Administration Guide
Page 2
...Security, Norton Personal Firewall, Symantec AntiVirus, Symantec Client Firewall, Symantec Client Security, and Symantec Security Response are trademarks of Symantec Corporation. Documentation may include technical or other inaccuracies or typographical errors. The technical documentation is being delivered to you AS-IS, and Symantec Corporation...Other brands and product names mentioned in the United States of Symantec Corporation and is owned by Symantec Corporation. Symantec AntiVirus™ Corporate Edition Administrator's Guide The software described in this book is furnished under...
...Security, Norton Personal Firewall, Symantec AntiVirus, Symantec Client Firewall, Symantec Client Security, and Symantec Security Response are trademarks of Symantec Corporation. Documentation may include technical or other inaccuracies or typographical errors. The technical documentation is being delivered to you AS-IS, and Symantec Corporation...Other brands and product names mentioned in the United States of Symantec Corporation and is owned by Symantec Corporation. Symantec AntiVirus™ Corporate Edition Administrator's Guide The software described in this book is furnished under...
Administration Guide
Page 3
...offer enhanced response and proactive security support Please visit our Web site for virus outbreaks and security alerts. Customers with a current support agreement may contact the Technical Support group via the Platinum Web site at www-secure.symantec.com/platinum/. The Technical ...Support group works collaboratively with Product Engineering as well as Symantec Security Response to register, and from Symantec Security Response experts, which is to respond to answer your service...
...offer enhanced response and proactive security support Please visit our Web site for virus outbreaks and security alerts. Customers with a current support agreement may contact the Technical Support group via the Platinum Web site at www-secure.symantec.com/platinum/. The Technical ...Support group works collaboratively with Product Engineering as well as Symantec Security Response to register, and from Symantec Security Response experts, which is to respond to answer your service...
Administration Guide
Page 5
Contents Technical support Section 1 Managing Symantec AntiVirus Chapter 1 Managing Symantec AntiVirus About managing Symantec AntiVirus 13 Managing with the Symantec System Center 14 Using console views 15 Saving console settings 16 Understanding Symantec System Center icons 17 Discovering computers and refreshing the console 19 Auditing computers 31 About clients and servers 37 ... 46 Moving a server to a different server group 46 Viewing server groups 47 Deleting server groups 48 Enhancing server group security 48 How the access list works 48 Implementing enhanced server group...
Contents Technical support Section 1 Managing Symantec AntiVirus Chapter 1 Managing Symantec AntiVirus About managing Symantec AntiVirus 13 Managing with the Symantec System Center 14 Using console views 15 Saving console settings 16 Understanding Symantec System Center icons 17 Discovering computers and refreshing the console 19 Auditing computers 31 About clients and servers 37 ... 46 Moving a server to a different server group 46 Viewing server groups 47 Deleting server groups 48 Enhancing server group security 48 How the access list works 48 Implementing enhanced server group...
Administration Guide
Page 8
...-bit computers ... 149 Updating virus definitions files on Symantec AntiVirus servers 150 Updating and configuring Symantec AntiVirus servers using the Virus Definition Transport Method 150 Updating ... updates 160 Updating virus definitions files on Symantec AntiVirus clients 162 Updating virus definitions files on Symantec AntiVirus clients immediately 164 Configuring managed clients to ...Preparing for a virus outbreak 174 Creating a virus outbreak plan 174 Defining Symantec AntiVirus actions for handling suspicious files 175 Automatically purging suspicious files from local Quarantines...
...-bit computers ... 149 Updating virus definitions files on Symantec AntiVirus servers 150 Updating and configuring Symantec AntiVirus servers using the Virus Definition Transport Method 150 Updating ... updates 160 Updating virus definitions files on Symantec AntiVirus clients 162 Updating virus definitions files on Symantec AntiVirus clients immediately 164 Configuring managed clients to ...Preparing for a virus outbreak 174 Creating a virus outbreak plan 174 Defining Symantec AntiVirus actions for handling suspicious files 175 Automatically purging suspicious files from local Quarantines...
Administration Guide
Page 13
... server groups ■ Enhancing server group security ■ Managing with client groups ■ Configuring clients directly ■ Changing an unmanaged client into a managed client (and the reverse) ■ How settings propagate About managing Symantec AntiVirus Using the Symantec System Center, you can perform Symantec AntiVirus administrative operations such as installing antivirus protection on your network. In addition...
... server groups ■ Enhancing server group security ■ Managing with client groups ■ Configuring clients directly ■ Changing an unmanaged client into a managed client (and the reverse) ■ How settings propagate About managing Symantec AntiVirus Using the Symantec System Center, you can perform Symantec AntiVirus administrative operations such as installing antivirus protection on your network. In addition...
Administration Guide
Page 17
...settings. Compare this icon to the next one, which contains all server groups default to locked when you start the Symantec System Center. Symantec AntiVirus server running on the system, you may need to upgrade to the newer version to configure and run scans for...choose No when exiting the console, the changes are running on a supported Windows or NetWare computer. For security reasons, all server groups. Managing Symantec AntiVirus 17 Managing with the Symantec System Center Choosing No may be infected with its password before you can configure or run updates and ...
...settings. Compare this icon to the next one, which contains all server groups default to locked when you start the Symantec System Center. Symantec AntiVirus server running on the system, you may need to upgrade to the newer version to configure and run scans for...choose No when exiting the console, the changes are running on a supported Windows or NetWare computer. For security reasons, all server groups. Managing Symantec AntiVirus 17 Managing with the Symantec System Center Choosing No may be infected with its password before you can configure or run updates and ...
Administration Guide
Page 31
...Symantec AntiVirus running leave holes open in as a Symantec AntiVirus consumer version), including the type and version of the computers that you are auditing. You must be able to determine the antivirus.... Note: If a firewall is installed. ■ Whether antivirus software from other vendors or from Symantec (such as Administrator to them. Run a network audit and...Symantec AntiVirus 31 Managing with the Symantec System Center Auditing computers Computers on the computer. You can run a network audit of remote computers to determine the following: ■ Whether a Symantec AntiVirus...
...Symantec AntiVirus running leave holes open in as a Symantec AntiVirus consumer version), including the type and version of the computers that you are auditing. You must be able to determine the antivirus.... Note: If a firewall is installed. ■ Whether antivirus software from other vendors or from Symantec (such as Administrator to them. Run a network audit and...Symantec AntiVirus 31 Managing with the Symantec System Center Auditing computers Computers on the computer. You can run a network audit of remote computers to determine the following: ■ Whether a Symantec AntiVirus...
Administration Guide
Page 44
Changing server group passwords You can change passwords regularly for security purposes. To change a server group password 1 In the Symantec System Center console, in the left pane, right-click the server group, and then click Configure Server Group Password. 2 Type the old password... the old password. 3 Press Tab, and then type the new password. 4 Press Tab, and then retype the password. 5 Click OK. 6 Close the Symantec System Center console. 7 When prompted to change server group passwords. 44 Managing Symantec AntiVirus Managing with server groups To no longer save , click No.
Changing server group passwords You can change passwords regularly for security purposes. To change a server group password 1 In the Symantec System Center console, in the left pane, right-click the server group, and then click Configure Server Group Password. 2 Type the old password... the old password. 3 Press Tab, and then type the new password. 4 Press Tab, and then retype the password. 5 Click OK. 6 Close the Symantec System Center console. 7 When prompted to change server group passwords. 44 Managing Symantec AntiVirus Managing with server groups To no longer save , click No.
Administration Guide
Page 48
... group that communicates with IP or IPX addresses that are limited to read-only access for each Symantec System Center console that you want to a new or existing server group. 48 Managing Symantec AntiVirus Enhancing server group security Deleting server groups Before you can delete a server group, you must move any existing servers using...
... group that communicates with IP or IPX addresses that are limited to read-only access for each Symantec System Center console that you want to a new or existing server group. 48 Managing Symantec AntiVirus Enhancing server group security Deleting server groups Before you can delete a server group, you must move any existing servers using...
Administration Guide
Page 49
Figure 1-2 Managing Symantec AntiVirus 49 Enhancing server group security Enhanced server group security Read Write Authorized Symantec System Center console Read Only Primary Server Read Only Read Write Read Only Unauthorized Symantec System Center console Secondary Server Access List Registry Client Access List Registry Implementing enhanced server group security You can perform the following tasks to implement protection...
Figure 1-2 Managing Symantec AntiVirus 49 Enhancing server group security Enhanced server group security Read Write Authorized Symantec System Center console Read Only Primary Server Read Only Read Write Read Only Unauthorized Symantec System Center console Secondary Server Access List Registry Client Access List Registry Implementing enhanced server group security You can perform the following tasks to implement protection...
Administration Guide
Page 50
... group. where is the numeric address for the computer and is the numeric address for an address when you need to allow the Symantec System Center to include the access list on each server and leaving it empty. Delete the value for the computer. You do not...the access list of the computers that you create a registry subkey and specify the authorized IP and IPX addresses. 50 Managing Symantec AntiVirus Enhancing server group security Choosing which computers to include the address for the primary server. If you are only changing client group settings, you only need...
... group. where is the numeric address for the computer and is the numeric address for an address when you need to allow the Symantec System Center to include the access list on each server and leaving it empty. Delete the value for the computer. You do not...the access list of the computers that you create a registry subkey and specify the authorized IP and IPX addresses. 50 Managing Symantec AntiVirus Enhancing server group security Choosing which computers to include the address for the primary server. If you are only changing client group settings, you only need...
Administration Guide
Page 51
... additional computers. ■ Roll out the access list via your preferred distribution tool. ■ Force the Symantec AntiVirus antivirus component to import the access list immediately. If you want a change information is forwarded to the parent server...registry editor, such as the binary data associated with which these items are logged. Managing Symantec AntiVirus 51 Enhancing server group security Forcing the access list to reload By default, the access list is not included in the...registry editor. Rolling out the access list You can edit the registry to log unauthorized changes.
... additional computers. ■ Roll out the access list via your preferred distribution tool. ■ Force the Symantec AntiVirus antivirus component to import the access list immediately. If you want a change information is forwarded to the parent server...registry editor, such as the binary data associated with which these items are logged. Managing Symantec AntiVirus 51 Enhancing server group security Forcing the access list to reload By default, the access list is not included in the...registry editor. Rolling out the access list You can edit the registry to log unauthorized changes.
Administration Guide
Page 52
The following message will appear when an unauthorized event occurs: Access denied to enable logging. 5 Close the registry editor. 52 Managing Symantec AntiVirus Enhancing server group security 2 Open the HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\ VirusProtect6\CurrentVersion\AccessList key. 3 Type LogAccessDenied as a new DWord. 4 Type 1 as the binary data associated with the LogAccessDeniedWindowMinutes DWord ...
The following message will appear when an unauthorized event occurs: Access denied to enable logging. 5 Close the registry editor. 52 Managing Symantec AntiVirus Enhancing server group security 2 Open the HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\ VirusProtect6\CurrentVersion\AccessList key. 3 Type LogAccessDenied as a new DWord. 4 Type 1 as the binary data associated with the LogAccessDeniedWindowMinutes DWord ...
Administration Guide
Page 91
...provide protection for legacy systems. About scans in Symantec AntiVirus You can then obtain confidential information regarding user behavior. ■ Security risks: Threats that use the POP3 or SMTP communications protocols; You can be downloaded from the Symantec System Center console: ■ File System ...horses, worms, or other types of threats. Scanning for viruses and other threats 91 About scans in earlier versions of Symantec AntiVirus. Viruses, Trojan horses, and worms are scanned for Internet email also includes outbound email heuristics scanning File System Auto-Protect...
...provide protection for legacy systems. About scans in Symantec AntiVirus You can then obtain confidential information regarding user behavior. ■ Security risks: Threats that use the POP3 or SMTP communications protocols; You can be downloaded from the Symantec System Center console: ■ File System ...horses, worms, or other types of threats. Scanning for viruses and other threats 91 About scans in earlier versions of Symantec AntiVirus. Viruses, Trojan horses, and worms are scanned for Internet email also includes outbound email heuristics scanning File System Auto-Protect...
Administration Guide
Page 101
... are encrypted and backed up , it automatically after which Auto-Protect is enabled on the computers for which you are using Symantec Client Security firewall client and want to trace threats" on page 104. 8 Under Automatic enabler, ensure that is checked, and then specify...provided by Bloodhound Heuristic Scanning, click Heuristics. Once a file is checked as a data safety precaution. Poll for network sessions every Symantec AntiVirus polls once every second (1000 ___ milliseconds milliseconds) by default. Higher values decrease Threat Tracer's ability to enable it must be restored...
... are encrypted and backed up , it automatically after which Auto-Protect is enabled on the computers for which you are using Symantec Client Security firewall client and want to trace threats" on page 104. 8 Under Automatic enabler, ensure that is checked, and then specify...provided by Bloodhound Heuristic Scanning, click Heuristics. Once a file is checked as a data safety precaution. Poll for network sessions every Symantec AntiVirus polls once every second (1000 ___ milliseconds milliseconds) by default. Higher values decrease Threat Tracer's ability to enable it must be restored...
Administration Guide
Page 106
...you are immediately downloaded to the computer that are running the email client and scanned when the user opens the message. Symantec AntiVirus also detects the virus if the user tries to save attachments to a local drive or network drive. Scanning outgoing email...Internet email is enabled, attachments are downloading a large attachment over a slow connection, mail performance is affected. Symantec AntiVirus also provides outbound email heuristics scanning that uses SSL (Secure Sockets Layer) ■ HTTP-based email such as Hotmail and Yahoo! Email scanning does not support the...
...you are immediately downloaded to the computer that are running the email client and scanned when the user opens the message. Symantec AntiVirus also detects the virus if the user tries to save attachments to a local drive or network drive. Scanning outgoing email...Internet email is enabled, attachments are downloading a large attachment over a slow connection, mail performance is affected. Symantec AntiVirus also provides outbound email heuristics scanning that uses SSL (Secure Sockets Layer) ■ HTTP-based email such as Hotmail and Yahoo! Email scanning does not support the...
Administration Guide
Page 113
...the trackware category. Configuring scheduled scans Configuring scheduled scans consists of: ■ Scheduling scans for Symantec AntiVirus servers and clients ■ Setting options for missed scans ■ Optionally editing, deleting, or disabling a scan, or running a scheduled scan on the computer. Scanning for... not subject to viruses. For example, your company's security policy may want to delete them manually to run an adware program. See "Enabling expanded threat categories" on computers by threats When Symantec AntiVirus deletes a file that are not protected from scans....
...the trackware category. Configuring scheduled scans Configuring scheduled scans consists of: ■ Scheduling scans for Symantec AntiVirus servers and clients ■ Setting options for missed scans ■ Optionally editing, deleting, or disabling a scan, or running a scheduled scan on the computer. Scanning for... not subject to viruses. For example, your company's security policy may want to delete them manually to run an adware program. See "Enabling expanded threat categories" on computers by threats When Symantec AntiVirus deletes a file that are not protected from scans....
Administration Guide
Page 125
... before permitting an uninstallation. To deny or permit users the ability to unload Symantec AntiVirus 1 In the Symantec System Center console, right-click a server, server group, or client group, and then click All Tasks > Symantec AntiVirus > Client Administrator Only Options. 2 Click the Security tab. 3 Change the setting for a password before permitting an uninstallation. ■ Allow users...
... before permitting an uninstallation. To deny or permit users the ability to unload Symantec AntiVirus 1 In the Symantec System Center console, right-click a server, server group, or client group, and then click All Tasks > Symantec AntiVirus > Client Administrator Only Options. 2 Click the Security tab. 3 Change the setting for a password before permitting an uninstallation. ■ Allow users...
Administration Guide
Page 126
...server group, or client group, and then click All Tasks > Symantec AntiVirus > Client Administrator Only Options. 2 Click the Security tab. 3 Check Ask for password to allow uninstall of the following: ■ Select a scheduled scan, and then click Edit. ■ Click New to create a new scan. 3 In... Center console, right-click a server group, server, or client group, and then click All Tasks > Symantec AntiVirus > Scheduled Scan. 2 In the Scheduled Scans dialog box, do one of Symantec AntiVirus Client. 4 Click Change. 5 In the Configure Password dialog box, type a new password, and then ...
...server group, or client group, and then click All Tasks > Symantec AntiVirus > Client Administrator Only Options. 2 Click the Security tab. 3 Check Ask for password to allow uninstall of the following: ■ Select a scheduled scan, and then click Edit. ■ Click New to create a new scan. 3 In... Center console, right-click a server group, server, or client group, and then click All Tasks > Symantec AntiVirus > Scheduled Scan. 2 In the Scheduled Scans dialog box, do one of Symantec AntiVirus Client. 4 Click Change. 5 In the Configure Password dialog box, type a new password, and then ...
Administration Guide
Page 133
... be excluded. ■ If you copied a large folder that was enabled, the copying process would not take as follows: ■ When Symantec AntiVirus applies exclusions, the excluded items are not sure if a file is scanned. ■ For virus sweep, manual, Auto-Protect, and scheduled scans... the exclusions list and the exclusions setting was not in the exclusions list, disabling exclusions would improve performance. In addition, certain Symantec AntiVirus scans allow exclusion by drivers and named folders; To maintain security, you can exclude scans of the path C:\Temp\Install).
... be excluded. ■ If you copied a large folder that was enabled, the copying process would not take as follows: ■ When Symantec AntiVirus applies exclusions, the excluded items are not sure if a file is scanned. ■ For virus sweep, manual, Auto-Protect, and scheduled scans... the exclusions list and the exclusions setting was not in the exclusions list, disabling exclusions would improve performance. In addition, certain Symantec AntiVirus scans allow exclusion by drivers and named folders; To maintain security, you can exclude scans of the path C:\Temp\Install).