savin st
TRANSCRIPT
-
8/12/2019 Savin St
1/225
Symantec AntiVirus
Installation Guide
10517969
-
8/12/2019 Savin St
2/225
Symantec AntiVirus Installation Guide
Thesoftware described in this book is furnished under a license agreement and maybe used
only in accordance with the terms of the agreement.
Documentation version 10.1
PN: 10517969
Legal Notice
Copyright 2006 Symantec Corporation.
All rights reserved.
Federal acquisitions: Commercial Software - Government Users Subject to Standard License
Terms and Conditions.
Symantec, the Symantec logo, LiveUpdate, Norton AntiVirus,Symantec AntiVirus, Symantec
Client Security, Symantec Security Response, and Symantec System Center are trademarks
or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other
countries. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use,
copying, distribution, and decompilation/reverse engineering. No part of this document
may be reproduced in any form by any means without prior written authorization of
Symantec Corporation and its licensors, if any.
THEDOCUMENTATIONIS PROVIDED"AS IS"ANDALL EXPRESS ORIMPLIEDCONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO
BELEGALLY INVALID.SYMANTECCORPORATIONSHALLNOTBELIABLEFORINCIDENTAL
ORCONSEQUENTIALDAMAGESINCONNECTIONWITHTHE FURNISHINGPERFORMANCE,
OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS
DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
TheLicensed SoftwareandDocumentation are deemedtobe "commercial computer software"
and "commercial computer software documentation" as defined in FAR Sections 12.212 and
DFARS Section 227.7202.
Symantec Corporation 20330 Stevens Creek Blvd. Cupertino, CA 95014 USA
http://www.symantec.com
Printed in the United States of America.
10 9 8 7 6 5 4 3 2 1
-
8/12/2019 Savin St
3/225
Technical Support
Symantec Technical Support maintains support centers globally. Technical
Supports primary role is to respond to specific queries about product feature and
function, installation, and configuration.The TechnicalSupport group alsoauthors
content for our online Knowledge Base. The Technical Support group works
collaboratively with the other functional areas within Symantec to answer your
questions in a timely fashion. For example, the Technical Support group works
with Product Engineering and Symantec Security Response to provide alerting
services and virus definition updates.
Symantecs maintenance offerings include the following:
A range of support options that give you the flexibility to select the right
amount of service for any size organization A telephone and web-based support that provides rapid response and
up-to-the-minute information
Upgrade insurance that delivers automatic software upgrade protection
Global support that is available 24 hours a day, 7 days a week worldwide.
Support is provided in a variety of languages for those customers that are
enrolled in the Platinum Support program
Advanced features, including Technical Account Management
For information about Symantecs Maintenance Programs, you can visit our Web
site at the following URL:
www.symantec.com/techsupp/ent/enterprise.html
Select your country or language under Global Support. The specific features that
are available may vary based on the level of maintenance that was purchased and
the specific product that you are using.
Contacting Technical Support
Customers with a current support agreement may contact the Technical Support
group via phone or online at www.symantec.com/techsupp.
Customers with Platinum support agreements may contact Platinum Technical
Support via the Platinum Web site at www-secure.symantec.com/platinum/.
When contacting the Technical Support group, please have the following:
Product release level
Hardware information
Available memory, disk space, NIC information
http://www.symantec.com/techsupp/ent/enterprise.htmlhttp://www.symantec.com/techsupp/ent/enterprise.html -
8/12/2019 Savin St
4/225
Operating system
Version and patch level
Network topology Router, gateway, and IP address information
Problem description
Error messages/log files
Troubleshooting performed prior to contacting Symantec
Recent software configuration changes and/or network changes
Licensing and registration
If your Symantec productrequires registration or a license key, access ourtechnicalsupport Web page at the following URL:
www.symantec.com/techsupp/ent/enterprise.html
Selectyour regionor language under GlobalSupport, and thenselectthe Licensing
and Registration page.
Customer Service
To contact Enterprise Customer Service online, go towww.symantec.com, select
the appropriate Global Site for your country, then choose Service and Support.
Customer Service is available to assist with the following types of issues: Questions regarding product licensing or serialization
Product registration updates such as address or name changes
General product information (features, language availability, local dealers)
Latest information on product updates and upgrades
Information on upgrade insurance and maintenance contracts
Information on Symantec Value License Program
Advice on Symantec's technical support options
Nontechnical presales questions
Missing or defective CD-ROMs or manuals
Pleasevisit ourWeb sitefor current information on Support Programs. Thespecific
features available may vary based on the level of support purchased and the
specific product that you are using.
http://www.symantec.com/techsupp/ent/enterprise.htmlhttp://www.symantec.com/http://www.symantec.com/http://www.symantec.com/techsupp/ent/enterprise.html -
8/12/2019 Savin St
5/225
Maintenance agreement resources
If you want to contact Symantec regarding an existing maintenance agreement,
please contact the maintenance agreement administration team for your region
as follows:
Asia-Pacific and Japan:[email protected]
Europe, Middle-East, and Africa:[email protected]
North America and Latin America:[email protected]
Additional Enterprise services
Symantec offers a comprehensive set of services that allow you to maximize your
investment in Symantec products and to develop your knowledge, expertise, and
global insight, which enable you to manage your business risks proactively.
Enterprise services that are available include the following:
These solutions provide early warning of cyber
attacks, comprehensive threat analysis, and
countermeasures to prevent attacks before theyoccur.
SymantecEarly Warning Solutions
These services remove the burden of managing and
monitoring security devices and events, ensuring
rapid response to real threats.
Managed Security Services
Symantec Consulting Services provide on-site
technical expertise from Symantec and its trusted
partners.Symantec Consulting Servicesoffer a variety
of prepackaged and customizable optionsthatinclude
assessment, design, implementation, monitoring and
management capabilities,eachfocused on establishing
and maintaining the integrity and availabilityof your
IT resources.
Consulting Services
Educational Services provide a full array of technical
training, security education, security certification,
and awareness communication programs.
Educational Services
To access more information about Enterprise services, please visit our Web siteat the following URL:
www.symantec.com
Select your country or language from the site index.
http://localhost/var/www/apps/conversion/tmp/scratch_1/[email protected]://localhost/var/www/apps/conversion/tmp/scratch_1/[email protected]://localhost/var/www/apps/conversion/tmp/scratch_1/[email protected]://www.symantec.com/http://www.symantec.com/http://localhost/var/www/apps/conversion/tmp/scratch_1/[email protected]://localhost/var/www/apps/conversion/tmp/scratch_1/[email protected]://localhost/var/www/apps/conversion/tmp/scratch_1/[email protected] -
8/12/2019 Savin St
6/225
-
8/12/2019 Savin St
7/225
Technical Support
Chapter 1 Introducing Symantec AntiVirus
About Symantec AntiVirus... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . .13
What's new in this release.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . .14
Components of Symantec AntiVirus.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . .17
How Symantec AntiVirus works.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . .19Symantec AntiVirus servers and clients.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .20
Managed and unmanaged environments.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..20
Client groups.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
How clients and servers interact.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . .21
Server groups.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
How to choose a primary management server.. . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
Managing your SymantecAntiVirus network with the Symantec
System Center.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
How the Digital Immune System works.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . .23
What you can do with Symantec AntiVirus.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .24
Where to get more information about Symantec AntiVirus.. . . . . . . . . . . . . . . . . .25
Chapter 2 Planning the installation
Plan your network architecture.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .27
Network and system requirements.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .31
About setting administrative rights to target computers.. . . . . . . . . . . . . . .31
About customizing installations by using .msi options.. . . . . . . . . . . . . . . . .32
About configuring user rights with Active Directory.. . . . . . . . . . . . . . . . . . . .32
System time requirements.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . .32
System requirements.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . .32
About Desktop firewalls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
About Windows XP and Windows 2003 firewalls.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
Disabling Internet Connection Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . .40
Disabling Windows Firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .41
Prepare your clients and servers for installation.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Create a list of computers that you want to protect.. . . . . . . . . . . . . . . . . . . . . .42
Remove virus threats and security risks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . .42
Evaluate antivirus and anti-adware or spyware software.. . . . . . . . . . . . . . .42
Contents
-
8/12/2019 Savin St
8/225
Determine the programs that you can migrate.. . . . . . . . . . . . . . . . . . . . . . . . . . . .43
How to restructure your Symantec AntiVirus network.. . . . . . . . . . . . . . . . . .43
Install Symantec AntiVirus in stages.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .43
Chapter 3 Installing Symantec AntiVirus for the first time
Before you install. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
About client installation.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . .46
Symantec System Center installation on server operating
systems... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
Installation sequence.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Installing the Symantec System Center.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . .47
Installing the primary management server.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .53
Configuring a primary management server.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..60
Backing up the server group root certificate.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63Installing management servers from the Symantec System
Center.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . .64
Configuring your server group... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . .68
Configuring VDTM for a server group... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..69
Configuring scan schedules.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . .70
Configuring Auto-Protect scans.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . .70
Installing client software.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . .71
About disabling the Windows XP firewall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72
Installing client software by using the Symantec System
Center.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..72
Installing client software from the CD... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .74
Testing antivirus capabilities.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . .74
Testing antivirus configuration... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . .76
Testing Auto-Protect.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . .76
Testing Risk Tracer.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76
Chapter 4 Installing reporting
About planning the reporting installation.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . .79
About reporting server settings.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .81
Installing reporting for the first time... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . .84
Installing the reporting server and MSDE database on one
computer.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84
Configuring a server group to use the reporting server.. . . . . . . . . . . . . . . . .85
Installing reporting agents on Symantec AntiVirus servers.. . . . . . . . . . .85
Logging in to the reporting server.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . .86
Installing the reporting server and a local Microsoft SQL Server
database.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..87
Contents8
-
8/12/2019 Savin St
9/225
Installing the reporting server and a remote Microsoft SQL Server
database.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..88
Microsoft SQL Server 2000/2005 installation requirements.. . . . . . . . . . .89
Microsoft SQL Server 2000 server and client configurationrequirements.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
Microsoft SQL Server 2005 server and client configuration
requirements.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91
Installing the reporting server and a remote SQL database.. . . . . . . . . . . .93
Installing MSDE and reporting servers with non-default settings.. . . . . . . . .94
Installing MSDE with non-default settings.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94
Installing reporting servers with non-default settings.. . . . . . . . . . . . . . . . . .96
Uninstalling reporting servers.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . .98
Chapter 5 Migrating to the current version of SymantecAntiVirus
About migration... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
About migrating Symantec AntiVirus 10.0 to 10.1.. . . . . . . . . . . . . . . . . . . . .104
About migrating to the SSL communications architecture.. . . . . . . . . . .105
Disable security risk programs from other vendors.. . . . . . . . . . . . . . . . . . . .106
How migration works.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . .106
Steps to migrating to the current version... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107
Supported and unsupported server and client migration paths.. . . . . . . . . . .108
Supported migration paths.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .108
Unsupported migration paths.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . .109
Unsupported migration of Administrator tools.. . . . . . . . . . . . . . . . . . . . . . . . . .110
Custom settings may be lost.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . .110
Quarantine items are automatically migrated.. . . . . . . . . . . . . . . . . . . . . . . . . . .110
Symantec System Center upgrade scenarios.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Upgrading the Symantec System Center.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . .113
Before you upgrade the Symantec System Center.. . . . . . . . . . . . . . . . . . . . . . .113
Upgrading the Symantec System Center for your scenario.. . . . . . . . . . .114
Installing the Symantec System Center.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . .116
Unlocking the migrated server group... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . .116
Migrating management servers.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . .117
Before you migrate management servers.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..118Migrating the first management servers.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118
About migrating subsequent servers.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . .120
Migrating Symantec AntiVirus on NetWare platforms... . . . . . . . . . . . . . .120
Preventing errors when the logon script is used.. . . . . . . . . . . . . . . . . . . . . . . . .121
About VPStart commands.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .122
About migration from other server antivirus products.. . . . . . . . . . . . . . . .122
Migrating client software.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . .122
Contents
-
8/12/2019 Savin St
10/225
Before you migrate client software.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . .123
Migrating clients by using the CD... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . .123
Migrating clients by using the Symantec System Center.. . . . . . . . . . . . . .124
Additional client migration methods.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . .124How to determine parent management servers and policy.. . . . . . . . . . .124
Other antivirus product client migrations.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125
About migrating LiveUpdate servers.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . .125
Chapter 6 Installing Symantec AntiVirus managementcomponents
Before you install. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127
How to prepare for the Symantec System Center installation.. . . . . . .128
Symantec System Center installation.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . .128
Installing and configuring optional components.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129Installing and configuring the Central Quarantine.. . . . . . . . . . . . . . . . . . . . .129
Installing and configuring the LiveUpdate Administration
Utility.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
Uninstalling Symantec AntiVirus management components.. . . . . . . . . . . . . .141
Uninstalling the Symantec System Center.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141
Chapter 7 Installing Symantec AntiVirus servers
Before you install. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143
TCP and legacy UDP communications.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . .144
Management servers and certificates.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144Server installation methods.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . .144
Why AMS2
is available as an installation option ... . . . . . . . . . . . . . . . . . . . . . .145
Preparations for Symantec AntiVirus server installation.. . . . . . . . . . . . .146
Installing Symantec AntiVirus servers locally.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149
Deploying the server installation across a network connection... . . . . . . . . .151
Starting the server installation.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . .152
Running the server setup program... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . .152
Selecting computers to which you want to install. . . . . . . . . . . . . . . . . . . . . . . .155
Completing the server installation.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . .157
Checking for errors.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . .160Manually loading the Symantec AntiVirus NLMs... . . . . . . . . . . . . . . . . . . . . .160
Installing with NetWare Secure Console enabled.. . . . . . . . . . . . . . . . . . . . . . . .161
Manually installing AMS2
server.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . .162
Uninstalling Symantec AntiVirus server.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .163
Contents10
-
8/12/2019 Savin St
11/225
Chapter 8 Installing Symantec AntiVirus clients
Before you install. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165
About creating a primary management server.. . . . . . . . . . . . . . . . . . . . . . . . . . .166
About client installation methods.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . .166
About customizing client installation files by using .msi
options.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167
About configuring user rights with Active Directory.. . . . . . . . . . . . . . . . . . .168
About Symantec AntiVirus client on a Terminal Server.. . . . . . . . . . . . . . .168
About Windows cluster server protection... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..168
About email support.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . .169
About the client configurations file.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . .170
Installing Symantec AntiVirus clients locally.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171
Deploying the client installation across a network connection... . . . . . . . . . .175
Starting the client installation.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . .175Running the client setup program... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . .176
Installing from the client installation folder on the server.. . . . . . . . . . . . . . . . .179
Configuring automatic client installations from NetWare servers
... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180
Post-installation client tasks.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .181
Configuring clients with the Grc.dat configuration file.. . . . . . . . . . . . . . . . . . . . . .181
Copying the configuration files from a management server.. . . . . . . . .182
Pasting the configuration files on the client.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182
Uninstalling Symantec AntiVirus clients.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . .183
Chapter 9 Symantec AntiVirus advanced installation options
About Symantec AntiVirus advanced installation options.. . . . . . . . . . . . . . . . .185
Advanced installation options for Symantec AntiVirus server.. . . . . . . . . . . .185
About customizing server installations by using .msi options.. . . . . . .186
About configuring user rights with Active Directory.. . . . . . . . . . . . . . . . . . .186
About deploying to a target computer without granting
administrator privileges.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . .186
Creating a text file with IP addresses to import.. . . . . . . . . . . . . . . . . . . . . . . . . .186
Importing a text file of computers that you want to install. . . . . . . . . . . .187
Installing with the server installation package.. . . . . . . . . . . . . . . . . . . . . . . . . .189
About installing servers by using Microsoft SMS ... . . . . . . . . . . . . . . . . . . . . .190
Advanced installation options for Symantec AntiVirus client.. . . . . . . . . . . . .191
Web-based deployment.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .191
Installing clients by using logon scripts.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199
About installing clients using third-party products.. . . . . . . . . . . . . . . . . . . .200
Contents
-
8/12/2019 Savin St
12/225
Appendix A Windows installer (.msi) command-line reference
Installing Symantec AntiVirus using command-line parameters.. . . . . . . . .203
Default Symantec AntiVirus server installation.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204
Default Symantec AntiVirus client installation.. . . . . . . . . . . . . . . . . . . . . . . . .204
Windows Installer commands.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . .205
Server installation properties and features.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. .207
Symantec AntiVirus server properties.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . .207
Symantec AntiVirus server features.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .208
Client installation properties and features.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..208
Symantec AntiVirus client properties.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . .209
Windows Security Center features.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . .210
Symantec AntiVirus features.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . .210
Symantec AntiVirus client features.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .211
Using the log file to check for errors.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . .211Identifying the point of failure of an installation.. . . . . . . . . . . . . . . . . . . . . . .212
Command-line examples.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . .212
Appendix B Applying a Symantec AntiVirus patch
About applying a Symantec AntiVirus patch... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213
Downloadingthe Symantec AntiVirus patch andClientRemote Install
Tool.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . 214
Deploying the patch using the ClientRemote Install Tool.. . . . . . . . . . . . . . . . . . .215
Starting the patch deployment.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . .216
Running the ClientRemote Install Tool.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . .216
Index
Contents12
-
8/12/2019 Savin St
13/225
-
8/12/2019 Savin St
14/225
antivirus protection,security-risk protection, endpointcompliance, and reporting
capabilities. From a single management console, Symantec AntiVirus provides a
comprehensive view of network security and rapid response to security threats.
Symantec AntiVirus provides the following features:
Automated security-risk protection against unwanted adware and spyware.
An enterprise-level view of workstation security, with tools enabling a rapid,
integrated response to security problems across a network.
Security policy enforcement at the client level, which includes the endpoint
compliance policies that ensure your clients are protected before they gain
access to your network. Administrators can create, deploy, and lock down
security policies and settings to keep systems up to date and properly
configured at all times.
Simplified security threat response through centralized updating of antivirusand security risk definitions.
Reporting capabilities that simplify collecting data, analyzing risk trends, and
creating reports of security events from your entire network.
Simplified management. Antivirus, reporting, and endpoint compliance are
installed, configured, and updated from the same management console. The
central management console enables administrators to audit the network,
identify unprotected nodes, and apply the appropriate security protection
before a threat occurs
Lower administrativeandsupport costswhen compared tothecost of managingseveral security products from individual vendors.
What's new in this releaseSymantec AntiVirus includes new features, as well as improvements to existing
features.
Table 1-1describes what's new in this release.
Introducing Symantec AntiVirusWhat's new in this release
14
-
8/12/2019 Savin St
15/225
Table 1-1 New features in Symantec AntiVirus
DescriptionFeature
Includes an integrated reporting system, which enablesadministrators to quickly and easily review Symantec
AntiVirus events and configurations, and configure
alerts. Administrators can also review the reports from
a Web browser.
Includes a reporting agentthat you caninstallon legacy
Symantec AntiVirus servers, so that a reporting server
can collect events from these servers as well.
Reporting
Protects your Symantec AntiVirus computers by
blocking security risks before they install if Symantec
determines that this action would not leave thecomputer in an unstable state.
Auto-Protect improvements
Repairs complicated risks, such as Winsock LSP and
hostfileinfections,stealthedusermoderisks (rootkits),
and persistent securityrisks thataredifficult to remove
or that reinstall themselves.
Anti-spyware improvements
Provides real-time antivirus file protection through
Auto-Protect and file system scanning on supported
kernels and distributionsof RedHat Enterprise, SuSE
Enterprise, and Novell Desktop Linux.Client computers
are unmanaged, but administrators can configure themby using the provided command-line interface. Users
can display product information and initiate a
LiveUpdate from client computers.
Symantec AntiVirus for Linux
Lets administrators better define their company's
security policies by allowing them to exclude security
risks from on-demand scans and Auto-Protect scans.
Security risks exclusions
Rates impact of security risks on several different
factors including:
Privacy
Performance
Ease of removal
Amount of stealth risks display when they install
You can use this information to decide what security
risks should be excluded from scanning.
Security risk scanning
improvements
Introducing Symantec AntiVirusWhat's new in this release
-
8/12/2019 Savin St
16/225
Table 1-1 New features in Symantec AntiVirus(continued)
DescriptionFeature
Simplifies SymantecAntiVirus installationby groupingclient, server, and management component installation
tasks.
Improved CD Start Menu
Lets you create and manage endpoint compliance
policies and determine the compliance status of
endpoints that attempt to access your network.
Centrally managed endpoint
compliance
Provides administrators greater control of scans by
allowing them to perform the following tasks:
Disable startup scans.
Disable the Quick Scan that runs when newdefinitions are updated on client computers.
Enable user-defined scheduled scans even whenthe
user who defined the scan is not logged in.
Scanning options additions
Automatically copies the server group private key to a
newly-promoted primary server as longas thecertificate
is available on theprevious primary server. This process
was previously done manually by the administrator.
Promoting servers to primary
management servers
Provides automatic exclusion of files and folders from
scans when an Exchange server is present on the
computer where Symantec AntiVirus is installed.Administrators no longer have to exclude files and
folders manually.
Exchange scanning
improvements
Handles encrypted mail over secure POP3 and SMTP
connections in pass-through mode.
Internet Email Auto-Protect
enhancements
Improves network performance by allowing
administrators to enable trust in remote versions of
Auto-Protect and to use a network cache to reduce
duplicate scanning across network drives and improve
file transfer speed.
Network scanning options
Reduces the footprint of Symantec AntiVirus clients
and servers by letting administrators configure how
long quarantined items are stored on their computers.
Quarantine enhancements
ProtectsSymantec internal objects,as well as processes.Tamper Protection
enhancements
Introducing Symantec AntiVirusWhat's new in this release
16
-
8/12/2019 Savin St
17/225
Components of Symantec AntiVirusTable 1-2describes the main components of Symantec AntiVirus.
Table 1-2 Components of Symantec AntiVirus
DescriptionComponent
Performs managementoperationssuchas the following:
Installing antivirus protection on workstations and
network servers.
Updating virus definitions.
Managingnetworkserversand workstations running
Symantec AntiVirus.
The Symantec System Center
Collects and organizes Symantec AntiVirus events,
including virus and security-risk alerts, scans,
definitions updates, endpoint compliance events, and
intrusion attempts. Also lets you create and print
detailed reports, and set up alerting.
Reporting
Protects the supported Windows and NetWare
computers.
Pushes the configuration and virus definitions files
updates to managed clients.
Symantec AntiVirus server
Provides antivirus protection for networked and
non-networked computers. Symantec AntiVirusprotects
supported Windows computers.
Symantec AntiVirus client
Provides the capability for computers automatically to
pullupdatesof virus definitions files from theSymantec
LiveUpdate server or an internal LiveUpdate server.
LiveUpdate
Works as partof theDigitalImmuneSystem to provide
automated responses to heuristically detected new or
unrecognized viruses and does the following:
Receives the unrepaired infected items from
Symantec AntiVirus servers and clients. Forwards suspicious files to Symantec Security
Response.
Returns the updated virus definitions to the
submitting computer.
Central Quarantine
Table 1-3 describes the SymantecSystem Center management components,which
are installed by default except the Alert Management System2
Console.
Introducing Symantec AntiVirusComponents of Symantec AntiVirus
-
8/12/2019 Savin St
18/225
Table 1-3 Symantec System Center management components
OverviewDescriptionComponent
Install the Symantec System Centerconsoletothecomputers from which you
plan to manage Symantec AntiVirus.
Install to at least one computer to view
and administer your network.
If your organization is large or you work
out of several offices, you can install the
Symantec System Center to as many
computers as you need. Rerun the
installation program and select the
appropriate option.
The Symantec System Center does notneed to be installed on a network server
or an antivirus server.
The Symantec System Center is the consolethat you use to administer managed
Symantec products. The Symantec System
Centeris a stand-alone application thatruns
under Microsoft Management Console.
The Symantec SystemCenter console
Install the AMS2 console to the same
computer on whichtheSymantec System
Center console is installed.
Install the AMS2
service to one or more
primary management servers on which
Symantec AntiVirus server is installed.
If you choose not toinstallAMS2, you can
use the notification and logging
mechanisms that are available from the
Symantec System Center.
If you plan to implement Symantec
Enterprise Security alerting instead of
AMS2, you do not need to install AMS
2.
The AMS2 console provides alerts from
AMS2 clients and servers.
When you install theAMS2
console, youcan
configure alert actions for Symantec
AntiVirus servers that have the AMS2
service installed. When a problem occurs,
AMS2
can send alerts through a pager, an
email message, and other means.
Note:Reporting replaces AMS2 as the
recommended method of alerting. You still
need the AMS2
console to manage legacy
alerting functionality.
Alert Management
System2
(AMS2) console
Install this component to do the following
from the Symantec System Center:
Set up and administer Symantec
AntiVirus server and client groups.
Manage antivirus protection on thecomputers thatrunSymantecAntiVirus.
Configure groups of the computers that
run Symantec AntiVirus.
Manage events.
Configure alerts.
Perform remoteoperations,such as virus
scans and virus definitions files updates.
This managementSnap-infor theSymantec
System Center lets you manage Symantec
AntiVirus on workstations and network
servers.
Symantec AntiVirus
Snap-in
Introducing Symantec AntiVirusComponents of Symantec AntiVirus
18
-
8/12/2019 Savin St
19/225
Table 1-3 Symantec System Center management components(continued)
OverviewDescriptionComponent
Install this component to manage firewallpolicy packages.
This snap-in lets you create firewall policypackages for the workstations that run the
Symantec Client Firewall.
Symantec ClientFirewall Snap-in
Install this component to manageendpoints,
view endpoint status, and determine the
endpoint compliance that is based on the
compliance policies that you configure.
This Snap-in lets you configure compliance
policies and determine the compliance
statusof endpointsthat havesupported VPN
or network access provider solutions
installed.
Symantec Endpoint
Compliance Snap-in
Install this component to manage remote
server installations from the Symantec
System Center.
Thistool letsyouremotely install Symantec
AntiVirus server to the Windows-based
computers and NetWare servers that youselect.
You can also run this tool from the
Symantec AntiVirus CD.
AV Server Rollout Tool
Install this component to manage remote
client installations.
Thistool letsyouremotely install Symantec
AntiVirus to one or more Windows-based
computers.
You can also run this tool from the
Symantec AntiVirus CD.
ClientRemote Install
Tool
Install this component if you want to createand distribute the reports that are based on
the events that are sent to the reporting
server and set up alerting.
This Snap-in lets you collect SymantecAntiVirus events, create reports from the
events that you collect, and configure
alerting.
Reporting Snap-in
How Symantec AntiVirus worksIf you install, upgrade, or administer Symantec AntiVirus for the first time, you
must understand how Symantec AntiVirus is organized in your network.
A Symantec AntiVirus networkconsists of Symantec AntiVirus serversandclients.
Like other networks, a Symantec AntiVirus network communicates to perform
important tasks across your entire network. You can view and configure your
Symantec AntiVirus clients and servers using Symantec-supplied administrator
tools.
You must understand the following Symantec networking concepts to administer
Symantec AntiVirus:
Symantec AntiVirus servers and clients
Introducing Symantec AntiVirusHow Symantec AntiVirus works
-
8/12/2019 Savin St
20/225
Managed and unmanaged environments
Client groups
How clients and servers interact Server groups
How to choose a primary management server
Managingyour Symantec AntiVirus networkwiththe Symantec SystemCenter
Symantec AntiVirus servers and clients
Symantec AntiVirus's main purpose is to protect files on your network and client
computers from viruses and other risks, such as spyware and adware. Symantec
AntiVirus clients and Symantec AntiVirus servers protect each computer on your
network and are the most important lines of defense against security threats.
Because they perform many identical functions, you cannot install both on the
same computer.
You should install either Symantec AntiVirus server or client on every computer
in your network.Symantec AntiVirusclientshouldbe installedon most computers,
while Symantec AntiVirus server installations should be limited to the number
that is needed to manage the clients in your network. Symantec AntiVirus server
performs additional functions, such as distributing virus and security risk
definitions across your network.
Managed and unmanaged environments
Symantec AntiVirus clients can be installed as either unmanaged or managed. In
an unmanaged SymantecAntiVirusnetwork,youmustadministereach computer
individually, or pass this responsibility to the primary user of the computer. The
responsibilities include updating virus and security risk definitions, configuring
antivirus settings, and periodically upgrading or migrating client software. This
approach should be taken for the smaller networks that have limited or no
information technology resources.
The managed Symantec AntiVirus network takes full advantage of Symantec
AntiVirus's networking capabilities. In a managed environment, you must also
install Symantec AntiVirus servers, in addition to clients. Each client and server
on your network can be monitored, configured, and updated from a single
computer. You can use a Symantec administrator tool that is called the Symantec
System Center toverifywhich computers in the networkare protected andworking
properly. You can alsoinstall and upgrade Symantec AntiVirusclients and servers
from the Symantec System Center.
Introducing Symantec AntiVirusHow Symantec AntiVirus works
20
-
8/12/2019 Savin St
21/225
Client groups
In a managed Symantec AntiVirus network, Symantec AntiVirus clients can be
organized into client groups. Client groups let you group together the Symantec
AntiVirus clients that require similar access levels and configuration settings.
You can simultaneously configure multiple clients by configuring the client group
settings, rather than configuring each client individually. You can create, view,
and configure client groups from the Symantec System Center.
How clients and servers interact
Ina managed network, everySymantec AntiVirus client is managed by a Symantec
AntiVirus server, which you can assign during the client installation. A managed
client'sserver is also calledits parentmanagement server. TheSymantec AntiVirus
parent management server provides its clients with virus and security riskdefinitions updates and configuration information, and keeps track of these
settings. The managed clients, in turn, keep track of their parent management
server. When you organize Symantec AntiVirus clients into client groups, you
actually configure their parent management servers. The parent management
servers then passthis information to their respectiveclients. Periodically, managed
clients, in turn, check in with their parent management server to determine if
new configuration information or definitions are available.
Server groups
A server group is a collection of Symantec AntiVirus servers and clients. If you
make configuration changes at the server group level, they can apply to only
servers, only the managed clients, or all the clients andservers, if the configuration
change is applicable to both. A small network generally requires oneserver group.
If you plan on deploying Symantec AntiVirus to multiple locations, you should
consider creating at least one server group for each physical location. You should
consider the speed of communication between multiple distinct networks to
determine whether to create separate server groups. Separating networks into
different server groups can minimize or eliminate the need to use internetwork
communications including configuration file and virus definitions file transfers.
Each server group must have at least one Symantec AntiVirus server, although
it is recommended that a second server be used as a back up server. Typically, the
rest of the computers in the server group should have Symantec AntiVirus client
installed.
Each server group, regardless of whether it contains more than one Symantec
AntiVirus server, must designate a server as the primary management server
before any clients can be added. Only one primary management server can exist
Introducing Symantec AntiVirusHow Symantec AntiVirus works
-
8/12/2019 Savin St
22/225
-
8/12/2019 Savin St
23/225
Programs that prevent you from restarting the computer at any given time
The Symantec AntiVirus primary management server acts as a bridge for
communication between itself and the other servers and clients that belong to
the server group. For larger networks, the network traffic that the primarymanagement server generates can become significant. This traffic may dictate
which computer that you choose to install your primary management server and
how many server groups that your network needs.
Generally, allother computers in theserver groupshouldhaveSymantec AntiVirus
clients installed except for secondary management servers, which should be
installed as a backup in case the primary management server fails or encounters
problems.
Managing your Symantec AntiVirus network with the Symantec SystemCenter
In a managed Symantec AntiVirus environment, the Symantec System Center is
the only administrator tool that you need to manage your network.You can install
the Symantec System Center on any supported computer regardless of whether
the computer is a Symantec AntiVirus client or server. The Symantec System
Center is commonly installed on the same computer as the primary management
server, although it is not necessary. You should install the Symantec System
Center on the computer that is most convenient for your Symantec AntiVirus
administrator to access. For added convenience, you can install the Symantec
System Center on multiple computers.
The Symantec System Center mainly interacts with the server group's primary
management server. Uninstalling and reinstalling the Symantec System Center
does not affect the configuration settings that are made to your Symantec
AntiVirus network.
How the Digital Immune System worksSymantec AntiVirus lets you deploy and centrally manage virus and security risk
definitions files on clients according to the requirements of your enterprise. To
protect against viruses and other threats that are not yet defined in files, you can
use the Digital Immune System.
The Digital Immune System is a fully automated, closed-loop antivirus system
thatmanages the entire antivirusprocess, includingvirus discovery, virus analysis,
and the deployment and repair of files that could not be repaired on a client
computer. This automated system dramatically reduces the time between when
Introducing Symantec AntiVirusHow the Digital Immune System works
-
8/12/2019 Savin St
24/225
a virus is found and when a repair is deployed, which decreases the severity of
many threats.
Note: TheDigital Immune Systemis a complex systemthatbenefitslargenetworksonly. It is not a required component in your Symantec AntiVirus network. You
should not install the Digital Immune System in your network unless you protect
at least30,000 managed clients. InstallingtheDigital Immune System to a smaller
network can decrease the efficiency of your Symantec AntiVirus network.
The Digital Immune System works with the Central Quarantine and performs the
following actions:
When a client computer that is configured to repair
infected files cannot repair a specific file, it forwardsthe file first to the local Quarantine, and then to the
Central Quarantine Server where more current virus
definitions might be available.
Identifies and isolates viruses
If the Central Quarantine has more current virus
definitions than the submitting computer, it might be
able to fix the file. If so, it pushes the newer definitions
to the submitting computer. If the file cannot be
repaired, it is sent to a Symantec Security Response
gateway for further analysis.
Rescans the file and submits
viruses to Symantec Security
Response
When the Digital Immune System receives a newsubmission, it analyzes the virus, generates the repair,
and tests it. Then it builds new virus definitions files,
including the new virus fingerprint, and returns the
new virus definitions files to the gateway. Usually, this
process occurs automatically. However, some cases
require Symantec Security Response to intervene.
Analyzes submissions, andgenerates and tests repairs
The Quarantine Agent downloads the new virus
definitionsand installs themon theCentralQuarantine
Server. The updated definitions are then pushed to the
submitting computer, if they are needed.
Deploys repairs
For details about configuring the Central Quarantine and about using the Digital
Immune System, see theSymantec Central Quarantine Administrator's Guide.
What you can do with Symantec AntiVirusSymantec AntiVirus lets you do the following:
Introducing Symantec AntiVirusWhat you can do with Symantec AntiVirus
24
-
8/12/2019 Savin St
25/225
Protect against viruses, blended threats, and security risks such as adware
and spyware.
Manage the deployment, configuration, updating, and reporting of antivirus
protection from an integrated management console.
Manage Symantec AntiVirus clients based on their connectivity.
Quickly respond to virus outbreaks and deploy updated virus definitions.
Create and maintain the reports that detail important Symantec AntiVirus
events that occur in your network.
Provide a highlevel of protection andan integrated response to security threats
for all users that connect to your network. This protection includes
telecommuters with connections that are always on and mobile users with
intermittent connections to your network.
Obtain a consolidated view of multiple security components across all of the
workstations on your network.
Perform a customizable, integrated installation of all of the security
components and set policies simultaneously.
Establish and enforce security policies.
View histories and log data.
Where to get more information about SymantecAntiVirusSources of information on using Symantec AntiVirus include the following:
Symantec AntiVirus Administrator's Guide
Symantec AntiVirus Reference Guide
Endpoint Compliance Implementation Guide
Reporting User's Guide
Symantec AntiVirus Client Guide LiveUpdate Administrator's Guide
Symantec Central Quarantine Administrator's Guide
Symantec AntiVirus for Linux Implementation Guide
Symantec AntiVirus for Linux Client Guide
Online Help that contains all of the content that is in the guides and more
Introducing Symantec AntiVirusWhere to get more information about Symantec AntiVirus
-
8/12/2019 Savin St
26/225
The primary documentation is available in the Docs folder on the Symantec
AntiVirus CD. Some individual component folders contain component-specific
documentation. Updates to the documentation are available from the Symantec
Technical Support and Platinum Support Web sites.Table 1-4lists additional information that is available from the Symantec Web
sites.
Table 1-4 Symantec Web sites
Web addressTypes of information
http://www.symantec.com/techsupp/enterprise/Public Knowledge Base
Releases and updates
Manuals and documentation
Contact options
http://securityresponse.symantec.comVirus and other threat informationand
updates
http://enterprisesecurity.symantec.comProduct news and updates
https://www-secure.symantec.com/platinum/Platinum Support Web access
Introducing Symantec AntiVirusWhere to get more information about Symantec AntiVirus
26
-
8/12/2019 Savin St
27/225
Planning the installation
This chapter includes the following topics:
Plan your network architecture
Network and system requirements
About Desktop firewalls
About Windows XP and Windows 2003 firewalls
Prepare your clients and servers for installation
Plan your network architectureSymantec AntiVirus installation configurations scale from small to large
deployments. In the small deployments that support up to 100 clients, you can
install all management components and servers on one computer.
Figure 2-1illustrates how Symantec AntiVirus management and server software
are collocated in a small deployment.
2Chapter
-
8/12/2019 Savin St
28/225
-
8/12/2019 Savin St
29/225
this architecture with one server group, which you create by using the Symantec
System Center.
This architecture also illustrates a best practice of creating a secondary
management server in a server group. When a server group contains two or moremanagement servers, every server other than the primary management server is
defined as a secondary management server. Symantec AntiVirus management
servers do notrequire serveroperatingsystems,butdo notsupport email scanning
like the clients. If you install a reporting server, all other management servers
require a reporting agent.
If your server group contains one management server only, which would be the
primary, and if that server crashes, you cannot unlock and manage the server
group from the Symantec System Center. If you have a secondary management
server in the group, you can unlock the server group. You can then migrate the
clients that were managed by the crashed server to a new or existing server in thegroup by copying a Grc.dat file from the new or existing server to the clients.
SeeConfiguring clients with the Grc.dat configuration fileon page 181.
You should back up the pki directory and all subdirectories of your primary
management server even if you create a secondary management server. If your
primary management server becomes corrupt, you can re-create it if you have
the backup files to restore. For details, refer to the Knowledge Base articles on
the Symantec Web site.
Note:For first-time installations, you should create and configure SymantecAntiVirus with one primary management server that is dedicated to managing a
few clients and a secondary management server for disaster recovery purposes
if the primary management server fails.
In large deployments that might support thousands of client computers, you can
distribute Symantec AntiVirus acrossyour enterprise.For example,you caninstall
management components on different computers, install Symantec AntiVirus
servers on multiple computers, and install a LiveUpdate server, which provides
a single point for downloading virus and security risk definitions.
Figure 2-2illustrates how Symantec AntiVirus management and server softwareis distributed in a relatively large deployment.
Planning the installationPlan your network architecture
-
8/12/2019 Savin St
30/225
Figure 2-2 Large deployment
SymantecSecurity
Response
Corporate Backbone
Internet
DMZ
Public Webserver
Router
Mail Proxy serverPublic DNS server
Firewall
Client Client Client
Secondary management serverReporting Agent
LiveUpdate Server
Symantec System Center
Central Quarantine ServerCentral Quarantine Console
Primary management serverReporting Server
Clients
Corporate Backbone
With this architecture, one computer runs the Symantec System Center, which
lets administrators manage multiple server and client groups and a CentralQuarantineserver. TheSymantec System Centeralso lets you manage thereporting
server. This architecture also deploys a separate LiveUpdate server from which
antivirus servers and clients receive the latest virus definitions files. By using a
LiveUpdate server, only one computer retrieves the virus definitions files over
the Internet, which preserves firewall bandwidth.
It is possible to manage over 100,000 clients with each management server, both
primary and secondary. It is possible to manage very large environments with
Planning the installationPlan your network architecture
30
-
8/12/2019 Savin St
31/225
one server group. Most large environments, however, configure server groups by
geographic location and might use one server group for email servers, whichhave
special requirements. For details about email servers, refer to the Symantec
AntiVirus ReferenceGuide. Each reporting server can manage up to50,000clients.In large deployments, you might also need to tune how definitions update files
are distributed by specifying the number of threads to use on a server and the
time intervals to wait before pushing out additional updates. You can set these
options by using the Server Tuning Options tabs in the Symantec System Center.
Note:Every server group, which you create and manage by using the Symantec
System Center, requires one primary management server. As a best practice, each
servergroupshouldcontain at least onesecondarymanagement server for disaster
recovery purposes. Very large deployments might use multiple instances of the
Symantec SystemCenter in different geographic locations.You should also archivethe private key that is installed on the primary management server in the
pki\private-keys directory as a best practice.
Network and system requirementsBefore you install Symantec AntiVirus servers and clients in your network, you
should understand how certain network and system variables affect the ease of
and ability to deploy the servers and clients.
You should consider the following concepts and requirements as you plan yourinstallation:
About setting administrative rights to target computers
About customizing installations by using .msi options
About configuring user rights with Active Directory
System time requirements
System requirements
About setting administrative rights to target computersTo installSymantec AntiVirus servers andclientsto computersthatrun supported
Windows operating systems, you must have administrator rights to the computer
or to the Windows domain to which the computer belongs, and log on as
administrator. The Symantec AntiVirus server installation program launches a
second installation program on the computer to create and start services, and to
modify the registry.
Planning the installationNetwork and system requirements
-
8/12/2019 Savin St
32/225
If you do not want to provide users with administrative rights to their own
computers, use the ClientRemote Install Tool in the Symantec System Center to
install remotely Symantec AntiVirus clients to computers that run supported
Windows operating systems. To run the ClientRemote Install Tool, you must havelocal administrative rights to the computers to which you install the program.
SeeAbout client installation methodson page 166.
About customizing installations by using .msi options
The Symantec AntiVirus client and server installation packages are Windows
Installer (.msi) files that you can configure and deploy by using the standard
Windows Installer options. You can use the environment management tools that
support .msi deployment, such as Active Directoryor Tivoli Enterprise Console,
to install clients on your network.SeeInstalling Symantec AntiVirus using command-line parameterson page 203.
About configuring user rights with Active Directory
If you use Active Directory to manage Windows-based computerson your network,
you can create a Group Policy that provides the necessary user rights to install
Symantec AntiVirus
For more information on using Active Directory, see the Active Directory
documentation that is provided by Microsoft.
System time requirements
Symantec AntiVirus now uses the SSL protocol to transmit configuration
information securely between management consoles, servers, and clients.
Symantec AntiVirus also uses digitalcertificatesto authenticate users andservers.
To authenticate users, a login certificate is issued to them with a default time
validity value of 24 hours.
Because the login certificate expires after 24 hours, the system clocks of all
management console computers, servers, and clients must be within 24 hours
plus or minus of the system time on the primary management server. You canchange this time by using the Symantec System Center. The login certificate is
automatically reissued if it expires and the user account has not been revoked.
System requirements
Symantec AntiVirus requires specific protocols, operating systems and service
packs, software, and hardware.
Planning the installationNetwork and system requirements
32
-
8/12/2019 Savin St
33/225
All of the requirements that are listed for Symantec AntiVirus components are
designed to work with the hardware and software recommendations for the
supported Windows and NetWare computers. All computers to which you install
SymantecAntiVirusshould meetor exceed the recommendedsystem requirementsfor the operating system that is used.
Review the following requirements before you install Symantec AntiVirus:
Operating system requirements
RAM, storage, and application requirements
Operating system requirements
Table 2-1lists Symantec AntiVirus component operating system requirements.
Table 2-1 Operating system requirements
DescriptionComponent
Windows 2000 Professional/Server/Advanced
Server
Windows XP Professional
Windows Server 2003
Web/Standard/Enterprise/Datacenter
Symantec System Center
Windows 2000 Professional/Server/Advanced
Server
Windows XP Professional
Windows Server 2003
Web/Standard/Enterprise/Datacenter
NetWare 5.1 with Support Pack 8 or higher
NetWare 6.0 with Support Pack 5 or higher
NetWare 6.5 with Support Pack 2 or higher
Symantec AntiVirus server
Windows 2000 Server/Advanced Server
Windows Server 2003 Standard/Enterprise with
Support Pack 1 or higher
Note:You must enable active scripting on your Webbrowser before you use the reporting server from the
Symantec System Center or your Web browser.
Reporting Server
Windows 2000 Professional/Server/Advanced Server
Windows XP Professional
Windows Server 2003
Web/Standard/Enterprise/Datacenter
Reporting Agent
Planning the installationNetwork and system requirements
-
8/12/2019 Savin St
34/225
Table 2-1 Operating system requirements(continued)
DescriptionComponent
Windows 2000 Professional/Server/Advanced Server Windows XP Professional
Windows Server 2003
Web/Standard/Enterprise/Datacenter
Quarantine Console
Windows 2000 Professional/Server/Advanced Server
Windows XP Professional
Windows Server 2003
Web/Standard/Enterprise/Datacenter
Central Quarantine Server
Windows 2000 Professional/Server/Advanced Server
Windows XP Home Edition/Professional/Tablet PCEdition
Windows Server 2003
Web/Standard/Enterprise/Datacenter
SymantecAntiVirus client 32-bit
Windows XP 64-bit Edition Version 2003
Windows Server 2003
Standard/Enterprise/Datacenter 64-bit
SymantecAntiVirus client 64-bit
RAM, storage, and application requirements
Table 2-2 lists RAM,storage, andapplication requirements for Symantec AntiViruscomponents.
Planning the installationNetwork and system requirements
34
-
8/12/2019 Savin St
35/225
Table 2-2 RAM, storage, and application requirements.
Storage and ApplicationsRAMComponent
36 MB disk space without Snap-ins 337 MB disk spacefor ReportingSnap-in
518 MB disk space for Symantec
Endpoint Compliance Snap-in
24 MB disk space for AMS2
Snap-in
6 MB disk spacefor Symantec AntiVirus
Snap-in
1 MB disk space for Symantec Client
Firewall Snap-in
130 MB disk space for AV Server Rollout
tool
2 MB diskspace for ClientRemote Install
Snap-in
Internet Explorer 5.5 with Service Pack
2 or later
Microsoft Management Console 1.2 or
later If MMC isnot already installed,you
will need 3 MB free disk space (10 MB
during installation).
If version 1.2 or later is not on the
computer to which you want to install,
the installation program installs it.
64 MBSymantec System Center
140 MB disk space
15 MB disk space for reporting agent
files (if you choose to install the
reporting agent)
Internet Explorer 5.5 with Service Pack
2 or later
Static IP address (recommended)
Note: Symantec AntiVirusdoesnotsupport
the scanning of Macintosh volumes on
Windows servers for Macintosh viruses.
64 MBSymantec AntiVirus server
for Windows
116 MB disk space (70 MB disk space for
serverfiles and 46MB diskspace for the
client disk image)
20 MB disk space for AMS2
server files
(ifyouchoosetoinstallthe AMS2 server)
Static IP address (recommended)
15 MBSymantec AntiVirus server
for NetWare
Planning the installationNetwork and system requirements
-
8/12/2019 Savin St
36/225
Table 2-2 RAM, storage, and application requirements.(continued)
Storage and ApplicationsRAMComponent
15 MB disk space for AMS2
server filesfor Windows
20 MB disk space for AMS2
server files
for Netware
10 MBAMS2
server (optional, forlegacy support)
1.5 GB disk space for 100 clients, or 2
GB disk space for 1,000 clients, or 40 GB
disk space for 50,000 clients
MSDE 2000 with Service Pack 4
(installable), or Microsoft SQL Server
2000 with Service Pack 1 or later
(existing), or Microsoft SQL Server 2005or later (existing)
Internet Information Services 4.0 or
later
Internet Explorer 5.5 with Service Pack
2 or later
256 MB for
100 clients
512 MB for
1,000 clients
1 GB for
50,000 clients
Reporting Server
15 MB disk space11 MBReporting Agent
35 MB disk space
Internet Explorer 5.5 Service Pack 2 or
later
Microsoft ManagementConsoleversion1.2 or later
If MMC is not already installed, you will
need3 MBfree diskspace(10 MBduring
installation).
64 MBQuarantine Console
40 MB disk space for Quarantine Server
500 MBto4 GBdisk space recommended
for quarantined items
Internet Explorer 5.5 with Service Pack
2 or later
Minimum swap file size of 250 MB
Note:If you run Windows XP, system disk
space usage is increased if the System
Restore functionality is enabled. For more
information on how System Restore works,
see the Microsoft operating system
documentation.
128 MBCentral Quarantine Server
Planning the installationNetwork and system requirements
36
-
8/12/2019 Savin St
37/225
Table 2-2 RAM, storage, and application requirements.(continued)
Storage and ApplicationsRAMComponent
55 MB disk space
Terminal Server clients connecting to a
computer with antivirus protection have
the following additional requirements:
MicrosoftTerminalServerRDP (Remote
Desktop Protocol) client
Citrix Metaframe (ICA) client 1.8 or
later if using Citrix Metaframe server
on Terminal Server
64 MBSymantec AntiVirus client32-bit
70 MB disk space
Internet Explorer 5.5 with Service Pack
2
Intel processors that support Intel
Extended Memory 64 Technology(Intel
EM64T)
AMD 64-bit Opteron and Athlon
processors
80 MBSymantec AntiVirus client
64-bit
Note: The ClientRemoteInstall Tooldoes not check to verify thatInternet Explorer
5.5 with Service Pack 2 or later is installed on computers when it is required. If
the target computers do not have the correct version of Internet Explorer, the
installation fails without informing you.
About Desktop firewallsIf your servers and clients run firewall software, and you want to manage these
servers and clients, you must open certain ports so that communication between
the servers, clients, and Symantec System Center is possible. Alternatively, you
can permit Rtvscan.exe on all computers and Pds.exe on servers and consoles to
send and receive traffic through your firewalls. Also, remote server and clientinstallation tools require that TCP port 139 be opened.
Planning the installationAbout Desktop firewalls
-
8/12/2019 Savin St
38/225
Note:Symantec AntiVirus uses the default ephemeral port range for TCP (1024
to 65535) to communicate between clients, servers, the Symantec System Center,
and other management components. The ephemeral port range that is used,
however, rarely exceeds 5000, and is configurable for most operating systems.Most firewalls use stateful inspection when filtering TCP traffic, so incoming TCP
responses are automatically allowed and routed back to the original requester.
Therefore you do not have to open explicitly the ephemeral TCP ports when you
configure your firewall software.
SeeAbout Windows XP and Windows 2003 firewallson page 40.
Table 2-3lists the network protocols and ports that Symantec AntiVirus client
and server require for communicating and network installations.
Table 2-3 Ports for client and server installation and communication
Protocol and portComponentFunction
TCP
139
Management server and target
clients
Client deployment
TCP 139
UDP 38293
Management servers and target
servers
Server deployment
TCP (Inbound)
2967Note:This port number is
configurable.
Servers and clientsGeneral
communication
TCP (Inbound)
2968
Note:This port number is
configurable.
Netware serversGeneral
communication
TCP (Outbound)
2967 and 2968
Note:These port numbers are
configurable.
Symantec System CenterGeneral
communication
UDP
38293
ServersDiscovery
Planning the installationAbout Desktop firewalls
38
-
8/12/2019 Savin St
39/225
Table 2-3 Ports for client and server installation and communication
(continued)
Protocol and portComponentFunction
UDP
1024-5000
Note:You do not need to open
these ports if your router or
firewall recognizes UDP
datagram program sessions.
Symantec System CenterDiscovery
TCP
80 (HTTP)
443 (SSL)
Note:If you set up a database
on a remote machine, you must
create an alias and ensure that
port number is open. The
default for SQL Server is TCP
1433.
Servers and agentsReporting
Table 2-4lists the network protocols and ports that optional components require
to communicate and perform standard functions.
Table 2-4 Ports for optional components
Protocol and portComponentFunction
TCP
2847 (HTTP)
2848 (HTTPS)
Central Quarantine ServerQuarantine
TCP 38037
UDP 38293
ServersAMS2 alerts
UDP (Inbound)
2967
Legacy servers and clientsLegacy management
UDP (Outbound)
2967
Symantec System CenterLegacy management
Planning the installationAbout Desktop firewalls
-
8/12/2019 Savin St
40/225
About Windows XP and Windows 2003 firewallsWindows XP and Windows 2003 Server contain the firewalls that may prevent
certain types of communication that are necessary in your Symantec AntiVirusnetwork. If these firewalls are enabled, you might not be able to install server
software or client software remotely from the Symantec System Center and other
remote installation tools. If there are computers in your network that are running
these operating systems, you need to configure the firewalls to allow for these
communications.
To usethe Windows XP firewalls, you need toconfigurethem to support Symantec
AntiVirus communications by opening ports or by specifying trusted programs.
You can enable communications by permitting Rtvscan.exe on all computers and
Pds.exe on servers and consoles to send and receive traffic through your firewalls.
Almost all communications traffic between Symantec AntiVirus servers andclients is initiated from source TCP ports 1024-5000 and sent to destination TCP
port 2967. For example,clients initiate trafficfrom TCP ports 1024-5000andsend
it to TCP port 2967 on servers. Servers initiate traffic from TCP ports 1024-5000
and send it to TCP port 2967 on other servers and clients. Therefore, to manage
Symantec AntiVirusserversandclients,you need to permitoutbound traffic from
TCP ports 1024-5000 to TCP port 2967 and permit inbound traffic from TCP ports
1024-5000 to TCP port 2967 on all servers and clients.
If you want to install Symantec AntiVirus on clients remotely, you must permit
servers to send traffic from TCP ports 1024-5000 to TCP port 139 on clients.
Stateful inspection permits the return traffic automatically. You must also permitclients to receive traffic from server TCP ports 1024-5000 on TCP port 139, and
permit clients to send traffic from TCP port 139 to TCP ports 1024-5000 on
servers.Symantec AntiVirus servers perform discovery by using TCP port 39263.
Legacy communications also require that UDP port 2967 be open on all computers.
Depending on your XP operating system and service pack, you might be able to
open individual ports or specify the programs that you want to trust to
communicate through your firewall. Consult your Windows documentation for
information on how to configure your firewalls.
Disabling Internet Connection FirewallWindows XP with Service Pack 1 includes a firewall that is called Internet
Connection Firewall that can interfere with remote Symantec AntiVirus
installation, and communications between servers and clients. If any of your
servers or clients run Windows XP, you can disable the Windows XP firewall on
them before you install Symantec AntiVirus clients.
Planning the installationAbout Windows XP and Windows 2003 firewalls
40
-
8/12/2019 Savin St
41/225
To disable Internet Connection Firewall
1 On the Windows XP taskbar, click Start>ControlPanel.
2 In the Control Panel window, double-clickNetworkConnections.
3 In the Network Connections window, right-click the active connection, andthen click Properties.
4 On the Advanced tab, under Internet Connection Firewall, uncheckProtectmycomputerandnetworkbylimitingorpreventingaccesstothiscomputer
fromtheInternet.
5 Click OK.
Disabling Windows Firewall
Windows XP with Service Pack 2 and Windows 2003 Server include a firewall that
is called Windows Firewall that can interfere with remote Symantec AntiVirus
installation, and communications between servers and clients. If any of your
servers or clients run Windows XP with Service Pack 2 or Windows Server 2003,
you can disable thefirewall on them before you install SymantecAntiVirus clients.
To disable Windows Firewall
1 On the Windows XP taskbar, click Start>ControlPanel.
2 In the Control Panel window, double-clickNetworkConnections.
3 In the Network Connections window, right-click the active connection, andthen click Properties.
4 On the Advanced tab, under Windows Firewall, click Settings.
5 In the Windows Firewall window, on the General tab, checkOff (notrecommended).
6 Click OK.
Prepare your clients and servers for installation
Before you install Symantec AntiVirus on your clients and servers, you shouldfirst determine the state of these computers. Symantec AntiVirus installation is
more efficient and effective if you evaluate the following conditions before you
begin the installation process:
Create a list of computers that you want to protect
Remove virus threats and security risks
Evaluate antivirus and anti-adware or spyware software
Planning the installationPrepare your clients and servers for installation
-
8/12/2019 Savin St
42/225
Determine the programs that you can migrate
How to restructure your Symantec AntiVirus network
Install Symantec AntiVirus in stages
Create a list of computers that you want to protect
Whether you want to install Symantec AntiVirus for the first time or you want
to migrate from a previous version, the process goes more smoothly if you create
a listof the computers onwhich you wanttoinstall the various SymantecAntiVirus
programs. The lists for Symantec AntiVirus server and Symantec System Center
installations should be fairly short. The list of Symantec AntiVirus clients could
be quite large. Having a list of your client computers' IP addresses can expedite
the installation or migration process.
SeeAbout verifying network access and privilegeson page 147.
Remove virus threats and security risks
Try to avoid installing or upgrading Symantec AntiVirus on the computers that
are infected with virus threats or other security risks. Some threats can directly
interfere with the installation or operation of Symantec AntiVirus. If a previous
version of SymantecAntiVirus is installed on the computers in your network, you
can perform a virus and security risk scan on these computers to ensure that they
are not currentlyinfected. For thecomputers that donothavean antivirus scanner
installed, you can perform a virus check from Symantec Security Response. Ifvirus check finds a virus, it directs you to manual removal instructions in the
virus encyclopedia if they are available. You can find virus check at the Symantec
Security Response Web site at the following URL:
http://securityresponse.symantec.com
Evaluate antivirus and anti-adware or spyware software
As you prepareto installSymantec AntiVirus in your network, you must determine
if security software, such as other antivirus or anti-adware and spyware software,
is installed on your computers. These programs can affect the performance andeffectiveness of Symantec AntiVirus. It is not recommended to run two antivirus
programson onecomputer. Likewise, it maybe problematic to run twoanti-adware
or spyware programs. This is important if both programs provide real-time
protection, as both programs create a resource conflict and can drain the
computer's resources as the programs try to scan and repair the same files.
Planning the installationPrepare your clients and servers for installation
42
-
8/12/2019 Savin St
43/225
Determine the programs that you can migrate
You can migrate recent versions of Symantec AntiVirus client and Symantec
AntiVirus server to the latest version. If you have older versions that are installed
on your computers, you should determine if these versions need to be uninstalled
before you install the latest version on your computers.
SeeSupported migration pathson page 108.
Previous versionsof Symantec AntiVirus administrator tools must be uninstalled
before you install the latestversion. Some administratortools, in