Administration Guide
Page 2
... errors. Trademarks Symantec, the Symantec logo, LiveUpdate, and Norton AntiVirus are hereby acknowledged. Printed in the United States of Symantec Corporation and is owned by Symantec Corporation. NO WARRANTY. Any technical documentation that is made available by Symantec Corporation is the copyrighted work of America. 10 9 8 7 6 5 4 3 2 1 Documentation may be trademarks or registered trademarks of the agreement. Symantec AntiVirus™ Corporate Edition Administrator's Guide...
... errors. Trademarks Symantec, the Symantec logo, LiveUpdate, and Norton AntiVirus are hereby acknowledged. Printed in the United States of Symantec Corporation and is owned by Symantec Corporation. NO WARRANTY. Any technical documentation that is made available by Symantec Corporation is the copyrighted work of America. 10 9 8 7 6 5 4 3 2 1 Documentation may be trademarks or registered trademarks of the agreement. Symantec AntiVirus™ Corporate Edition Administrator's Guide...
Administration Guide
Page 3
... the Product Home Page, select the Licensing and Registration link. Contacting Technical Support Customers with the other functional areas within Symantec to register, and from Symantec Security Response experts, which is available 24 hours a day, 7 days a week worldwide in a variety of support options ... a current support agreement may contact the Technical Support group via the Platinum Web site at www-secure.symantec.com/platinum/. Alternatively, you may go to www.symantec.com/techsupp/ent/enterprise.html, select the product that you are implementing requires registration and/or a...
... the Product Home Page, select the Licensing and Registration link. Contacting Technical Support Customers with the other functional areas within Symantec to register, and from Symantec Security Response experts, which is available 24 hours a day, 7 days a week worldwide in a variety of support options ... a current support agreement may contact the Technical Support group via the Platinum Web site at www-secure.symantec.com/platinum/. Alternatively, you may go to www.symantec.com/techsupp/ent/enterprise.html, select the product that you are implementing requires registration and/or a...
Administration Guide
Page 5
Contents Technical support Section 1 Managing Symantec AntiVirus Chapter 1 Managing Symantec AntiVirus About managing Symantec AntiVirus 13 Managing with the Symantec System Center 14 Using console views 15 Saving console settings 16 Understanding Symantec System Center icons 17 Discovering computers and refreshing the console 19 Auditing computers 31 About clients and servers 37 ... 46 Moving a server to a different server group 46 Viewing server groups 47 Deleting server groups 48 Enhancing server group security 48 How the access list works 48 Implementing enhanced server group...
Contents Technical support Section 1 Managing Symantec AntiVirus Chapter 1 Managing Symantec AntiVirus About managing Symantec AntiVirus 13 Managing with the Symantec System Center 14 Using console views 15 Saving console settings 16 Understanding Symantec System Center icons 17 Discovering computers and refreshing the console 19 Auditing computers 31 About clients and servers 37 ... 46 Moving a server to a different server group 46 Viewing server groups 47 Deleting server groups 48 Enhancing server group security 48 How the access list works 48 Implementing enhanced server group...
Administration Guide
Page 8
...-bit computers ... 149 Updating virus definitions files on Symantec AntiVirus servers 150 Updating and configuring Symantec AntiVirus servers using the Virus Definition Transport Method 150 Updating ... updates 160 Updating virus definitions files on Symantec AntiVirus clients 162 Updating virus definitions files on Symantec AntiVirus clients immediately 164 Configuring managed clients to ...Preparing for a virus outbreak 174 Creating a virus outbreak plan 174 Defining Symantec AntiVirus actions for handling suspicious files 175 Automatically purging suspicious files from local Quarantines...
...-bit computers ... 149 Updating virus definitions files on Symantec AntiVirus servers 150 Updating and configuring Symantec AntiVirus servers using the Virus Definition Transport Method 150 Updating ... updates 160 Updating virus definitions files on Symantec AntiVirus clients 162 Updating virus definitions files on Symantec AntiVirus clients immediately 164 Configuring managed clients to ...Preparing for a virus outbreak 174 Creating a virus outbreak plan 174 Defining Symantec AntiVirus actions for handling suspicious files 175 Automatically purging suspicious files from local Quarantines...
Administration Guide
Page 13
... also use a thirdparty tool to configure Symantec AntiVirus clients. 1 Chapter Managing Symantec AntiVirus This chapter includes the following topics: ■ About managing Symantec AntiVirus ■ Managing with the Symantec System Center ■ About clients and servers ■ About server and client groups ■ Managing with server groups ■ Enhancing server group security ■ Managing with client groups ■...
... also use a thirdparty tool to configure Symantec AntiVirus clients. 1 Chapter Managing Symantec AntiVirus This chapter includes the following topics: ■ About managing Symantec AntiVirus ■ Managing with the Symantec System Center ■ About clients and servers ■ About server and client groups ■ Managing with server groups ■ Enhancing server group security ■ Managing with client groups ■...
Administration Guide
Page 17
... server groups default to locked when you change settings for the computers in the server group. Symantec AntiVirus primary server running on a supported Windows or NetWare computer. Managing Symantec AntiVirus 17 Managing with a threat. An issue needs to be resolved in this icon to the server... icon, the server group must enter a password before you can view the computers in lost settings. For security reasons, all server groups. Table 1-2 lists the Symantec System Center icons. Note: If a newer version of computers that are not retained for the server group....
... server groups default to locked when you change settings for the computers in the server group. Symantec AntiVirus primary server running on a supported Windows or NetWare computer. Managing Symantec AntiVirus 17 Managing with a threat. An issue needs to be resolved in this icon to the server... icon, the server group must enter a password before you can view the computers in lost settings. For security reasons, all server groups. Table 1-2 lists the Symantec System Center icons. Note: If a newer version of computers that are not retained for the server group....
Administration Guide
Page 31
... Administrator to the remote computers that software, is installed. ■ Whether antivirus software from other vendors or from Symantec (such as server, client, or unmanaged client, that is installed on the...Symantec AntiVirus consumer version), including the type and version of the computers that do not have Symantec AntiVirus running on the computer. Run a network audit and sync items You can locate selected computers by syncing to gather information. Managing Symantec AntiVirus 31 Managing with the Symantec System Center Auditing computers Computers on your network security...
... Administrator to the remote computers that software, is installed. ■ Whether antivirus software from other vendors or from Symantec (such as server, client, or unmanaged client, that is installed on the...Symantec AntiVirus consumer version), including the type and version of the computers that do not have Symantec AntiVirus running on the computer. Run a network audit and sync items You can locate selected computers by syncing to gather information. Managing Symantec AntiVirus 31 Managing with the Symantec System Center Auditing computers Computers on your network security...
Administration Guide
Page 44
...4 Press Tab, and then retype the password. 5 Click OK. 6 Close the Symantec System Center console. 7 When prompted to change server group passwords. 44 Managing Symantec AntiVirus Managing with server groups To no longer save , click No. To change a server ...Symantec System Center console, in the left pane, right-click the server group, and then click Configure Server Group Password. 2 Type the old password. 3 Press Tab, and then type the new password. 4 Press Tab, and then retype the password. 5 Click OK. Changing server group passwords You can change passwords regularly for security...
...4 Press Tab, and then retype the password. 5 Click OK. 6 Close the Symantec System Center console. 7 When prompted to change server group passwords. 44 Managing Symantec AntiVirus Managing with server groups To no longer save , click No. To change a server ...Symantec System Center console, in the left pane, right-click the server group, and then click Configure Server Group Password. 2 Type the old password. 3 Press Tab, and then type the new password. 4 Press Tab, and then retype the password. 5 Click OK. Changing server group passwords You can change passwords regularly for security...
Administration Guide
Page 48
... that you want to only the IP and IPX addresses that are limited to a new or existing server group. 48 Managing Symantec AntiVirus Enhancing server group security Deleting server groups Before you can delete a server group, you must move any existing servers using a drag-and-drop operation.... 2 In the server group that restricts inbound communication to protect. To delete a server group 1 In the Symantec System Center console, in the access list. You can enhance the security that is empty. 3 Right-click the empty server group, and then click Delete. 4 Right-click System Hierarchy...
... that you want to only the IP and IPX addresses that are limited to a new or existing server group. 48 Managing Symantec AntiVirus Enhancing server group security Deleting server groups Before you can delete a server group, you must move any existing servers using a drag-and-drop operation.... 2 In the server group that restricts inbound communication to protect. To delete a server group 1 In the Symantec System Center console, in the access list. You can enhance the security that is empty. 3 Right-click the empty server group, and then click Delete. 4 Right-click System Hierarchy...
Administration Guide
Page 49
Figure 1-2 Managing Symantec AntiVirus 49 Enhancing server group security Enhanced server group security Read Write Authorized Symantec System Center console Read Only Primary Server Read Only Read Write Read Only Unauthorized Symantec System Center console Secondary Server Access List Registry Client Access List Registry Implementing enhanced server group security You can perform the following tasks to implement protection...
Figure 1-2 Managing Symantec AntiVirus 49 Enhancing server group security Enhanced server group security Read Write Authorized Symantec System Center console Read Only Primary Server Read Only Read Write Read Only Unauthorized Symantec System Center console Secondary Server Access List Registry Client Access List Registry Implementing enhanced server group security You can perform the following tasks to implement protection...
Administration Guide
Page 50
...IP and IPX addresses and subnet addresses of every server in the access list. 50 Managing Symantec AntiVirus Enhancing server group security Choosing which computers to protect The IP address of the computer running the Symantec System Center console should be included in the access list of the computers that you want... the registry editor. Creating the access list To create an access list, you no longer require access. You do not need to allow the Symantec System Center to access the server. Type (IPX)- Add IP and IPX addresses to the access list only when you need to include the ...
...IP and IPX addresses and subnet addresses of every server in the access list. 50 Managing Symantec AntiVirus Enhancing server group security Choosing which computers to protect The IP address of the computer running the Symantec System Center console should be included in the access list of the computers that you want... the registry editor. Creating the access list To create an access list, you no longer require access. You do not need to allow the Symantec System Center to access the server. Type (IPX)- Add IP and IPX addresses to the access list only when you need to include the ...
Administration Guide
Page 51
... can specify the frequency with the ReadAccessList DWord value. 5 Close the registry editor. You can edit the registry to log unauthorized changes. See "Forcing the access list to reload" on a computer running Symantec AntiVirus, the log event is refreshed every five minutes. To force the access list to reload 1... you want to add to the access list, such as the binary data associated with which these items are logged. Managing Symantec AntiVirus 51 Enhancing server group security Forcing the access list to reload By default, the access list is forwarded to the parent server.
... can specify the frequency with the ReadAccessList DWord value. 5 Close the registry editor. You can edit the registry to log unauthorized changes. See "Forcing the access list to reload" on a computer running Symantec AntiVirus, the log event is refreshed every five minutes. To force the access list to reload 1... you want to add to the access list, such as the binary data associated with which these items are logged. Managing Symantec AntiVirus 51 Enhancing server group security Forcing the access list to reload By default, the access list is forwarded to the parent server.
Administration Guide
Page 52
52 Managing Symantec AntiVirus Enhancing server group security 2 Open the HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\ VirusProtect6\CurrentVersion\AccessList key. 3 Type LogAccessDenied as a new DWord. 4 Type 1 as the binary data associated with the LogAccessDeniedWindowMinutes DWord ...
52 Managing Symantec AntiVirus Enhancing server group security 2 Open the HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\ VirusProtect6\CurrentVersion\AccessList key. 3 Type LogAccessDenied as a new DWord. 4 Type 1 as the binary data associated with the LogAccessDeniedWindowMinutes DWord ...
Administration Guide
Page 91
... of threats. You can then obtain confidential information regarding user behavior. ■ Security risks: Threats that trace a user's path on : ■ Individual and multiple Symantec AntiVirus servers and clients ■ Groups of viruses, Trojan horses, worms, or other types of Symantec AntiVirus. It can perform scans on the Internet and send information to a user's computer...
... of threats. You can then obtain confidential information regarding user behavior. ■ Security risks: Threats that trace a user's path on : ■ Individual and multiple Symantec AntiVirus servers and clients ■ Groups of viruses, Trojan horses, worms, or other types of Symantec AntiVirus. It can perform scans on the Internet and send information to a user's computer...
Administration Guide
Page 101
...file cache entries to the Quarantine directory. Higher values decrease Threat Tracer's ability to the IP address for network sessions every Symantec AntiVirus polls once every second (1000 ___ milliseconds milliseconds) by Bloodhound Heuristic Scanning, click Heuristics. Client firewall auto blocks IP address...of the source computer Enable this option is unchecked, Symantec AntiVirus looks up to include. See "How to trace threats" on the computers for file servers or Web servers where you are using Symantec Client Security firewall client and want to enable it can be ...
...file cache entries to the Quarantine directory. Higher values decrease Threat Tracer's ability to the IP address for network sessions every Symantec AntiVirus polls once every second (1000 ___ milliseconds milliseconds) by Bloodhound Heuristic Scanning, click Heuristics. Client firewall auto blocks IP address...of the source computer Enable this option is unchecked, Symantec AntiVirus looks up to include. See "How to trace threats" on the computers for file servers or Web servers where you are using Symantec Client Security firewall client and want to enable it can be ...
Administration Guide
Page 106
...who regularly receive large attachments. Scanning outgoing email messages helps to prevent the spread of your users receives a message with an infected attachment, Symantec AntiVirus can use the POP3 or SMTP communications protocol. Email scanning does not support the following email clients: ■ IMAP clients ■ ...as the user tries to a local drive or network drive. If you are immediately downloaded to the computer that uses SSL (Secure Sockets Layer) ■ HTTP-based email such as GroupWise) save the infected attachment to open the attachment. When Auto-Protect ...
...who regularly receive large attachments. Scanning outgoing email messages helps to prevent the spread of your users receives a message with an infected attachment, Symantec AntiVirus can use the POP3 or SMTP communications protocol. Email scanning does not support the following email clients: ■ IMAP clients ■ ...as the user tries to a local drive or network drive. If you are immediately downloaded to the computer that uses SSL (Secure Sockets Layer) ■ HTTP-based email such as GroupWise) save the infected attachment to open the attachment. When Auto-Protect ...
Administration Guide
Page 113
... application that are not subject to viruses. For example, exclusions settings that contain other allowable threats. For example, your company's security policy may want to exclude folders that contain only data files that is installed on page 139. For example, if you can... likely to cause a problem but each type of scan is part of : ■ Scheduling scans for Symantec AntiVirus servers and clients ■ Setting options for missed scans ■ Optionally editing, deleting, or disabling a scan, or running a scheduled scan on demand Scheduled scans have settings that is...
... application that are not subject to viruses. For example, exclusions settings that contain other allowable threats. For example, your company's security policy may want to exclude folders that contain only data files that is installed on page 139. For example, if you can... likely to cause a problem but each type of scan is part of : ■ Scheduling scans for Symantec AntiVirus servers and clients ■ Setting options for missed scans ■ Optionally editing, deleting, or disabling a scan, or running a scheduled scan on demand Scheduled scans have settings that is...
Administration Guide
Page 125
... Center console, right-click a server, server group, or client group, and then click All Tasks > Symantec AntiVirus > Client Administrator Only Options. 2 Click the Security tab. 3 Change the setting for Lock the ability of users to an infected email message. ■ ...email message. For example, if users have violated your corporate policy and must uninstall the application immediately. ■ Add an infection warning to unload Symantec AntiVirus Services. 4 Click OK. You can do any of the Symantec AntiVirus client user experience. Requiring a password before permitting an uninstallation...
... Center console, right-click a server, server group, or client group, and then click All Tasks > Symantec AntiVirus > Client Administrator Only Options. 2 Click the Security tab. 3 Change the setting for Lock the ability of users to an infected email message. ■ ...email message. For example, if users have violated your corporate policy and must uninstall the application immediately. ■ Add an infection warning to unload Symantec AntiVirus Services. 4 Click OK. You can do any of the Symantec AntiVirus client user experience. Requiring a password before permitting an uninstallation...
Administration Guide
Page 126
... a password before uninstalling 1 In the Symantec System Center console, right-click a server, server group, or client group, and then click All Tasks > Symantec AntiVirus > Client Administrator Only Options. 2 Click the Security tab. 3 Check Ask for three hours.... A stopped scan will not continue. ■ Snoozed scan: When a user snoozes a scheduled scan, the user has the option of snoozing the scan for one of the following: ■ Select a scheduled scan, and then click Edit...
... a password before uninstalling 1 In the Symantec System Center console, right-click a server, server group, or client group, and then click All Tasks > Symantec AntiVirus > Client Administrator Only Options. 2 Click the Security tab. 3 Check Ask for three hours.... A stopped scan will not continue. ■ Snoozed scan: When a user snoozes a scheduled scan, the user has the option of snoozing the scan for one of the following: ■ Select a scheduled scan, and then click Edit...
Administration Guide
Page 133
...code, the file may want to register a false positive. To maintain security, you copied a large folder that was enabled, the copying process would not take as follows: ■ When Symantec AntiVirus applies exclusions, the excluded items are not sure if a file is infected.... Table 3-5 describes exclusions. Enabling and disabling exclusions can , however, exclude specific files using the Symantec AntiVirus client or server user interface. In addition, certain Symantec AntiVirus scans allow exclusion by named folder (for specific file extensions and folders. You may be excluded. ...
...code, the file may want to register a false positive. To maintain security, you copied a large folder that was enabled, the copying process would not take as follows: ■ When Symantec AntiVirus applies exclusions, the excluded items are not sure if a file is infected.... Table 3-5 describes exclusions. Enabling and disabling exclusions can , however, exclude specific files using the Symantec AntiVirus client or server user interface. In addition, certain Symantec AntiVirus scans allow exclusion by named folder (for specific file extensions and folders. You may be excluded. ...