Administration Guide
Page 2
... as to make changes without the express written permission of Symantec Corporation, 20330 Stevens Creek Blvd., Cupertino, CA 95014. Trademarks Symantec, the Symantec logo, LiveUpdate, and Norton AntiVirus are trademarks of Symantec Corporation. Norton Internet Security, Norton Personal Firewall, Symantec AntiVirus, Symantec Client Firewall, Symantec Client Security, and Symantec Security Response are U.S. Symantec AntiVirus™ Corporate Edition Administrator's Guide The software described in this book is...
... as to make changes without the express written permission of Symantec Corporation, 20330 Stevens Creek Blvd., Cupertino, CA 95014. Trademarks Symantec, the Symantec logo, LiveUpdate, and Norton AntiVirus are trademarks of Symantec Corporation. Norton Internet Security, Norton Personal Firewall, Symantec AntiVirus, Symantec Client Firewall, Symantec Client Security, and Symantec Security Response are U.S. Symantec AntiVirus™ Corporate Edition Administrator's Guide The software described in this book is...
Administration Guide
Page 5
Contents Technical support Section 1 Managing Symantec AntiVirus Chapter 1 Managing Symantec AntiVirus About managing Symantec AntiVirus 13 Managing with the Symantec System Center 14 Using console views 15 Saving console settings 16 Understanding Symantec System Center icons 17 Discovering computers and refreshing the console 19 Auditing computers 31 About clients and servers 37 About primary servers 37 About secondary ...
Contents Technical support Section 1 Managing Symantec AntiVirus Chapter 1 Managing Symantec AntiVirus About managing Symantec AntiVirus 13 Managing with the Symantec System Center 14 Using console views 15 Saving console settings 16 Understanding Symantec System Center icons 17 Discovering computers and refreshing the console 19 Auditing computers 31 About clients and servers 37 About primary servers 37 About secondary ...
Administration Guide
Page 7
... .......115 Configuring scheduled scans 115 Scheduling scans for server groups or individual Symantec AntiVirus servers 115 Scheduling scans for Symantec AntiVirus clients 118 Setting options for missed scheduled scans 120 Editing, deleting, or disabling a scheduled scan 121 Running a scheduled scan on... demand 122 Deleting files and folders that are left on computers by threats .......122 Handling Symantec AntiVirus clients with intermittent connectivity .....123 ...
... .......115 Configuring scheduled scans 115 Scheduling scans for server groups or individual Symantec AntiVirus servers 115 Scheduling scans for Symantec AntiVirus clients 118 Setting options for missed scheduled scans 120 Editing, deleting, or disabling a scheduled scan 121 Running a scheduled scan on... demand 122 Deleting files and folders that are left on computers by threats .......122 Handling Symantec AntiVirus clients with intermittent connectivity .....123 ...
Administration Guide
Page 8
...Best practice: Using Continuous LiveUpdate on 64-bit computers ... 149 Updating virus definitions files on Symantec AntiVirus servers 150 Updating and configuring Symantec AntiVirus servers using the Virus Definition Transport Method 150 Updating servers using LiveUpdate 156 Updating servers with ... 159 Minimizing network traffic and handling missed updates 160 Updating virus definitions files on Symantec AntiVirus clients 162 Updating virus definitions files on Symantec AntiVirus clients immediately 164 Configuring managed clients to use an internal LiveUpdate server 165 Enabling ...
...Best practice: Using Continuous LiveUpdate on 64-bit computers ... 149 Updating virus definitions files on Symantec AntiVirus servers 150 Updating and configuring Symantec AntiVirus servers using the Virus Definition Transport Method 150 Updating servers using LiveUpdate 156 Updating servers with ... 159 Minimizing network traffic and handling missed updates 160 Updating virus definitions files on Symantec AntiVirus clients 162 Updating virus definitions files on Symantec AntiVirus clients immediately 164 Configuring managed clients to use an internal LiveUpdate server 165 Enabling ...
Administration Guide
Page 9
... How roaming works 183 Implementing roaming 183 Analyzing and mapping your Symantec AntiVirus network 184 Identifying servers for each hierarchical level 185 Creating a list of 0 level Symantec AntiVirus servers 185 Creating a hierarchical list of Symantec AntiVirus servers 186 Configuring roaming client support options from the Symantec System Center console 186 Configuring additional roaming client support for roam...
... How roaming works 183 Implementing roaming 183 Analyzing and mapping your Symantec AntiVirus network 184 Identifying servers for each hierarchical level 185 Creating a list of 0 level Symantec AntiVirus servers 185 Creating a hierarchical list of Symantec AntiVirus servers 186 Configuring roaming client support options from the Symantec System Center console 186 Configuring additional roaming client support for roam...
Administration Guide
Page 11
Section 1 Managing Symantec AntiVirus ■ Managing Symantec AntiVirus ■ Setting up the Alert Management System
Section 1 Managing Symantec AntiVirus ■ Managing Symantec AntiVirus ■ Setting up the Alert Management System
Administration Guide
Page 13
... with client groups ■ Configuring clients directly ■ Changing an unmanaged client into a managed client (and the reverse) ■ How settings propagate About managing Symantec AntiVirus Using the Symantec System Center, you can also use configuration files (Grc.dat) to perform remote configuration on workstations and network servers, updating virus definitions, and managing...
... with client groups ■ Configuring clients directly ■ Changing an unmanaged client into a managed client (and the reverse) ■ How settings propagate About managing Symantec AntiVirus Using the Symantec System Center, you can also use configuration files (Grc.dat) to perform remote configuration on workstations and network servers, updating virus definitions, and managing...
Administration Guide
Page 14
14 Managing Symantec AntiVirus Managing with the Symantec System Center Managing with the Symantec System Center When the Symantec System Center runs, it displays a system hierarchy of object selected in tree appear in an expandable/collapsible tree. Console tree tab Top ...Note: The system hierarchy is the top level that contains all server groups and client groups. To start the Symantec System Center ◆ On the Windows taskbar, click Start > Programs > Symantec System Center Console > Symantec System Center Console. The system hierarchy is not populated until you install at least one...
14 Managing Symantec AntiVirus Managing with the Symantec System Center Managing with the Symantec System Center When the Symantec System Center runs, it displays a system hierarchy of object selected in tree appear in an expandable/collapsible tree. Console tree tab Top ...Note: The system hierarchy is the top level that contains all server groups and client groups. To start the Symantec System Center ◆ On the Windows taskbar, click Start > Programs > Symantec System Center Console > Symantec System Center Console. The system hierarchy is not populated until you install at least one...
Administration Guide
Page 15
...; Scan Engine ■ Address ■ Status of client updates ■ Group Name ■ Configuration Change Date ■ Number of Clients Table 1-1 Data columns in the Symantec AntiVirus view Object selected in left pane System hierarchy icon Server group icon Groups icon (for client groups) Data columns that appear in the right pane...
...; Scan Engine ■ Address ■ Status of client updates ■ Group Name ■ Configuration Change Date ■ Number of Clients Table 1-1 Data columns in the Symantec AntiVirus view Object selected in left pane System hierarchy icon Server group icon Groups icon (for client groups) Data columns that appear in the right pane...
Administration Guide
Page 16
... to save console settings ◆ Do one of the menu, select a view. To save console settings for the Symantec System Center. 16 Managing Symantec AntiVirus Managing with the Symantec System Center Table 1-1 Data columns in the Symantec AntiVirus view Object selected in left pane, expand System Hierarchy. 2 On the View menu, in right pane Client group...
... to save console settings ◆ Do one of the menu, select a view. To save console settings for the Symantec System Center. 16 Managing Symantec AntiVirus Managing with the Symantec System Center Table 1-1 Data columns in the Symantec AntiVirus view Object selected in left pane, expand System Hierarchy. 2 On the View menu, in right pane Client group...
Administration Guide
Page 17
... newer version to the locked server group icon. Symantec AntiVirus primary server running Symantec managed products. Compare this server group. Locked server group. Symantec AntiVirus server running on the system, you start the Symantec System Center. Table 1-2 lists the Symantec System Center icons. An issue needs to be... to represent the different states of MMC is the primary server for the server group. Managing Symantec AntiVirus 17 Managing with the Symantec System Center Choosing No may be infected with its password before you can configure or run updates and scans....
... newer version to the locked server group icon. Symantec AntiVirus primary server running Symantec managed products. Compare this server group. Locked server group. Symantec AntiVirus server running on the system, you start the Symantec System Center. Table 1-2 lists the Symantec System Center icons. An issue needs to be... to represent the different states of MMC is the primary server for the server group. Managing Symantec AntiVirus 17 Managing with the Symantec System Center Choosing No may be infected with its password before you can configure or run updates and scans....
Administration Guide
Page 18
...appears. An issue needs to be resolved with the Symantec System Center Table 1-2 Symantec System Center icons Icon Icon descriptions Unavailable Symantec AntiVirus server. For example, the server system is not running Symantec AntiVirus server. Note: If Symantec AntiVirus detects a virus and a threat other than a ...network. A threat other than a virus, such as adware or spyware, was detected on a supported Windows computer. Note: If Symantec AntiVirus detects a virus and a threat other than a virus on the computer that is severed between the console and the system. ...
...appears. An issue needs to be resolved with the Symantec System Center Table 1-2 Symantec System Center icons Icon Icon descriptions Unavailable Symantec AntiVirus server. For example, the server system is not running Symantec AntiVirus server. Note: If Symantec AntiVirus detects a virus and a threat other than a ...network. A threat other than a virus, such as adware or spyware, was detected on a supported Windows computer. Note: If Symantec AntiVirus detects a virus and a threat other than a virus on the computer that is severed between the console and the system. ...
Administration Guide
Page 19
...-Protect status You can also use Discovery to locate the server using the Find feature or Discovery Service so that the client is already running Symantec AntiVirus servers. Discovering computers and refreshing the console At the first startup of Table 1-2 indicates that it will ping the network to find all available computers...
...-Protect status You can also use Discovery to locate the server using the Find feature or Discovery Service so that the client is already running Symantec AntiVirus servers. Discovering computers and refreshing the console At the first startup of Table 1-2 indicates that it will ping the network to find all available computers...
Administration Guide
Page 20
... that is stored on page 22. This service is working. See "Understanding Intense Discovery" on the network, a computer running Symantec AntiVirus server sends a ping packet to get the data that support Norton AntiVirus Corporate Edition and LANDesk Virus Protect, legacy versions of the computer's virus definitions files ■ When the computer was last infected Both...
... that is stored on page 22. This service is working. See "Understanding Intense Discovery" on the network, a computer running Symantec AntiVirus server sends a ping packet to get the data that support Norton AntiVirus Corporate Edition and LANDesk Virus Protect, legacy versions of the computer's virus definitions files ■ When the computer was last infected Both...
Administration Guide
Page 21
... primary server. This additional Discovery queries the primary server of the server group for all servers that are running Symantec AntiVirus server on page 27. When a mismatch is added to all types of secondary servers in its own address cache with the... primary server address cache contains information for information about the Importer tool. See the Symantec AntiVirus Reference Guide for every server within the server group. When the pong data returns, it . Managing Symantec AntiVirus 21 Managing with the address cache sent by the Discovery Service, you will need to...
... primary server. This additional Discovery queries the primary server of the server group for all servers that are running Symantec AntiVirus server on page 27. When a mismatch is added to all types of secondary servers in its own address cache with the... primary server address cache contains information for information about the Importer tool. See the Symantec AntiVirus Reference Guide for every server within the server group. When the pong data returns, it . Managing Symantec AntiVirus 21 Managing with the address cache sent by the Discovery Service, you will need to...
Administration Guide
Page 22
...Local Discovery generates less ping noise, but is sent over the local subnet of the servers for which the Symantec System Center console contains information in its address cache. Following a Local Discovery, the following Discovery types run...of outdated information from cache only is then sent a series of a ping packet is limited to the Symantec System Center console. Understanding Load from cache only discovery type Load from cache only finds all of the ...■ Load from cache only operation, the Normal Discovery runs. 22 Managing Symantec AntiVirus Managing with pong data.
...Local Discovery generates less ping noise, but is sent over the local subnet of the servers for which the Symantec System Center console contains information in its address cache. Following a Local Discovery, the following Discovery types run...of outdated information from cache only is then sent a series of a ping packet is limited to the Symantec System Center console. Understanding Load from cache only discovery type Load from cache only finds all of the ...■ Load from cache only operation, the Normal Discovery runs. 22 Managing Symantec AntiVirus Managing with pong data.
Administration Guide
Page 23
... is limited by IP address range in the address cache, you can be used to discover computers across the network. From the Symantec System Center console, you may want to use IP Discovery. Running the Discovery Service You manually run all computers that it attempts...root, and then choose Discovery Service from cache only ■ Normal Discovery See "Normal Discovery" on page 21. Managing Symantec AntiVirus 23 Managing with the Symantec System Center Understanding Intense Discovery Intense Discovery walks My Network Places on the local Windows 2000 computer or the Network Neighborhood ...
... is limited by IP address range in the address cache, you can be used to discover computers across the network. From the Symantec System Center console, you may want to use IP Discovery. Running the Discovery Service You manually run all computers that it attempts...root, and then choose Discovery Service from cache only ■ Normal Discovery See "Normal Discovery" on page 21. Managing Symantec AntiVirus 23 Managing with the Symantec System Center Understanding Intense Discovery Intense Discovery walks My Network Places on the local Windows 2000 computer or the Network Neighborhood ...
Administration Guide
Page 24
... IP addresses and subnets. See the Symantec AntiVirus Reference Guide for new computers that are trying to discover new computers in an environment in which WINS or Active Directory is unavailable, you may want to run IP Discovery 1 In the Symantec System Center console, in the left pane...on the Advanced tab, check Enable IP Discovery. Run the Discovery Service You can run the Discovery Service and find servers with the Symantec System Center Note: The Discovery service uses WINS (Windows Internet Naming Service) or Active Directory when browsing for information about the Importer ...
... IP addresses and subnets. See the Symantec AntiVirus Reference Guide for new computers that are trying to discover new computers in an environment in which WINS or Active Directory is unavailable, you may want to run IP Discovery 1 In the Symantec System Center console, in the left pane...on the Advanced tab, check Enable IP Discovery. Run the Discovery Service You can run the Discovery Service and find servers with the Symantec System Center Note: The Discovery service uses WINS (Windows Internet Naming Service) or Active Directory when browsing for information about the Importer ...
Administration Guide
Page 25
... box. See "Using the Find Computer feature" on the Tools menu, click Discovery Service. You can also access IP Discovery functionality in the Symantec System Center console status bar. IP Address search results appear in the range of IP addresses. 5 In the Beginning of range and End of... range boxes, type the addresses. 6 If you clicked IP Subnet, type the subnet mask to refine the search. Managing Symantec AntiVirus 25 Managing with the Symantec System Center Once Enable IP Discovery is checked, an IP Discovery session runs whenever you run Intense Discovery without IP 1 In the...
... box. See "Using the Find Computer feature" on the Tools menu, click Discovery Service. You can also access IP Discovery functionality in the Symantec System Center console status bar. IP Address search results appear in the range of IP addresses. 5 In the Beginning of range and End of... range boxes, type the addresses. 6 If you clicked IP Subnet, type the subnet mask to refine the search. Managing Symantec AntiVirus 25 Managing with the Symantec System Center Once Enable IP Discovery is checked, an IP Discovery session runs whenever you run Intense Discovery without IP 1 In the...
Administration Guide
Page 26
... you want to immediately run as Local Discovery. Each discovery thread is the quickest method. 26 Managing Symantec AntiVirus Managing with information about themselves and their clients. The Symantec System Center serially pings every server in the message area of the active memory and address cache, and... also performs the same local subnet broadcast as well. If you want to clear all server and client information out of the Symantec System Center console as well. This setting affects Intense Discovery sessions only. Only one of the following options: ■ Load ...
... you want to immediately run as Local Discovery. Each discovery thread is the quickest method. 26 Managing Symantec AntiVirus Managing with information about themselves and their clients. The Symantec System Center serially pings every server in the message area of the active memory and address cache, and... also performs the same local subnet broadcast as well. If you want to clear all server and client information out of the Symantec System Center console as well. This setting affects Intense Discovery sessions only. Only one of the following options: ■ Load ...