45

About client installation.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . .46

Symantec System Center installation on server operating

systems... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46

Installation sequence.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . .47

Installing the Symantec System Center.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . .47

Installing the primary management server.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .53

Configuring a primary management server.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..60

Backing up the server group root certificate.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63Installing management servers from the Symantec System

Center.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . .64

Configuring your server group... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . .68

Configuring VDTM for a server group... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..69

Configuring scan schedules.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . .70

Configuring Auto-Protect scans.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . .70

Installing client software.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . .71

About disabling the Windows XP firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72

Installing client software by using the Symantec System

Center.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..72

Installing client software from the CD... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .74

Testing antivirus capabilities.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . .74

Testing antivirus configuration... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . .76

Testing Auto-Protect.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . .76

Testing Risk Tracer.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76

Chapter 4 Installing reporting

About planning the reporting installation.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . .79

About reporting server settings.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .81

Installing reporting for the first time... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . .84

Installing the reporting server and MSDE database on one

computer.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

Configuring a server group to use the reporting server.. . . . . . . . . . . . . . . . .85

Installing reporting agents on Symantec AntiVirus servers.. . . . . . . . . . .85

Logging in to the reporting server.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . .86

Installing the reporting server and a local Microsoft SQL Server

database.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..87

Contents8

8/12/2019 Savin St

9/225

Installing the reporting server and a remote Microsoft SQL Server

database.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..88

Microsoft SQL Server 2000/2005 installation requirements.. . . . . . . . . . .89

Microsoft SQL Server 2000 server and client configurationrequirements.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89

Microsoft SQL Server 2005 server and client configuration

requirements.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91

Installing the reporting server and a remote SQL database.. . . . . . . . . . . .93

Installing MSDE and reporting servers with non-default settings.. . . . . . . . .94

Installing MSDE with non-default settings.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94

Installing reporting servers with non-default settings.. . . . . . . . . . . . . . . . . .96

Uninstalling reporting servers.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . .98

Chapter 5 Migrating to the current version of SymantecAntiVirus

About migration... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103

About migrating Symantec AntiVirus 10.0 to 10.1.. . . . . . . . . . . . . . . . . . . . .104

About migrating to the SSL communications architecture.. . . . . . . . . . .105

Disable security risk programs from other vendors.. . . . . . . . . . . . . . . . . . . .106

How migration works.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . .106

Steps to migrating to the current version... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107

Supported and unsupported server and client migration paths.. . . . . . . . . . .108

Supported migration paths.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .108

Unsupported migration paths.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . .109

Unsupported migration of Administrator tools.. . . . . . . . . . . . . . . . . . . . . . . . . .110

Custom settings may be lost.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . .110

Quarantine items are automatically migrated.. . . . . . . . . . . . . . . . . . . . . . . . . . .110

Symantec System Center upgrade scenarios.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111

Upgrading the Symantec System Center.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . .113

Before you upgrade the Symantec System Center.. . . . . . . . . . . . . . . . . . . . . . .113

Upgrading the Symantec System Center for your scenario.. . . . . . . . . . .114

Installing the Symantec System Center.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . .116

Unlocking the migrated server group... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . .116

Migrating management servers.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . .117

Before you migrate management servers.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..118Migrating the first management servers.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118

About migrating subsequent servers.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . .120

Migrating Symantec AntiVirus on NetWare platforms... . . . . . . . . . . . . . .120

Preventing errors when the logon script is used.. . . . . . . . . . . . . . . . . . . . . . . . .121

About VPStart commands.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .122

About migration from other server antivirus products.. . . . . . . . . . . . . . . .122

Migrating client software.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . .122

Contents

8/12/2019 Savin St

10/225

Before you migrate client software.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . .123

Migrating clients by using the CD... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . .123

Migrating clients by using the Symantec System Center.. . . . . . . . . . . . . .124

Additional client migration methods.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . .124How to determine parent management servers and policy.. . . . . . . . . . .124

Other antivirus product client migrations.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125

About migrating LiveUpdate servers.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . .125

Chapter 6 Installing Symantec AntiVirus managementcomponents

Before you install. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127

How to prepare for the Symantec System Center installation.. . . . . . .128

Symantec System Center installation.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . .128

Installing and configuring optional components.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129Installing and configuring the Central Quarantine.. . . . . . . . . . . . . . . . . . . . .129

Installing and configuring the LiveUpdate Administration

Utility.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137

Uninstalling Symantec AntiVirus management components.. . . . . . . . . . . . . .141

Uninstalling the Symantec System Center.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141

Chapter 7 Installing Symantec AntiVirus servers


TCP and legacy UDP communications.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . .144

Management servers and certificates.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144Server installation methods.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . .144

Why AMS2

is available as an installation option ... . . . . . . . . . . . . . . . . . . . . . .145

Preparations for Symantec AntiVirus server installation.. . . . . . . . . . . . .146

Installing Symantec AntiVirus servers locally.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149

Deploying the server installation across a network connection... . . . . . . . . .151

Starting the server installation.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . .152

Running the server setup program... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . .152

Selecting computers to which you want to install. . . . . . . . . . . . . . . . . . . . . . . .155

Completing the server installation.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . .157

Checking for errors.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . .160Manually loading the Symantec AntiVirus NLMs... . . . . . . . . . . . . . . . . . . . . .160

Installing with NetWare Secure Console enabled.. . . . . . . . . . . . . . . . . . . . . . . .161

Manually installing AMS2

server.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . .162

Uninstalling Symantec AntiVirus server.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .163

Contents10

8/12/2019 Savin St

11/225

Chapter 8 Installing Symantec AntiVirus clients


About creating a primary management server.. . . . . . . . . . . . . . . . . . . . . . . . . . .166

About client installation methods.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . .166

About customizing client installation files by using .msi

options.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167

About configuring user rights with Active Directory.. . . . . . . . . . . . . . . . . . .168

About Symantec AntiVirus client on a Terminal Server.. . . . . . . . . . . . . . .168

About Windows cluster server protection... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..168

About email support.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . .169

About the client configurations file.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . .170

Installing Symantec AntiVirus clients locally.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171

Deploying the client installation across a network connection... . . . . . . . . . .175

Starting the client installation.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . .175Running the client setup program... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . .176

Installing from the client installation folder on the server.. . . . . . . . . . . . . . . . .179

Configuring automatic client installations from NetWare servers

... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180

Post-installation client tasks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .181

Configuring clients with the Grc.dat configuration file.. . . . . . . . . . . . . . . . . . . . . .181

Copying the configuration files from a management server.. . . . . . . . .182

Pasting the configuration files on the client.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182

Uninstalling Symantec AntiVirus clients.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . .183

Chapter 9 Symantec AntiVirus advanced installation options

About Symantec AntiVirus advanced installation options.. . . . . . . . . . . . . . . . .185

Advanced installation options for Symantec AntiVirus server.. . . . . . . . . . . .185

About customizing server installations by using .msi options.. . . . . . .186

About configuring user rights with Active Directory.. . . . . . . . . . . . . . . . . . .186

About deploying to a target computer without granting

administrator privileges.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . .186

Creating a text file with IP addresses to import.. . . . . . . . . . . . . . . . . . . . . . . . . .186

Importing a text file of computers that you want to install. . . . . . . . . . . .187

Installing with the server installation package.. . . . . . . . . . . . . . . . . . . . . . . . . .189

About installing servers by using Microsoft SMS ... . . . . . . . . . . . . . . . . . . . . .190

Advanced installation options for Symantec AntiVirus client.. . . . . . . . . . . . .191

Web-based deployment.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .191

Installing clients by using logon scripts.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199

About installing clients using third-party products.. . . . . . . . . . . . . . . . . . . .200

Contents

8/12/2019 Savin St

12/225

Appendix A Windows installer (.msi) command-line reference

Installing Symantec AntiVirus using command-line parameters.. . . . . . . . .203

Default Symantec AntiVirus server installation.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204

Default Symantec AntiVirus client installation.. . . . . . . . . . . . . . . . . . . . . . . . .204

Windows Installer commands.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . .205

Server installation properties and features.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .207

Symantec AntiVirus server properties.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . .207

Symantec AntiVirus server features.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .208

Client installation properties and features.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..208

Symantec AntiVirus client properties.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . .209

Windows Security Center features.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . .210

Symantec AntiVirus features.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . .210

Symantec AntiVirus client features.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .211

Using the log file to check for errors.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . .211Identifying the point of failure of an installation.. . . . . . . . . . . . . . . . . . . . . . .212

Command-line examples.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . .212

Appendix B Applying a Symantec AntiVirus patch

About applying a Symantec AntiVirus patch... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213

Downloadingthe Symantec AntiVirus patch andClientRemote Install

Tool.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . 214

Deploying the patch using the ClientRemote Install Tool.. . . . . . . . . . . . . . . . . . .215

Starting the patch deployment.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . .216

Running the ClientRemote Install Tool.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . .216

Index

Contents12

8/12/2019 Savin St

13/225

8/12/2019 Savin St

14/225

antivirus protection,security-risk protection, endpointcompliance, and reporting

capabilities. From a single management console, Symantec AntiVirus provides a

comprehensive view of network security and rapid response to security threats.

Symantec AntiVirus provides the following features:

Automated security-risk protection against unwanted adware and spyware.

An enterprise-level view of workstation security, with tools enabling a rapid,

integrated response to security problems across a network.

Security policy enforcement at the client level, which includes the endpoint

compliance policies that ensure your clients are protected before they gain

access to your network. Administrators can create, deploy, and lock down

security policies and settings to keep systems up to date and properly

configured at all times.

Simplified security threat response through centralized updating of antivirusand security risk definitions.

Reporting capabilities that simplify collecting data, analyzing risk trends, and

creating reports of security events from your entire network.

Simplified management. Antivirus, reporting, and endpoint compliance are

installed, configured, and updated from the same management console. The

central management console enables administrators to audit the network,

identify unprotected nodes, and apply the appropriate security protection

before a threat occurs

Lower administrativeandsupport costswhen compared tothecost of managingseveral security products from individual vendors.

What's new in this releaseSymantec AntiVirus includes new features, as well as improvements to existing

features.

Table 1-1describes what's new in this release.

Introducing Symantec AntiVirusWhat's new in this release

14

8/12/2019 Savin St

15/225

Table 1-1 New features in Symantec AntiVirus

DescriptionFeature

Includes an integrated reporting system, which enablesadministrators to quickly and easily review Symantec

AntiVirus events and configurations, and configure

alerts. Administrators can also review the reports from

a Web browser.

Includes a reporting agentthat you caninstallon legacy

Symantec AntiVirus servers, so that a reporting server

can collect events from these servers as well.

Reporting

Protects your Symantec AntiVirus computers by

blocking security risks before they install if Symantec

determines that this action would not leave thecomputer in an unstable state.

Auto-Protect improvements

Repairs complicated risks, such as Winsock LSP and

hostfileinfections,stealthedusermoderisks (rootkits),

and persistent securityrisks thataredifficult to remove

or that reinstall themselves.

Anti-spyware improvements

Provides real-time antivirus file protection through

Auto-Protect and file system scanning on supported

kernels and distributionsof RedHat Enterprise, SuSE

Enterprise, and Novell Desktop Linux.Client computers

are unmanaged, but administrators can configure themby using the provided command-line interface. Users

can display product information and initiate a

LiveUpdate from client computers.

Symantec AntiVirus for Linux

Lets administrators better define their company's

security policies by allowing them to exclude security

risks from on-demand scans and Auto-Protect scans.

Security risks exclusions

Rates impact of security risks on several different

factors including:

Privacy

Performance

Ease of removal

Amount of stealth risks display when they install

You can use this information to decide what security

risks should be excluded from scanning.

Security risk scanning

improvements


8/12/2019 Savin St

16/225

Table 1-1 New features in Symantec AntiVirus(continued)

DescriptionFeature

Simplifies SymantecAntiVirus installationby groupingclient, server, and management component installation

tasks.

Improved CD Start Menu

Lets you create and manage endpoint compliance

policies and determine the compliance status of

endpoints that attempt to access your network.

Centrally managed endpoint

compliance

Provides administrators greater control of scans by

allowing them to perform the following tasks:

Disable startup scans.

Disable the Quick Scan that runs when newdefinitions are updated on client computers.

Enable user-defined scheduled scans even whenthe

user who defined the scan is not logged in.

Scanning options additions

Automatically copies the server group private key to a

newly-promoted primary server as longas thecertificate

is available on theprevious primary server. This process

was previously done manually by the administrator.

Promoting servers to primary

management servers

Provides automatic exclusion of files and folders from

scans when an Exchange server is present on the

computer where Symantec AntiVirus is installed.Administrators no longer have to exclude files and

folders manually.

Exchange scanning

improvements

Handles encrypted mail over secure POP3 and SMTP

connections in pass-through mode.

Internet Email Auto-Protect

enhancements

Improves network performance by allowing

administrators to enable trust in remote versions of

Auto-Protect and to use a network cache to reduce

duplicate scanning across network drives and improve

file transfer speed.

Network scanning options

Reduces the footprint of Symantec AntiVirus clients

and servers by letting administrators configure how

long quarantined items are stored on their computers.

Quarantine enhancements

ProtectsSymantec internal objects,as well as processes.Tamper Protection

enhancements


16

8/12/2019 Savin St

17/225

Components of Symantec AntiVirusTable 1-2describes the main components of Symantec AntiVirus.

Table 1-2 Components of Symantec AntiVirus

DescriptionComponent

Performs managementoperationssuchas the following:

Installing antivirus protection on workstations and

network servers.

Updating virus definitions.

Managingnetworkserversand workstations running

Symantec AntiVirus.

The Symantec System Center

Collects and organizes Symantec AntiVirus events,

including virus and security-risk alerts, scans,

definitions updates, endpoint compliance events, and

intrusion attempts. Also lets you create and print

detailed reports, and set up alerting.

Reporting

Protects the supported Windows and NetWare

computers.

Pushes the configuration and virus definitions files

updates to managed clients.

Symantec AntiVirus server

Provides antivirus protection for networked and

non-networked computers. Symantec AntiVirusprotects

supported Windows computers.

Symantec AntiVirus client

Provides the capability for computers automatically to

pullupdatesof virus definitions files from theSymantec

LiveUpdate server or an internal LiveUpdate server.

LiveUpdate

Works as partof theDigitalImmuneSystem to provide

automated responses to heuristically detected new or

unrecognized viruses and does the following:

Receives the unrepaired infected items from

Symantec AntiVirus servers and clients. Forwards suspicious files to Symantec Security

Response.

Returns the updated virus definitions to the

submitting computer.

Central Quarantine

Table 1-3 describes the SymantecSystem Center management components,which

are installed by default except the Alert Management System2

Console.

Introducing Symantec AntiVirusComponents of Symantec AntiVirus

8/12/2019 Savin St

18/225

Table 1-3 Symantec System Center management components

OverviewDescriptionComponent

Install the Symantec System Centerconsoletothecomputers from which you

plan to manage Symantec AntiVirus.

Install to at least one computer to view

and administer your network.

If your organization is large or you work

out of several offices, you can install the

Symantec System Center to as many

computers as you need. Rerun the

installation program and select the

appropriate option.

The Symantec System Center does notneed to be installed on a network server

or an antivirus server.

The Symantec System Center is the consolethat you use to administer managed

Symantec products. The Symantec System

Centeris a stand-alone application thatruns

under Microsoft Management Console.

The Symantec SystemCenter console

Install the AMS2 console to the same

computer on whichtheSymantec System

Center console is installed.

Install the AMS2

service to one or more

primary management servers on which

Symantec AntiVirus server is installed.

If you choose not toinstallAMS2, you can

use the notification and logging

mechanisms that are available from the

Symantec System Center.

If you plan to implement Symantec

Enterprise Security alerting instead of

AMS2, you do not need to install AMS

2.

The AMS2 console provides alerts from

AMS2 clients and servers.

When you install theAMS2

console, youcan

configure alert actions for Symantec

AntiVirus servers that have the AMS2

service installed. When a problem occurs,

AMS2

can send alerts through a pager, an

email message, and other means.

Note:Reporting replaces AMS2 as the

recommended method of alerting. You still

need the AMS2

console to manage legacy

alerting functionality.

Alert Management

System2

(AMS2) console

Install this component to do the following

from the Symantec System Center:

Set up and administer Symantec

AntiVirus server and client groups.

Manage antivirus protection on thecomputers thatrunSymantecAntiVirus.

Configure groups of the computers that

run Symantec AntiVirus.

Manage events.

Configure alerts.

Perform remoteoperations,such as virus

scans and virus definitions files updates.

This managementSnap-infor theSymantec

System Center lets you manage Symantec

AntiVirus on workstations and network

servers.

Symantec AntiVirus

Snap-in

Introducing Symantec AntiVirusComponents of Symantec AntiVirus

18

8/12/2019 Savin St

19/225

Table 1-3 Symantec System Center management components(continued)

OverviewDescriptionComponent

Install this component to manage firewallpolicy packages.

This snap-in lets you create firewall policypackages for the workstations that run the

Symantec Client Firewall.

Symantec ClientFirewall Snap-in

Install this component to manageendpoints,

view endpoint status, and determine the

endpoint compliance that is based on the

compliance policies that you configure.

This Snap-in lets you configure compliance

policies and determine the compliance

statusof endpointsthat havesupported VPN

or network access provider solutions

installed.

Symantec Endpoint

Compliance Snap-in

Install this component to manage remote

server installations from the Symantec

System Center.

Thistool letsyouremotely install Symantec

AntiVirus server to the Windows-based

computers and NetWare servers that youselect.

You can also run this tool from the

Symantec AntiVirus CD.

AV Server Rollout Tool

Install this component to manage remote

client installations.

Thistool letsyouremotely install Symantec

AntiVirus to one or more Windows-based

computers.

You can also run this tool from the

Symantec AntiVirus CD.

ClientRemote Install

Tool

Install this component if you want to createand distribute the reports that are based on

the events that are sent to the reporting

server and set up alerting.

This Snap-in lets you collect SymantecAntiVirus events, create reports from the

events that you collect, and configure

alerting.

Reporting Snap-in

How Symantec AntiVirus worksIf you install, upgrade, or administer Symantec AntiVirus for the first time, you

must understand how Symantec AntiVirus is organized in your network.

A Symantec AntiVirus networkconsists of Symantec AntiVirus serversandclients.

Like other networks, a Symantec AntiVirus network communicates to perform

important tasks across your entire network. You can view and configure your

Symantec AntiVirus clients and servers using Symantec-supplied administrator

tools.

You must understand the following Symantec networking concepts to administer

Symantec AntiVirus:

Symantec AntiVirus servers and clients

Introducing Symantec AntiVirusHow Symantec AntiVirus works

8/12/2019 Savin St

20/225

Managed and unmanaged environments

Client groups

How clients and servers interact Server groups

How to choose a primary management server

Managingyour Symantec AntiVirus networkwiththe Symantec SystemCenter

Symantec AntiVirus servers and clients

Symantec AntiVirus's main purpose is to protect files on your network and client

computers from viruses and other risks, such as spyware and adware. Symantec

AntiVirus clients and Symantec AntiVirus servers protect each computer on your

network and are the most important lines of defense against security threats.

Because they perform many identical functions, you cannot install both on the

same computer.

You should install either Symantec AntiVirus server or client on every computer

in your network.Symantec AntiVirusclientshouldbe installedon most computers,

while Symantec AntiVirus server installations should be limited to the number

that is needed to manage the clients in your network. Symantec AntiVirus server

performs additional functions, such as distributing virus and security risk

definitions across your network.

Managed and unmanaged environments

Symantec AntiVirus clients can be installed as either unmanaged or managed. In

an unmanaged SymantecAntiVirusnetwork,youmustadministereach computer

individually, or pass this responsibility to the primary user of the computer. The

responsibilities include updating virus and security risk definitions, configuring

antivirus settings, and periodically upgrading or migrating client software. This

approach should be taken for the smaller networks that have limited or no

information technology resources.

The managed Symantec AntiVirus network takes full advantage of Symantec

AntiVirus's networking capabilities. In a managed environment, you must also

install Symantec AntiVirus servers, in addition to clients. Each client and server

on your network can be monitored, configured, and updated from a single

computer. You can use a Symantec administrator tool that is called the Symantec

System Center toverifywhich computers in the networkare protected andworking

properly. You can alsoinstall and upgrade Symantec AntiVirusclients and servers

from the Symantec System Center.


20

8/12/2019 Savin St

21/225

Client groups

In a managed Symantec AntiVirus network, Symantec AntiVirus clients can be

organized into client groups. Client groups let you group together the Symantec

AntiVirus clients that require similar access levels and configuration settings.

You can simultaneously configure multiple clients by configuring the client group

settings, rather than configuring each client individually. You can create, view,

and configure client groups from the Symantec System Center.

How clients and servers interact

Ina managed network, everySymantec AntiVirus client is managed by a Symantec

AntiVirus server, which you can assign during the client installation. A managed

client'sserver is also calledits parentmanagement server. TheSymantec AntiVirus

parent management server provides its clients with virus and security riskdefinitions updates and configuration information, and keeps track of these

settings. The managed clients, in turn, keep track of their parent management

server. When you organize Symantec AntiVirus clients into client groups, you

actually configure their parent management servers. The parent management

servers then passthis information to their respectiveclients. Periodically, managed

clients, in turn, check in with their parent management server to determine if

new configuration information or definitions are available.

Server groups

A server group is a collection of Symantec AntiVirus servers and clients. If you

make configuration changes at the server group level, they can apply to only

servers, only the managed clients, or all the clients andservers, if the configuration

change is applicable to both. A small network generally requires oneserver group.

If you plan on deploying Symantec AntiVirus to multiple locations, you should

consider creating at least one server group for each physical location. You should

consider the speed of communication between multiple distinct networks to

determine whether to create separate server groups. Separating networks into

different server groups can minimize or eliminate the need to use internetwork

communications including configuration file and virus definitions file transfers.

Each server group must have at least one Symantec AntiVirus server, although

it is recommended that a second server be used as a back up server. Typically, the

rest of the computers in the server group should have Symantec AntiVirus client

installed.

Each server group, regardless of whether it contains more than one Symantec

AntiVirus server, must designate a server as the primary management server

before any clients can be added. Only one primary management server can exist


8/12/2019 Savin St

22/225

8/12/2019 Savin St

23/225

Programs that prevent you from restarting the computer at any given time

The Symantec AntiVirus primary management server acts as a bridge for

communication between itself and the other servers and clients that belong to

the server group. For larger networks, the network traffic that the primarymanagement server generates can become significant. This traffic may dictate

which computer that you choose to install your primary management server and

how many server groups that your network needs.

Generally, allother computers in theserver groupshouldhaveSymantec AntiVirus

clients installed except for secondary management servers, which should be

installed as a backup in case the primary management server fails or encounters

problems.

Managing your Symantec AntiVirus network with the Symantec SystemCenter

In a managed Symantec AntiVirus environment, the Symantec System Center is

the only administrator tool that you need to manage your network.You can install

the Symantec System Center on any supported computer regardless of whether

the computer is a Symantec AntiVirus client or server. The Symantec System

Center is commonly installed on the same computer as the primary management

server, although it is not necessary. You should install the Symantec System

Center on the computer that is most convenient for your Symantec AntiVirus

administrator to access. For added convenience, you can install the Symantec

System Center on multiple computers.

The Symantec System Center mainly interacts with the server group's primary

management server. Uninstalling and reinstalling the Symantec System Center

does not affect the configuration settings that are made to your Symantec

AntiVirus network.

How the Digital Immune System worksSymantec AntiVirus lets you deploy and centrally manage virus and security risk

definitions files on clients according to the requirements of your enterprise. To

protect against viruses and other threats that are not yet defined in files, you can

use the Digital Immune System.

The Digital Immune System is a fully automated, closed-loop antivirus system

thatmanages the entire antivirusprocess, includingvirus discovery, virus analysis,

and the deployment and repair of files that could not be repaired on a client

computer. This automated system dramatically reduces the time between when

Introducing Symantec AntiVirusHow the Digital Immune System works

8/12/2019 Savin St

24/225

a virus is found and when a repair is deployed, which decreases the severity of

many threats.

Note: TheDigital Immune Systemis a complex systemthatbenefitslargenetworksonly. It is not a required component in your Symantec AntiVirus network. You

should not install the Digital Immune System in your network unless you protect

at least30,000 managed clients. InstallingtheDigital Immune System to a smaller

network can decrease the efficiency of your Symantec AntiVirus network.

The Digital Immune System works with the Central Quarantine and performs the

following actions:

When a client computer that is configured to repair

infected files cannot repair a specific file, it forwardsthe file first to the local Quarantine, and then to the

Central Quarantine Server where more current virus

definitions might be available.

Identifies and isolates viruses

If the Central Quarantine has more current virus

definitions than the submitting computer, it might be

able to fix the file. If so, it pushes the newer definitions

to the submitting computer. If the file cannot be

repaired, it is sent to a Symantec Security Response

gateway for further analysis.

Rescans the file and submits

viruses to Symantec Security

Response

When the Digital Immune System receives a newsubmission, it analyzes the virus, generates the repair,

and tests it. Then it builds new virus definitions files,

including the new virus fingerprint, and returns the

new virus definitions files to the gateway. Usually, this

process occurs automatically. However, some cases

require Symantec Security Response to intervene.

Analyzes submissions, andgenerates and tests repairs

The Quarantine Agent downloads the new virus

definitionsand installs themon theCentralQuarantine

Server. The updated definitions are then pushed to the

submitting computer, if they are needed.

Deploys repairs

For details about configuring the Central Quarantine and about using the Digital

Immune System, see theSymantec Central Quarantine Administrator's Guide.

What you can do with Symantec AntiVirusSymantec AntiVirus lets you do the following:

Introducing Symantec AntiVirusWhat you can do with Symantec AntiVirus

24

8/12/2019 Savin St

25/225

Protect against viruses, blended threats, and security risks such as adware

and spyware.

Manage the deployment, configuration, updating, and reporting of antivirus

protection from an integrated management console.

Manage Symantec AntiVirus clients based on their connectivity.

Quickly respond to virus outbreaks and deploy updated virus definitions.

Create and maintain the reports that detail important Symantec AntiVirus

events that occur in your network.

Provide a highlevel of protection andan integrated response to security threats

for all users that connect to your network. This protection includes

telecommuters with connections that are always on and mobile users with

intermittent connections to your network.

Obtain a consolidated view of multiple security components across all of the

workstations on your network.

Perform a customizable, integrated installation of all of the security

components and set policies simultaneously.

Establish and enforce security policies.

View histories and log data.

Where to get more information about SymantecAntiVirusSources of information on using Symantec AntiVirus include the following:

Symantec AntiVirus Administrator's Guide

Symantec AntiVirus Reference Guide

Endpoint Compliance Implementation Guide

Reporting User's Guide

Symantec AntiVirus Client Guide LiveUpdate Administrator's Guide

Symantec Central Quarantine Administrator's Guide

Symantec AntiVirus for Linux Implementation Guide

Symantec AntiVirus for Linux Client Guide

Online Help that contains all of the content that is in the guides and more

Introducing Symantec AntiVirusWhere to get more information about Symantec AntiVirus

8/12/2019 Savin St

26/225

The primary documentation is available in the Docs folder on the Symantec

AntiVirus CD. Some individual component folders contain component-specific

documentation. Updates to the documentation are available from the Symantec

Technical Support and Platinum Support Web sites.Table 1-4lists additional information that is available from the Symantec Web

sites.

Table 1-4 Symantec Web sites

Web addressTypes of information

http://www.symantec.com/techsupp/enterprise/Public Knowledge Base

Releases and updates

Manuals and documentation

Contact options

http://securityresponse.symantec.comVirus and other threat informationand

updates

http://enterprisesecurity.symantec.comProduct news and updates

https://www-secure.symantec.com/platinum/Platinum Support Web access

Introducing Symantec AntiVirusWhere to get more information about Symantec AntiVirus

26

8/12/2019 Savin St

27/225

Planning the installation

This chapter includes the following topics:

Plan your network architecture

Network and system requirements

About Desktop firewalls

About Windows XP and Windows 2003 firewalls

Prepare your clients and servers for installation

Plan your network architectureSymantec AntiVirus installation configurations scale from small to large

deployments. In the small deployments that support up to 100 clients, you can

install all management components and servers on one computer.

Figure 2-1illustrates how Symantec AntiVirus management and server software

are collocated in a small deployment.

2Chapter

8/12/2019 Savin St

28/225

8/12/2019 Savin St

29/225

this architecture with one server group, which you create by using the Symantec

System Center.

This architecture also illustrates a best practice of creating a secondary

management server in a server group. When a server group contains two or moremanagement servers, every server other than the primary management server is

defined as a secondary management server. Symantec AntiVirus management

servers do notrequire serveroperatingsystems,butdo notsupport email scanning

like the clients. If you install a reporting server, all other management servers

require a reporting agent.

If your server group contains one management server only, which would be the

primary, and if that server crashes, you cannot unlock and manage the server

group from the Symantec System Center. If you have a secondary management

server in the group, you can unlock the server group. You can then migrate the

clients that were managed by the crashed server to a new or existing server in thegroup by copying a Grc.dat file from the new or existing server to the clients.

SeeConfiguring clients with the Grc.dat configuration fileon page 181.

You should back up the pki directory and all subdirectories of your primary

management server even if you create a secondary management server. If your

primary management server becomes corrupt, you can re-create it if you have

the backup files to restore. For details, refer to the Knowledge Base articles on

the Symantec Web site.

Note:For first-time installations, you should create and configure SymantecAntiVirus with one primary management server that is dedicated to managing a

few clients and a secondary management server for disaster recovery purposes

if the primary management server fails.

In large deployments that might support thousands of client computers, you can

distribute Symantec AntiVirus acrossyour enterprise.For example,you caninstall

management components on different computers, install Symantec AntiVirus

servers on multiple computers, and install a LiveUpdate server, which provides

a single point for downloading virus and security risk definitions.

Figure 2-2illustrates how Symantec AntiVirus management and server softwareis distributed in a relatively large deployment.

Planning the installationPlan your network architecture

8/12/2019 Savin St

30/225

Figure 2-2 Large deployment

SymantecSecurity

Response

Corporate Backbone

Internet

DMZ

Public Webserver

Router

Mail Proxy serverPublic DNS server

Firewall

Client Client Client

Secondary management serverReporting Agent

LiveUpdate Server

Symantec System Center

Central Quarantine ServerCentral Quarantine Console

Primary management serverReporting Server

Clients

Corporate Backbone

With this architecture, one computer runs the Symantec System Center, which

lets administrators manage multiple server and client groups and a CentralQuarantineserver. TheSymantec System Centeralso lets you manage thereporting

server. This architecture also deploys a separate LiveUpdate server from which

antivirus servers and clients receive the latest virus definitions files. By using a

LiveUpdate server, only one computer retrieves the virus definitions files over

the Internet, which preserves firewall bandwidth.

It is possible to manage over 100,000 clients with each management server, both

primary and secondary. It is possible to manage very large environments with

Planning the installationPlan your network architecture

30

8/12/2019 Savin St

31/225

one server group. Most large environments, however, configure server groups by

geographic location and might use one server group for email servers, whichhave

special requirements. For details about email servers, refer to the Symantec

AntiVirus ReferenceGuide. Each reporting server can manage up to50,000clients.In large deployments, you might also need to tune how definitions update files

are distributed by specifying the number of threads to use on a server and the

time intervals to wait before pushing out additional updates. You can set these

options by using the Server Tuning Options tabs in the Symantec System Center.

Note:Every server group, which you create and manage by using the Symantec

System Center, requires one primary management server. As a best practice, each

servergroupshouldcontain at least onesecondarymanagement server for disaster

recovery purposes. Very large deployments might use multiple instances of the

Symantec SystemCenter in different geographic locations.You should also archivethe private key that is installed on the primary management server in the

pki\private-keys directory as a best practice.

Network and system requirementsBefore you install Symantec AntiVirus servers and clients in your network, you

should understand how certain network and system variables affect the ease of

and ability to deploy the servers and clients.

You should consider the following concepts and requirements as you plan yourinstallation:

About setting administrative rights to target computers

About customizing installations by using .msi options

About configuring user rights with Active Directory

System time requirements

System requirements

About setting administrative rights to target computersTo installSymantec AntiVirus servers andclientsto computersthatrun supported

Windows operating systems, you must have administrator rights to the computer

or to the Windows domain to which the computer belongs, and log on as

administrator. The Symantec AntiVirus server installation program launches a

second installation program on the computer to create and start services, and to

modify the registry.

Planning the installationNetwork and system requirements

8/12/2019 Savin St

32/225

If you do not want to provide users with administrative rights to their own

computers, use the ClientRemote Install Tool in the Symantec System Center to

install remotely Symantec AntiVirus clients to computers that run supported

Windows operating systems. To run the ClientRemote Install Tool, you must havelocal administrative rights to the computers to which you install the program.

SeeAbout client installation methodson page 166.

About customizing installations by using .msi options

The Symantec AntiVirus client and server installation packages are Windows

Installer (.msi) files that you can configure and deploy by using the standard

Windows Installer options. You can use the environment management tools that

support .msi deployment, such as Active Directoryor Tivoli Enterprise Console,

to install clients on your network.SeeInstalling Symantec AntiVirus using command-line parameterson page 203.

About configuring user rights with Active Directory

If you use Active Directory to manage Windows-based computerson your network,

you can create a Group Policy that provides the necessary user rights to install

Symantec AntiVirus

For more information on using Active Directory, see the Active Directory

documentation that is provided by Microsoft.

System time requirements

Symantec AntiVirus now uses the SSL protocol to transmit configuration

information securely between management consoles, servers, and clients.

Symantec AntiVirus also uses digitalcertificatesto authenticate users andservers.

To authenticate users, a login certificate is issued to them with a default time

validity value of 24 hours.

Because the login certificate expires after 24 hours, the system clocks of all

management console computers, servers, and clients must be within 24 hours

plus or minus of the system time on the primary management server. You canchange this time by using the Symantec System Center. The login certificate is

automatically reissued if it expires and the user account has not been revoked.

System requirements

Symantec AntiVirus requires specific protocols, operating systems and service

packs, software, and hardware.


32

8/12/2019 Savin St

33/225

All of the requirements that are listed for Symantec AntiVirus components are

designed to work with the hardware and software recommendations for the

supported Windows and NetWare computers. All computers to which you install

SymantecAntiVirusshould meetor exceed the recommendedsystem requirementsfor the operating system that is used.

Review the following requirements before you install Symantec AntiVirus:

Operating system requirements

RAM, storage, and application requirements

Operating system requirements

Table 2-1lists Symantec AntiVirus component operating system requirements.

Table 2-1 Operating system requirements


Windows 2000 Professional/Server/Advanced

Server

Windows XP Professional

Windows Server 2003

Web/Standard/Enterprise/Datacenter

Symantec System Center

Windows 2000 Professional/Server/Advanced

Server


Windows Server 2003


NetWare 5.1 with Support Pack 8 or higher



Symantec AntiVirus server

Windows 2000 Server/Advanced Server

Windows Server 2003 Standard/Enterprise with

Support Pack 1 or higher

Note:You must enable active scripting on your Webbrowser before you use the reporting server from the

Symantec System Center or your Web browser.

Reporting Server

Windows 2000 Professional/Server/Advanced Server


Windows Server 2003


Reporting Agent


8/12/2019 Savin St

34/225

Table 2-1 Operating system requirements(continued)


Windows 2000 Professional/Server/Advanced Server Windows XP Professional

Windows Server 2003


Quarantine Console



Windows Server 2003


Central Quarantine Server


Windows XP Home Edition/Professional/Tablet PCEdition

Windows Server 2003


SymantecAntiVirus client 32-bit

Windows XP 64-bit Edition Version 2003

Windows Server 2003

Standard/Enterprise/Datacenter 64-bit

SymantecAntiVirus client 64-bit

RAM, storage, and application requirements

Table 2-2 lists RAM,storage, andapplication requirements for Symantec AntiViruscomponents.


34

8/12/2019 Savin St

35/225

Table 2-2 RAM, storage, and application requirements.

Storage and ApplicationsRAMComponent

36 MB disk space without Snap-ins 337 MB disk spacefor ReportingSnap-in

518 MB disk space for Symantec

Endpoint Compliance Snap-in

24 MB disk space for AMS2

Snap-in

6 MB disk spacefor Symantec AntiVirus

Snap-in

1 MB disk space for Symantec Client

Firewall Snap-in

130 MB disk space for AV Server Rollout

tool

2 MB diskspace for ClientRemote Install

Snap-in

Internet Explorer 5.5 with Service Pack

2 or later

Microsoft Management Console 1.2 or

later If MMC isnot already installed,you

will need 3 MB free disk space (10 MB

during installation).

If version 1.2 or later is not on the

computer to which you want to install,

the installation program installs it.

64 MBSymantec System Center

140 MB disk space

15 MB disk space for reporting agent

files (if you choose to install the

reporting agent)


2 or later

Static IP address (recommended)

Note: Symantec AntiVirusdoesnotsupport

the scanning of Macintosh volumes on

Windows servers for Macintosh viruses.

64 MBSymantec AntiVirus server

for Windows

116 MB disk space (70 MB disk space for

serverfiles and 46MB diskspace for the

client disk image)


server files

(ifyouchoosetoinstallthe AMS2 server)

Static IP address (recommended)

15 MBSymantec AntiVirus server

for NetWare


8/12/2019 Savin St

36/225

Table 2-2 RAM, storage, and application requirements.(continued)



server filesfor Windows


server files

for Netware

10 MBAMS2

server (optional, forlegacy support)

1.5 GB disk space for 100 clients, or 2

GB disk space for 1,000 clients, or 40 GB

disk space for 50,000 clients

MSDE 2000 with Service Pack 4

(installable), or Microsoft SQL Server

2000 with Service Pack 1 or later

(existing), or Microsoft SQL Server 2005or later (existing)

Internet Information Services 4.0 or

later


2 or later

256 MB for

100 clients

512 MB for

1,000 clients

1 GB for

50,000 clients

Reporting Server

15 MB disk space11 MBReporting Agent

35 MB disk space

Internet Explorer 5.5 Service Pack 2 or

later

Microsoft ManagementConsoleversion1.2 or later

If MMC is not already installed, you will

need3 MBfree diskspace(10 MBduring

installation).

64 MBQuarantine Console

40 MB disk space for Quarantine Server

500 MBto4 GBdisk space recommended

for quarantined items


2 or later

Minimum swap file size of 250 MB

Note:If you run Windows XP, system disk

space usage is increased if the System

Restore functionality is enabled. For more

information on how System Restore works,

see the Microsoft operating system

documentation.

128 MBCentral Quarantine Server


36

8/12/2019 Savin St

37/225

Table 2-2 RAM, storage, and application requirements.(continued)


55 MB disk space

Terminal Server clients connecting to a

computer with antivirus protection have

the following additional requirements:

MicrosoftTerminalServerRDP (Remote

Desktop Protocol) client

Citrix Metaframe (ICA) client 1.8 or

later if using Citrix Metaframe server

on Terminal Server

64 MBSymantec AntiVirus client32-bit

70 MB disk space


2

Intel processors that support Intel

Extended Memory 64 Technology(Intel

EM64T)

AMD 64-bit Opteron and Athlon

processors

80 MBSymantec AntiVirus client

64-bit

Note: The ClientRemoteInstall Tooldoes not check to verify thatInternet Explorer

5.5 with Service Pack 2 or later is installed on computers when it is required. If

the target computers do not have the correct version of Internet Explorer, the

installation fails without informing you.

About Desktop firewallsIf your servers and clients run firewall software, and you want to manage these

servers and clients, you must open certain ports so that communication between

the servers, clients, and Symantec System Center is possible. Alternatively, you

can permit Rtvscan.exe on all computers and Pds.exe on servers and consoles to

send and receive traffic through your firewalls. Also, remote server and clientinstallation tools require that TCP port 139 be opened.

Planning the installationAbout Desktop firewalls

8/12/2019 Savin St

38/225

Note:Symantec AntiVirus uses the default ephemeral port range for TCP (1024

to 65535) to communicate between clients, servers, the Symantec System Center,

and other management components. The ephemeral port range that is used,

however, rarely exceeds 5000, and is configurable for most operating systems.Most firewalls use stateful inspection when filtering TCP traffic, so incoming TCP

responses are automatically allowed and routed back to the original requester.

Therefore you do not have to open explicitly the ephemeral TCP ports when you

configure your firewall software.

SeeAbout Windows XP and Windows 2003 firewallson page 40.

Table 2-3lists the network protocols and ports that Symantec AntiVirus client

and server require for communicating and network installations.

Table 2-3 Ports for client and server installation and communication

Protocol and portComponentFunction

TCP

139

Management server and target

clients

Client deployment

TCP 139

UDP 38293

Management servers and target

servers

Server deployment

TCP (Inbound)

2967Note:This port number is

configurable.

Servers and clientsGeneral

communication

TCP (Inbound)

2968

Note:This port number is

configurable.

Netware serversGeneral

communication

TCP (Outbound)

2967 and 2968

Note:These port numbers are

configurable.

Symantec System CenterGeneral

communication

UDP

38293

ServersDiscovery


38

8/12/2019 Savin St

39/225

Table 2-3 Ports for client and server installation and communication

(continued)


UDP

1024-5000

Note:You do not need to open

these ports if your router or

firewall recognizes UDP

datagram program sessions.

Symantec System CenterDiscovery

TCP

80 (HTTP)

443 (SSL)

Note:If you set up a database

on a remote machine, you must

create an alias and ensure that

port number is open. The

default for SQL Server is TCP

1433.

Servers and agentsReporting

Table 2-4lists the network protocols and ports that optional components require

to communicate and perform standard functions.

Table 2-4 Ports for optional components


TCP

2847 (HTTP)

2848 (HTTPS)

Central Quarantine ServerQuarantine

TCP 38037

UDP 38293

ServersAMS2 alerts

UDP (Inbound)

2967

Legacy servers and clientsLegacy management

UDP (Outbound)

2967

Symantec System CenterLegacy management


8/12/2019 Savin St

40/225

About Windows XP and Windows 2003 firewallsWindows XP and Windows 2003 Server contain the firewalls that may prevent

certain types of communication that are necessary in your Symantec AntiVirusnetwork. If these firewalls are enabled, you might not be able to install server

software or client software remotely from the Symantec System Center and other

remote installation tools. If there are computers in your network that are running

these operating systems, you need to configure the firewalls to allow for these

communications.

To usethe Windows XP firewalls, you need toconfigurethem to support Symantec

AntiVirus communications by opening ports or by specifying trusted programs.

You can enable communications by permitting Rtvscan.exe on all computers and

Pds.exe on servers and consoles to send and receive traffic through your firewalls.

Almost all communications traffic between Symantec AntiVirus servers andclients is initiated from source TCP ports 1024-5000 and sent to destination TCP

port 2967. For example,clients initiate trafficfrom TCP ports 1024-5000andsend

it to TCP port 2967 on servers. Servers initiate traffic from TCP ports 1024-5000

and send it to TCP port 2967 on other servers and clients. Therefore, to manage

Symantec AntiVirusserversandclients,you need to permitoutbound traffic from

TCP ports 1024-5000 to TCP port 2967 and permit inbound traffic from TCP ports

1024-5000 to TCP port 2967 on all servers and clients.

If you want to install Symantec AntiVirus on clients remotely, you must permit

servers to send traffic from TCP ports 1024-5000 to TCP port 139 on clients.

Stateful inspection permits the return traffic automatically. You must also permitclients to receive traffic from server TCP ports 1024-5000 on TCP port 139, and

permit clients to send traffic from TCP port 139 to TCP ports 1024-5000 on

servers.Symantec AntiVirus servers perform discovery by using TCP port 39263.

Legacy communications also require that UDP port 2967 be open on all computers.

Depending on your XP operating system and service pack, you might be able to

open individual ports or specify the programs that you want to trust to

communicate through your firewall. Consult your Windows documentation for

information on how to configure your firewalls.

Disabling Internet Connection FirewallWindows XP with Service Pack 1 includes a firewall that is called Internet

Connection Firewall that can interfere with remote Symantec AntiVirus

installation, and communications between servers and clients. If any of your

servers or clients run Windows XP, you can disable the Windows XP firewall on

them before you install Symantec AntiVirus clients.

Planning the installationAbout Windows XP and Windows 2003 firewalls

40

8/12/2019 Savin St

41/225

To disable Internet Connection Firewall

1 On the Windows XP taskbar, click Start>ControlPanel.

2 In the Control Panel window, double-clickNetworkConnections.

3 In the Network Connections window, right-click the active connection, andthen click Properties.

4 On the Advanced tab, under Internet Connection Firewall, uncheckProtectmycomputerandnetworkbylimitingorpreventingaccesstothiscomputer

fromtheInternet.

5 Click OK.

Disabling Windows Firewall

Windows XP with Service Pack 2 and Windows 2003 Server include a firewall that

is called Windows Firewall that can interfere with remote Symantec AntiVirus

installation, and communications between servers and clients. If any of your

servers or clients run Windows XP with Service Pack 2 or Windows Server 2003,

you can disable thefirewall on them before you install SymantecAntiVirus clients.

To disable Windows Firewall

1 On the Windows XP taskbar, click Start>ControlPanel.

2 In the Control Panel window, double-clickNetworkConnections.

3 In the Network Connections window, right-click the active connection, andthen click Properties.

4 On the Advanced tab, under Windows Firewall, click Settings.

5 In the Windows Firewall window, on the General tab, checkOff (notrecommended).

6 Click OK.

Prepare your clients and servers for installation

Before you install Symantec AntiVirus on your clients and servers, you shouldfirst determine the state of these computers. Symantec AntiVirus installation is

more efficient and effective if you evaluate the following conditions before you

begin the installation process:

Create a list of computers that you want to protect

Remove virus threats and security risks

Evaluate antivirus and anti-adware or spyware software

Planning the installationPrepare your clients and servers for installation

8/12/2019 Savin St

42/225

Determine the programs that you can migrate

How to restructure your Symantec AntiVirus network

Install Symantec AntiVirus in stages

Create a list of computers that you want to protect

Whether you want to install Symantec AntiVirus for the first time or you want

to migrate from a previous version, the process goes more smoothly if you create

a listof the computers onwhich you wanttoinstall the various SymantecAntiVirus

programs. The lists for Symantec AntiVirus server and Symantec System Center

installations should be fairly short. The list of Symantec AntiVirus clients could

be quite large. Having a list of your client computers' IP addresses can expedite

the installation or migration process.

SeeAbout verifying network access and privilegeson page 147.

Remove virus threats and security risks

Try to avoid installing or upgrading Symantec AntiVirus on the computers that

are infected with virus threats or other security risks. Some threats can directly

interfere with the installation or operation of Symantec AntiVirus. If a previous

version of SymantecAntiVirus is installed on the computers in your network, you

can perform a virus and security risk scan on these computers to ensure that they

are not currentlyinfected. For thecomputers that donothavean antivirus scanner

installed, you can perform a virus check from Symantec Security Response. Ifvirus check finds a virus, it directs you to manual removal instructions in the

virus encyclopedia if they are available. You can find virus check at the Symantec

Security Response Web site at the following URL:

http://securityresponse.symantec.com

Evaluate antivirus and anti-adware or spyware software

As you prepareto installSymantec AntiVirus in your network, you must determine

if security software, such as other antivirus or anti-adware and spyware software,

is installed on your computers. These programs can affect the performance andeffectiveness of Symantec AntiVirus. It is not recommended to run two antivirus

programson onecomputer. Likewise, it maybe problematic to run twoanti-adware

or spyware programs. This is important if both programs provide real-time

protection, as both programs create a resource conflict and can drain the

computer's resources as the programs try to scan and repair the same files.

Planning the installationPrepare your clients and servers for installation

42

8/12/2019 Savin St

43/225

Determine the programs that you can migrate

You can migrate recent versions of Symantec AntiVirus client and Symantec

AntiVirus server to the latest version. If you have older versions that are installed

on your computers, you should determine if these versions need to be uninstalled

before you install the latest version on your computers.

SeeSupported migration pathson page 108.

Previous versionsof Symantec AntiVirus administrator tools must be uninstalled

before you install the latestversion. Some administratortools, in

savin st

Documents