Symantec Client Security Client Security 3.0 (10364154)
Contents
1. 140 Installing Symantec Client Security clients About Symantec Client Security client installation About Symantec Client Security client installation The Symantec Client Security client program does the following Protects the computer on which it runs If managed communicates with its Symantec Client Security parent server Symantec Client Security antivirus client runs on supported computers that may act as network servers or workstations If a Windows network server needs antivirus protection only install the Symantec Client Security antivirus client You can install Symantec Client Security using any of the following methods Deploy the stand alone Symantec Client Security antivirus client installation package across a network connection to remote computers from the Symantec Client Security CD The stand alone Symantec Client Security antivirus client installation is provided in the SAV folder in the root of the CD Installing Symantec Client Security firewall client without Symantec Client Security antivirus client is not supported Deploy the antivirus client installation package across a network connection to remote computers from the Symantec System Center or the Symantec Client Security CD See Deploying the client installation across a network connection on page 143 Distribute the antivirus client installation package to the computer on which it is to be installed and then execute the package Common distr2. 9 In the Setup Type panel select one of the following Complete To install all of the components that are included with the default installation m Custom To customize the installation For example in the Custom panel you can deselect any email protection components that you do not want to install Click Next ie Symantec Client Security InstallShield Wizard xi Network Setup Type Choose the network setup type that best suits your need symantec Setup supports the following installation scenarios Managed Choose this option if this computer is to be managed by a computer running Symantec Antivirus Server Edition Unmanaged Choose this option if this computer will not be managed by a computer running Symantec Antivirus Server Edition For example your home computer Select the option you want to use Managed Unmanaged Installshield Cancel In the Network Setup Type panel do one of the following m To have the antivirus client be managed by a parent server click Managed and then click Next Continue with To set up and finish a managed installation on page 165 m To have the antivirus client run without a parent server click Unmanaged and then click Next Continue with To finish an unmanaged installation on page 165 m If you are migrating from a previous version of Symantec Client Security as a managed client the Network Setup Type panel does not appear Contin
3. See Starting the client installation on page 143 m Run the antivirus client setup program See Running the client setup program on page 145 Starting the client installation You can install the Symantec Client Security client using the NT Client Install tool Start the client installation You can install the Symantec Client Security client from the Symantec Client Security CD or from the Symantec System Center 144 Installing Symantec Client Security clients Deploying the client installation across a network connection To start the client installation from the CD 1 2 3 Insert the Symantec Client Security CD into the CD ROM drive gt Symantec Client Security Eio xi symantec Symantec Client Security Read This First Install Symantec Client Security Install Administrator Tools Browse CD In the Symantec Client Security panel click Install Symantec Client Security gt Deploy Symantec Client Security Continue the installation See Running the client setup program on page 145 To start the client installation from the Symantec System Center 1 In the Symantec System Center in the left pane do one of the following m Click System Hierarchy m Under System Hierarchy select any object On the Tools menu click NT Client Install NT Client Install is available only if you selected the NT Client Install tool when you installed the Symantec System Center Th
4. Symantec Client Security Installation Guide 9 symantec Symantec Client Security Installation Guide The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement Documentation version 2 0 PN 10223888 Copyright Notice Copyright 2004 Symantec Corporation All Rights Reserved Any technical documentation that is made available by Symantec Corporation is the copyrighted work of Symantec Corporation and is owned by Symantec Corporation NO WARRANTY The technical documentation is being delivered to you AS IS and Symantec Corporation makes no warranty as to its accuracy or use Any use of the technical documentation or the information contained therein is at the risk of the user Documentation may include technical or other inaccuracies or typographical errors Symantec reserves the right to make changes without prior notice No part of this publication may be copied without the express written permission of Symantec Corporation 20330 Stevens Creek Blvd Cupertino CA 95014 Trademarks Symantec the Symantec logo LiveUpdate and Norton AntiVirus are U S registered trademarks of Symantec Corporation Norton Internet Security Norton Personal Firewall Symantec AntiVirus Symantec Client Firewall Symantec Client Security and Symantec Security Response are trademarks of Symantec Corporation Other brands and product names mentioned in this
5. Settings that are preserved for supported platforms include the following m Scheduled scans and LiveUpdate sessions m All scan options m All Auto Protect options m Custom exclusions and file extensions to scan m LiveUpdate host files m Symantec Client Security activity logs m Quarantine forwarding information Note When upgrading from supported Symantec firewall products the installation may succeed but the custom settings including the firewall policy files may be lost After you have installed the current version you should distribute the current policy files to ensure that the clients on your network are protected Migrating to the current version of Symantec Client Security 83 Creating migration plans Quarantine items are automatically migrated If there are any items in Quarantine on Symantec Client Security clients or servers they are migrated automatically to the Symantec AntiVirus Quarantine However if any items in Quarantine are determined by Symantec Client Security to be uninfected they are deleted rather than migrated Creating migration plans In general upgrading from an earlier version of a Symantec AntiVirus product such as Norton AntiVirus Corporate Edition 7 6 starts with the migration of the management console followed by the migration of the servers and ending with the migration of the clients However the actual sequence of events varies depending on your environment Evaluate the curre
6. enable Auto Protect on a client Other compliancy issues may require a manual 40 Introducing Symantec Client Security What you can do with Symantec Client Security resolution for example a computer may need to update to a compliant Symantec Client Security version Verify security status Using the Symantec System Center console you can select and view the protection settings for any managed computer that is running Symantec Client Security Managed computers appear in the right pane of the console when their parent servers are selected in the tree Establish and enforce policies You can establish and enforce the following policies to control the Symantec Client Security user experience m You can lock configuration settings such as Auto Protect scanning to ensure that your antivirus clients remain protected from viruses at all times m You can tamper protect the Windows registry values that Symantec Client Security uses and receive notifications when specific registry keys are modified This is the default setting m You can password protect server groups so that changes to antivirus server and antivirus client settings can be made by authorized staff only m You can allow or prevent users from setting modifying or viewing the firewall policy on a workstation View history and event log data The Symantec System Center console offers basic reporting tools for history and event log data Reports are based on Symantec C
7. gt Programs gt Windows 2000 Resource Kit gt Tools 2 Double click Alphabetized List of Tools 70 Preparing to install Symantec Client Security Preparing for Symantec Client Security client installation 3 Click Application Security 4 Inthe Authorized Applications dialog box in the Security group box click Enabled Users are denied access to any program that is not included in the Authorized Applications list including the Symantec Client Security virus scanner Preparing for Symantec Client Security client installation To ensure a successful Symantec Client Security client rollout review the following preinstallation considerations m About required restarts m About email support About required restarts When you run a silent installation on computers that are running Windows 98 Me a forced restart is required About email support Symantec Client Security antivirus client can interface with supported email client software This provides an additional level of antivirus protection that works in conjunction with Symantec server side email protection products It does not replace them The Symantec Client Security client installation program automatically detects installed Microsoft Exchange Outlook and Lotus Notes clients and selects the appropriate option for installation If you do not want to install the extra layer of protection provided by the email support you can deselect each component during install
8. m Citrix Metaframe ICA client 1 8 or later Symantec Client Security antivirus client for 64 bit computers Symantec Client Security antivirus clients for 64 bit computers have the following requirements m Windows XP 64 bit Edition Version 2003 Windows Server 2003 Enterprise Datacenter 64 bit m 32 MB RAM minimum m 70 MB disk space m Internet Explorer 4 01 or later m Itanium 2 processor Symantec Client Firewall Administrator requirements Symantec Client Firewall Administrator has the following requirements m Windows NT 4 0 Workstation Server with Service Pack 6a Windows 2000 Professional Server Advanced Server Windows XP Professional Windows Server 2003 Web Standard Enterprise Datacenter m 64MBRAM m 80 MB disk space Requirements for clients that are running IPX only When you install Symantec Client Security to computers that are running IPX only the parent server to which they will connect must have Microsoft File and Print Services for NetWare installed If you are installing from a network share on the parent server or using a configurations file Grc dat that contains the IPX address of the parent server Microsoft File and Print Services for NetWare is not required on the server 78 Preparing to install Symantec Client Security Installation requirements Migrating to the current version of Symantec Client Security This chapter includes the following topics Migration overview Creating migration pla
9. of product documentation whether hard copy or electronic as a part of a Copyright 1994 2004 Sun Microsystems Inc 4150 Network Circle Santa Clara Contents Technical support Chapter 1 Chapter 2 Introducing Symantec Client Security About Symantec Client Security ccecceccseeseseeesseseeseseseeceseeeeseseeecseeeaeseeeees 19 Components of Symantec Client Security oo eeeseseseseseseseetseeseeeeeeeesesees 20 What s new in this release 0 ee eeesesesesesceeeeeseeeceseseseseeeseseeeeeeeeseasaeneseeeeeteeeeaes 22 How Symantec Client Security works cccecceseseseeceseseeeeseeeeeeseeeseeeeesseeeeaeaes 25 How the Symantec System Center works ccccscessesseessesseeeseseeeeseeees 26 How installation WOrKS 0 seeessssssesececesecesescscsescececeeeeeseaceceeeceeseseeeeeeeaees 27 How protection updating works 0 cccecessssssessecesesseceseeseeeseeeeseesseeseeees 28 How Symantec Client Security communication works ccee 29 How alerting WOKS cccccscssssesseseseeceseseeseseseeeeseeceseecesaesececseeeeseeeeseeeeaesees 31 How the Digital Immune System works cccceceseeseseseeeeceseeeeseeeeeeseeeees 32 What you can do with Symantec Client Security 20 0 0 cceeeeeseeseeeeeeteeeees 33 Deploy protection efficiently ccceesesssssssssseceseseseseesssssssseseeessesesesees 33 Protect against blended threats ccccessssssssesseeeseeeseeseseseeseseeeeseseeeesees 34 Prote
10. technology for the installation and deployment of Symantec Client Security Windows Installer files support a wide variety of configuration and installation options for Symantec Client Security client and server installations In addition to the standard Windows Installer options Symantec Client Security includes a set of command line options that can be used to customize the installation The use of Windows Installer technology provides reduced deployment size a smaller installation footprint fully customizable security options support for a broad variety of management and deployment environments and support for in field patches for security updates and feature upgrades 34 Introducing Symantec Client Security What you can do with Symantec Client Security When you use Windows Installer packages you can deploy Symantec Client Security with any of the following m The Symantec System Center m Web based installation m Network logon scripts m Third party deployment tools such as Microsoft Active Directory Tivoli Microsoft Systems Management Server SMS Novell ManageWise ZENworks and Microsoft IntelliMirror m Symantec Packager deployment tool part of Symantec Packager Note Symantec Packager is included with this release of Symantec Client Security as an unsupported tool For more information see Using Symantec Packager with Symantec Client Security pkgrinfo pdf in the Symantec Packager folder on the Symantec Client S
11. 19 traffic client 68 planning for 72 NLMs automatic startup for 66 manually loading 131 Novell ManageWise ZENworks Application Launcher 167 Index 187 Novell NetWare requirements 75 NT Client Install tool installing with the Symantec System Center 96 management component 47 requirements 74 packages deploying 152 protection about deploying 33 against blended threats 34 against intrusion 34 against viruses 35 protocols required 72 Q Quarantine Console about 53 requirements 73 R registry key protecting on Windows NT 4 0 computers 169 remote access programs 36 Reset ACL tool 170 restarts required 64 70 rights to install to NetWare servers 66 to install to target computers 62 roaming clients about 52 communication 31 S SavRoam exe 52 scans and server client communication 29 as protection against viruses 35 Auto Protect 40 preventing 69 rescanning and submitting files to Symantec Security Response 32 viewing history and event log data 40 scheduled scans 36 Index security threats 19 verifying status 40 server installation about 116 completing 127 deploying 120 enabling sharing 65 methods 115 options 63 requirements 74 restart may be required 64 rights 65 66 setup program 122 starting 120 verifying network access 65 setup program for servers 122 SMS See Microsoft Systems Management Server SMS spyware 36 Start htm 159 startup scans 36 status information communication for 30 Sy
12. Chapter 4 Client installation methods norises a EE E 49 Types of Symantec Client Security clients 0 ccescesesesesesetetetseseeees 51 About administration tools ccesssesessseceseseseeeeeesesecececescsceeseeeeeeeeeeeeaeaeaeaees 52 Methods for updating virus definitions files cceeesesesseseseeeeesesesesesees 54 Best practice Piloting Symantec Client Security in a lab setting 56 Simulating a realistic network environment in a lab setting 56 Preparing to install Symantec Client Security General preinstallation considerations c cccccccscssessescesceseseessescesesecseeseees How to prepare for the Symantec System Center installation About customizing the client and server installation files using Windows Installer Options ccccccscssessessescescsseseesseseesesecseeseessenes 62 About configuring user rights with Active Directory 62 About setting administrative rights to target computers 62 Preparing for Symantec Client Security server installation Symantec Client Security server installation options ceee 63 About required restart soi sic a dads cavisaso wards E E a EIEN 64 Locating servers across routers during installation 0 ceeeeees 64 Verifying network access and Privileges ceeesesssseseseseesseeesesesesesees 65 Installation order for Citrix Metaframe on Terminal Server 66 Installing to NetWare serv
13. Determines whether Auto Protect is enabled after the installation is complete where lt val gt is one of the following values m 1 This enables Auto Protect after installation m lt n gt Any other integer value disables Auto Protect after installation The default setting is 1 enabled RUNLIVEUPDATE lt val gt Determines whether LiveUpdate is enabled as part of the installation where lt val gt is one of the following m 1 This enables LiveUpdate after installation m lt n gt Any other integer value disables LiveUpdate after installation The default setting is 1 enabled The user must have Administrator privileges if this value is used Note LiveUpdate is a required component of the Symantec Client Security installation NETWORKTYPE lt val gt Describes the management state of the target computer when installation is complete where lt val gt is one of the following m1 Managed m 2 Unmanaged m4 Server SERVERNAME lt server group name gt Specifies the name of the pre existing server group that manages the target computer Windows Installer msi command line reference 179 Symantec Client Security properties Table A 3 Symantec Client Security properties INSTALLDIR lt target directory gt Specifies the installation directory on the target computer The default directory is C Program Files Symantec Client Security If the path specified contains long file
14. EMailTools OutlookSnapin NotesSnapin the password my Pass with all of the Pop3Smtp SCFMain SCFHelp AntiSpam default features except QClient Donot NETWORKTYPE 2 SERVERNAME SR1 restart the computer after SERVERGROUPPASS my Pass installation and do not enable Auto ENABLEAUTOPROTECT 0 RUNLIVEUPDATE 1 Protect when the computer is REBOOT ReallySuppress qn ultimately restarted Windows Installer msi command line reference 183 Command line examples Table A 8 Command line examples Silently install a managed Symantec Client Security client to the default path that is managed by the SR1 server having the password my Pass with no SAV Help no Lotus Notes Snap in and no Firewall Help Do not run LiveUpdate and do not restart the computer automatically msiexec i Symantec Client Security msi ADDLOCAL SAVMain SAVUI SAVHelp EMailTo ols OutlookSnapin Pop3Smtp QClient SCFMain AntiSpam NETWORKTYPE 1 SERVERNAME SR1 SERVERGROUPPASS my Pass ENABLEAUTOPROTECT 1 RUNLIVEUPDATE 0 REBOOT ReallySuppress qn 184 Windows Installer msi command line reference Command line examples Numerics 64 bit virus definitions files updates 28 55 A adware 36 Alert Management System See AMS alerting how it works 31 alias 161 AMS about alerting 31 about the console 46 and server installation 117 installing with Symantec Client Security server 117 installing with the Symantec System Center 95 manually insta
15. SAV VPSTART NLM Warning You only need to perform this procedure one time after software installation If you use the Install switch again you will overwrite any current configuration settings To manually load the Symantec Client Security NLMs after NLM installation while running NetWare Secure Console Atthe server console type the following Vpstart nlm Installing Symantec Client Security servers 133 Deploying the server installation across a network connection Installing directly to a Windows computer using the server installation package The Windows Installer msi antivirus server installation package Setup exe that comes with Symantec Client Security can be used to install directly to a supported Windows computer by executing the installation program manually or through other deployment methods such as distributing and executing the installation using a third party tool See Installing Symantec Client Security using command line parameters on page 173 Direct installation requires users to be logged on to the computer with administrative rights The only exception to this is if you have enabled elevated privileges for Windows Installer packages through the Microsoft Management Console See How to deploy to a target computer without granting administrator privileges on page 66 The installation package and the supporting files must be copied to a location from which they can be run When the pac
16. Server When you complete the installation you can configure the Central Quarantine For more information see the Symantec Central Quarantine Administrator s Guide on the Symantec Client Security CD Installing Symantec Client Security management components 105 Installing the Central Quarantine Install the Central Quarantine You must install both the Quarantine Console snap in and the Quarantine Server To install the Quarantine Console snap in 1 On the computer on which the Symantec System Center is installed insert the Symantec Client Security CD into the CD ROM drive gt Symantec Client Security b symantec Symantec Client Security Read This First Install Symantec Client Security Install Administrator Tools Browse CD If your computer is not set to automatically run a CD you must manually run Setup exe 2 Inthe Symantec Client Security panel click Install Administrator Tools gt Install Quarantine Console 3 Follow the on screen instructions 106 Installing Symantec Client Security management components Installing the Central Quarantine To install the Quarantine Server 1 On the computer on which you want to install the Quarantine Server insert the Symantec Client Security CD into the CD ROM drive gt Symantec Client Security J symantec Symantec Client Security U Read This First Install Symantec Client Security Install Administrator Tools 2 In
17. Start htm 1 2 In a text editor open Start htm Search for the lt object gt tags and type the correct values See Table 7 4 Start htm parameters and values on page 158 To enable the Web installation the ServerName and VirtualHomeDirectory parameters must be customized to match your Web server configuration Save Start htm 160 Installing Symantec Client Security clients Deploying installation packages using Web based deployment Testing the installation You can test the installation by going to a Web site To test the installation 1 Go to a Web site for example lt your web site gt Webinst and then click Install 2 Ifthe installation fails the following types of error messages could be displayed m If there is a problem with the parameters in Start htm an error message shows the path of the files that the Web based installation is trying to access Verify that the path is correct m If there is a problem in Files ini for example a File not found error compare the File1 value with the actual name of the package file m Confirm that no other entries were changed during modification How to notify users of the download location You can email instructions to your users to download the package that you want to deploy To download the client installation program users must have Internet Explorer 5 01 Service Pack 2 or later on their computers The Internet Explorer security level for the local in
18. Symantec System Center also includes alerting capabilities The Symantec System Center is comprised of the following management components m The Symantec System Center console m Alert Management System AMS2 console m Symantec AntiVirus snap in m Symantec Client Firewall snap in m NT Client Install tool m AV Server Rollout Tool Symantec System Center console The Symantec System Center console lets you view and administer your Symantec Client Security network The Symantec System Center console is installed to the computers from which you plan to manage your Symantec products You must have at least one installation of the Symantec System Center console If your organization is large or you work out of several offices you can install the Symantec System Center to multiple computers by rerunning the installation program and selecting the appropriate option The Symantec System Center console is a Microsoft Management Console MMC snap in MMC is a common framework with no management functionality of its own MMC serves as a central host from which you can run multiple network and component management applications such as the Symantec System Center MMC must be installed on a local drive of a Windows NT 4 0 Workstation or Server computer MMC installs automatically with supported Windows 2000 platforms When the Symantec System Center is installed on this same computer it snaps in to MMC Introducing Symantec Client Securit
19. Uninstall the Symantec System Center You can uninstall the Symantec System Center using the Windows Add Remove Programs option To uninstall the Symantec System Center from Windows NT Server Workstation 1 2 3 4 5 On the Windows taskbar click Start gt Settings gt Control Panel In the Control Panel window double click Add Remove Programs In the Add Remove Programs dialog box click Symantec System Center Click Add Remove Click Yes to confirm To uninstall the Symantec System Center from Windows 2000 Professional Server Advanced Server XP 1 2 3 4 5 On the Windows taskbar click Start gt Settings gt Control Panel In the Control Panel window double click Add Remove Programs In the Add Remove Programs dialog box click Symantec System Center Click Change Remove When the uninstallation completes click Close Installing Symantec Client Security servers This chapter includes the following topics Server installation methods About Symantec Client Security server installation Installing Symantec Client Security servers locally Deploying the server installation across a network connection Manually installing AMS server Uninstalling Symantec Client Security server Server installation methods You can install Symantec Client Security servers using any of the methods that are listed in Table 6 1 You can use any combination of methods that suits your network environment Table 6 1 Ser
20. a network connection 10 Locate and double click the text file that contains the computer names 11 12 13 14 Selection Summary x The following is a summary of the actions that will be taken on the machines from the selected file 192 168 75 62 will become a client once authenticated a 192 168 46 550 will become a client once authenticated g 192 168 65 9 is already running Symantec AntiVirus Server Note You may need to provide a username and password with administrator rights for machines that require authentication Cancel Asummary list of computers to be added under Available Computers appears During the authentication process you may need to provide a user name and password for computers that require authentication In the Selection Summary dialog box click OK During the authentication process Setup checks for error conditions You are prompted to view this information interactively on an individual computer basis or to write the information to a log file for later viewing If you create a log file it is located under C Winnt Savcecln txt Select one of the following m Yes Display the information m No Write to a log file In the Select Computers panel click Finish In the Status of Remote Client Installations window click Done 147 148 Installing Symantec Client Security clients Setting up antivirus client installations using logon scripts Setting up antivirus client ins
21. antivirus clients across a network connection 143 customizing files 157 over the Web 152 requirements for Web based 153 servers across a network connection 120 Symantec Client Security clients across a network connection 143 testing Web based packages 160 to a target computer without granting administrator privileges 66 using Web based installation packages 152 dialers 36 Digital Immune System how it works 32 polling for new virus definitions files 55 Discovery Service communication during 29 distribution with SMS Package Definition Files 166 download location notifying users of 160 E email scanning for viruses 70 errors server installation 130 expanded threat detection 36 F Files ini 158 firewall about creating rules 37 Force update during next login option 150 fully managed clients 51 G Grc dat See configurations file H hack tools 36 installation AMS client stand alone program on an unmanaged client 169 AMS manual 134 antivirus clients 145 Central Quarantine 104 checking for errors on servers 130 clients 140 completing for servers 127 email support 70 from the client installation package on the server 151 how to create a text file with IP addresses to import 64 into NDS 67 LiveUpdate Administration Utility 111 locating servers during 64 Novell ManageWise ZENworks Application Launcher 167 order for Citrix Mainframe on Terminal Server 66 preconfigured packages from the CD 165 preparing 61 required
22. based operating systems Threats can be traced using the source computer IP address and its NetBIOS name Expanded threat detection Scans for new threats in the following categories Spyware Adware Dialers Joke Programs Remote Access programs Hack Tools and Trackware Other threats that do not meet these category requirements are included in the Security Risks category Moving clients between servers Lets you move clients from one parent server to another using a drag and drop operation 24 Introducing Symantec Client Security What s new in this release Table 1 2 New features in Symantec Client Security Forced LiveUpdate for Symantec Client Security clients Provides a way to update virus definitions files when clients on which LiveUpdate is installed are using outdated files When an update operation that ran at the server group level succeeds on all but a few clients you can update the remaining clients immediately even if they normally update using the Virus Definition Transport Method Symantec VPN Sentry Prevents users with nonsecure computers from connecting to the corporate network through a VPN connection and ensures that a computer that is attempting to connect is compliant with the corporate security policy You can allow or deny network access and remediate noncompliant clients Log forwarding Lets you select the events that clients forward to their parent servers and that seco
23. been installed m Norton Personal Firewall 2003 m Symantec Desktop Firewall 2003 Unsupported migration paths Symantec Client Security migration is not supported for the following products m Norton AntiVirus 2004 and earlier m Norton Internet Security 2003 with Norton AntiVirus installed m Norton Internet Security 2001 2002 2004 m Norton Personal Firewall 2001 2002 2004 m Norton AntiVirus on NetWare platforms all versions m Norton AntiVirus for DOS Windows 3 1 all versions m Intel LANDesk Virus Protect all versions 81 82 Migrating to the current version of Symantec Client Security Migration overview IBM AntiVirus all versions Norton AntiVirus as a part of Norton SystemWorks m Antivirus products from other vendors If Norton SystemWorks is detected when the Symantec Client Security setup program runs Symantec Client Security will not install Unsupported migration of Administrator tools Symantec Client Security migration is not supported for the following Administrator tools m Symantec System Center m AMS client and server m Symantec Client Firewall Administrator m LiveUpdate Administrator m Quarantine Server and Quarantine Console Custom settings may be lost If you are not migrating from a supported migration path any custom settings that you have are not saved during the migration process On supported platforms custom settings on clients and servers are preserved during migration
24. ccceseeceseseeseteeeeseeeeeees 83 Pilot your installation first cccccseeesessssssesececesesesesesessesesesesesesesesseees 83 Minimize unprotected Clients c ccc ecccsecssesessessescescesesscseesesscsecsseseeeees 83 Plan your virus definitions update strategy cccescesssesesecesesesesesesees 84 Decide how to handle remote and sometimes connected clients 84 Get virus definitions updating working immediately ccee 84 Match management snap in version to client Version c c ceeee 84 Move Servers among server groups eee eeeeeeseeseceeceeeeeceeaeeseeseceaeeeeeeneens 84 Train your support staff and end users cceeesseseeseseseeseseseeesesesesesees 85 S rver Migration seese a a a a a eens 85 About migrating from the Symantec System Center ccceeeeees 85 Manually uninstalling server components ccceeseeseceseeeeseteeeeseeeeees 85 Installing New Server components 0 00 cecceesesseceseeseeeseeeeceseeeeseeeeseseeeesees 87 Migrating from Symantec Client Security on NetWare platforms 89 About migration from other server antivirus products 0 0 0 90 Client migration nesre rane e e EKOE OE ET 91 About Symantec Client Security firewall client migration 91 Installing from the CD w ccccccssssssssceseseesesssseceesesesessssesseseseesesesesseseeees 92 Installing from the Symantec System Center ccccsssssesesseeseeseesesees 92 How to determine parent
25. example if you are using the Symantec System Center to manage some computers running only IP and others running only IPX you should have both protocols installed on the computer that is running the Symantec System Center You should avoid using the Symantec System Center console across a link that does not support the protocols that are used on the other side of the link This also applies to setting up server groups that cross a link For example servers and clients will not be visible in the Symantec System Center if it is running on Preparing to install Symantec Client Security 73 Installation requirements one side of an IP only WAN link that is being used to connect NetWare servers that are running only IPX no IP loaded on the other side Note If you are running Windows Me XP system disk space usage will be increased if you have the System Restore functionality enabled For more information on how System Restore works see the Microsoft Operating System documentation Symantec System Center and snap in requirements The Symantec System Center requires the following Windows NT 4 0 Workstation Server with Service Pack 6a Windows 2000 Professional Server Advanced Server Windows XP Professional Windows Server 2003 Web Standard Enterprise Datacenter 32 MB RAM 36 MB disk space Internet Explorer 5 5 with Service Pack 2 Microsoft Management Console version 1 2 If MMC is not already installed you will need 3 MB free di
26. file system Auto Protect that is running on Terminal Server does not detect virus events such as saving an infected file that occur on local drives of Terminal Server clients m Symantec Client Security does not provide functionality to Terminal Server clients For example Symantec Client Security does not route alerts to the proper client session or allow for the Symantec System Center to run within a session m Vptray exe is the program that displays the antivirus Auto Protect status in the system tray Launching Vptray exe each session is not feasible when you are scaling to a large user base due to the large footprint that is required for each session Vptray exe does not run if the session is remote but it does run on the Terminal Server console m When a user logs off of a remote Terminal session and the Auto Protect setting to check floppy disks on computer shutdown is enabled an unnecessary access is made to the floppy disk drive on the console This setting is disabled by default m Session specific information is not logged or included in virus alerts Preparing to install Symantec Client Security 69 Preparing for Symantec Client Security server installation Preventing user launched virus scans You can prevent users from running manual scans in Terminal sessions by doing the following m Restrict the Windows Start menu and directories for Symantec Client Security to prevent users from running manual virus scans m U
27. for installation by default Continue the installation See Running the server setup program on page 122 122 Installing Symantec Client Security servers Deploying the server installation across a network connection Running the server setup program The same setup program runs no matter how you started the installation See Starting the server installation on page 120 To run the server setup program 1 Inthe welcome panel do one of the following To install the server to computers that have never had Symantec Client Security installed click Install and then click Next To install the server to computers that have had Symantec Client Security previously installed click Update and then click Next License Agreement x SYMANTEC SOFTWARE LICENSE AGREEMENT SYMANTEC CLIENT SECURITY SYMANTEC CORPORATION AND OR ITS SUBSIDIARIES SYMANTEC IS WILLING TO LICENSE THE SOFTWARE TO YOU AS AN INDIVIDUAL THE COMPANY OR THE LEGAL ENTITY THAT WILL BE UTILIZING THE SOFTWARE REFERENCED BELOW AS YOU OR YOUR ONLY ON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS OF THIS LICENSE AGREEMENT READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE THIS IS LEGAL AND ENFORCEABLE CONTRACT BETWEEN YOU AND THE LICENSOR BY OPENING THIS PACKAGE BREAKING THE SEAL CLICKING ON THE AGREE OR YES BUTTON OR OTHERWISE INDICATING ASSENT ELECTRONICALLY OR LOADING THE SOFTWARE YOU AGRE
28. installation methods will I use How will I perform remote installations Planning the installation 45 Installation overview How will I update virus definitions m How will I set up my test environment before rolling out to my production environment You should review the preinstallation considerations and installation requirements to learn about any issues that will affect your planning decisions See General preinstallation considerations on page 61 See Installation requirements on page 72 How to implement a solution You can use Symantec Client Security in environments that range in size froma small business to a large enterprise Different sized environments must consider how they are going to perform the following tasks m Rolling out the installation m Managing alerting m Protecting against viruses and other threats m Updating virus definitions m Ensuring client compliancy To understand how you can best install Symantec Client Security and perform management operations after installation you may want to review scenarios that describe how Symantec Client Security is implemented in different sized organizations For detailed information on how Symantec Client Security is implemented in an environment that matches the profile of your organization see the Symantec Client Security Reference Guide 46 Planning the installation About Symantec System Center management components About Symantec S
29. m Installing Symantec Client Firewall Administrator optional m Installing the Central Quarantine Server and Console optional m Installing and configuring the LiveUpdate Administration Utility optional 28 Introducing Symantec Client Security How Symantec Client Security works How protection updating works Symantec Client Security provides various methods for keeping protection current Methods for updating firewall policy files Symantec Client Security firewall policies are created and updated using the Symantec Client Firewall Administrator tool Clients can receive policy files through the Symantec System Center Web based distributions logon scripts or other third party tools The method that is used to deploy policy files to clients depends on their levels of client management as follows m Fully managed clients receive their policies through the Symantec System Center m Other clients can receive policy files through Web based distributions logon scripts or other third party tools Methods for updating virus definitions files Symantec Client Security provides the following methods for updating virus definitions files m Virus Definition Transport Method This method is a push operation that starts when a primary server on your network receives new virus definitions from the Symantec LiveUpdate server or if you have one an internal LiveUpdate server The definitions are then pushed to secondary servers and f
30. names use quotation marks surrounding the path Symantec Client Security firewall client properties Table A 4 describes the properties that are configurable for the Symantec Client Security firewall client components Table A 4 Symantec Client Security firewall client properties ENABLEAUTOPROTECT lt val gt Determines whether Auto Protect is enabled after the installation is complete where lt val gt is one of the following values m 1 This enables Auto Protect after installation m lt n gt Any other integer value disables Auto Protect after installation The default setting is 1 enabled RUNLIVEUPDATE lt val gt Determines whether LiveUpdate is enabled as part of the installation where lt val gt is one of the following m 1 This enables LiveUpdate after installation m lt n gt Any other integer value disables LiveUpdate after installation The default setting is 1 enabled NETWORKTYPE lt val gt Describes the management state of the target computer when installation is complete where lt val gt is one of the following m 1 Managed m 2 Unmanaged m 4 Server 180 Windows Installer msi command line reference Symantec Client Security features Table A 4 Symantec Client Security firewall client properties SERVERNAME lt server group name gt Specifies the name of the pre existing server group that manages the target computer Symantec Client Security features There are man
31. properties 0 0 Symantec Client Security features ccccccsssescsesesessssssesseeseesseseesstsesseeeees Symantec Client Security server features cceeseseseseeseteteteteeeees Symantec Client Security antivirus client features 0 0 Symantec Client Security firewall client features 0 0 eee Using the log file to check for errors c cececsssssesesesecesesesesescesesesseseesescseseeees Identifying the point of failure of an installation 0 0 0 0 eee Command line examples a e a e a A N e Eae E ER 17 18 Contents Introducing Symantec Client Security This chapter includes the following topics m About Symantec Client Security m Components of Symantec Client Security m What s new in this release m How Symantec Client Security works m What you can do with Symantec Client Security m Where to get more information about Symantec Client Security About Symantec Client Security Antivirus protection alone is not a sufficient defense against today s complex Internet security threats The new breed of threats blends characteristics of viruses worms Trojan horses and malicious code with server and Internet vulnerabilities By using multiple methods and techniques blended threats such as Nimda and Code Red can rapidly initiate transmit and spread an attack causing widespread damage Effective protection from blended threats requires a security solution that integrates multiple layers of defen
32. restarts 64 requirements 72 running the server setup program 122 selecting computers 124 server methods 115 starting server 120 Symantec Client Firewall Administrator 101 Symantec System Center 95 testing 58 Web server 154 why AMS is installed with the server 117 with logon scripts 148 Intelligent Updater 56 intrusion detection enabling and disabling signatures 37 protection against 34 responding to 37 IP addresses creating a text file for installation 64 IP required protocol 72 IPX required protocol 72 J joke programs 36 L LiveUpdate about 21 and virus definitions update methods 55 communication 30 LiveUpdate Administration Utility installing 111 logon scripts associating users with 150 Force update during next login option 150 installing with 148 setting options for 148 management and updating security 38 component uninstallation 114 policy planning 68 manual startup NLMs 131 Vpstart nlm 128 Microsoft Management Console 40 Microsoft Systems Management Server SMS packages 166 PDF files for distributing the product 166 rolling out Package Definition Files 166 Microsoft Windows requirements 74 N NetWare cluster installation 67 cluster server and volume protection 67 required rights to install to servers 66 NetWare Secure Console installation 131 network connectivity and managing clients 37 51 deploying antivirus clients across 143 clients across 143 server installations across 120 security threats
33. run Vpstart nlm on each NetWare server to complete the installation You can do this at the server console if you have rights or by using RConsole NetWare 5 x for IPX protocol networks or RConsoleJ NetWare 5 x 6 for IP protocol networks Manually load the Symantec Client Security NLMs After installation you must use the Install switch to load Vpstart nlm for the first time If you selected automatic startup during installation the NLMs will load automatically the next time that the server restarts If you selected manual startup you must manually load Vpstart nlm every time that you restart the server Note At the NetWare console do not add the path to the command specified Type the command exactly as it appears These NetWare commands are case sensitive To manually load the Symantec Client Security NLMs for the first time Atthe server console type the following Load Sys Sav Vpstart nlm Install Warning You only need to perform this procedure one time after software installation If you use the Install switch again you will overwrite any current configuration settings To manually load the Symantec Client Security NLMs after NLM installation Atthe server console type the following Vpstart nlm Installing Symantec Client Security with NetWare Secure Console enabled If you are using NetWare Secure Console you can install Symantec Client Security while Secure Console is running After you per
34. will be added to a single server group You can create additional server groups from the Symantec System Center console and use a drag and drop operation to populate them When you install Symantec Client Security server the setup program copies files to the selected Windows NT based computers Then a second setup program Vpremote exe which requires no user input runs on the computer to create and start Symantec Client Security services and modify the registry The installation program installs Symantec Client Security NLMs to the supported NetWare servers that you select and installs services to the supported Windows computers that you select 64 Preparing to install Symantec Client Security Preparing for Symantec Client Security server installation About required restarts The following are a few instances in which a restart is necessary m Installing AMS to a Windows NT computer Restart the computer after the installation program has completed in order for AMS to run m Updating Symantec Client Security files on a Windows NT computer for example when you apply a service release in which case some files might be in use Restart the computer to replace the older files As you install or update Symantec Client Security the installation program displays a status for each server The status reports the progress of the installation or update alerts you to any errors and prompts you for any required action After an inst
35. you try to load Vpstart Install 2 Remove the Symantec Client Security files from the server 3 Use the NetWare Administrator Nwadmin32 exe or Nwadmn95 exe to remove the Symantec Client Security server object from the NDS tree 4 Remove the Symantec Client Security load line from Autoexec ncf if necessary 5 From the Symantec Client Security CD run Setup exe to install Symantec Client Security to your NetWare server 6 When prompted to select Install or Update click Install 7 Select the server groups for the NetWare servers You can move the servers between server groups later All settings from the earlier version of Symantec Client Security are lost and must be reset in the Symantec System Center console after Symantec Client Security is installed You can uninstall the Symantec AntiVirus client console program at your convenience by running its uninstallation item from the Symantec AntiVirus program group on the client computer About migration from other server antivirus products The Symantec Client Security installation requires all products that are not automatically uninstalled to be removed from the servers prior to installation Symantec Client Security also includes the Security Software Uninstaller that can detect and remove versions of antivirus software that are not included in the list of supported migration paths For more information on using the Security Software Uninstaller see the documentation provided fo
36. AMS client is not installed by default To install AMS to an unmanaged client you must install the stand alone AMS client software that is available on the Symantec Client Security CD How the Digital Immune System works The Digital Immune System is a fully automated closed loop antivirus system that manages the entire antivirus process including virus discovery virus analysis and deployment and repair of files that could not be repaired on a client computer This automated system dramatically reduces the time between when a virus is found and when a repair is deployed which decreases the severity of many threats The Digital Immune System works with the Central Quarantine and performs the following actions m Identifies and isolates viruses When a client computer configured to repair infected files cannot repair a specific file it forwards the file first to the local Quarantine and then to the Central Quarantine Server where more current virus definitions may be available m Rescans the file and submits viruses to Symantec Security Response If the Central Quarantine has more current virus definitions than the submitting computer it may be able to fix the file If so it pushes the newer definitions to the submitting computer If the file cannot be repaired it is sent to a Symantec Security Response gateway for further analysis m Analyzes submissions and generates and tests repairs When the Digital Immune System receives a ne
37. E TO THE TERMS AND CONDITIONS OF THIS AGREEMENT IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS CLICK ON THE DO NOT AGREE NO BUTTON OR OTHERWISE INDICATE E Do you agree to the terms of the preceding Symantec License Agreement agree C disagree lt Back Cancel Installing Symantec Client Security servers 123 Deploying the server installation across a network connection In the License Agreement panel click I agree and then click Next Select Items xi M Select the items you want to install IV Server program approx 380 MB Installs Services to the Windows NT servers you select and NLMs to the NetWare servers you select A Ae JA Alert Management System AMS approx 15 MB Daa Installs AMS to this computer and the servers you select AMS can send virus alerts via pager email beeper etc amp NOTE this option has no effect if AMS has been removed from the distribution package lt Back Cancel In the Select Items panel ensure that Server program is checked If you plan to use Alert Management System AMS ensure that it is checked See Why AMS is installed with Symantec Client Security server on page 117 Click Next Select computers to install the previously selected components For Netware servers 5 x and above select any of the server s volume objects to install Symantec AntiVirus into NDS Select the server to install Symantec AntiVirus int
38. Hack tools Trackware Respond to intrusions Introducing Symantec Client Security What you can do with Symantec Client Security Symantec Client Security assists you in creating and enforcing policies at the firewall Table 1 3 summarizes tasks that are related to intrusion prevention Table 1 3 Intrusion prevention tasks Create and enforce firewall rules You can create and enforce firewall policies that are derived from usage requirements for workstations You can roll out more restrictive policies including complete blocking in response to attacks or other unwanted behavior Symantec Client Security includes data and default rules to validate and permit well known applications to access the Internet At the same time the rules block the activity of known Trojan horse programs which masquerade as useful programs while performing unwanted back door activity Symantec provides updated data as necessary Enable or disable intrusion detection signatures You can enable or disable intrusion detection signatures based on vulnerability exposure Symantec supplies intrusion detection signatures which are known detectable network traffic patterns that are derived from previously identified exploits attacks or anomalous activities that are outside of expected behavior or traffic Symantec provides updated signatures as necessary Manage Symantec Client Security clients based on their connectivity Symantec Cl
39. In the welcome panel click Update and then click Next Select the Computer Name click Add and then type the password for Server Group 88 Migrating to the current version of Symantec Client Security Server migration 5 To proceed with the update click Finish 6 When the update process is finished click Close and then restart the computer Auto Protect will start on the computer as soon as Symantec Client Security is installed but the Alert Management System AMS2 services will not start until after you restart the computer If it is necessary to wait for a scheduled restart the computer will be protected from the time of installation but AMS alerting will not work Note Do not delete the NAV folder located by default at lt os drive gt Program Files NAV A non upgraded installation of Symantec Client Security server will create a folder called SAV located at Program Files SAV Installing the Central Quarantine Server If you want to use the services of the Central Quarantine you need to install the Central Quarantine Server To install the Central Quarantine Server 1 From the Symantec Client Security CD run Setup exe 2 Inthe Symantec Client Security panel click Install Administrator Tools gt Install Central Quarantine Server In the welcome panel click Next In the License Agreement panel click I agree and then click Next In the Destination Folder panel click Next for the default installation p
40. KAGE BREAKING THE SEAL CLICKING THE AGREE OR YES BUTTON OR OTHERWISE INDICATING ASSENT ELECTRONICALLY OR LOADING THE SOFTWARE YOU AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS CLICK THE I DO NOT AGREE OR NO BUTTON OR OTHERWISE INDICATE REFUSAL AND MAKE NO FURTHER USE OF THE SOFTWARE 1 License The software and documentation that accompanies this license collectively the Software is the proprietary property of Symantec or its licensors and is protected by copyright law While Symantec continues to own the Software You will have certain rights to use the Software after Your acceptance of this license This license governs any releases revisions or enhancements to the Software that the Licensor may furnish to You Except as may be modified by an applicable Symantec license certificate license coupon or license key each a License Module that accompanies precedes or follows this license and as may be further defined in the user documentation accompanying the Software Your rights and obligations with respect to the use of this Software are as follows You may A use the number of copies of the Software as have been licensed to You by Symantec under a License Module If the Software is part of a suite containing multiple Software titles the number of copies You may use may not exceed the aggregate number of copies indicated in th
41. NT servers the default share path is Server Vphome Clt inst The following installation folder and setup program is available in the Clt inst folder on each server Clt inst Win32 Setup exe Deploying installation packages using Web based deployment The Symantec Client Security client installation program is a Windows Installer based program that can be deployed using a wide variety of deployment tools including Web based deployment tools that support Windows Installer packages Deploying packages through Web based deployment requires the following steps m Review the Web based deployment requirements m Install the Web server if necessary m Set up the installation Web site m Customize the deployment files Files ini and Start htm m Test the installation Notify users of the download location Installing Symantec Client Security clients 153 Deploying installation packages using Web based deployment Packages that are created with Symantec Packager are self extracting executable exe files The Web based deployment tool supports the deployment of Symantec Packager packages and Windows Installer msi files Customizing the Windows Installer installation packages using Symantec Packager is not supported Note Symantec Packager is included with this release of Symantec Client Security as an unsupported tool See Using Symantec Packager with Symantec Client Security pkgrinfo pdf in the Symantec Packager folde
42. OFTWARE ELECTRONICALLY INDICATE YOUR ACCEPTANCE OF THESE TERMS BY SELECTING THE ACCEPT BUTTON AT THE END OF THIS AGREEMENT IF YOU DO NOT AGREE TO ALL THESE TERMS PROMPTLY RETURN THE UNUSED SOFTWARE TO YOUR PLACE OF PURCHASE FOR A REFUND OR IF THE SOFTWARE IS ACCESSED ELECTRONICALLY SELECT THE DECLINE BUTTON AT THE END OF THIS AGREEMENT 1 LICENSE TO USE Sun grants you a non exclusive and non transferable license for the internal use only of the accompanying software and documentation and any error corrections provided by Sun collectively Software by the number of users and the class of computer hardware for which the corresponding fee has been paid 2 RESTRICTIONS Software is confidential and Copyright 1994 2004 Sun Microsystems Inc disclaims any express or implied warranty of fitness for such uses No right title or interest in or to any trademark service mark logo or trade name of Sun or its licensors is granted under this Agreement 3 LIMITED WARRANTY Sun warrants to you that for a period of ninety 90 days from the date of purchase as evidenced by a copy of the receipt the media on which Software is furnished if any will be free of defects in materials and workmanship under normal use Except for the foregoing Software is provided AS IS Your exclusive remedy and Sun s entire liability under this limited warranty will be at Sun s option to replace Software media or refund the fee
43. P address information Problem description m Error messages log files m Troubleshooting performed prior to contacting Symantec m Recent software configuration changes and or network changes To contact Enterprise Customer Service online go to www symantec com select the appropriate Global Site for your country then choose Service and Support Customer Service is available to assist with the following types of issues Questions regarding product licensing or serialization Product registration updates such as address or name changes General product information features language availability local dealers Latest information on product updates and upgrades Information on upgrade insurance and maintenance contracts Information on Symantec Value License Program Advice on Symantec s technical support options Nontechnical presales questions Missing or defective CD ROMs or manuals SYMANTEC SOFTWARE LICENSE AGREEMENT Symantec Client Security SYMANTEC CORPORATION AND OR ITS SUBSIDIARIES SYMANTEC IS WILLING TO LICENSE THE SOFTWARE TO YOU AS AN INDIVIDUAL THE COMPANY OR THE LEGAL ENTITY THAT WILL BE UTILIZING THE SOFTWARE REFERENCED BELOW AS YOU OR YOUR ONLY ON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS OF THIS LICENSE AGREEMENT READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE THIS IS A LEGAL AND ENFORCEABLE CONTRACT BETWEEN YOU AND SYMANTEC BY OPENING THIS PAC
44. RATION AND OR ITS SUBSIDIARIES SYMANTEC IS WILLING TO LICENSE THE SOFTWARE TO YOU AS AN INDIVIDUAL THE COMPANY OR THE LEGAL ENTITY THAT WILL BE UTILIZING THE SOFTWARE REFERENCED BELOW AS YOU OR YOUR ONLY ON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS OF THIS LICENSE AGREEMENT READ THE gt Ido not accept the terms in the license agreement Installshield lt Back Cancel In the License Agreement panel click I accept the terms in the license agreement and then click Next Installing Symantec Client Security servers 119 Installing Symantec Client Security servers locally 4 Inthe Client Server Options panel click Server and then click Next 5 Inthe Setup Type panel select one of the following m Complete To install all of the components that are included with the default installation m Custom To exclude components from the installation or to change the installation location 6 Click Next 7 Inthe Select Server Group panel do one of the following m Type the name of an existing Server Group type the password for that group and then click Next m Type the name of a new server group to be created type the password and then click Next In the password confirmation dialog box retype the password 8 Inthe Install Options panel check one of the following m Auto Protect To enable Auto Protect m Run LiveUpdate To run LiveUpdate at the end of the installation 9 Click Next 10 Inth
45. Run ResetACL exe on each Windows NT 4 0 computer After you run ResetACL exe only users with administrator rights can change the registry keys Trade off considerations for the Reset ACL tool While the Reset ACL tool boosts security for Symantec Client Security on Windows NT 4 0 computers there are several trade off considerations In addition to losing access to the registry users without administrator rights cannot perform the following operations m Start or stop the Symantec AntiVirus Corporate Edition service m Run LiveUpdate m Schedule LiveUpdate m Configure antivirus protection For example they cannot set Auto Protect or email scanning options The options that are associated with these operations are unavailable in the antivirus client interface Users can modify scan options but the changes are not saved in the registry nor are they processed Users can also save manual scan options as the default set but the options are not written to the registry Configuring clients using the configurations file You may want to use the configurations file Grce dat to configure clients when you do any of the following m Install an unmanaged Symantec Client Security antivirus client m Change the parent server of a managed client without having to uninstall and reinstall the antivirus client To assign the antivirus client to a parent server complete the following tasks in the order in which they are listed m Obtai
46. Security CD into the CD ROM drive gt Symantec Client Security symantec Symantec Client Security aS 2 Inthe Symantec Client Security panel click Install Administrator Tools gt Install LiveUpdate Administrator 3 Follow the on screen instructions Installing Symantec Client Security management components Installing and configuring the LiveUpdate Administration Utility To configure the LiveUpdate Administration Utility 1 2 On the Windows taskbar click Start gt Programs gt LiveUpdate Administration Utility gt LiveUpdate Administration Utility Click Retrieve Updates T LiveUpdate Administration Utility File view Tools Help r Product Updates Languages of Updates I Brazilian Portuguese i I Chinese Simplified U T Chinese Traditional a I Czech Host File Editor Symantec Product Line T Enterprise Security Manager D I Ghost T Intruder Alert T Live dvisor Custom Updates M LiveUpdate Jj Download Directory Log File Browse In the LiveUpdate Administration Utility window under Download Directory type or select the download directory on your LiveUpdate server This is the location in which the update packages and virus definitions files will be stored once they are downloaded from Symantec Files are downloaded to a temporary directory that is created by the LiveUpdate Administration Utility Once the file is downloaded it is
47. Setup Summary panel read the message that reminds you that you will need your password to unlock the server group in the Symantec System Center and then click Finish Setup Progress x Symantec Antivirus software will be modified on each of the computers below Computers Computer Action Status Error i Acal Installing Server Copying files 100 lt no errors gt Computers completed Computers with errors View Errors 2 Total computers H 1 0 0 8 Inthe Setup Progress panel view the status of the server installations 9 Finish the installation See Checking for errors on page 130 Checking for errors When Symantec Client Security server is installed to all of the computers that you specified you can check to see if any errors were reported To check for errors 1 Inthe Setup Progress panel select a server and then click View Errors 2 When you are done click Close Note When installing to a Windows NT computer you must restart the computer when the installation completes If you ve installed to any NetWare computers you need to load the appropriate NLMs See Manually loading the Symantec Client Security NLMs on page 131 Installing Symantec Client Security servers 131 Deploying the server installation across a network connection Manually loading the Symantec Client Security NLMs After you install the Symantec Client Security server software you must
48. Symantec Client Security clients 139 Client installation methods Table 7 1 Client installation methods You can use a variety of third party installation tools to distribute the Windows Installer based installation files or a package that you ve created with Symantec Packager that includes the preconfigured installation package Customizing the Windows Installer installation packages using Symantec Packager is not supported Note Symantec Packager is included with this release of Symantec Client Security as an unsupported tool For more information see Using Symantec Packager with Symantec Client Security pkgrinfo pdf in the Symantec Packager folder on the Symantec Client Security CD See About installing clients using third party products on page 166 m See the documentation that came with your third party installation tool for instructions on using the tool m Create a custom msi installation using the components and options specific to Symantec Client Security installation packages See Windows Installer msi command line reference on page 173 NetWare server automatic installations You can configure Symantec Client Security to install automatically to your Windows clients from NetWare servers See Configuring automatic client installations from NetWare servers without the Symantec System Center on page 168 Install Symantec Client Security server on the NetWare server
49. T server you can create a shared resource that all users are authorized to access a NULL share For more information on creating a NULL share see the Microsoft Windows NT server documentation m Ensure that your FTP server Web server or UNC share is configured to share files from the download directory that you specified 112 Installing Symantec Client Security management components Installing and configuring the LiveUpdate Administration Utility m Inthe Symantec System Center console do the following m Configure LiveUpdate for the internal LiveUpdate server m Configure other servers and clients to download virus definitions and program updates from the internal LiveUpdate server m Schedule when you want LiveUpdate sessions to run Many administrators prefer to test virus definitions files on a test network before making them available on a production server If you test your virus definitions files test them on your test network Once testing is complete run LiveUpdate from your production network Install and configure the LiveUpdate Administration Utility Install the LiveUpdate Administration Utility on a Windows NT computer that is running the antivirus server program and then configure it For more information on using the LiveUpdate Administration Utility see the LiveUpdate Administrator s Guide PDF on the Symantec Client Security CD To install the LiveUpdate Administration Utility 1 Insert the Symantec Client
50. TATE TO STATE AND COUNTRY TO COUNTRY 4 Disclaimer of Damages SOME STATES AND COUNTRIES INCLUDING MEMBER COUNTRIES OF THE EUROPEAN ECONOMIC AREA DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES SO THE BELOW LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW AND REGARDLESS OF WHETHER ANY REMEDY SET FORTH HEREIN FAILS OF ITS ESSENTIAL PURPOSE IN NO EVENT WILL SYMANTEC BE LIABLE TO YOU FOR ANY SPECIAL CONSEQUENTIAL INDIRECT OR SIMILAR DAMAGES INCLUDING ANY LOST PROFITS OR LOST DATA ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE EVEN IF SYMANTEC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN NO CASE SHALL SYMANTEC S LIABILITY EXCEED THE PURCHASE PRICE FOR THE SOFTWARE The disclaimers and limitations set forth above will apply regardless of whether or not You accept the Software 5 U S Government Restricted Rights RESTRICTED RIGHTS LEGEND All Symantec products and documentation are commercial in nature The software and software documentation are Commercial Items as that term is defined in 48 C F R section 2 101 consisting of Commercial Computer Software and Commercial Computer Software Documentation as such terms are defined in 48 C F R section 252 227 7014 a 5 and 48 C F R section 252 227 7014 a 1 and used in 48 C F R section 12 212 and 48 C F R section 227 7202 as applicable C
51. a logon script 1 Copy the following files from the Program Files Symantec AntiVirus Logon directory on the protected server to the netlogon share by default C Winnt System32 Repl Import Scripts for Windows NT and C Winnt Sysvol Sysvol Domainname Scripts for Windows 2000 XP 2003 m Vplogon bat m Nbpshpop exe If this share has been changed copy the files to the directory that you set up as the netlogon share 2 If you are installing to a Windows domain that has PDC and BDC copy Vplogon bat and Nbpshpop exe to all PDC and BDC locations or set up replication This prevents a File Not Found error when Windows authenticates to other servers 3 On the Windows taskbar click Start gt Programs gt Administrative Tools gt Computer Management 4 Inthe Computer Management window expand System Tools gt Local Users and Groups gt Users and then double click the user name that you want to receive a client logon installation 5 Inthe User Properties dialog box click Profile 6 Inthe logon script box of the User profile type the following Vplogon bat 7 Click OK Installing from the client installation package on the server When you install a Symantec Client Security server the server setup program creates a client installation shared folder on that Symantec Client Security server On servers running supported Microsoft Windows operating systems the default shared directory for Symantec Client Security server is S
52. able Auto Protect file protection temporarily before saving the file Testing Symantec Client Security client installations After you have installed Symantec Client Security to the computers in your lab environment complete the following tasks m Configure the different scans for maximum protection all files all drives and so on m Test virus definitions file downloads m Obtain a virus test file to trigger the alerting system See Obtaining a virus test file on page 58 m Let scheduled scans and other automated functions run for several days m Verify that the Symantec System Center can view Symantec Client Security clients on both sides of routers See Required protocols on page 72 Planning the installation 59 Best practice Piloting Symantec Client Security in a lab setting Verify that connected Symantec Client Security clients appear in the Symantec System Center console under the correct parent server Lock some Symantec Client Security client scanning parameters using the Symantec System Center and verify that users cannot change these settings Launch a virus sweep and verify that the Symantec Client Security client scans take place Verify that log files and reports reflect the expected data 60 Planning the installation Best practice Piloting Symantec Client Security in a lab setting Preparing to install Symantec Client Security This chapter includes the following topics General p
53. allation or update if the installation program needs to replace any files that are in use the status is Restart necessary for Windows NT computers Locating servers across routers during installation You can browse to find the computers on which you want to install Symantec Client Security server Computers that are located across routers might be difficult to find To verify that you can see a computer when you run the Symantec Client Security server installation program try mapping a drive to the server using Windows Explorer If you can see a computer in Windows Explorer you should see the computer when you run the Symantec Client Security server installation program Browsing requires the use of the Windows Internet Name Service WINS For computers that are located in a non WINS environment such as a native Windows 2000 network that uses the LDAP or DNS protocol you must create a text file with IP addresses and then import it to be able to install to those computers Creating a text file with IP addresses to import You can create a text file of the IP addresses of computers that are located ina non WINS Windows NT based environment During installation you can import the text file and add the listed computers to the computers on which you want to install the server program Note The Import feature is designed for use with supported Windows NT based operating systems only It is not intended for use with NetWare Prepa
54. alone program Deploying the client installation across a network connection Setting up antivirus client installations using logon scripts Installing from the client installation package on the server Deploying installation packages using Web based deployment Installing Symantec Client Security clients locally About installing clients using third party products Configuring automatic client installations from NetWare servers without the Symantec System Center Installing the AMS client stand alone program on an unmanaged client Post installation client tasks Configuring clients using the configurations file Uninstalling Symantec Client Security clients 138 Installing Symantec Client Security clients Client installation methods Client installation methods You can install Symantec Client Security client using any of the methods that are listed in Table 7 1 You can use any combination of methods that suits your network environment Table 7 1 Client installation methods Push You can push the Symantec Client Security client installation directly from the Symantec Client Security CD This method lets you install on computers running supported Microsoft Windows operating systems without giving users administrative rights to their computers See Deploying the client installation across a network connection on page 143 No preparation is necessary Logon script You can fully automate client installations
55. am The wizard is ready to begin installation Installsmieldi 104 Installing Symantec Client Security management components Installing the Central Quarantine 6 Inthe Ready to Install the Program panel if desired check Add Symantec Client Firewall Administrator shortcut on your desktop and then click Install to begin the installation fe Symantec Client Firewall Administrator InstallShield Wizard Installing Symantec Client Firewall Administrator _ The program Features you selected are being installed L a fe z Please wait while the InstallShield Wizard installs Symantec Client Firewall Administrator This may take several minutes Status Generating script operations for action CELETTE The InstallShield Wizard installs all of the necessary files onto your computer 7 Click Finish Installing the Central Quarantine The Central Quarantine is composed of the Quarantine Server and the Quarantine Console The Quarantine Server and the Quarantine Console can be installed on the same or different supported Windows computers The Quarantine Server is managed by the Quarantine Console which snaps in to the Symantec System Center To manage the Central Quarantine from the Symantec System Center console the Quarantine Console snap in must be installed Installation of the Central Quarantine requires the following tasks m Install the Quarantine Console snap in m Install the Quarantine
56. ame Replace machinename with the name of the server For the Specify the folder in which you copied the Web DocumentRoot installation files for example C Client Webinst Double quotation marks are required to specify the DocumentRoot If the quotation marks are omitted Apache services might not start Customizing the deployment files Two files must be modified for the deployment Start htm resides in the root of the Webinst directory Files ini resides in the Webinst subdirectory Customize the deployment files You modify Files ini to contain the names of the packages that you want to deploy You can provide the installation options in Table 7 3 by including the InstallOptions keyword in the General section See Windows Installer commands on page 175 Table 7 3 InstallOptions switches qn Install silently qb Install passively lt log file gt Enable logging where lt log file gt is the name of the log file you want to generate The log file specified must have a log file extension Iv Set the level of logging verboseness The valid values are 0 1 and 2 The parameters in the Start htm file contain information about the Web server and the locations of the files that need to be installed The configuration 158 Installing Symantec Client Security clients Deploying installation packages using Web based deployment parameters in Table 7 4 are located near the bottom of the Start htm file insi
57. ameters see the Symantec Knowledge Base For more information on using the standard Windows Installer commands see the documentation provided by Microsoft 174 Windows Installer msi command line reference Installing Symantec Client Security using command line parameters Default Symantec Client Security client installation The default Symantec Client Security client installation package includes the following installation components m Symantec Client Security client base files including the user interface are installed including the Symantec Client Security firewall client with Ad Blocking enabled m Symantec Client Security Help files are installed m Auto Protect Email Snap Ins including Microsoft Exchange Lotus Notes and Internet Email are installed and enabled if the corresponding Microsoft Exchange Outlook or Lotus Notes clients are detected The Internet Email Snap In is installed by default m Symantec Quarantine client files are installed m LiveUpdate is installed and updated virus definitions files are downloaded from the Symantec Web site if the client is connected to the Internet The default Symantec Client Security client installation package includes the following installation settings m The client is installed as an unmanaged client m Computer restart is required m Auto Protect is enabled after the computer is restarted Note The default Symantec Client Security installation package re
58. and updates by using logon scripts See Setting up antivirus client installations using logon scripts on page 148 No preparation is necessary From a server You can run a Symantec Client Security antivirus client installation package from the Symantec Client Security server that you want to act as a parent server See Installing from the client installation package on the server on page 151 m Install Symantec Client Security server m Have users map a drive to the VPHOME clt inst WIN32 share on Symantec Client Security server to ensure a successful installation Web Users download a client installation m Ensure that the Web server meets the package from an internal Web server and minimum requirements then run it This option is available for m Prepare the internal Web server for computers that are running a supported deployment Windows operating system m Copy the default client installation files See Deploying installation packages using the wen SETVET OT create a custom Web based deployment on page 152 installation package if desired Local You can run the installation directly from Copy the configurations file Grc dat from the Symantec Client Security CD This is the primary installation method supported for 64 bit computers See Installing Symantec Client Security clients locally on page 161 the parent server to the client computer Third party tools Installing
59. antine polling uses the Virus Definition Transport Method to distribute the virus definitions files to managed computers To prepare for Central Quarantine polling do the following m Install the Central Quarantine Server software m Install the Central Quarantine Console on a computer with the Symantec System Center m Review the polling frequency setting the default is three times a day and the virus definitions files installation settings in the Central Quarantine Console Note This method is not supported on 64 bit computers See the Symantec Central Quarantine Administrator s Guide on the Symantec Client Security CD 56 Planning the installation Best practice Piloting Symantec Client Security in a lab setting Table 2 6 Virus definitions files update methods Intelligent Updater Use with lightly managed and unmanaged computers This method uses Intelligent Updater files which are self extracting executable files that contain virus definitions They are available for download from the Symantec Security Response Web site If you choose this method you must decide how you want to distribute the Intelligent Updater files for example distributing them on CDs to laptop users Note This method is not supported on 64 bit computers Best practice Piloting Symantec Client Security ina lab setting Before you begin a full scale installation you should install Symantec Client Security in a nonproduction lab set
60. at are comprised of earlier versions of Symantec Client Security firewall clients and the current version of Symantec Client Security that includes the firewall client software by default To manage a mixed environment you must group legacy clients into a separate group and manage them from a legacy server that is using the earlier version of Symantec Client Security including the Symantec System Center About customizing the client and server installation files using Windows Installer options The Symantec Client Security client and server installation packages are Windows Installer msi files that are fully configurable and deployable using the standard Windows Installer options You can use environment management tools that support msi deployment such as Active Directory or Tivoli to install clients on your network See Windows Installer msi command line reference on page 173 About configuring user rights with Active Directory If you are using Active Directory to manage Windows based computers on your network you can create a Group Policy that provides the necessary user rights to install Symantec Client Security For more information on using Active Directory see the Active Directory documentation provided by Microsoft About setting administrative rights to target computers To install Symantec Client Security server to a computer running supported Windows operating systems you must have administrator rights to t
61. ate Edition 7 5 or 7 6 on supported Windows and NetWare server operating systems To prepare a server for an upgrade to the current version of Symantec Client Security 1 On the Windows desktop click Start gt Settings gt Control Panel 2 Inthe Control Panel window double click Add Remove Programs 3 Inthe Add Remove Programs dialog box click Symantec System Center 4 Click Remove 5 Repeat steps 3 and 4 for the following components m Norton AntiVirus Snap in m Norton AntiVirus Add On for the Symantec System Center console m Symantec Quarantine Console Snap in 6 If desired delete the contents of the Temp folder and the Recycle Bin 7 Restart the computer 8 Logon asthe local administrator Symantec AntiVirus Corporate Edition 8 x on supported Windows and NetWare server operating systems You can upgrade the server from Symantec AntiVirus Corporate Edition 8 0 and later on supported Windows and NetWare server operating systems To prepare a server for an upgrade to the current version of Symantec Client Security 1 On the Windows desktop click Start gt Settings gt Control Panel 2 Inthe Control Panel window double click Add Remove Programs 3 Inthe Add Remove Programs dialog box click Symantec System Center 4 Click Remove 5 Repeat steps 3 and 4 for the Symantec Quarantine Console Snap in component o2 If desired delete the contents of the Temp folder and the Recycle Bin 7 Restart the computer 8 Logon as
62. ath Click Internet based Recommended and then click Next Specify the disk space and then click Next oN ODO WU A U Type contact information and then click Next Account Number is your Contact ID Number 9 Donot make any changes to the default Gateway Name and then click Next 10 Click Enable Alerts type the AMS Server Name usually the primary server and then click Next 11 To install the Central Quarantine click Install 12 When the installation is complete click Finish and then restart the computer Migrating to the current version of Symantec Client Security 89 Server migration Installing the Quarantine Console If you want to use the services of the Central Quarantine you need to install the Quarantine Console To install the Quarantine Console 1 From the Symantec Client Security CD run Setup exe 2 Inthe Symantec Client Security panel click Install Administrator Tools gt Install Quarantine Console In the welcome panel click Next In the License Agreement panel click I agree and then click Next In the Destination Folder panel click Next for the default installation path In the Ready to Install the Program panel click Install N OO wo A U When the installation is complete click Finish Migrating from Symantec Client Security on NetWare platforms The Symantec Client Security installation program detects earlier supported versions of Symantec Client Security on NetWare platforms How
63. ating virus definitions files plan to stagger the update schedule to minimize network traffic or schedule updates during off peak hours Note This method is not supported on 64 bit computers Table 2 6 Planning the installation 55 Methods for updating virus definitions files Virus definitions files update methods LiveUpdate Use with fully managed sometimes managed lightly managed and unmanaged computers This method allows Symantec Client Security servers or clients to initiate updates through the LiveUpdate feature of Symantec Client Security and receive new virus definitions files from an internal LiveUpdate server if you have one or the Symantec LiveUpdate server For fully managed and sometimes managed computers LiveUpdate configurations can be pushed directly from the Symantec System Center To enable unmanaged computers to get virus definitions updates from an internal LiveUpdate server prepare a custom configuration file named Liveupdt hst and copy it into the correct folder on each unmanaged computer Note LiveUpdate is the only virus definitions files update method supported on 64 bit computers Central Quarantine polling Use with managed and unmanaged computers This method uses the Central Quarantine Server which polls the Symantec Digital Immune System gateway for new virus definitions files and automatically pushes them to the computers whose definitions are out of date Central Quar
64. ation Note If Lotus Notes is open when Symantec Client Security is installed antivirus protection will not begin until Lotus Notes is restarted Lotus Notes should be closed for five minutes after Symantec Client Security is installed and the Symantec Client Security service starts For users who regularly receive large attachments you may want to disable Auto Protect for email clients or not include the mail plug in as part of the installation package When Auto Protect is enabled for email attachments are Preparing to install Symantec Client Security 71 Preparing for Symantec Client Security client installation immediately downloaded to the computer that is running the email client and scanned when the user opens the message Over a slow connection with a large attachment this slows mail performance Note Symantec Client Security does not support the scanning of Exchange files or folders that are used on a Microsoft Exchange server Scanning an Exchange directory can cause false positive virus detections unexpected behavior on the Exchange server or damage to the Exchange databases If you install Symantec Client Security on a computer that is a Microsoft Exchange server you should exclude the Microsoft Exchange directory structure from Auto Protect scans For more information on excluding directories from Auto Protect scans see the Symantec Client Security Administrator s Guide For more information on using Symantec C
65. be installed where lt feature gt is a specified component or list of components If this property is not used all applicable features are installed by default Note When specifying a new feature to be installed you must include the names of the features that are already installed on the target computer that you want to keep If you do not specify the features that you want to keep Windows Installer will remove them Specifying existing features will not overwrite the installed features To uninstall an existing feature use the REMOVE command REMOVE lt feature gt Uninstall the previously installed program or a specific feature from the installed program where lt feature gt is one of the following m lt feature gt Uninstalls the feature or list of features from the target computer m ALL Uninstalls the program and all of the installed features This is the default Windows Installer msi command line reference 177 Symantec Client Security properties Symantec Client Security properties There are many Symantec Client Security properties that are used to customize Windows Installer installation packages Symantec Client Security server properties Table A 2 describes the properties that are configurable for the Symantec Client Security server installation Table A 2 Symantec Client Security server properties list INSTALLSERVER 1 Specifies that the installation to be used is the server installation A
66. c System Center in the folder specified below To install to a different Folder click the Change button and select another folder C Program Files Symantec Symantec System Center Change Installatield Cancel In the Destination Folder panel do one of the following m To accept the default destination folder click Next m Click Change locate and select a destination folder click OK and then click Next fe Symantec System Center InstallShield Wizard Ready to Install the Pro The wizard is ready to begin Click Install to begin the installation Tf you want to review or change any of your installation settings click Back Click Cancel to exit the wizard Installshield Install i Cancel 99 100 Installing Symantec Client Security management components Installing the Symantec System Center 8 10 11 In the Ready to Install the Program panel click Install i Symantec System Center InstallShield Wizard InstallShield Wizard Completed The InstallShield Wizard has successfully installed Symantec System Center Click Finish to exit the wizard You may be prompted to restart the computer if the Microsoft Management Console is installed In the InstallShield Wizard Completed panel to close the wizard click Finish When you are prompted to restart the computer select one of the following m Yes m No The computer must be restarted before you can d
67. cated in the SAV ClIt inst webinst folder by default 2 Inthe Files section edit the line File1 so that it references the package that you want to deploy For example in Filel Package exe replace Package exe with the name of the package or msi file that you want to deploy usually Setup exe Long file names are supported Installing Symantec Client Security clients 159 Deploying installation packages using Web based deployment For each additional file add a new Filen filename line where n is a unique number and filename is the name of the file For example File2 Grc dat In the Files section edit the line FileCount so that it reflects the number of files that you are specifying For example if you included File1 File2 and File3 lines in the Files section FileCount 3 In the General section edit the line LaunchApplication so that it references the program that you want to start after the download completes For a package this is the name of the package For example LaunchApplication Package exe If you want to use additional installation options add an InstallOptions line after the LaunchApplication line and specify the installation options that you want to include For example InstallOptions gn 1 C temp example log v 2 Save Files ini Some IIS configurations require that you rename the ini file using a txt extension For more information see the Symantec Knowledge Base To customize
68. client installations using logon scripts 00 148 Setting logon script options in the Symantec System Center 148 Associating users with the logon script c ccceceeeseessseseseeceteeeeseseeeees 150 Installing from the client installation package on the server 006 151 Deploying installation packages using Web based deployment 152 Web based deployment requirements cceeseesesesseeeseeeeeeseeeeseeeeees 153 About the Web server installation 0 eeeseseseseseseeceeeeeseeeeeeeeeaeaeeees 154 Setting up the Web server cccecssesesessesesesseseseeceseeeseseeeeseeeseseeeeseeeeees 154 Customizing the deployment files oo ceccsesesesetseseseeeeeseseseeeeeeees 157 Testing the installation ceccseseseeceseseeseseeeeseseeeeseeeeeeseeeeseseteeseeees 160 How to notify users of the download location cccceeseseseeeeeeeees 160 Installing Symantec Client Security clients locally eceeseeeseeeeeeee 161 About installing clients using third party products ccccceseseeeeeeeees 166 About installing clients with Active Directory and Tivoli 166 About installing clients with Microsoft SMS package d finition FES siriene A AEN EE RNT 166 About installing clients with the Novell ManageWise ZENworks Application Launcher asso A OA 167 Appendix A Index Contents Configuring automatic client installations from NetWare servers without the Symantec S
69. crosoft Windows operating systems and NetWare computers Note To avoid losing valuable information when you uninstall Symantec Client Security from a primary server running under NetWare first demote the primary server from which you are uninstalling to secondary status and then promote a new server to primary status For more information on selecting primary servers see the Symantec Client Security Administrator s Guide To uninstall Symantec Client Security server from a computer running a supported Windows operating system 1 On the Windows taskbar click Start gt Settings gt Control Panel 2 Inthe Control Panel window double click Add Remove Programs 3 Inthe Add Remove Programs dialog box click Symantec AntiVirus Server 4 Click Remove To uninstall Symantec Client Security server from NetWare computers 1 To switch to the Symantec AntiVirus Corporate Edition screen on the server press Ctrl Esc and then click Symantec AntiVirus Corporate Edition 2 To unload the NLMs press Alt F10 3 At the server console at the command prompt type the following load Sys sav Vpstart nlm remove 136 Installing Symantec Client Security servers Uninstalling Symantec Client Security server Installing Symantec Client Security clients This chapter includes the following topics Client installation methods About Symantec Client Security client installation Installing the Symantec Client Security antivirus client stand
70. ct against other threats ccesseessscecesseeeseeseeeseeeeeeseeeeseeeseeseseesees 36 Respond to intrusions siise TENN 37 Manage Symantec Client Security clients based on their Connectivity 3 saxevecssaviiecvscsexsatesduanseestecsdabuncs ceevescaseddesianssneanevensiuteaenceseene Centrally manage and update security ce eeeeseeseeeeeceeseeeseeeeeeseeeees Ensure that remote clients comply with your security policy Verify security Status cccceessssssssssssssecesesesesessesesseeseseseseseeeseeseeseeees Establish and enforce policies ccccccessscssssesesssseseesesesscecseescseseescaeeeaees View history and event log data eecessseesesesseseseeeeseseeeeseseeeeseeesaesees Where to get more information about Symantec Client Security Planning the installation Installation overview 0 eseseseesesesessesecececeseseseseseeeececeeeseseseaeecsescuetetacseaeaceeneeees 43 Typical installation tasks sercon sonir rai 43 Installation guidelines 0 0 cceesesssseseseeseseeseseseeeeseseseeseseseeseeecseseeeeseeees 44 About creating an installation plan ssesssesssessssessssoseressssrsrsnsnesesessesssese 44 How to implement a solution cece ceccessesseseseesecscesesecsecssesesecsecseeseeeees 45 About Symantec System Center management components ccee 46 Server installation methods 0 cccceccscscscssscsscssscsecssessecscsssssececsesesesssessees 48 14 Contents Chapter 3
71. ctiveX controls Java applets and communications that are aimed at unused ports m Intrusion detection Monitor inbound and outbound network communications for packet patterns that are characteristic of an attack m Blocking Determine whether ports fragmented IP packets and the IGMP protocol are blocked Create Trusted and Restricted Zones for IP addresses to facilitate internal connections while restricting external connections Protect against viruses You can protect against virus outbreaks by configuring scanning criteria and scheduling scans for all computers running Symantec Client Security To protect your network you can do the following Verify that all of the computers running Symantec Client Security have the latest virus definitions files Enable expanded threat scanning for manual and scheduled scans to detect threats other than viruses such as adware and spyware Set specific scanning options for specific computers for example computers that are managed by the same parent server or belong to the same server or client group Configure supported 32 bit and 64 bit computers that are running the Symantec Client Security client to scan email attachments for the following applications Lotus Notes clients m Microsoft Exchange Outlook clients that use Messaging Application Programming Interface MAPI 36 Introducing Symantec Client Security What you can do with Symantec Client Security Configure suppor
72. curity client using a variety of third party products including Microsoft Active Directory Tivoli Microsoft Systems Management Server SMS and Novell ManageWise ZENworks About installing clients with Active Directory and Tivoli You can install Symantec Client Security client using the standard options that are provided by Active Directory and Tivoli for all Windows Installer based installation packages In addition Symantec Client Security provides a set of properties and features that let you customize the deployment options at the command line See About customizing the client and server installation files using Windows Installer options on page 62 For Active Directory and Tivoli deployment instructions see the documentation on deploying Windows Installer msi installation packages that is provided with the environment that you are using About installing clients with Microsoft SMS package definition files Microsoft SMS administrators can use a package definition file pdf to distribute Symantec Client Security to clients For your convenience a package definition file Savce pdf is on the Symantec Client Security CD in the Tools Bkoffice folder To distribute Symantec Client Security with SMS you typically complete the following tasks m Create source directories to store each Symantec Client Security component that you plan to distribute m Create a query to identify clients that have sufficient free disk spac
73. d 182 Windows Installer msi command line reference Command line examples The log file that is created by the default installation package scs_inst log is added to the temp directory associated with the user that is running or deploying the installation package Note Each time the installation package is executed the log file is overwritten Appending an existing log file is not supported Identifying the point of failure of an installation You can use the log file to help identify the component or action that caused an installation to fail To identify the point of failure of an installation 1 Inatext editor open the log file that was generated by the installation 2 Search for the following VALUE 3 The action that occurred before the line that contains this entry is most likely the action that caused the failure The lines that appear after this entry are installation components that have been rolled back because the installation was unsuccessful Command line examples Table A 8 includes commonly used command line examples Table A 8 Command line examples Silently install an unmanaged msiexec i Symantec Client Security msi Symantec Client Security client with INSTALLDIR C SFN qn default settings to c SFN Silently install an unmanaged msiexec i Symantec Client Security msi Symantec Client Security client that is ADDLOCAL SAVMain SAVUI SAVHelp managed by the SR1 server having
74. d reduce your protection Disabling the Windows XP firewall Windows XP includes a firewall that can interfere with Symantec Client Security firewall client protection features You must disable the Windows XP firewall before installing Symantec Client Security firewall client To disable the Windows XP firewall 1 On the Windows XP taskbar click Start gt Control Panel 2 Inthe Control Panel window double click Network Connections 3 Inthe Network Connections window right click the active connection and then click Properties 4 Onthe Advanced tab in the Internet Connection Firewall section uncheck Protect my computer and network by limiting or preventing access to this computer from the Internet 5 Click OK to close the settings window 92 Migrating to the current version of Symantec Client Security Client migration Installing from the CD To migrate from an earlier version of Symantec Client Security you can follow the standard installation procedure for installing a client See Installing Symantec Client Security clients locally on page 161 To install a client upgrade from the CD 1 2 From the Symantec Client Security CD run Setup exe In the Symantec Client Security panel click Install Symantec AntiVirus gt Install AntiVirus Client Proceed with the upgrade process Restart the computer Installing from the Symantec System Center To migrate from an earlier version of Symantec Client Sec
75. d computers to verify whether virus definitions files are current Communication occurs in the following ways m Primary servers communicate with their secondary servers to verify that virus definitions are current If a primary server finds that virus definitions on secondary servers are not current it pushes new virus definitions files to those computers m Parent servers communicate with the clients that they manage to verify whether virus definitions are current If a parent server finds that virus definitions on managed clients are not current it pushes new virus definitions and configuration data to those computers When you use LiveUpdate to update virus definitions communication occurs automatically when LiveUpdate is initiated on the client During a scheduled or manual LiveUpdate session clients communicate with an internal LiveUpdate server or the Symantec LiveUpdate server to verify that their virus definitions are current If virus definitions are not current the client pulls virus definitions updates from the contacted LiveUpdate server Communication for status information Symantec Client Security antivirus clients provide status information to their parent servers By default a client sends a small packet less than 1 KB called a keep alive packet to its parent server every 60 minutes The packet contains configuration information about that client When a client s parent server receives a keep alive packet that indicat
76. de the lt object gt tags Table 7 4 Start htm parameters and values ServerName The name of the server that contains the installation source files You can use Hostname IP address or NetBIOS name The source files must reside on an HTTP Web server For example if your file uses the following object tag replace ENTER_SERVER_NAME with the computer name or IP address where the installation source files are located lt param name ServerName value ENTER_SERVER_NAME gt VirtualHomeDirectory The virtual directory of the HTTP server that contains the installation source files For example if your file uses the following object tag replace ENTER_VIRTUAL_HOMEDIRECTORY_NAME with the name of the virtual directory you created such as Deploy webinst lt param name VirtualHomeDirectory value ENTER_VIRTUAL_HOMEDIRECTORY_NAME gt ConfigFile The file name of the Files ini file The default value for this parameter does not need to be changed unless you ve renamed Files ini ProductFolderName The subdirectory that contains the source files to be downloaded locally This subdirectory contains the package and Files ini for example Webinst MinDiskSpaceInMB The minimum hard disk space requirement The default value is appropriate ProductAbbreviation The abbreviation for the product The default value is appropriate To customize Files ini 1 Inatext editor open Files ini which is lo
77. e License Module as calculated by any combination of licensed Software titles Your License Module shall constitute proof of Your right to make such copies If no License Module accompanies precedes or follows this license You may make one copy of the Software You are authorized to use ona single computer B make one copy of the Software for archival purposes or copy the Software onto the hard disk of Your computer and retain the original for archival purposes C use the Software on a network provided that You have a licensed copy of the Software for each computer that can access the Software over that network D use the Software in accordance with any written agreement between You and Symantec and E after written consent from Symantec transfer the Software on a permanent basis to another person or entity provided that You retain no copies of the Software and the transferee agrees in writing to the terms of this license You may not A copy the printed documentation that accompanies the Software B sublicense rent or lease any portion of the Software reverse engineer decompile disassemble modify translate make any attempt to discover the source code of the Software or create derivative works from the Software C use the Software as part of a facility management timesharing service provider or service bureau arrangement D use a previous version or copy of the Software after You have received and instal
78. e Ready to Install the Program panel click Install 11 Ifyou chose to run LiveUpdate after installation do the following m Follow the instructions in the LiveUpdate Wizard m When LiveUpdate is done click Finish 12 Inthe Symantec Client Security panel click Finish 120 Installing Symantec Client Security servers Deploying the server installation across a network connection Deploying the server installation across a network connection To push the Symantec Client Security server installation to computers across your network complete the tasks that are listed in Table 6 2 You should complete each task in the order in which it is listed The final task is required for NetWare servers only Table 6 2 Task list for installing servers across a network Start the installation See Starting the server installation on page 120 Run the server setup program See Running the server setup program on page 122 Select the computers to which you See Selecting computers to which you want to want to install the server program install on page 124 Complete the server installation See Completing the server installation on page 127 Review any errors See Checking for errors on page 130 Start Symantec Client Security See Manually loading the Symantec Client NLMs Security NLMs on page 131 Starting the server installation You can install the Symantec Client Security server from t
79. e logon scripts to automate the Symantec Client Security client installation You must have administrator equivalent rights to the container that you designate About installing to a NetWare cluster To install Symantec Client Security to a NetWare cluster you install Symantec Client Security on each NetWare server in the cluster following the standard installation procedure for NetWare servers Do not install Symantec Client Security to a volume See Server installation methods on page 115 About installing into NDS If you browse to an NDS object to which you are not authenticated the installation program would normally prompt you to log on However some versions of the Novell client might not return a logon request and in this case the installation program will time out or stop responding To avoid this problem log on to the NDS tree before running the installation program Protecting NetWare cluster servers and volumes Symantec Client Security protects NetWare cluster servers and volumes by providing both Auto Protect and manual scanning for each server in the cluster Antivirus scanning of each volume in a cluster is managed by the server that has ownership of the volume If the server with ownership of a cluster volume fails NetWare transfers the ownership of the volume to another server in the cluster which then automatically takes over the antivirus scanning tasks To protect NetWare cluster servers and volumes La
80. e subject to US export control laws and may be subject to export or import regulations in other countries You agree to comply strictly with all such laws and regulations and acknowledge that you have the responsibility to obtain such licenses to export re export or import as may be required after delivery to you 8 U S Government Restricted Rights If Software is being acquired by or on behalf of the U S Government or by a U S Government prime contractor or subcontractor at any tier then the Government s rights in Software and accompanying documentation will be only as set forth in this Agreement this is in accordance with 48 CFR 227 7201 through 227 7202 4 for Department of Defense DOD acquisitions and with 48 CFR 2 101 and 12 212 for non DOD acquisitions 9 Governing Law Any action related to this Agreement will be governed by California law and controlling U S federal law No choice of law rules of any jurisdiction will apply 10 Severability If any provision of this Agreement is held to be unenforceable this Agreement will remain in effect with the provision omitted unless omission would frustrate the intent of the parties in which case this Agreement will immediately terminate 11 Integration This Agreement is the entire agreement between you and Sun relating to its subject matter It supersedes all prior or contemporaneous oral or written communications proposals representations and warranti
81. e the successful installation of all components 162 Installing Symantec Client Security clients Installing Symantec Client Security clients locally Install Symantec Client Security clients locally When you install Symantec Client Security client you start the installation set up the client as either a managed or unmanaged client and finish the installation To start the installation 1 If users will run the client in managed mode inform them of the Symantec Client Security server to which they will connect The installation program prompts them for this information 2 Give users access to the Symantec Client Security CD 3 Doone of the following m For installation on a 32 bit computer in the root of the CD have users run Setup exe m For installation on a 64 bit computer run Setup exe from the D SAVWIN64 folder Follow the on screen instructions See Installing the Symantec Client Security antivirus client stand alone program on page 142 Warning If the 32 bit version of Setup exe is run on a 64 bit computer the installation may fail without notification For 64 bit installations run Setup exe from the SAVWIN64 folder in the root of the CD gt Symantec Client Security Bie 9s symantec Symantec Client Security s Read This First Install Symantec Client Security Install Administrator Tools 4 Installing Symantec Client Security clients Installing Symantec Client Security clie
82. e to install the software m Create a workstation package to distribute the software m Generate an SMS job to distribute and install the workstation package on clients In a workstation package you define the files that comprise the software application to be distributed and the package configuration and identification information The Savce pdf file has its package configuration and identification information already defined You can import the file into your workstation package The Installing Symantec Client Security clients 167 About installing clients using third party products installation folder must be copied locally before you run the installation using SMS For more information on using SMS see the Microsoft Systems Management Server documentation About installing clients with the Novell ManageWise ZENworks Application Launcher You can use the Novell ManageWise ZENworks Application Launcher to distribute Symantec Client Security client After ZENworks is installed on the NetWare server and rolled out to NetWare clients through a logon script complete the following tasks m From Network Administrator locate an Organization Unit and create an Application Object that points to the location of the Symantec Client Security installation files on the server for example Sys Sav Clt inst Win32 Setup exe for Windows 98 Me NT 2000 XP m Configure the Application Object When you set options you should do the fol
83. e user logs on to the client computer To set logon script options in the Symantec System Center 1 Inthe Symantec System Center console right click a server and then click All Tasks gt Symantec AntiVirus gt Client Login Scan And Installation These settings apply to all of the antivirus client computers that connect to that server 2 Inthe Client Login Options for Clients of Server dialog box on the Installation tab set one of the following client logon installation options for each computer type m Automatically install The user has no option to cancel the installation at logon Installing Symantec Client Security clients 149 Setting up antivirus client installations using logon scripts m Ask the user The user types Yes or No to receive the installation at logon Donot install No changes are made to the client computer at logon Client Login Options for Clients of Server IDTEST13 xj Installation Login Scan WE Symantec Antivirus can automatically install Symantec Antivirus Client to computers as they log in to a protected server m Destination computers Windows 3 1 Do not install Windows 9x Do not install tai Windows NT Do not install ia I Force update during next login Use this option when you want to force the installation of Symantec Antivirus Client over a previous installation You could use this option in the event of a corrupt installation or missing files The W
84. ec Client Security Read This First Install Symantec Client Security Install Administrator Tools Browse CD Installing Symantec Client Security management components 97 Installing the Symantec System Center In the Symantec Client Security panel click Install Administrator Tools gt Install Symantec System Center Symantec System Center InstallShield Wizard Xx Welcome to the InstallShield Wizard for Symantec System Center The InstallShield R Wizard will install Symantec System Center on your computer To continue click Next WARNING This program is protected by copyright law and lt international treaties License Agreement Please read the following license agreement symantec carefully SYMANTEC SOFTWARE LICENSE AGREEMENT SYMANTEC CLIENT SECURITY SYMANTEC CORPORATION AND OR ITS SUBSIDIARIES SYMANTEC IS WILLING TO LICENSE THE SOFTWARE TO YOU AS AN INDIVIDUAL THE COMPANY OR THE LEGAL ENTITY THAT WILL BE UTILIZING THE SOFTWARE REFERENCED BELOW AS YOU OR YOUR ONLY ON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS OF THIS LICENSE AGREEMENT READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE THIS IS A LEGAL AND ENFORCEABLE CONTRACT BETWEEN YOU AND THE LICENSOR BY OPENING THIS xl Ido not accept the terms in the license agreement Installshield 98 Installing Symantec Client Security management comp
85. ec System Center Performs management operations such as the following m Installing antivirus protection on workstations and network servers m Updating virus definitions m Managing network servers and workstations running Symantec Client Security Symantec Client Security Does the following server m Protects the supported Windows and NetWare computers on which it runs m Pushes configuration and virus definitions files updates to managed clients Pushes firewall and intrusion detection policies to Symantec Client Security firewall clients Symantec Client Firewall Lets you create and modify firewall policy files Administrator Introducing Symantec Client Security 21 Components of Symantec Client Security Table 1 1 Components of Symantec Client Security Symantec Client Security client Provides antivirus firewall and intrusion protection for networked and non networked computers Symantec Client Security protects supported Windows computers LiveUpdate Provides the capability for computers to automatically pull updates of virus definitions files from the Symantec LiveUpdate server or an internal LiveUpdate server Central Quarantine Works as part of the Digital Immune System to provide automated responses to heuristically detected new or unrecognized viruses and does the following m Receives unrepaired infected items from Symantec Client Security servers and clients m Forwards sus
86. ecurity CD Protect against blended threats Blended threats such as Nimda and Code Red attempt to exploit computer and network vulnerabilities and perimeter weaknesses Blended threats are characterized by the following m Multiple attack methods m Automation no user actions are required to trigger the attack m Exploitation of computer and application vulnerabilities m Propagation by multiple vectors Symantec Client Security provides comprehensive protection against blended threats It provides antivirus protection for network servers and workstations and firewall protection and intrusion detection for network workstations Protect against intrusion You can create and manage firewall policies that are as restrictive or permissive as necessary to control access to and from workstations This protects individual workstations and the corporate intranet perimeter Introducing Symantec Client Security 35 What you can do with Symantec Client Security Firewall policies let you do the following Configure and edit firewall rules and client settings for groups of firewall clients Verify the authenticity of applications that access the Internet and specify permitted operations Configure client settings which include the following m User access level Determine the extent to which users can modify configure or view firewall rules m Degree of firewall protection Protect against potential Internet threats such as A
87. ed but the product may not function properly You should always uninstall any antivirus or firewall program that is not included in the list of supported migration paths before attempting to install the current version Migrating to the current version of Symantec Client Security Migration overview Quit all other Windows programs before installing Symantec Client Security Other active programs may interfere with the installation and reduce your protection After migrating from several of these supported platforms the computers may need to be restarted before they will be protected by Symantec Client Security For the most up to date information on supported migration paths and potential migration issues see the Symantec Knowledge Base Note When migrating from Norton AntiVirus Corporate Edition version 7 6x to the current version of Symantec Client Security you should migrate servers before you migrate clients When clients are migrated first but are connected to a parent server running 7 6x the 7 6x client software attempts to install over the current client software Supported migration paths Symantec Client Security can migrate seamlessly over the following products m Symantec AntiVirus Corporate Edition 8 0 and later m Norton AntiVirus Corporate Edition 7 6 and later m Symantec Client Security all versions m Symantec Client Firewall 5 0 5 1 Norton Internet Security 2003 if the Norton AntiVirus component has not
88. ediately after each stage of the installation Match management snap in version to client version You should always match the version of the management snap in to the latest version of Symantec Client Security running on your clients You cannot manage the latest client version with an older management snap in Move servers among server groups Although it is best to plan your server group structure before you begin the migration you can move servers later You can use a drag and drop operation in the Symantec System Center console to reorganize clients and servers Migrating to the current version of Symantec Client Security 85 Server migration Train your support staff and end users You should designate some time to train end users and staff as a part of your installation plan This minimizes downtime as a result of end user confusion Server migration There are several ways to install the Symantec Client Security server to supported Windows and NetWare operating systems including third party deployment options such as Active Directory Uninstalling previously existing servers is generally not required prior to installation of Symantec Client Security server provided that the server is not damaged See Installing Symantec Client Security servers on page 115 About migrating from the Symantec System Center Before you migrate the Symantec System Center on the computer to which you are installing the Symantec System Cent
89. eeseees 122 Selecting computers to which you want to install 0 124 Completing the server installation 0 ceecceeesseeeseeeeeeeeeeseseeeeseeees 127 Checking for errors venson A idee E NE 130 Manually loading the Symantec Client Security NLMS eee 131 Installing Symantec Client Security with NetWare Secure Console enabled meeen eae a e RE E AE EN 131 Installing directly to a Windows computer using the server installation package ceececssssesesseceseeseseeeeseseeeeseseeeeseeeeseseeeeseeees 133 Manually installing AMS server ccccccessssssessssesesseseseeseceseeceseeeeseseeeeseeeeaees 134 Uninstalling Symantec Client Security server c cccecsseeeseeseeteeeeseeeesens 134 Installing Symantec Client Security clients Client installation methods 00 0 eseseseeseseseseeeeeeeeeesesesceeeeeceetetecseseeeeeeeeeees 138 About Symantec Client Security client installation 0 0 0 140 About the antivirus client configurations file cccceeeseseteeees 141 About the Symantec Client Security firewall components AMS tallatiome a a A R a RR 141 Installing the Symantec Client Security antivirus client stand alone 10107A tte 1 1 a RARA EAS TT AET 142 Deploying the client installation across a network connection 143 Starting the client installation cceseeseseseeeeeeseeeseeeeseeneeseeees 143 Running the client setup Program cccececeseeseseseeseseeeeeseeeeseeeeeseees 145 Setting up antivirus
90. ent Security antivirus server Find computers that are not running antivirus protection Roll out the installation of Symantec Client Security to supported Windows workstations and network servers Set up and administer Symantec Client Security server groups and client groups Configure antivirus protection Manage events by using alerts Perform remote operations such as threat scans and virus definitions files updates Create update and roll out firewall policy files If your site has a decentralized administration structure with multiple administrators you can run as many copies of the Symantec System Center console as you need Because each server group has its own password you can divide or share administrative duties in any way that works best for you Introducing Symantec Client Security 39 What you can do with Symantec Client Security Ensure that remote clients comply with your security policy Symantec VPN Sentry reduces exposure to threats by preventing users with nonsecure computers from connecting to the corporate network Computers attempting to access your corporate network must meet your policy requirements for Symantec Client Security antivirus server and Symantec Client Security client You can use Symantec VPN Sentry on remote computers that connect to your network through a virtual private network VPN connection The SymSentry folder on the Symantec Client Security CD includes vendor specific Syman
91. ents m POP3 that uses Secure Sockets Layer SSL m HTTP based email such as Hotmail and Yahoo Installation requirements Symantec Client Security requires specific protocols operating systems and service packs software and hardware All of the requirements that are listed for Symantec Client Security components are designed to work in conjunction with the hardware and software recommendations for the supported Microsoft Windows and NetWare computers All computers to which you are installing Symantec Client Security should meet or exceed the recommended system requirements for the operating system that is used Review the following requirements before you install Symantec Client Security m Required protocols m Symantec System Center and snap in requirements m Symantec Client Security server installation requirements m Quarantine Server requirements m Symantec Client Security client installation requirements Required protocols Symantec Client Security uses an adaptive communication method that handles IP and IPX communication Benefits of this method are that Symantec Client Security does not require or create NetWare SAPs and it is compatible with IP only networks Windows NT based computers try to connect to NetWare servers first through IPX If a NetWare server does not have IPX then the Windows NT based computer tries to connect with IP Specific combinations of mixed protocols can prevent proper communication For
92. ents and servers on your network to the current version of Symantec Client Security you should organize your network into temporary groups that divide your network into logical deployment tiers For example you can create one group that is managed by a legacy Symantec AntiVirus Corporate Edition parent server and a second group that will be upgraded immediately to the current version Once you have deployed the installations for the initial migrating group and tested that segment of your network you can then upgrade the legacy group to bring your entire network up to the current version If you organize your clients in this way you can roll out installations incrementally which helps to minimize the risk of a security breach Plan your virus definitions update strategy Since there are several ways to update virus definitions files on clients and servers you must decide which one to use before the installation and test your update strategy during the pilot Decide how to handle remote and sometimes connected clients When migrating from a version earlier than Norton AntiVirus Corporate Edition 7 x your update mechanism and scheduled scans are not migrated automatically You will need to reconfigure them when you install or update Symantec Client Security and the Symantec System Center Get virus definitions updating working immediately You should set the update policy on migrated computers immediately after installation and test it imm
93. ents vary based on the type of protection installed to the computer Disk space requirements are based on the installation of all features Symantec Client Security client antivirus and firewall protection for 32 bit computers Symantec Client Security clients have the following requirements m Windows 98 98 SE Me Windows 2000 Professional Windows XP Home Professional Note Windows NT 4 0 Workstation is supported only for Symantec Client Security antivirus clients installed from the Symantec System Center which does not install firewall protection m 128MBRAM minimum m 80 MB disk space m Internet Explorer 5 01 Service Pack 2 or later Symantec Client Security antivirus client for 32 bit computers Symantec Client Security antivirus clients for 32 bit computers have the following requirements m Windows 98 98 SE Me Windows NT 4 0 Workstation Server Terminal Server with Service Pack 6a Windows 2000 Professional Server Advanced Server Windows XP Home Professional Tablet PC for Windows XP Tablet PC antivirus client only Windows Server 2003 Web Standard Enterprise Datacenter m 32MBRAM minimum Preparing to install Symantec Client Security 77 Installation requirements m 55 MB disk space Root Certificate Update Windows 98 98 SE Terminal Server clients connecting to a computer with antivirus protection have the following additional requirements Microsoft Terminal Server RDP Remote Desktop Protocol client
94. er Before you roll out new Symantec Client Security client or server installations you should upgrade the Symantec System Center management snap in The Symantec System Center provides the rollout and management tools necessary to deploy the installation files monitor installation status and immediately manage the supported clients and servers that you are upgrading m Migrate the antivirus servers m Deploy Symantec Client Security to clients Supported and unsupported server and client migration paths The following section lists the platforms that are supported and unsupported when migrating to the current version of Symantec Client Security If the migration of a program is supported the Symantec Client Security setup program automatically detects the software removes the legacy components and registry entries and installs the new version If the migration from a previous product is not supported you must uninstall the program before you run the Symantec Client Security installation program In most cases if you are migrating from a legacy antivirus or firewall program that is not included in the list of supported migration paths the installation program will fail during the installation the user is notified that the installation was unsuccessful and the Windows Installer log is updated However in some cases if you do not uninstall the unsupported product before you run the installation the installation may appear to succe
95. er you should uninstall the following m Any earlier versions of the Symantec System Center m Any earlier versions of Symantec Client Security including any versions of LANDesk Virus Protect The Symantec System Center can manage any earlier supported versions of Symantec Client Security but the computer that is running the Symantec System Center must be using the current version of Symantec Client Security You can install the Symantec System Center console to as many computers as you need to manage Symantec Client Security Note The current version of the Symantec System Center does not support managing mixed environments that are comprised of earlier versions of Symantec Client Security firewall clients and the current version of Symantec Client Security that includes the firewall client software by default To manage a mixed environment you must group legacy clients into a separate group and manage them from a legacy server that is using the earlier version of Symantec Client Security including the Symantec System Center Manually uninstalling server components The server components to uninstall depend on the version of the software currently installed and on the operating system 86 Migrating to the current version of Symantec Client Security Server migration Norton AntiVirus Corporate Edition 7 5 or 7 6 on supported Windows and NetWare server operating systems You can upgrade the server from Norton AntiVirus Corpor
96. er setup program creates a user group called SymantecAntiVirusUser When you add a user to the group the logon script runs according to the options that you set in the Symantec System Center the next time that the user logs on to the server For Windows computers running Symantec Client Security server use the Computer Management tool to assign the Vplogon bat logon script to a user When the user logs on the computer runs the script from the netlogon share on Symantec Client Security server which launches the client installation according to the options that you set in the Symantec System Center Associate users with a logon script The procedure for associating users with a logon script differs for NetWare and Windows To associate NetWare users with a logon script Open the NetWare Administrator utility Nwadmin32 or ConsoleOne Double click the SymantecAntiVirusUser group In the Group dialog box click Members To add a user to the group click Add Select the user that you want to add and then click OK O uu A WwW NY e To close the Group dialog box click OK The user is added to the SymantecAntiVirusUser group The configured logon installation occurs the next time that the user logs on to the protected server from a Novell NetWare client 7 Close the NetWare Administrator utility Installing Symantec Client Security clients Installing from the client installation package on the server To associate Windows users with
97. erms in the license agreement and then click Next ie Symantec AntiVirus Central Quarantine InstallShield Wizard Destination Folder Click Next to install to this folder or click Change to symantec install to a different folder im The wizard will install the files for Symantec Antivirus Central Quarantine in the folder pierce bon To install to a different Folder click the Change button and select another Folder Destination Folder C Program Files Symantec Quarantine Server Change Installatield 108 Installing Symantec Client Security management components Installing the Central Quarantine 5 In the Destination Folder panel do one of the following m To accept the default destination folder click Next m Click Change locate and select a destination folder click OK and then click Next i Symantec AntiVirus Central Quarantine InstallShield Wizard Setup Type Please select an option below Installsmeld 6 Inthe Setup Type panel select one of the following m Internet based Recommended m E mail based 7 Click Next f Symantec AntiVirus Central Quarantine InstallShield Wizard Maximum Disk Space Please enter information below Ifisteil ie Installing Symantec Client Security management components 109 Installing the Central Quarantine In the Maximum Disk Space panel type the amount of disk space to make available on the server for Central Quara
98. ers sc cseseceseseseseseseeesececeeeseaeaceeseeeeeetetacaenees 66 Terminal Server protection ccccccccccscssescsscsscssescescescsscsecsecsesscecseeseees 68 Preventing user launched virus SCANS eeeseeeeseeeseseeseceseeceeeseeeeseeeeees 69 Preparing for Symantec Client Security client installation 0 0 0 0 70 About required Testart S r e E EN csv AN 70 About email support c cece cccsessessescsseseessescesesscsscsecsecscsecsesseescsesseeseeases 70 Installation requireMeNts esana a ERNE E 72 Required protocols ccccccscscssessescsscssesscssescsscsscsecsecscescsscsecsecaeeeceecseessesses 72 Symantec System Center and snap in requirements ss sssessss0s0001s 73 Symantec Client Security server installation requirements 74 Quarantine Server requirements ceccescesscseesesseescesesseesseeeeseceseeaees 75 Symantec Client Security client installation requirements 76 Migrating to the current version of Symantec Client Security Migration Overview saccxciidincecergic soe pasieeeageend Mii nceneadhag 79 Steps to migrating your network to the current version of Symantec Client S CUrity moeie K E E E REEERE 80 Supported and unsupported server and client migration paths 80 Chapter 5 Chapter 6 Contents Creating migration Plans 0 cc cecsesesssseseeceseeeeseseeceseeeseseeeeseseeeeseneeseseneeseeees 83 Evaluate the current system requirements
99. erver Vphome Clt inst Everyone has read permissions On NetWare servers the default shared directory is Server Sys Sav Clt inst The setup program also creates a group called SymantecAntiVirusUser If you add users to this group they will have the rights that they need Read and File Scan to run the client installation program from the client disk image on the server 151 152 Installing Symantec Client Security clients Deploying installation packages using Web based deployment When a networked user runs the client installation from the server that will manage it the client installs in managed mode When its associated server is selected in the Symantec System Center tree in the left pane the client displays in the right pane In the Symantec System Center you can configure and manage the client If you want to make the Symantec Client Security client installation package available on a custom shared network drive users must map to that drive on their workstations to ensure the successful installation of all components They must also have Read and File Scan rights to that shared folder To install from the client installation package on the server 1 Verify that users have rights to the client installation package on the server 2 Distribute the path to users and if necessary include drive mapping instructions to the client installation package For NetWare servers the default path is Server Sys Sav Clt inst For Windows
100. es Distribute and execute Installer package if desired a package to install Symantec Client Security m Determine a method for server directly onto a computer Customizing the distributing and executing the Windows Installer installation packages using package Symantec Packager is not supported Note Symantec Packager is included with this release of Symantec Client Security as an unsupported tool For more information see Using Symantec Packager with Symantec Client Security pkgrinfo pdf in the Symantec Packager folder on the Symantec Client Security CD About Symantec Client Security server installation The Symantec Client Security server program does the following m Protects the computer on which it is running m Manages other Symantec Client Security servers and clients If a Windows based network server needs protection only install the Symantec Client Security client program See Installation requirements on page 72 Installing Symantec Client Security servers 117 About Symantec Client Security server installation You can install the Symantec Client Security server program using any of the following methods m Deploy the server installation across a network connection to remote computers from the Symantec System Center or the Symantec Client Security CD The Symantec Client Security server installation program installs AMS by default to all computers to which you ve installed Symantec Client Security
101. es and prevails over any conflicting or additional terms of any quote order acknowledgment or other communication between the parties relating to its subject matter during the term of this Agreement No modification of this Agreement will be binding unless in writing and signed by an authorized representative of each party JAVA 2 RUNTIME ENVIRONMENT J2RE STANDARD EDITION VERSION 1 4 1_X SUPPLEMENTAL LICENSE TERMS These supplemental license terms Supplemental California 95054 U S A Terms add to or modify the terms of the Binary Code LFI 133025 Form ID 011801 License Agreement collectively the Agreement Capitalized terms not defined in these Supplemental Terms shall have the same meanings ascribed to them in the Binary Code License Agreement These Supplemental Terms shall supersede any inconsistent or conflicting terms in the Binary Code License Agreement or in any license contained within the Software 1 Software Internal Use and Development License Grant Subject to the terms and conditions of this Agreement including but not limited to Section 4 Java Technology Restrictions of these Supplemental Terms Sun grants you a non exclusive non transferable limited license without fees to reproduce internally and use internally the binary form of the Software complete and unmodified for the sole purpose of designing developing testing and running your Java applets and applications intended to r
102. es that the client does not have current virus definitions files or configuration data the parent server pushes the appropriate files to that client Note Symantec Client Security uses the User Datagram Protocol UDP for antivirus client antivirus server communication Because some router policies block UDP packets when they are sent between routers you may need a computer that is running Symantec Client Security server on both sides of each router in your network Introducing Symantec Client Security 31 How Symantec Client Security works Roaming client communication Roaming client communication ensures that a roaming enabled computer connects to the best parent Roaming client communication employs the following four components m A list that specifies the antivirus servers to which roaming clients can connect This list is merged into the registry of each Symantec Client Security roaming client m A list that describes the hierarchy of parent servers in your network Servers at the top level cover the widest geographic area with each subsequent level covering more specific locations m The roaming client administration application RoamAdmn exe that you roll out to each roaming server m A Symantec Client Security antivirus client installation with roaming support enabled by use of a registry switch Using RoamAdmn exe the hierarchical server list is merged into the registry of each roaming server When a roami
103. etWare servers Symantec Client Security server has the following NetWare requirements NetWare 5 1 with Support Pack 3 or higher NetWare 6 0 with Support Pack 1 or higher NetWare 6 5 15 MB RAM above the standard NetWare RAM requirements for Symantec AntiVirus NLMs 116 MB disk space 70 MB disk space for antivirus server files and 46 MB disk space for the antivirus client disk image 20 MB disk space for AMS server files if you choose to install the AMS server Note Symantec Client Security is not supported on NetWare servers that are running SFT IIL Quarantine Server requirements Quarantine Servers have the following requirements Windows NT 4 0 Workstation Server with Service Pack 6a Windows 2000 Professional Server Advanced Server Windows XP Professional Windows Server 2003 Web Standard Enterprise Datacenter 64 MB RAM AO MB disk space for Quarantine Server 500 MB to 4 GB disk space recommended for quarantined items 76 Preparing to install Symantec Client Security Installation requirements m Internet Explorer 5 5 with Service Pack 2 m Minimum swap file size of 250 MB Note If you are running Windows Me XP system disk space usage is increased if the System Restore functionality is enabled For more information on how System Restore works see the Microsoft operating system documentation Symantec Client Security client installation requirements Symantec Client Security client requirem
104. etwork that are running Symantec Client Security antivirus server When you perform a Discovery from the Symantec System Center console the console broadcasts a message across the network Symantec Client Security servers listen for and receive these messages and return data such as a antivirus server s address and server group to the console After the servers respond the Symantec System Center can query each antivirus server for additional information such as which computers running Symantec Client Security antivirus client report to the server The Symantec System Center uses the data that it gathers from Discovery to display the system hierarchy in the console Each server group is represented based on its server group membership Symantec Client Security antivirus server to client communication Symantec Client Security servers communicate with the clients that they control to keep virus definitions files current initiate client side activities such as threat scans and provide configuration information Symantec Client Security clients communicate with their parent servers to provide status information and log data 30 Introducing Symantec Client Security How Symantec Client Security works Communication for virus definitions updates Communication occurs during the process of updating virus definitions files When you use the Virus Definition Transport Method to update virus definitions communication occurs between manage
105. ever if you are migrating from a version that is not supported you must manually uninstall Symantec Client Security on NetWare platforms from the servers to be migrated Migrate from supported and unsupported versions of Symantec Client Security on NetWare platforms You can migrate from supported and unsupported versions of Symantec Client Security on NetWare platforms To migrate from a supported version of Symantec Client Security on NetWare platforms 1 From the Symantec Client Security CD run Setup exe 2 Inthe Symantec Client Security panel click Install Symantec Client Security gt Deploy Symantec Client Security Server 3 Inthe welcome panel click Update and then click Next 4 Inthe Select Computers panel select the Computer Name click Add and then type the password for Server Group 5 Click Finish to proceed with the update 6 When the update process is finished click Close and then restart the computer 90 Migrating to the current version of Symantec Client Security Server migration To migrate from an unsupported version of Symantec Client Security on NetWare platforms 1 On the servers that you want to migrate that run Symantec Client Security on NetWare platforms unload Symantec Client Security from the Symantec AntiVirus console on the server If you do not unload the Symantec Client Security NLM and you try to install the current version of Symantec Client Security the installation will fail when
106. f you are installing to multiple computers in the Selection Summary dialog box click OK If you are installing to a single computer the Selection Summary dialog box does not appear During the authentication process the setup program checks for error conditions You are prompted to view this information on an individual computer basis or to write the information to a log file for later viewing 126 Installing Symantec Client Security servers Deploying the server installation across a network connection Select one of the following m Yes Write to a log file If you create a log file it is located under C Winnt Savcesrv txt m No Display the information on an individual computer basis Select any NetWare computers to which you want to install See To manually select Novell NetWare computers on page 126 Continue the installation See Completing the server installation on page 127 To manually select Novell NetWare computers 1 In the Select Computers panel under Available Computers double click NetWare Services Do one of the following m To install to a bindery server double click NetWare Servers and then select a server indicated by a server icon m To install to NDS double click Novell Directory Services and then select the SYS volume object in which you want to install Symantec Client Security To locate a SYS volume object double click the tree object and continue expanding the organizatio
107. form a standard Symantec Client Security installation you must copy the NLM to the appropriate directory and then run the NLM on each NetWare server to complete the installation You can do this at the server console if you have rights or by using RConsole NetWare 5 x for IPX protocol networks or RConsoleJ NetWare 5 x 6 for IP protocol networks 132 Installing Symantec Client Security servers Deploying the server installation across a network connection Install Symantec Client Security with NetWare Secure Console enabled After installation you must copy Vpstart nlm from the installation directory to the Sys System directory and then use the Install switch to load Vpstart nlm for the first time If you selected automatic startup during installation the NLMs will load automatically the next time that the server restarts If you selected manual startup you must manually load Vpstart nlm every time that you restart the server Note At the NetWare console do not add the path to the commands specified Type each command exactly as it appears These NetWare commands are case sensitive To manually load the Symantec Client Security NLMs for the first time while running NetWare Secure Console 1 From the Sys Sav default installation directory or the directory that was specified during installation copy Vpstart nlm to the Sys System directory 2 At the server console type the following Vpstart install SECURE_CONSOLE SYS
108. g administrative privileges to the user on the target computer Introducing Symantec Client Security 23 What s new in this release Table 1 2 New features in Symantec Client Security Auto Protect Replaces and scans faster than Realtime File Protection Auto Protect can be loaded on system startup and then unloaded on system shutdown to help protect against viruses such as Fun Love It can be stopped and then reloaded immediately or when the computer restarts Auto Protect includes the following capabilities and features Scanning for Internet email protects both incoming and outgoing messages that use the POP3 or SMTP communications protocol m SmartScan replaces Scan selected types and Scan selected exclusions options SmartScan scans exe and doc files even if the file extensions for the exe or doc files are changed to extensions that it is not configured to scan m File caching which stores an index of clean files can help track problems and fine tune Auto Protect s memory usage m Rtvscan the main Symantec AntiVirus service and Auto Protect are separate components in the Windows version If Rtvscan stops Auto Protect continues to detect viruses In memory threat scanning Lets you scan running processes to identify and handle threats that are loaded into memory Threat Tracer Lets you identify the source of network share based virus infections on computers that are running Windows NT
109. ge 49 Install the following optional administration tools m Central Quarantine Server m Quarantine Console snap in m LiveUpdate Administrator m Symantec Client Firewall Administrator See About administration tools on page 52 Update virus definitions See Methods for updating virus definitions files on page 54 Installation guidelines Although there are many variations in the size and complexity of every installation the following general guidelines apply to most environments Create a server group for each site location Designate a primary server for each server group Install Symantec Client Security server on a computer with a single NIC Select systems with low to moderate use for the Symantec Client Security primary server and any secondary servers Use name resolution throughout the networking environment WINS is required for the Discovery Service and one or more of the following services are also required DNS HOST or LMHOST NetBIOS is not recommended for name resolution Use a computer running Windows NT or Windows 2000 as a primary server About creating an installation plan Before you begin to install Symantec Client Security you should create an installation plan that addresses the following issues Which management tools do I need to install Which server installation methods will I use Which computers will I use as primary servers secondary servers and parent servers Which client
110. he computer or to the Windows NT domain to which the computer belongs and log on as administrator The Symantec Client Security server installation program launches a second installation program on the computer to create and start services and to modify the registry Preparing to install Symantec Client Security 63 Preparing for Symantec Client Security server installation If you do not want to provide users with administrative rights to their own computers use the NT Client Install tool to remotely install Symantec Client Security antivirus client to computers that are running supported Windows operating systems To run the NT Client Install tool you must have local administrative rights to the computers to which you are installing the program See Installing Symantec Client Security clients on page 137 Preparing for Symantec Client Security server installation To ensure a successful Symantec Client Security server rollout review the following considerations m Symantec Client Security server installation options m About required restarts m Locating servers across routers during installation m Verifying network access and privileges m Installation order for Citrix Metaframe on Terminal Server m Installing to NetWare servers m Terminal Server protection m Preventing user launched virus scans Symantec Client Security server installation options The computers on which you install Symantec Client Security server
111. he Symantec Client Security CD or the Symantec System Center Note When you are installing to NetWare log on to all of the NetWare servers before you start the installation To install to NetWare Directory Services NDS or bindery you need administrator or supervisor rights Start the server installation You can start the server installation from the Symantec Client Security CD or from the Symantec System Center Installing Symantec Client Security servers 121 Deploying the server installation across a network connection To start the installation from the CD 1 2 3 Insert the Symantec Client Security CD into the CD ROM drive b Symantec Client Security Ame 9s symantec Symantec Client Security Read This First Install Symantec Client Security Install Administrator Tools Browse CD In the Symantec Client Security panel click Install Symantec Client Security gt Deploy Symantec Client Security Server Continue the installation See Running the server setup program on page 122 To start the installation from the Symantec System Center 1 In the Symantec System Center in the left pane do one of the following m Click System Hierarchy m Under System Hierarchy select any object On the Tools menu click AV Server Rollout AV Server Rollout is available only if you selected the Server Rollout component when you installed the Symantec System Center This component is selected
112. he Symantec Client Security antivirus server See Uninstalling Symantec Client Security server on page 134 2 Run the server setup program See Running the server setup program on page 122 3 When prompted ensure that Alert Management System AMS72 is checked Uninstalling Symantec Client Security server You should uninstall Symantec Client Security servers and clients using the automatic uninstallation program that is provided by Symantec If a manual uninstallation is required see the support Knowledge Base on the Symantec Web site If a Symantec Client Security server is managing Symantec Client Security clients and you plan to uninstall and then reinstall the Symantec Client Security server software ensure that the computer to which you reinstall has the same Installing Symantec Client Security servers 135 Uninstalling Symantec Client Security server computer name and IP address If this information changes clients will not be able to locate their parent server If you don t plan to replace a Symantec Client Security server that is managing Symantec Client Security clients you should reassign any clients that are managed by the server before you uninstall the Symantec Client Security server software For more information see the Symantec Client Security Administrator s Guide Uninstall Symantec Client Security server You can uninstall Symantec Client Security server from computers running supported Mi
113. her threat information _http securityresponse symantec com and updates Product news and updates http enterprisesecurity symantec com Platinum Support Web access https www secure symantec com platinum 42 Introducing Symantec Client Security Where to get more information about Symantec Client Security Planning the installation This chapter includes the following topics Installation overview About Symantec System Center management components Server installation methods Client installation methods About administration tools Methods for updating virus definitions files Best practice Piloting Symantec Client Security in a lab setting Installation overview Before you can install Symantec Client Security you should plan appropriately Typical installation tasks To install a Symantec Client Security solution on your network you would typically perform the following steps Install the Symantec System Center and console components See About Symantec System Center management components on page 46 Install Symantec Client Security server If a Windows based network server is not used for administration tasks install the Symantec Client Security client program See Server installation methods on page 48 Designate the server as a primary server 44 Planning the installation Installation overview Install Symantec Client Security clients See Client installation methods on pa
114. hird parties per month and iii You may not charge or assess a fee for use of the Software for Your internal business C If the Software You have licensed is Symantec AntiVirus Corporate Edition You may not use the Software on or with devices on Your network running embedded operating systems specifically supporting network attached storage functionality without separately licensing a version of such Software specifically licensed for a specific type of network attached storage device under a License Module D If the Software You have licensed is Symantec Mail Security for a corresponding third party product or platform You may only use that Software for the corresponding product or platform You may only use the Software for the number of units e g desktops mailboxes nodes servers etc specified in the License Module E If the Software You have licensed is Symantec Client Security this Software utilizes the Standard Template Library a C library of container classes algorithms and iterators Copyright 1996 1999 Silicon Graphics Computer Systems Inc Copyright 1994 Hewlett Packard Company Sun Microsystems Inc Binary Code License Agreement READ THE TERMS OF THIS AGREEMENT AND ANY PROVIDED SUPPLEMENTAL LICENSE TERMS COLLECTIVELY AGREEMENT CAREFULLY BEFORE OPENING THE SOFTWARE MEDIA PACKAGE BY OPENING THE SOFTWARE MEDIA PACKAGE YOU AGREE TO THE TERMS OF THIS AGREEMENT IF YOU ARE ACCESSING THE S
115. ibution methods include the following m Runa logon script m Run from the client installation folder on the Symantec Client Security server m Download from an internal Web site m Run directly from the Symantec Client Security CD See Symantec Client Security client installation requirements on page 76 Installing Symantec Client Security clients 141 About Symantec Client Security client installation About the antivirus client configurations file If you want the client to report to a specific parent server you must do one of the following Copy the appropriate configurations file Grc dat to the antivirus client after it has been installed See Configuring clients using the configurations file on page 170 Install the client using the msi command line parameter that specifies the parent server See Windows Installer msi command line reference on page 173 Use Symantec Packager to create a custom installation package that contains both a Windows Installer package and the appropriate configurations file Customizing the Windows Installer installation packages using Symantec Packager is not supported Note Symantec Packager is included with this release of Symantec Client Security as an unsupported tool See Using Symantec Packager with Symantec Client Security pkgrinfo pdf in the Symantec Packager folder on the Symantec Client Security CD About the Symantec Client Security firewall compone
116. ient Security provides protection for clients with varying levels of network connectivity Client connectivity is classified as follows m Fully managed clients attach and log on to the network on a regular basis They are managed by the Symantec System Center console m Sometimes managed clients typically are mobile or telecommuting users who use a virtual private network VPN to connect to the network They share most of the characteristics of managed clients and are managed by the Symantec System Center console 37 38 Introducing Symantec Client Security What you can do with Symantec Client Security Lightly managed clients are typically mobile computers that do not connect to the network but have email They are configured outside of the Symantec System Center through a configurations file Gre dat Unmanaged clients do not connect to the network and have no parent server with which to communicate They use a configurations file during installation and are self managed Roaming clients are typically mobile computers that connect to a parent server while traveling They are managed using RoamAdmn exe and SavRoam exe Centrally manage and update security The Symantec System Center is a management framework used for controlling Symantec Client Security components solving problems and performing routine maintenance From the Symantec System Center you can do the following Discover computers that are running Symantec Cli
117. indows 9x setting applies only to Windows 98 Me antivirus clients Windows 95 is not supported The Windows NT setting applies to Windows NT 2000 XP 2003 antivirus clients To force an update of Symantec Client Security when the client next logs on check Force update during next login This option is useful if you are installing over an installation that is corrupt or missing files See How the Force update during next login option works on page 150 The Force update during next login option is unchecked after the update on the client is complete Click OK Continue setting options for logon scripts See Associating users with the logon script on page 150 150 Installing Symantec Client Security clients Setting up antivirus client installations using logon scripts How the Force update during next login option works Checking Force update during next login increments a counter under ClientNumber in Vp_login ini on the Symantec Client Security server When the client logs on it compares this value with the value in its registry under the following key HKEY_ LOCAL MACHINE Software Intel LanDesk VirusProtect6 CurrentVersion ClientNumber Each time that you check Force update during next login the value under ClientNumber in Vp_login ini increases If the value does not match the ClientNumber value on the client then the client is updated Associating users with the logon script On NetWare servers the serv
118. irus Server on the right then click Add fou can add more than one computer to an AntiVirus Server Click Finish to start the installation s Available Computers AntiVirus Servers 5 Albany B Accounting Albuquerque D Acct01 Alpena B A Engineering Anchorage g Eng01 Aram Add gt B Human Resources a Austin HROT E Baltimore lt Remove B Production A Baton Rouge 3 d dh Billings Import m Ftp fa Rirminnharm of lt Back Cancel Repeat steps 5 and 6 until all of the clients that you want to manage are added You can reinstall to computers that are already running Symantec Client Security You can also import a text file to add Windows NT based clients Do one of the following m Ifyou created a text file that contains IP addresses to import computers that are in non WINS environments continue to step 9 m Ifyou did not create a text file that contains IP addresses to import computers in non WINS environments continue to step 11 See Creating a text file with IP addresses to import on page 64 To import the list of computers click Import Lokin oe HE My Documents My Computer My Network Places Import Computer List File name import Computer List Files of type Text Files txt x Cancel Installing Symantec Client Security clients Deploying the client installation across
119. is component is selected for installation by default Continue the installation See Running the client setup program on page 145 Installing Symantec Client Security clients 145 Deploying the client installation across a network connection Running the client setup program The client setup program runs after you start the installation process See Starting the client installation on page 143 To run the client setup program 1 2 In the welcome panel click Next In the Select Install Source Location panel select the location from which you are deploying the client installation files After you have selected the location click Next Select Computers x Select an Available Computer on the left and an Antivirus Server on the right then click Add You can add more than one computer to an AntiVirus Server Click Finish to start the installations Available Computers AntiVirus Servers a Accounting B Aca a Engineering E Engo a Human Resources g Production ProdO1 o p A lt Back Cancel In the Select Computers panel under AntiVirus Servers select a computer to act as the parent server Under Available Computers expand Microsoft windows network and then select a computer 146 Installing Symantec Client Security clients Deploying the client installation across a network connection 6 7 Click Add Select an Available Computer on the left and an AntiV
120. ity CD distributing and executing the package See About Symantec Client Security server installation on page 116 Client installation methods You can install a Symantec Client Security client using any of the methods that are listed in Table 2 3 You can use any combination of methods that suits your network environment Table 2 3 Planning the installation 49 Client installation methods Client installation methods Push You can push a Symantec Client Security client installation directly from the Symantec Client Security CD This method lets you install clients on computers running supported Microsoft Windows operating systems without giving users administrative rights to their computers No preparation is necessary Logon script You can fully automate client installations and updates by using logon scripts m Use the Symantec System Center to set logon script options m Use your network administration tools to associate users with the logon script From a server You can run a Symantec Client Security antivirus client installation package from the Symantec Client Security server that you want to act as a parent server m Install Symantec Client Security server m Have users map a drive to the VPHOME clt inst WIN32 share on Symantec Client Security server to ensure a successful installation Web Users download a client installation package m Ensure that the Web server meet
121. kage is opened the server installation starts To place the installation package in a location from which it can be run 1 On the Symantec Client Security CD copy the contents of the Rollout AVServer folder to the location that you want 2 Distribute the Windows Installer files using your preferred deployment method 3 Run the installation program Setup exe 134 Installing Symantec Client Security servers Manually installing AMS server Manually installing AMS server You can manually install AMS server to computers to which you ve already installed Symantec Client Security server Manually install AMS server The installation methods for AMS are different for Windows NT based computers and NetWare servers Note To avoid losing valuable information when you uninstall Symantec Client Security from a primary server running under NetWare first demote the primary server from which you are uninstalling to secondary status and then promote a new server to primary status For more information on selecting primary servers see the Symantec Client Security Administrator s Guide To manually install AMS server to Windows NT 2000 XP 2003 computers 1 Insert the Symantec Client Security CD into the CD ROM drive 2 Run the Setup exe program which is located in the following directory Rollout AVServer Ams2 Winnt 3 Follow the on screen instructions To manually install AMS server to NetWare servers 1 Uninstall t
122. lation from the Symantec System Center Windows Installer You can create and deploy an installation m Create a custom msi installation msi deployment package using tools that are compatible with package using the components and Windows Installer Symantec Client Security options specific to Symantec Client uses Windows Installer technology for all client Security and server installations See Windows Installer msi Symantec Client Security utilizes the standard command line reference on Windows Installer deployment options page 173 provided by Microsoft To use this method you Determine a method for must be familiar with creating and deploying distributing and executing the Windows Installer programs package Self extracting You can create a package with Symantec m Create a custom Symantec Client executable Packager that includes a preconfigured Security server installation Windows Installer package or set of packages package if desired m Determine a method for Customizing the Windows Installer installation packages using Symantec Packager is not supported Distribute and execute a package to install Symantec Client Security directly onto a computer Note Symantec Packager is included with this release of Symantec Client Security as an unsupported tool For more information see Using Symantec Packager with Symantec Client Security pkgrinfo pdf in the Symantec Packager folder on the Symantec Client Secur
123. lation program cannot complete the Symantec Client Security server installation If you log on to a Windows NT 2000 domain and are put into a regular domain group without administrator rights over the local computer you cannot install To reestablish the credential with the local computer Atthe command prompt type the following net use machinename ipc user username password Use this command to install if you are a local administrator with a different password than the domain administrator 66 Preparing to install Symantec Client Security Preparing for Symantec Client Security server installation The rights that you need to install to server and client computers depend on the server platform and version How to deploy to a target computer without granting administrator privileges You can deploy an installation that does not require administrator privileges using the Microsoft Management Console Symantec Client Security client and server installations are Windows Installer packages which means that you can use elevated privilege settings to enable installation on a target computer without granting administrator privileges For more information on enabling elevated privileges during installation for Windows Installer components see the Microsoft Management Console documentation Installation order for Citrix Metaframe on Terminal Server Symantec Client Security does not support drive remapping for Citrix Metaframe If y
124. le click the Web server icon to open it Right click Default Web Site and then click New gt Virtual Directory To begin the Virtual Directory Creation Wizard click Next In the Alias text box type a name for the virtual directory for example ClientInstall and then click Next Type the location of the installation folder for example C Client Webinst and then click Next The default location is C Program Files SAV CLT INST WEBINST For access permissions check Read only and then click Next Right click the new virtual directory and then click Properties In the Properties window on the Virtual Directory tab change the Execute Permissions to None and then click OK 10 Tocomplete the virtual directory creation do one of the following m IIS 4 0 Click Finish m IIS 5 0 Click Next and then click Finish To configure Apache Web Server 1 In a text editor open Srm conf The Srm conf file is installed by default under C Program Files Apache Group Apache conf Type the following five lines at the end of the Srm conf file DirectoryIndex default htm lt VirtualHost 111 111 111 111 gt ServerName machinename DocumentRoot C Client Webinst lt VirtualHost gt For the VirtualHost Replace 111 111 111 111 with the IP address of the computer on which Apache HTTP Server is installed Installing Symantec Client Security clients 157 Deploying installation packages using Web based deployment For ServerN
125. led a disk replacement set or an upgraded version Upon upgrading the Software all copies of the prior version must be destroyed E use a later version of the Software than is provided herewith unless You have purchased corresponding maintenance and or upgrade insurance or have otherwise separately acquired the right to use such later version F use if You received the software distributed on media containing multiple Symantec products any Symantec software on the media for which You have not received permission in a License Module nor G use the Software in any manner not authorized by this license 2 Content Updates Certain Software utilize content that is updated from time to time including but not limited to the following Software antivirus software utilize updated virus definitions content filtering software utilize updated URL lists some firewall software utilize updated firewall rules and vulnerability assessment products utilize updated vulnerability data these updates are collectively referred to as Content Updates You shall have the right to obtain Content Updates for any period for which You have purchased maintenance except for those Content Updates that Symantec elects to make available by separate paid subscription or for any period for which You have otherwise separately acquired the right to obtain Content Updates Symantec reserves the right to designate specified Content Updates as requiring purcha
126. lient Security antivirus servers server groups or clients You can specify a time range in which to filter the data that appears in the report For example you might want to view only those scans that ran within the last seven days For more complex reports you can export the data as a comma delimited file for use with a third party reporting tool Introducing Symantec Client Security 41 Where to get more information about Symantec Client Security Where to get more information about Symantec Client Security Sources of information on using Symantec Client Security include the following m Symantec Client Security Administrator s Guide m Symantec Client Security Reference Guide m Symantec Client Security Client Guide m LiveUpdate Administrator s Guide m Symantec Central Quarantine Administrator s Guide m Online Help that contains all of the content found in the above guides and more The primary documentation is available in the Docs folder on the Symantec Client Security CD Some individual component folders contain component specific documentation Updates to the documentation are available from the Symantec Technical Support and Platinum Support Web sites Additional information is available from the Symantec Web sites listed in Table 1 4 Table 1 4 Symantec Web sites Public Knowledge Base http www symantec com techsupp enterprise Releases and updates Manuals and documentation Contact options Virus and ot
127. lient Security products with Exchange servers see the Symantec Knowledge Base About Internet email support Symantec Client Security protects both incoming and outgoing email messages that use the POP3 or SMTP communications protocol When Auto Protect scanning for Internet email is enabled Symantec Client Security scans both the body text of the email and any attachments that are included If you do not want to install the extra layer of protection provided by Internet email support you can deselect the Internet email scanning component during installation Note If your network is configured to use non standard ports for the POP3 or SMTP protocols after you have installed Symantec Client Security you must configure the POP3 or SMTP ports that Symantec Client Security scans to match the ports that you are using for these protocols on your network For more information see the Symantec Client Security Administrator s Guide Symantec Client Security also provides outbound email heuristics scanning which uses Bloodhound Virus Detection to identify threats that may be contained in outgoing messages Scanning outgoing email messages helps to prevent the spread of threats such as worms that can use email clients to replicate and distribute themselves across a network Email scanning does not support the following email clients m IMAP clients m AOL clients 72 Preparing to install Symantec Client Security Installation requirem
128. lling 134 snap in requirements 74 antivirus clients copying the configurations file to 171 installation locally 161 managed clients 165 running setup 145 starting 143 using logon scripts 148 packages and configuration files 141 requirements 76 77 antivirus protection about 19 snap in requirements 74 Apache Web Server configuring 156 AppSec 69 automatic startup NLMs 66 services 128 Vpstart nlm 128 Auto Protect scans 40 AV Server Rollout tool about 47 installing with the Symantec System Center 96 blended threats about 19 protection against 34 c Central Quarantine about 21 forwarding files to 36 installing 104 polling 55 server 53 Citrix Metaframe 66 clients configuring using the configurations file 170 evaluating components 58 fully managed 28 51 installation about 138 automatic from NetWare servers 168 post installation tasks 169 preparing for 70 requirements 76 toclients 62 managing based on connectivity 37 51 roaming 52 rolling out using third party products 166 sometimes managed 51 unmanaged 52 communication between antivirus server and client 29 during Discovery 29 for roaming clients 31 for status information 30 for virus definitions updates 30 computers selecting for installation 124 configurations file configuring clients with 170 copying to the antivirus client 171 managing clients with 52 obtaining 171 186 Index connectivity and managing clients 37 51 custom scans 36 D deployment
129. lowing m Associate the Application Object to an Organization Unit group of users or individual users m When you set system requirements select the operating system that matches the location of the Symantec Client Security installation files on the server m Set the Application Object installation style For example select Show Distribution Progress or Prompt User For Reboot If Needed After the preparation is completed ZENworks pushes the Application Object to the client and launches the setup program when the client logs on Nothing is required on the client side 168 Installing Symantec Client Security clients Configuring automatic client installations from NetWare servers without the Symantec System Center Configuring automatic client installations from NetWare servers without the Symantec System Center If you have a Novell NetWare server but no Windows NT workstations on which to run the Symantec System Center you can configure Symantec Client Security to install automatically on your Windows clients To do this complete the following tasks Install Symantec Client Security on your NetWare server See Installing to NetWare servers on page 66 Configure automatic installations of Symantec Client Security clients on computers running supported Microsoft Windows operating systems To configure automatic client installations from NetWare servers 1 o N OO UU A W N 10 11 12 Add users to the S
130. mantec AntiVirus snap in installing with the Symantec System Center 95 Symantec Client Firewall Administrator installing 101 Symantec Client Firewall snap in installing with the Symantec System Center 96 Symantec Client Security about 19 how it works 22 Terminal Server protection 68 testing in a lab setting 56 Symantec Packager deployment tool 34 Symantec Security Response 32 33 Symantec System Center about 20 46 and snap in requirements 73 how it works 26 installing 95 Microsoft Management Console requirement 40 system requirements about 72 AMS snap in 74 antivirus clients 76 77 AV Server Rollout tool 74 clients 76 Microsoft Windows 74 Novell NetWare 75 NT Client Install tool 74 protocols 72 Quarantine Console 73 servers 74 Symantec AntiVirus snap in 74 Symantec Client Firewall snap in 74 Symantec System Center 73 T Terminal Server about 68 installation order 66 limitations 68 viewing from the console 68 third party products using for rollout 166 trackware 36 U UDP 30 uninstallation antivirus clients 172 management components 114 server 134 Symantec Client Security clients 172 Symantec System Center 114 User Datagram Protocol See UDP V Virus Definition Transport Method 30 54 virus definitions communication for updates 30 methods for updating 54 server client communication 29 viruses about protection 19 35 and the Digital Immune System 32 creating a test file 58 responding to 37 sca
131. manual may be trademarks or registered trademarks of their respective companies and are hereby acknowledged Printed in the United States of America 10 9 8 765 43 2 1 Technical support As part of Symantec Security Response the Symantec global Technical Support group maintains support centers throughout the world The Technical Support group s primary role is to respond to specific questions on product feature function installation and configuration as well as to author content for our Web accessible Knowledge Base The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion For example the Technical Support group works with Product Engineering as well as Symantec Security Response to provide Alerting Services and Virus Definition Updates for virus outbreaks and security alerts Symantec technical support offerings include m A range of support options that give you the flexibility to select the right amount of service for any size organization m Telephone and Web support components that provide rapid response and up to the minute information m Upgrade insurance that delivers automatic software upgrade protection m Content Updates for virus definitions and security signatures that ensure the highest level of protection m Global support from Symantec Security Response experts which is available 24 hours a day 7 days a week worldwide in a va
132. manual uninstallation is required see the support Knowledge Base on the Symantec Web site You can uninstall Symantec Client Security client from Windows computers Note During the uninstallation Windows may indicate that it is installing software This is a general Microsoft message that can be ignored To uninstall the client 1 On the Windows taskbar click Start gt Settings gt Control Panel 2 Inthe Control Panel window double click Add Remove Programs 3 Inthe Add Remove Programs dialog box click Symantec Client Security Client 4 Click Remove Note You must restart the computer before you reinstall the client Appendix Windows Installer msi command line reference This chapter includes the following topics Installing Symantec Client Security using command line parameters Windows Installer commands Symantec Client Security properties Symantec Client Security features Using the log file to check for errors Command line examples Installing Symantec Client Security using command line parameters The Symantec Client Security client installation programs utilize Windows Installer msi packages for installation and deployment If you are using the command line to install or deploy an installation package you can use the standard Windows Installer switches and Symantec specific parameters to customize the installation For the most up to date list of Symantec installation commands and par
133. mobile computers that m RoamAdmn exe dynamically connect to a parent server while traveling m SavRoam exe These clients use Roaming Client Support which detects the new location and reassigns the user s laptop to the best parent server Roaming Client Support also lets you balance the load among a pool of servers that are equal in connection speed and proximity based on the client load on the computers About administration tools If you plan to implement a security solution that includes for example a Central Quarantine Server or an internal LiveUpdate server you need to install the appropriate administrator tools Planning the installation 53 About administration tools Table 2 5 lists and describes the administration tools Table 2 5 Administration tools Quarantine Console snap in Lets you manage the Central Quarantine Server from the Symantec System Center Install on the computer on which the Symantec System Center is installed Central Quarantine Server Allows antivirus clients to automatically forward infected items to the Central Quarantine where they can be submitted to Symantec Security Response by email or the Internet for analysis If a new virus is identified updated virus definitions are returned to the submitting computer For more information see the Symantec Central Quarantine Administrator s Guide m Install on the computer on which you want to run the Central Quarantine Ser
134. moved to the specified Download Directory The Download Directory can be any directory on your server Under Languages of Updates select the language for downloaded packages Under Symantec Product Line check the Symantec product lines for which you want to receive packages You can select individual product components to update but you risk missing other available updates For example new virus definitions files for Symantec Client Security might require an engine update that is also available for download Because all installed Symantec products that use LiveUpdate now point to your intranet server it is safer to download full product lines rather than individual products 113 114 Installing Symantec Client Security management components Where to find Symantec VPN Sentry installation instructions Where to find Symantec VPN Sentry installation instructions Vendor specific Symantec VPN Sentry installation packages and documentation are located on the Symantec Client Security CD in the SymSentry folder Uninstalling Symantec Client Security management components You can uninstall all of the Symantec Client Security management components using Add Remove Programs in the Control Panel on the local computer You can also uninstall only the Symantec System Center Uninstalling the Symantec System Center When you uninstall the Symantec System Center all of its components including snap ins are also uninstalled
135. n the configurations file See Obtaining the configurations file on page 171 m Copy the configurations file to the antivirus client See Copying the configurations file to the antivirus client on page 171 Installing Symantec Client Security clients 171 Configuring clients using the configurations file Obtaining the configurations file The configurations file Grc dat contains the name of the server that you want to act as the parent server If you copy the file from the server that you want to act as the parent server you will distribute all of the client settings for that server Obtain the configurations file You can copy the configurations file from a server or create a configurations file with the name of the parent server To copy the configurations file from a server 1 Open Network Neighborhood or My Network Places 2 Locate and double click the computer that you want to act as the parent server Symantec Client Security server must be installed on the computer that you select 3 Open the VPHOME CIt inst Win32 folder 4 Copy Grc dat to the desired location To create a configurations file with the name of a parent server 1 Inatext editor open a Grc dat file You can find a minimal version of the configurations file on the Symantec Client Security CD in the Sample Tools folder 2 Search for the following line PARENT 3 Type the letter S and the name of your server as follows PARENT S lt Serve
136. nal objects until you reach the organizational unit that contains the SYS volume object Click Add If you are installing to NDS you are prompted to type a container user name and password If you type an incorrect user name or password the installation will continue normally However when you attempt to start Symantec Client Security on the NetWare server you will receive an authentication error and be prompted for the correct user name and password Repeat steps 1 through 4 until the volumes for all of the servers that you are installing to are added under AntiVirus Servers Select any Windows computers to which to install See To manually select Windows computers on page 124 See To import a list of Windows NT 2000 XP 2003 computers on page 124 Continue the installation See Completing the server installation on page 127 Installing Symantec Client Security servers 127 Deploying the server installation across a network connection Completing the server installation After you have selected the computers to which you want to install you can complete the installation All of the computers are added to the same server group but you can create new server groups and move servers to them in the Symantec System Center To complete the server installation 1 Inthe Select Computers panel click Finish Server Summary xi Setup will install Symantec AntiVirus to the following computers To change destina
137. nction properly To resolve connectivity problems without losing the service s self tuning capability you can lower the AutoDisconnect time by changing the AutoDisconnect time registry key For more information see the Microsoft Knowledge Base 58 Planning the installation Best practice Piloting Symantec Client Security in a lab setting Testing Symantec Client Security server installations After you have installed Symantec Client Security servers complete the following tasks m Configure the different scans for maximum protection all files all drives and so on m Test virus definitions file downloads and server to server updates m Create a virus test file not a real virus to see how the virus detecting mechanisms work without introducing a real virus on your computer See Obtaining a virus test file on page 58 m Let scheduled scans and other automated functions run for several days m Verify that the Symantec System Center can view servers on both sides of routers See Required protocols on page 72 m Verify that log files and reports accurately reflect the expected data Obtaining a virus test file You can verify virus detection logging and alert functionality by obtaining a virus test file from the following Web site http www eicar org From the Web site you can download the eicar com file This file is not a virus but it will be detected as the eicar com or similar virus You must dis
138. nd respectively ICC INCOTERMS 2000 This Agreement may only be modified by a License Module that accompanies this license or by a written document that has been signed by both You and Symantec Should You have any questions concerning this Agreement or if You desire to contact Symantec for any reason please write to i Symantec Customer Service 555 International Way Springfield OR 97477 U S A ii Symantec Customer Service Center PO BOX 5689 Dublin 15 Ireland or iii Symantec Customer Service 1 Julius Ave North Ryde NSW 2113 Australia 8 Additional Uses and Restrictions A If the Software You have licensed is a specified Symantec AntiVirus for a third party product or platform You may only use that specified Software with the corresponding product or platform You may not allow any computer to access the Software other than a computer using the specified product or platform In the event that You wish to use the Software with a certain product or platform for which there is no specified Software You may use Symantec AntiVirus Scan Engine B If the Software you have licensed is Symantec AntiVirus utilizing Web Server optional licensing as set forth in the License Module the following additional use s and restriction s apply i You may use the Software only with files that are received from third parties through a web server ii You may use the Software only with files received from less than 10 000 unique t
139. ndary servers forward to primary servers POP3 and SMTP Internet email scanning Lets you configure Symantec Client Security clients to scan email body text and attachments that are transported using the POP3 or SMTP protocols The ports that are scanned for POP3 and SMTP traffic are fully configurable Outbound email heuristics scanning Helps you identify threats that may be contained in outgoing email messages using Bloodhound Virus Detection heuristics Scanning outgoing email messages helps to prevent the spread of threats such as worms that can use email clients to replicate and distribute themselves across a network Alert Assistant Helps you understand alerts and potential security issues Log Viewer Improved version helps you see all of the actions that Symantec Client Security firewall client takes to protect your computer Privacy Control Enhanced version blocks private information in Web browsers email messages and instant messages Location Awareness Lets you implement specific sets of rules and zones based on the network access point used to connect to the Internet Introducing Symantec Client Security 25 How Symantec Client Security works Table 1 2 New features in Symantec Client Security Secure Port Secures the ports defined in Trojan horse rules so completely that traffic destined for these ports both inbound and outbound never triggers firewall rulebase inspec
140. ng enabled computer starts it examines its list of roaming parents and measures the access time for each parent The client selects the best parent based on access time number of computers that are managed by that parent and ranking within the server list The Symantec Client Security service periodically verifies that the connection is still active and that it is still the best available connection based on the list of servers How alerting works Alert Management System AMS provides a centralized alerting capability when you manage Symantec Client Security To manage alerting for the firewall client you must use Symantec Enterprise Security alerting AMS alerting The AMS console is a Symantec System Center component that supports alerts from computers that are running AMS server and client AMS can process notifications that are generated by Symantec Client Security servers and antivirus clients through the following alert methods m Message Box m Broadcast m Send Internet Mail 32 Introducing Symantec Client Security How Symantec Client Security works m Send Page m Run Program m Write to Windows NT Event Log m Send SNMP Trap m Load an NLM AMS server is installed by default when the Symantec Client Security server program is installed using the AV Server Rollout tool Managed antivirus clients do not require AMS client to generate alerts When you install an unmanaged Symantec Client Security client
141. nning for 35 Ww Web server configuring 155 configuring Apache 156 copying installation files to 154 installing 154 setting up installation 154 Web based deployment about 152 deploying installation packages using 152 requirements for 153 testing packages 160 Windows NT based computers protecting the registry key on 169 workstation limitations 57 Windows Server 2003 74 76 Windows XP firewall disabling 91 142 wizard LiveUpdate 119 165 Index 189
142. ns Server migration Client migration Existing LiveUpdate server migration Migration overview Symantec Client Security provides a seamless upgrade from earlier versions of Symantec antivirus and firewall products which helps to minimize risk and continually increase the quality of security tools available to administrators The Symantec Client Security client and server installation programs use Microsoft Windows Installer msi technology which provides flexibility a smaller deployment size in field patching and a variety of deployment options for migrating from earlier versions of Symantec products to the current version 80 Migrating to the current version of Symantec Client Security Migration overview Steps to migrating your network to the current version of Symantec Client Security Upgrading to the current version of Symantec Client Security is a multi step process The steps should include the following m Create a migration plan Before you begin rolling out the Symantec Client Security client server and administration upgrades you should have a solid understanding of your network topology and a streamlined plan to maximize the protection of the resources on your network during the upgrade Migrating your entire network to the current version as opposed to managing multiple versions of Symantec Client Security is strongly recommended See Creating migration plans on page 83 m Upgrade the Symantec System Cent
143. nst Win32 shared folder on the Windows NT based computer that is running the antivirus server that you want to act as the parent server m The Server Sys Sav Clt inst Win32 shared folder on the NetWare Server that is running the antivirus server that you want to act as the parent server 4 Ensure that the default document for the virtual directory is Default htm When you are finished the folder structure on the Web server will look as follows note that all files are case sensitive m Deploy Webinst brnotsup htm default htm intro htm logo jpg oscheck htm plnotsup htm readme htm start htm webinst cab m Deploy Webinst Webinst m files ini m The installation package for example Package msi Configuring the Web server You must configure the Web server to create a virtual directory Configure the Web server You can configure Internet Information Server or Apache Web Server 156 Installing Symantec Client Security clients Deploying installation packages using Web based deployment To configure Internet Information Server 1 uo F amp F U N To launch Internet Services Manager do one of the following m IIS version 4 0 On the Windows taskbar click Start gt Programs gt Windows NT 4 0 Option Pack gt Microsoft Internet Information Server gt Internet Services Manager m IIS version 5 0 On the Windows taskbar click Start gt Programs gt Administrative Tools gt Internet Services Manager Doub
144. nt system requirements All computers on your network that are part of your migration plan should be evaluated with regard to the system requirements specified for the upgraded version of Symantec Client Security See Installation requirements on page 72 Pilot your installation first Do a small scale installation to identify issues that are likely to occur in the larger migration For instance if a particular software configuration that is prevalent in your organization causes problems with the installation or operation of the client the pilot should expose it A good pilot candidate is the IS or support department These departments usually have advanced users who will need to be familiar with the client at the start of the installation Minimize unprotected clients If the migration entails the removal of existing antivirus software there will be a short period of time when some clients are unprotected You can minimize your exposure by staging the migration and by trying to roll out as soon as possible after the previous antivirus software removal Also make sure that all of your servers including GroupWare servers are protected during this period This will keep incidents isolated to a single computer 84 Migrating to the current version of Symantec Client Security Creating migration plans Best Practice Organize your clients into logical client groups to employ a multi tiered rollout When you are upgrading the cli
145. ntine submissions from clients and then click Next Symantec AntiVirus Central Quarantine InstallShield Wizard Contact Information Please enter information below i ee In the Contact Information panel type your company name your Symantec contact ID account number and contact information and then click Next Symantec AntiVirus Central Quarantine InstallShield Wizard Web Communication Please enter information below 110 Installing Symantec Client Security management components Installing the Central Quarantine 10 Inthe Web Communication panel change the gateway address if necessary and then click Next By default the Gateway Name field is filled in with the gateway address iz Symantec AntiVirus Central Quarantine InstallShield Wizard Alerts Configuration Please provide information below 11 Inthe Alerts Configuration panel check Enable Alerts to use AMS type the name of your AMS server and then click Next You can leave this blank if no AMS server is installed i Symantec AntiVirus Central Quarantine InstallShield Wizard Ready to Install the Program The wizard is ready to begin installation Installing Symantec Client Security management components 111 Installing and configuring the LiveUpdate Administration Utility 12 Inthe Ready to Install the Program panel click Install and then follow the on screen prompts to complete the ins
146. nts installation The Symantec Client Security client installation program triggers the uninstallation of the following firewall products Symantec Client Security all versions Symantec Client Firewall 5 0 5 1 Norton Personal Firewall 2003 Symantec Desktop Firewall 2003 You must manually uninstall all other versions before installing Symantec Client Security firewall client including Norton Personal Firewall version 2004 Quit all other Windows programs before installing Symantec Client Security firewall client Other active programs may interfere with the installation and reduce your protection Note Installing Symantec Client Security firewall client without Symantec Client Security antivirus client is not supported 142 Installing Symantec Client Security clients Installing the Symantec Client Security antivirus client stand alone program Disabling the Windows XP firewall Windows XP includes a firewall that can interfere with Symantec Client Security firewall client protection features You must disable the Windows XP firewall before installing Symantec Client Security firewall client To disable the Windows XP firewall 1 On the Windows XP taskbar click Start gt Settings gt Control Panel 2 Inthe Control Panel window double click Network Connections 3 Inthe Network Connections window right click the active connection and then click Properties 4 Onthe Advanced tab in the Internet Connection Firewall secti
147. nts locally In the Symantec Client Security panel click Install Symantec Client Security gt Install Symantec Client Security i Symantec Client Security InstallShield Wizard xj Welcome to the InstallShield Wizard for Symantec Client Security The InstallShield R Wizard will install Symantec Client Security on your computer To continue click Next WARNING This program is protected by copyright law and international treaties In the welcome panel click Next Symantec Client Security InstallShield Wizard License Agreement Please read the following license agreement carefully symantec SYMANTEC SOFTWARE LICENSE AGREEMENT ENTERPRISE ANTIVIRUS SOFTWARE THIS LICENSE AGREEMENT SUPERSEDES THE LICENSE AGREEMENT CONTAINED IN THE SOFTWARE INSTALLATION AND DOCUMENTATION SYMANTEC CORPORATION AND OR ITS SUBSIDIARIES SYMANTEC IS WILLING TO LICENSE THE SOFTWARE TO YOU AS AN INDIVIDUAL THE COMPANY OR THE LEGAL ENTITY THAT WILL BE UTILIZING THE SOFTWARE REFERENCED BELOW AS YOU OR YOUR ONLY ON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS OF THIS LICENSE AGREEMENT READ THE xl 1 do not accept the terms in the license agreement Installshield In the License Agreement panel click I accept the terms in the license agreement and then click Next 163 164 Installing Symantec Client Security clients Installing Symantec Client Security clients locally 7 8
148. o either of the following m Install Central Quarantine m Use the AMS console If you want to install other components first you can skip the restart Click Finish Installing Symantec Client Security management components 101 Installing Symantec Client Firewall Administrator Installing Symantec Client Firewall Administrator Symantec Client Firewall Administrator is installed directly from the Symantec Client Security CD To install Symantec Client Firewall Administrator 1 Insert the Symantec Client Security CD into the CD ROM drive gt Symantec Client Security lol x b symantec Symantec Client Security CJ i Install Administrator Tools If your computer is not set to automatically run a CD you must manually run Setup exe 102 Installing Symantec Client Security management components Installing Symantec Client Firewall Administrator 2 Inthe Symantec Client Security panel click Install Administrator Tools gt Install Symantec Client Firewall Administrator fe Symantec Client Firewall Administrator InstallShield Wizard Ss symantec Welcome to the InstallShield Wizard for Symantec Client Firewall Administrator Symantec Client Firewall administrator The InstallShield R Wizard will install Symantec Client Firewall Administrator on your computer To continue click Next WARNING This program is protected by copyright law and international treaties 3 Inthe welcome
149. o the bindery Network Destination computers Microsoft windows network Idtest91 lt __ lt Remove tel Continue the installation See Selecting computers to which you want to install on page 124 124 Installing Symantec Client Security servers Deploying the server installation across a network connection Selecting computers to which you want to install You can install to one or more computers In a WINS environment you can view the computers to which you can install If you are installing in a non WINS environment you must select computers by importing a text file that contains the IP addresses of the computers to which you want to install You can use the same import method in a WINS environment When you install to NDS the computer that is performing the installation must use the Novell Client for NetWare If you encounter problems installing to a bindery server with the Microsoft Client for NetWare install the Novell Client for NetWare and try again Note The Import feature is designed for use with Windows NT based computers only It is not intended for use with NetWare Select computers to which you want to install You can select Windows or NetWare computers manually or import a list of computers To manually select Windows computers 1 Inthe Select Computers panel under Network expand Microsoft windows network 2 Select a server on which to install and then click Add 3 Repea
150. o the clients with this file along with the identification of the parent server When clients are migrated from earlier versions of Symantec Client Security the folder to which that version is installed is used Note When migrating to the current version of Symantec Client Security migrate servers before you migrate clients Windows NT 2000 XP 2003 client migrations There are several recommended methods for migrating Windows NT based clients as follows m Use a logon script If this method is used the users will need to have local administrator rights to the Windows computer with which they are logging on m Use the NT Client Install tool The NT Client Install tool removes the necessity of users having local administrator rights and logging on The administrator running the NT Client Install tool must have administrator rights to the domain to which the client computers belong You can run the NT Client Install tool from the Symantec System Center console Use the Tools menu and click NT Client Install or run Ntremote exe directly from the Rollout NTClient folder on the Symantec Client Security CD m Have users execute Setup exe or Setup exe s v qn for a silent installation directly from the Vphome Clt inst Win32 folder on their assigned parent server If this method is used the users need to have local administrator rights to the computer to which they are installing In each case automatic migration from earlier ver
151. ole When you install the AMS console you System Center console is installed can configure alert actions for Symantec Install the AMS service to one or more Client Security servers that have the primary servers on which Symantec AMS service installed When a problem Client Security server is installed occurs AMS can send alerts through a m If you choose not to install AMS you pager an email message and other can use the notification and logging means mechanisms that are available from the Symantec System Center m Ifyou plan to implement Symantec Enterprise Security alerting instead of AMS2 you do not need to install AMS2 Symantec AntiVirus snap in About Symantec System Center management components Planning the installation 47 Table 2 1 Symantec System Center management components This management snap in for the Symantec System Center lets you manage Symantec Client Security on workstations and network servers Install this component to do the following from the Symantec System Center m Setup and administer Symantec Client Security server and client groups m Manage antivirus protection on computers that are running Symantec Client Security m Configure groups of computers that are running Symantec Client Security m Manage events m Configure alerts m Perform remote operations such as virus scans and virus definitions files updates Symantec Client Firewall snap in This
152. on uncheck Protect my computer and network by limiting or preventing access to this computer from the Internet 5 Toclose the settings window click OK Installing the Symantec Client Security antivirus client stand alone program The Symantec Client Security installation process installs both the antivirus and firewall software However in some instances you may want to install the Symantec Client Security antivirus client without firewall support such as when using a third party firewall product The Symantec Client Security antivirus client installation is a Windows Installer package that supports the full range of installation and deployment options available for the default installation To install the Symantec Client Security antivirus client stand alone program 1 Doone of the following m For installation on a 32 bit computer in the root of the CD in the SAV folder run Setup exe m For installation on a 64 bit computer run Setup exe from the SAVWIN64 folder Follow the on screen instructions Warning If the 32 bit version of Setup exe is run on a 64 bit computer the installation may fail without notification For 64 bit installations run Setup exe from the SAVWIN64 folder in the root of the CD 2 Inthe welcome panel click Next 3 Follow the on screen instructions Installing Symantec Client Security clients 143 Deploying the client installation across a network connection During the installation you
153. on the U S Department of Treasury s lists of Specially Designated Nationals Specially Designated Narcotics Traffickers or Specially Designated Terrorists Furthermore Licensee agrees not to export or re export Symantec products to any military entity not approved under the EAR or to any other entity for any military purpose nor will it sell any Symantec product for use in connection with chemical biological or nuclear weapons or missiles capable of delivering such weapons 7 General If You are located in North America or Latin America this Agreement will be governed by the laws of the State of California United States of America Otherwise this Agreement will be governed by the laws of England and Wales This Agreement and any related License Module is the entire agreement between You and Symantec relating to the Software and i supersedes all prior or contemporaneous oral or written communications proposals and representations with respect to its subject matter and ii prevails over any conflicting or additional terms of any quote order acknowledgment or similar communications between the parties This Agreement shall terminate upon Your breach of any term contained herein and You shall cease use of and destroy all copies of the Software The disclaimers of warranties and damages and limitations on liability shall survive termination Software and documentation is delivered Ex Works California U S A or Dublin Irela
154. onents Installing the Symantec System Center 4 In the License Agreement panel click I accept the terms in the license agreement and then click Next Symantec System Center InstallShield Wizard xj Select Components Please select from the list below symantec To install a component click the check box next to it If the check box is empty that component will not be installed I Symantec m Genter Files required IV Alert Management System Console JV Symantec Antivirus Snap In JV Symantec Client Firewall Snap In JV AY Server Rollout Tool JV NT Client Install Tool Installshield Cancel If Microsoft Management Console version 1 2 is not installed on the computer a message indicates that you must allow it to install In the Select Components panel check any of the following components that you want to install Alert Management System Console Symantec AntiVirus Snap In Symantec Client Firewall Snap In AV Server Rollout Tool NT Client Install Tool If these components are not present on the computer all of them will be checked automatically 6 7 Installing Symantec Client Security management components Installing the Symantec System Center Click Next ie Symantec System Center InstallShield Wizard Destination Folder Click Next to install to this folder or click Change to symantec install to a different folder Ee The wizard will install the Files For Symante
155. onsistent with 48 C F R section 12 212 48 C F R section 252 227 7015 48 C F R section 227 7202 through 227 7202 4 48 C F R section 52 227 14 and other relevant sections of the Code of Federal Regulations as applicable Symantec s computer software and computer software documentation are licensed to United States Government end users with only those rights as granted to all other end users according to the terms and conditions contained in this license agreement Manufacturer is Symantec Corporation 20330 Stevens Creek Blvd Cupertino CA 95014 United States of America 6 Export Regulation Certain Symantec products are subject to export controls by the U S Department of Commerce DOC under the Export Administration Regulations EAR see www bxa doc gov Violation of U S law is strictly prohibited You agree to comply with the requirements of the EAR and all applicable international national state regional and local laws and regulations including any applicable import and use restrictions Symantec products are currently prohibited for export or re export to Cuba North Korea Iran Iraq Libya Syria and Sudan or to any country subject to applicable trade sanctions Licensee agrees not to export or re export directly or indirectly any product to any country outlined in the EAR nor to any person or entity on the DOC Denied Persons Entities and Unverified Lists the U S Department of State s Debarred List or
156. ou include the Microsoft Exchange Auto Protect email component NotesSnapin Lets you include the Lotus Notes Auto Protect email component Pop3Smtp Lets you include the Internet Email Auto Protect component QClient Lets you include the Symantec Quarantine client Symantec Client Security firewall client features Table A 7 describes the features that are configurable for the Symantec Client Security firewall client components Installing firewall client components without the required antivirus client components is not supported Table A 7 Symantec Client Security firewall client features SCFMain Specifies the basic Symantec Client Security firewall client files This feature is required SCFHelp Lets you include Symantec Client Security firewall client Help files AdBlocking Lets you include AdBlocking components AntiSpam Lets you include the AntiSpam components Using the log file to check for errors The Windows Installer creates a log file that can be used to verify whether or not an installation was successful list the components that were successfully installed and provide a variety of further details related to the installation package The log file can be used as an effective tool to troubleshoot an installation package that fails If the installation is successful the log file includes a success entry near the end If the installation is not successful an entry is created that indicates that the installation faile
157. ou plan to use Citrix Metaframe and remap your drives complete the following tasks in the order in which they are listed m Install Citrix Metaframe m Remap the drives m Install Symantec Client Security server or client Installing to NetWare servers The Symantec Client Security server installation program copies NLMs and other files to one or more NetWare servers that you select To install to NetWare servers do the following Before you begin installation log on to all of the servers to which you want to install To install to the NDS or bindery you need administrator or supervisor rights m After you run the Symantec Client Security server installation program go to the server console or have rights to run RCONSOLE to load the Symantec Client Security NLMs You only need to do this manually the first time if you select the automatic startup option during Setup To load the Symantec Client Security NLMs the first time Onthe server console type the following Load sys sav vpstart nlm install Preparing to install Symantec Client Security 67 Preparing for Symantec Client Security server installation About installing to NetWare servers If you are installing to any supported NetWare servers the installation program prompts you to enter a user name and password for the NDS container that you select to hold logon scripts Using the Symantec System Center and your network administration tools you can enable th
158. p and then click Next You will be prompted to confirm the creation of the new server group and to specify a password for the server group In the list select an existing server group to join click Next and then type the server group password when you are prompted 4 Select one of the following Automatic startup On a NetWare server you must manually load Vpstart nlm after you install Symantec Client Security server but Vpstart nlm will load automatically thereafter You must either create or join a server group during the installation process before this takes effect On a Windows NT based computer Symantec Client Security services and AMS services if you installed AMS start automatically every time that the computer restarts Manual startup On a NetWare server you must manually load Vpstart nlm after you install Symantec Client Security server and every time that the server restarts Selecting this option will have no effect on Windows computers See Manually loading the Symantec Client Security NLMs on page 131 Installing Symantec Client Security servers 129 Deploying the server installation across a network connection 5 Click Next Using the Symantec System Center Program 6 Inthe Using the Symantec System Center Program panel click Next Setup Summary 130 Installing Symantec Client Security servers Deploying the server installation across a network connection 7 Inthe
159. paid for Software 4 DISCLAIMER OF WARRANTY UNLESS SPECIFIED IN THIS AGREEMENT ALL EXPRESS OR IMPLIED CONDITIONS REPRESENTATIONS AND WARRANTIES INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR NON INFRINGEMENT ARE DISCLAIMED EXCEPT TO THE EXTENT THAT THESE DISCLAIMERS ARE HELD TO BE LEGALLY INVALID 5 LIMITATION OF LIABILITY TO THE EXTENT NOT PROHIBITED BY LAW IN NO EVENT WILL SUN ORITS LICENSORS BE LIABLE FOR ANY LOST REVENUE PROFIT OR DATA OR FOR SPECIAL INDIRECT CONSEQUENTIAL INCIDENTAL OR PUNITIVE DAMAGES HOWEVER CAUSED REGARDLESS OF THE THEORY OF LIABILITY ARISING OUT OF OR RELATED TO THE USE OF OR INABILITY TO USE SOFTWARE EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES In no event will Sun s liability to you whether in contract tort including negligence or otherwise exceed the amount paid by you for Software under this Agreement The foregoing limitations will apply even if the above stated warranty fails of its essential purpose 6 Termination This Agreement is effective until terminated You may terminate this Agreement at any time by destroying all copies of Software This Agreement will terminate immediately without notice from Sun if you fail to comply with any provision of this Agreement Upon Termination you must destroy all copies of Software 7 Export Regulations All Software and technical data delivered under this Agreement ar
160. panel click Next g Symantec Client Firewall Administrator InstallShield Wizard License Agreement Please read the following license agreement carefully SYMANTEC SOFTWARE LICENSE AGREEMENT SYMANTEC CLIENT SECURITY SYMANTEC CORPORATION AND OR ITS SUBSIDIARIES SYMANTEC IS WILLING TO LICENSE THE SOFTWARE TO YOU AS AN INDIVIDUAL THE COMPANY OR THE LEGAL ENTITY THAT WILL BE UTILIZING THE SOFTWARE REFERENCED BELOW AS YOU OR YOUR ONLY ON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS OF THIS LICENSE AGREEMENT READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE THIS IS A LEGAL AND ENFORCEABLE CONTRACT BETWEEN YOU AND THE LICENSOR BY OPENING THIS xl Ido not accept the terms in the license agreement InstallShield Installing Symantec Client Security management components 103 Installing Symantec Client Firewall Administrator In the License Agreement panel click I accept the terms in the license agreement and then click Next Destination Folder Click Next to install to this folder or click Change to install to a different folder In the Destination Folder panel do one of the following To accept the default installation folder click Next m Click Change locate and select a destination folder click OK and then click Next Symantec Client Firewall Administrator InstallShield Wizard Ready to Install the Progr
161. picious files to Symantec Security Response m Returns updated virus definitions to the submitting computer Note Symantec Security Response was formerly known as Symantec AntiVirus Research Center 22 Introducing Symantec Client Security What s new in this release What s new in this release Symantec Client Security includes new features as well as improvements to existing features Table 1 2 lists and describes what s new in this release Table 1 2 New features in Symantec Client Security Windows Installer msi technology based client and server installations Lets you install Symantec Client Security clients and servers using Windows Installer technology to support msi based installation and deployment The benefits of using Windows Installer technology include the following m Provides fully configurable installations using the standard Microsoft Windows Installer options that can be used in conjunction with Symantec Client Security specific features m Reduces installation and deployment file size Supports the installation of in field patches for security updates and upgrades Supports additional msi supported third party deployment tools such Active Directory and Tivoli Deployment of installations without granting administrator rights on the target computer Lets you install Symantec Client Security from the Microsoft Management Console MMC using Elevated Privileges rather than grantin
162. quires the installation of both the Symantec Client Security antivirus client and the Symantec Client Security firewall client To install the stand alone Symantec Client Security antivirus client without the Symantec Client Security firewall client use the installation files that are in the SAV directory on the Symantec Client Security CD Installing Symantec Client Security firewall client without Symantec Client Security antivirus client is not supported Windows Installer msi command line reference 175 Windows Installer commands Default Symantec Client Security server installation The default Symantec Client Security server installation package includes the following installation components m Symantec Client Security server base files including the user interface are installed m Symantec Client Security Help files are installed m LiveUpdate is installed and updated virus definitions files are downloaded from the Symantec Web site if the server is connected to the Internet The default Symantec Client Security server installation package includes the following installation settings Computer restart is required m Auto Protect is enabled after the computer is restarted Windows Installer commands The Symantec Client Security installation packages use the standard Windows Installer commands as well as a set of extensions for command line installation and deployment Windows Installer commands and prope
163. r on the Symantec Client Security CD Web based deployment requirements Before you begin to implement a Web based deployment you should review the requirements in Table 7 2 for the Web server and the target computer Table 7 2 Web server and target computer requirements Web server L E HTTP Web Server Microsoft Internet Information Server IIS version 4 0 5 0 and Apache HTTP Server version 1 3 or later UNIX and Linux platforms are also supported Target computer Internet Explorer 5 01 Service Pack 2 or later Browser security must allow ActiveX controls to be downloaded to the target computer When the installation is complete the security level can be restored to its original setting Computer must meet system requirements for the package to be installed User must be logged on to the computer with the rights that are required for the package to be installed 154 Installing Symantec Client Security clients Deploying installation packages using Web based deployment About the Web server installation For additional information on the Web server installation see the documentation that was supplied with the following products m Internet Information Server IIS 5 0 Installs by default during a Windows 2000 Professional Server Advanced Server installation If the IIS installation option was unchecked when Windows 2000 was installed use the Windows 2000 installation CD to add the IIS service m Inte
164. r the tool in the Tools UNINSTLL directory on the Symantec Client Security CD After the antivirus program is uninstalled the servers are treated like any other servers to which Symantec Client Security is rolled out Migrating to the current version of Symantec Client Security 91 Client migration Client migration There are several ways to install the Symantec Client Security client to supported Windows operating systems including third party deployment options such as Active Directory Uninstalling previously existing clients is generally not required prior to installation of Symantec Client Security client provided that the client is not damaged See Installing Symantec Client Security clients on page 137 About Symantec Client Security firewall client migration Symantec Client Security supports the installation of the stand alone antivirus client but it does not support the installation of the firewall components without installing the antivirus components The Symantec Client Security installation program triggers the uninstallation of the antivirus and firewall products that are included in the list supported migration paths If the migration of a product is not supported you must manually uninstall the unsupported products before installing Symantec Client Security Quit all other Windows programs before installing Symantec Client Security firewall client Other active programs may interfere with the installation an
165. reinstallation considerations Preparing for Symantec Client Security server installation Preparing for Symantec Client Security client installation Installation requirements General preinstallation considerations Before you install Symantec Client Security review the following topics How to prepare for the Symantec System Center installation About customizing the client and server installation files using Windows Installer options About configuring user rights with Active Directory About setting administrative rights to target computers How to prepare for the Symantec System Center installation Before you install the Symantec System Center on the computer to which you are installing the Symantec System Center you should uninstall the following Any earlier versions of the Symantec System Center Any earlier versions of Symantec Client Security including any versions of LANDesk Virus Protect 62 Preparing to install Symantec Client Security General preinstallation considerations The Symantec System Center can manage any earlier supported versions of Symantec Client Security but the computer that is running the Symantec System Center must be using the current version of Symantec Client Security You can install the Symantec System Center console to as many computers as you need to manage Symantec Client Security Note The current version of the Symantec System Center does not support managing mixed environments th
166. riety of languages for those customers enrolled in the Platinum Support Program m Advanced features such as the Symantec Alerting Service and Technical Account Manager role offer enhanced response and proactive security support Please visit our Web site for current information on Support Programs The specific features available may vary based on the level of support purchased and the specific product that you are using Licensing and registration If the product that you are implementing requires registration and or a license key the fastest and easiest way to register your service is to access the Symantec licensing and registration site at www symantec com certificate Alternatively you may go to www symantec com techsupp ent enterprise html select the product that you wish to register and from the Product Home Page select the Licensing and Registration link Contacting Technical Support Customers with a current support agreement may contact the Technical Support group via phone or online at www symantec com techsupp Customers with Platinum support agreements may contact Platinum Technical Support via the Platinum Web site at www secure symantec com platinum When contacting the Technical Support group please have the following Customer Service Product release level Hardware information Available memory disk space NIC information Operating system Version and patch level Network topology Router gateway and I
167. ring to install Symantec Client Security 65 Preparing for Symantec Client Security server installation To create a text file with IP addresses to import 1 2 In a text editor such as Notepad create a new text file Type the IP address of each computer that you want to import on a separate line For example 192 168 1 1 192 168 1 2 192 168 1 3 You can comment out IP addresses that you do not want to import witha semicolon or colon For example if you included addresses in your list for computers that are on a subnet that you know is down you can comment them out to eliminate errors Save the file to a location that you can access when you run the server installation program Verifying network access and privileges Review the following before installing the Symantec Client Security server program The computer that you use to run the Symantec Client Security server installation program should have the appropriate network clients and protocols running IP and IPX IPX This allows you to see all of the NetWare and Windows NT computers on which you want to install Symantec Client Security Sharing must be enabled on the Windows NT computer on which you install Symantec Client Security server The installation program uses the default NT shares such as c and admin When you install Windows NT these shares are enabled by default If you changed the share names or disabled sharing to the default shares the instal
168. rname gt where lt Servername gt is the name of your server Don t include the brackets 4 Save and close the text file Copying the configurations file to the antivirus client You copy the configurations file Grc dat that contains the name of the parent server that will manage the client You can either copy the file manually or you can use the Microsoft Installer options that are available to create and roll out a package that contains the configurations file See Windows Installer msi command line reference on page 173 172 Installing Symantec Client Security clients Uninstalling Symantec Client Security clients To copy the configurations file to the antivirus client 1 Copy the Grc dat file from the desired location 2 Paste the Gre dat file to one of the following folders on the client m Windows 98 Me C Program Files Symantec AntiVirus m Windows NT 4 0 C Winnt Profiles All Users Application Data Symantec Symantec AntiVirus Corporate Edition 7 5 m Windows 2000 XP 2003 C Documents and Settings All Users Application Data Symantec Symantec AntiVirus Corporate Edition 7 5 3 Restart the client The configurations file disappears after it is used to update the client Uninstalling Symantec Client Security clients You should uninstall Symantec Client Security clients using the uninstallation program that is provided by Symantec You must uninstall Symantec Client Security client from the local computer If a
169. rnet Information Server IIS 4 0 Installs to Windows NT 4 0 from the Microsoft Option Pack for Windows NT 4 0 m Apache Web Server Installs to version 1 3 or later for Windows NT 4 0 2000 UNIX and Linux platforms are also supported The Apache Web Server can be downloaded from the Apache Software Foundation Web site at http www apache org httpd html Setting up the Web server To set up the Web server complete the following tasks in the order in which they are listed m Copy the installation files to the Web server m Configure the Web server Alternately if Symantec Client Security server is installed on the Web server you can copy the files in the Web Install folder to the client installation folder on that server and then configure the Web server to use the client installation folder as the virtual directory Copying the installation files to the Web server The same procedure is used for Internet Information Server and Apache Web Server To copy the installation files to the Web server 1 On the Web server create a directory called Deploy 2 Copy the Webinst folder from the Tools folder on the Symantec Client Security CD to the Deploy directory Installing Symantec Client Security clients 155 Deploying installation packages using Web based deployment 3 Copy the Grc dat and installation files to the Deploy Webinst Webinst folder on the Web server from one the following locations m The Server Vphome Clt i
170. rom the secondary servers to the clients that they manage m LiveUpdate This method is a pull operation that starts when a Symantec Client Security antivirus client or server uses LiveUpdate to request new virus definitions LiveUpdate may be initiated manually or automatically according to a predefined schedule The request may be directed to an internal LiveUpdate server if you have one or to the Symantec LiveUpdate server LiveUpdate is the only method for updating virus definitions files that is supported on 64 bit computers m Central Quarantine polling This method is available if you have a Central Quarantine Server You can configure the Central Quarantine Server to poll the Symantec LiveUpdate server for virus definitions files updates and then automatically push the new virus definitions to computers on the network Introducing Symantec Client Security 29 How Symantec Client Security works m Intelligent Updater This method provides a self extracting executable file that contains virus definitions files These files are available for download from the Symantec Web site How Symantec Client Security communication works Symantec Client Security employs the following forms of communication m Communication during Discovery m Symantec Client Security antivirus server to client communication Communication during Discovery The Discovery Service allows the Symantec System Center to obtain information about the computers on the n
171. root of the CD in the Rollout AVServer AMS2 WINNT folder run Setup exe 2 Follow the on screen installation instructions Post installation client tasks After the installation is complete you may want to perform the following tasks m Protect the Symantec Client Security registry key on Windows NT 4 0 computers See How to protect the Symantec Client Security registry key on Windows NT 4 0 computers on page 169 m Configure clients using the configurations file See Configuring clients using the configurations file on page 170 How to protect the Symantec Client Security registry key on Windows NT 4 0 computers With default permissions set on a Windows NT 4 0 computer all users can modify the data that is stored in the registry for any application including Symantec Client Security To resolve this security problem remove the permissions that give users open access to the registry The Reset ACL tool ResetACL exe removes the permissions that allow full access by all users to the following Symantec Client Security registry key and subkeys HKLM SOFTWARE Intel LANDesk VirusProtect6 CurrentVersion 169 170 Installing Symantec Client Security clients Configuring clients using the configurations file To use the Reset ACL tool complete the following tasks m Roll out ResetACL exe which is located on the Symantec Client Security CD in the Tools folder to Windows NT 4 0 computers that are not secure m
172. rties Table A 1 describes the basic set of commands and properties that are used for Symantec Client Security client and server installations See the Windows Installer documentation for further information on the usage of standard Windows Installer commands and properties Table A 1 Commands and properties a Symantec Client Security msi Symantec Client Security installation file Msiexec Windows Installer executable Symantec AntiVirus msi Symantec Client Security installation file i Install the specified components x Uninstall the specified components qn Install silently qb Include the installation user interface 176 Windows Installer msi command line reference Windows Installer commands Table A 1 Commands and properties l v lt log filename gt Create a verbose log file where lt log filename gt is the name of the log file you want to create INSTALLDIR lt path gt Designate a custom path on the target computer where lt path gt is the specified target directory If the path includes spaces use quotation marks REBOOT lt value gt Suppress a computer restart after installation where lt value gt is a valid argument The valid arguments include the following m Force Requires that the computer is restarted m Suppress Prevents most restarts m ReallySuppress Prevents all restarts as part of the installation process ADDLOCAL lt feature gt Select custom features to
173. s the from an internal Web server and then run it minimum requirements This option is available for computers that are m Prepare the internal Web server for running supported Windows operating deployment systems m Copy a preconfigured client installation package to the Web server or create a custom installation package if desired Local You can run the installation directly from the Copy the configurations file Grc dat from Symantec Client Security CD This is the primary installation method supported for 64 bit computers the parent server to the client computer 50 Planning the installation Client installation methods Table 2 3 Client installation methods Third party tools You can use a variety of third party m See the documentation that came installation tools to distribute the Windows with your third party installation Installer based installation files tool for instructions on using the tool m Create a custom msi installation using the components and options specific to Symantec Client Security installation packages NetWare server You can configure Symantec Client Security to Install the Symantec Client Security automatic install automatically to your Windows clients server on the NetWare server installations from NetWare servers See About Symantec Client Security client installation on page 140 Types of Symantec Client Security clients Symantec Client Security manages pro
174. se and response mechanisms Symantec Client Security is an integrated security solution that combines a firewall intrusion detection and antivirus protection From a single management console Symantec Client Security provides a comprehensive view of network security and rapid response to security threats 20 Introducing Symantec Client Security Components of Symantec Client Security Symantec Client Security lets you do the following Manage the deployment configuration updating and reporting of antivirus and firewall protection and intrusion detection from an integrated management console Quickly respond to threats such as the Nimda worm which spread through multiple exploits Provide a high level of protection and an integrated response to security threats for all users that connect to your network including telecommuters with always on connections and mobile users with intermittent connections to your network Obtain a consolidated view of multiple security components across all of the workstations on your network Perform a customizable integrated installation of all of the security components and set policies simultaneously Components of Symantec Client Security Table 1 1 lists and describes the main components of Symantec Client Security You can also view supported operating systems for each feature See Installation requirements on page 72 Table 1 1 Components of Symantec Client Security The Symant
175. se of a separate subscription at any time and without notice to You provided however that if You purchase maintenance hereunder that includes particular Content Updates on the date of purchase You will not have to pay an additional fee to continue receiving such Content Updates through the term of such maintenance even if Symantec designates such Content Updates as requiring separate purchase This License does not otherwise permit the licensee to obtain and use Content Updates 3 Limited Warranty Symantec warrants that the media on which the Software is distributed will be free from defects for a period of sixty 60 days from the date of delivery of the Software to You Your sole remedy in the event of a breach of this warranty will be that Symantec will at its option replace any defective media returned to Symantec within the warranty period or refund the money You paid for the Software Symantec does not warrant that the Software will meet Your requirements or that operation of the Software will be uninterrupted or that the Software will be error free TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW THE ABOVE WARRANTY IS EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES WHETHER EXPRESS OR IMPLIED INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS YOU MAY HAVE OTHER RIGHTS WHICH VARY FROM S
176. se the Application Security AppSec registration utility to restrict nonadministrator users to running only the programs that are included in an administrator defined list of applications Prevent users from launching virus scans using AppSec You can prevent users from running virus scans during Terminal sessions on a Windows NT 4 0 Terminal Server Edition server or a Windows 2000 2003 Terminal Services server using Application Security AppSec AppSec installs automatically when you install Windows NT version 4 0 Terminal Server Edition For Windows 2000 2003 Terminal Services AppSec is included in the Windows 2000 2003 Server Resource Kit You must install both AppSec and the AppSec hotfix You can find information about installing AppSec and the hotfix at http www microsoft com windows2000 techinfo reskit tools hotfixes appsec o asp To prevent users from launching virus scans from a Windows NT Terminal Server 1 On the Terminal Server on the Windows taskbar click Start gt Programs gt Administrative Tools gt Application Security 2 Inthe Authorized Applications dialog box in the Security group box click Enabled Users are denied access to any program that is not included in the Authorized Applications list including the Symantec Client Security virus scanner To prevent users from launching virus scans from a Windows 2000 2003 Terminal Services server 1 On the Terminal Server on the Windows taskbar click Start
177. server See Why AMS is installed with Symantec Client Security server on page 117 See Deploying the server installation across a network connection on page 120 m Create a customized Windows Installer msi package using the standard Windows Installer options and the Symantec specific options that are provided See Windows Installer msi command line reference on page 173 Why AMS is installed with Symantec Client Security server If you plan to use AMS to generate alerts based on antivirus events you must install AMS to every primary server When you install Symantec Client Security server to supported Windows and NetWare computers AMS is selected for installation by default While AMS is required to run only on the primary server you should install AMS to all of the computers on which you install the Symantec Client Security server program This lets you change primary servers without reinstalling AMS2 on the new primary server If a secondary server needs to be made a primary server no AMS events will be lost In the Symantec System Center you can select the computer that will perform many AMS actions AMS is required for some of the actions to run Installing AMS on more computers gives you flexibility in choosing the computers that can perform advanced alert actions such as sending pages If you do not install AMS when you install Symantec Client Security server you can install it later You mus
178. servers and policy ccccceeceeseeseseteeeeseeeesees 92 Existing LiveUpdate server migration cccccsesceseseseeseseeseeeseeeeseeeseseeeeees 94 Installing Symantec Client Security management components Installing the Symantec System Center ccceecesseseseeeeseseeeeseeeeeseeeseeseseeees 95 Installing Symantec Client Firewall Administrator 0 0 cccceseeeeeeeees 101 Installing the Central Quarantine 0 e ee eccceesseseseseeceseeeeseeeceseeeseeseeetseeees 104 Installing and configuring the LiveUpdate Administration Utility 111 Where to find Symantec VPN Sentry installation instructions 114 Uninstalling Symantec Client Security management components 114 Uninstalling the Symantec System Center 0 cccceseseseeeeeeeeeeeeeees 114 Installing Symantec Client Security servers Server installation methods oe essessssseeeeeeeseeeseseececeeeeeeeeeeeaeneeeeeeeeeeeeeees 115 About Symantec Client Security server installation cece 116 Why AMS is installed with Symantec Client Security server 117 Installing Symantec Client Security servers locally ceseseeseeseeeees 118 15 16 Contents Chapter 7 Deploying the server installation across a network connection 120 Starting the server installation cecsceseeseseseeeeseeeeeeseeeeseteeeeseeees 120 Running the server Setup program ccccesceesesseceseeeeceteeeeseeeeeesee
179. sions of Symantec Client Security occurs Also the clients inherit the policy that was set on the parent server See Client installation methods on page 138 Note If the Symantec Client Security user interface Vpc32 exe is open when you try to install Symantec Client Security the migration and installation stop on the client 94 Migrating to the current version of Symantec Client Security Existing LiveUpdate server migration Windows 98 Me client migrations There are two recommended methods for migrating Windows 98 Me clients m Use a logon script m Have users execute Setup exe or Setup exe s v qn for a silent installation directly from the Vphome Clt inst Win32 folder on their destined parent server In each case automatic migration from earlier versions of Symantec Client Security occurs Also the clients inherit the policy that was set on the parent server immediately During the migration of Windows 98 98 SE clients the installation program requires the user to click OK when prompted to restart the computer See Client installation methods on page 138 Note If the Symantec Client Security user interface Vpc32 exe is open when you try to install Symantec Client Security the migration and installation stop on the client Other antivirus product client migrations Since the Symantec Client Security installation will not recognize the presence of other antivirus products the products mu
180. sk space 10 MB during installation Note If Microsoft Management Console version 1 2 is not on the computer to which you are installing the installation program will install it Quarantine Console requirements The Quarantine Console must be installed on the Symantec System Center management console computer The Quarantine Console has the following requirements Windows NT 4 0 Workstation Server with Service Pack 6a Windows 2000 Professional Server Advanced Server Windows XP Professional 32 MB RAM 35 MB disk space in addition to the Symantec System Center requirement Internet Explorer 5 5 Service Pack 2 Microsoft Management Console version 1 2 If MMC is not already installed you will need 3 MB free disk space 10 MB during installation 74 Preparing to install Symantec Client Security Installation requirements Alert Management System snap in requirements The Alert Management System snap in requires 24 MB disk space in addition to the Symantec System Center requirements Symantec AntiVirus snap in requirements The Symantec AntiVirus snap in requires 6 MB disk space in addition to the Symantec System Center requirements Symantec Client Firewall snap in requirements The Symantec Client Firewall snap in requires 1 MB disk space in addition to the Symantec System Center requirements AV Server Rollout tool requirements The AV Server Rollout tool requires 130 MB disk space in addition to the Symantec Sys
181. snap in lets you create firewall policy packages for workstations running the Symantec Client Security firewall client Install this component to manage firewall policy packages NT Client Install tool This tool lets you remotely install Symantec Client Security antivirus client to one or more Windows NT based computers You can also run this tool from the Symantec Client Security CD Install this component to manage remote client installations AV Server Rollout tool This tool lets you remotely install Symantec Client Security server to the Windows NT based computers and NetWare servers that you select You can also run this tool from the Symantec Client Security CD Install this component to manage remote server installations from the Symantec System Center See Installing the Symantec System Center on page 95 48 Planning the installation Server installation methods Server installation methods You can install Symantec Client Security servers using any of the methods that are listed in Table 2 2 You can use any combination of methods that suits your network environment Table 2 2 Server installation methods Push Install the Symantec System Center with the Symantec AntiVirus snap in You can push a Symantec Client Security server installation directly from the Symantec Client Security CD or from the Symantec System Center and the AV Server Rollout tool to push the server instal
182. st be removed prior to the rollout Symantec Client Security includes the Security Software Uninstaller that can detect and remove versions of antivirus software that are not included in the list of supported migration paths For more information on using the Security Software Uninstaller see the documentation provided for the tool in the Tools UNINSTLL directory on the Symantec Client Security CD Existing LiveUpdate server migration If you have already set up LiveUpdate FTP servers or UNC paths there is no need to modify them They will continue to be used the same way with Symantec Client Security When the Symantec System Center is installed you have the option to install LiveUpdate Administrator as well To continue to use an internal LiveUpdate server install LiveUpdate Administrator to at least one of your supported Windows servers This lets you schedule LiveUpdate Administration Utility retrieval of packages directly from the Symantec System Center Installing Symantec Client Security management components This chapter includes the following topics Installing the Symantec System Center Installing Symantec Client Firewall Administrator Installing the Central Quarantine Installing and configuring the LiveUpdate Administration Utility Where to find Symantec VPN Sentry installation instructions Uninstalling Symantec Client Security management components Installing the Symantec System Center The Symantec System Cen
183. t however install AMS to the secondary server before making the secondary server the primary server See Manually installing AMS server on page 134 If you do not plan to change your primary servers you can uninstall AMS from secondary servers 118 Installing Symantec Client Security servers locally If the server computer is connected to the network installing directly from the Symantec Client Security CD is the least preferred option because the CD might Installing Symantec Client Security servers Installing Symantec Client Security servers locally get damaged or lost and only one user can install at a time If you make the Symantec Client Security CD available on a shared network drive users must map to that drive on their workstations to ensure the successful installation of all components To install a Symantec Client Security server locally 1 3 In the SAV folder run Setup exe You can also install locally using the deployment method See Deploying the server installation across a network connection on page 120 In the welcome panel click Next i Symantec Anti irus InstallShield Wizard x License Agreement Please read the following license agreement carefully symantec SYMANTEC SOFTWARE LICENSE AGREEMENT ENTERPRISE ANTIVIRUS SOFTWARE THIS LICENSE AGREEMENT SUPERSEDES THE LICENSE AGREEMENT CONTAINED IN THE SOFTWARE INSTALLATION AND DOCUMENTATION SYMANTEC CORPO
184. t step 2 until all of the servers to which you are installing are added under Destination computers 4 Select any NetWare computers to which you want to install See To manually select Novell NetWare computers on page 126 5 Continue the installation See Completing the server installation on page 127 To import a list of Windows NT 2000 XP 2003 computers 1 Prepare the list of servers to import See Creating a text file with IP addresses to import on page 64 2 3 Installing Symantec Client Security servers 125 Deploying the server installation across a network connection In the Select Computers panel click Import Look in Desktop x ce My Network Places Import Computer List File name import Computer List Files of type Text Files txt x Cancel Locate and double click the text file that contains the IP addresses to import The following is a summary of the actions that will be taken on the machines from the selected file mj 192 168 75 62 will become a client once authenticated Bg 192 168 46 550 will become a client once authenticated 8 192 168 65 9 is already running Symantec AntiVirus Server Note You may need to provide a username and password with administrator rights for machines that require authentication Coree During the authentication process you may need to provide a user name and password for computers that require authentication I
185. tallation 13 Write down the IP address or host name of the computer on which you installed the Quarantine Server This information will be required when you configure client programs to forward items to the Central Quarantine Installing and configuring the LiveUpdate Administration Utility You can use the LiveUpdate Administration Utility to create a single download point for virus definitions and updates to Symantec products that use LiveUpdate You can set up a LiveUpdate server on one or more Internet ready computers to distribute updates across an internal local area network LAN For more information see the LiveUpdate Administrator s Guide on the Symantec Client Security CD To set up a LiveUpdate server with the LiveUpdate Administration Utility and to set up antivirus servers to retrieve updates from the LiveUpdate server complete the following tasks m Install the LiveUpdate Administration Utility Configure the LiveUpdate Administration Utility scheduling from the Symantec System Center console to download updates from Symantec m Configure the LiveUpdate Administration Utility Specify the packages to download and the directory to which the packages will be downloaded If you have workstations that are connected to a UNC network location the user who is logged on to the network must have access rights to the network resource The user name and password that are supplied in the host file are ignored With a Windows N
186. tallations using logon scripts You can automate antivirus client installations using the logon scripts that the Symantec Client Security server installation program copies to each Symantec Client Security server When users who are enabled to run the script log on to a protected server the script calls a program to check the version number of the antivirus client that is currently available on the server If the antivirus client version on the server is earlier than the antivirus client version on the user s hard disk or if the antivirus client is not installed on the user s hard disk the client setup program runs for the platforms that you specify The server setup program creates a logon group SymantecAntiVirusUser on NetWare servers which simplifies setting up users to run the scripts To configure antivirus client installation at logon do the following m Use the Symantec System Center to set update options and enable updates See Setting logon script options in the Symantec System Center on page 148 m Use your network administration tools to associate users with the logon script For Windows logon scripts you must also copy files from the Symantec Client Security server to the netlogon share See Associating users with the logon script on page 150 Setting logon script options in the Symantec System Center In the Symantec System Center you configure the installation actions that you want to occur when th
187. tec VPN Sentry plug ins and documentation Other vendors support Symantec VPN Sentry client compliancy Check with your vendor to determine if they provide Symantec VPN Sentry support For more information on Symantec VPN Sentry see the SymSentry folder on the Symantec Client Security CD A security policy may include the following requirements m Auto Protect is enabled Auto Protect heuristic virus scanning is enabled and at least at the specified level Auto Protect is configured to scan on specified types of file access m A LiveUpdate session completed successfully within a specified number of days m The installed Symantec Client Security version is at least a specified version m Virus definitions files are no older than a specified maximum age m A specified scan ran within the last n days m The Microsoft Exchange Outlook plug in scanner is installed and enabled m The Lotus Notes plug in scanner is installed and enabled m The installed version of Symantec Client Security firewall client is at least the specified version m Symantec Client Security firewall client is enabled You can configure Symantec VPN Sentry to deny a computer access to your network until it is remediated with the required software or settings Once the computer complies with your security policy Symantec VPN Sentry can allow the computer to access the network You can remediate some compliancy issues automatically for example you can
188. tection for client computers based on Fully managed their network connectivity Planning the installation 51 Client installation methods Table 2 4 categorizes the types of client computers that you can manage and lists how they are managed Table 2 4 Symantec Client Security client types These clients attach and log on to the network on a regular basis Managed clients can do the following m Regularly communicate with a parent server and download configuration and virus definitions files updates as often as necessary m Appear in the Symantec System Center under their parent servers m Immediately send alerts if Symantec Client Security detects a virus or other threat Client log information is also available in the Symantec System Center m Have their configuration settings locked in the Symantec System Center so that users cannot change them Automatically install to a user s hard drive through logon scripts m Receive software installations that are pushed from the Symantec System Center m Receive Symantec Client Security firewall policy files The Symantec System Center console Sometimes managed These clients typically are mobile or telecommuting users who use a VPN to connect to the network They share most managed client characteristics Settings that you lock remain locked even if the client computer is not connected to the network The next time that these clients log on to the network the
189. ted 32 bit and 64 bit computers that are running the Symantec Client Security client to scan email body text and attachments that are sent or received using the POP3 or SMTP protocols Enable outbound email heuristics scanning which uses Bloodhound Virus Detection to identify threats that may be contained in outgoing messages Scanning outgoing email messages helps to prevent the spread of threats such as worms that can use email clients to replicate and distribute themselves across a network Configure computers that are running Symantec Client Security to automatically forward unrepaired infected files to a Central Quarantine Server Perform a threat trend analysis You can use the results to improve security for example by changing configuration options for higher risk clients or disallowing trackware to run on computers Threat History and Event Log data also can be exported to many third party reporting systems Symantec Client Security client users may be allowed to do the following Create and save startup scans that run automatically when the computer starts Create custom scans that run manually on the client Schedule scans of specific drives folders and files to run automatically at a specific time and date Protect against other threats Symantec Client Security can expand the types of threats for which it scans to include the following categories Spyware Adware Dialers Joke programs Remote access programs
190. tem Center requirements NT Client Install tool requirements The NT Client Install tool requires 2 MB disk space in addition to the Symantec System Center requirements Symantec Client Security server installation requirements Symantec Client Security server runs under several operating systems each with unique installation requirements You should assign static IP addresses to Symantec Client Security servers If a Symantec Client Security client is unavailable when its parent server s address changes it will not be able to locate the parent server when it attempts to check in Microsoft Windows operating systems Symantec Client Security server has the following Windows requirements m Windows NT 4 0 Workstation Server Terminal Server with Service Pack 6a Windows 2000 Professional Server Advanced Server Windows XP Professional Windows Server 2003 Web Standard Enterprise Datacenter m 64MBRAM m 111 MB disk space Preparing to install Symantec Client Security 75 Installation requirements 15 MB disk space for AMS server files if you choose to install the AMS2 server Internet Explorer 4 01 or later Static IP address recommended Note Symantec Client Security does not support the scanning of Macintosh volumes on Windows servers for Macintosh viruses Novell NetWare operating systems You should run the Novell client for NetWare on the computer from which Symantec Client Security will be rolled out to N
191. ter is installed directly from the Symantec Client Security CD Install the Symantec System Center to the computers from which you want to manage your antivirus and firewall protection In addition to the Symantec System Center the following management components are installed by default Alert Management System AMS72 console Required if you want to use the enhanced alerting that is provided by AMS2 Symantec AntiVirus snap in Required if you want to centrally manage antivirus protection 96 Installing Symantec Client Security management components Installing the Symantec System Center m Symantec Client Firewall snap in Required if you want to centrally distribute firewall policy files m AV Server Rollout tool Adds the ability to push the antivirus server installation to remote computers This tool is also available on the Symantec Client Security CD m NT Client Install tool Adds the ability to push the Symantec Client Security antivirus client installation to remote computers running supported Microsoft Windows operating systems This tool is also available on the Symantec Client Security CD If you elect not to install any of these management components with the Symantec System Center you can run the Symantec System Center installation later and select them To install the Symantec System Center 1 Insert the Symantec Client Security CD into the CD ROM drive b Symantec Client Security M x 9s symantec Symant
192. the Symantec Client Security panel click Install Administrator Tools gt Install Central Quarantine Server fe Symantec AntiVirus Central Quarantine InstallShield Wizard Welcome to the InstallShield Wizard for Symantec AntiVirus Central Quarantine The InstallShield R Wizard will install Symantec Antivirus Central Quarantine on your computer To continue click Next WARNING This program is protected by copyright law and international treaties Installing Symantec Client Security management components 107 Installing the Central Quarantine In the welcome panel click Next ie Symantec AntiVirus Central Quarantine InstallShield Wizard License Agreement Please read the following license agreement carefully symantec SYMANTEC SOFTWARE LICENSE AGREEMENT ENTERPRISE ANTIVIRUS SOFTWARE SYMANTEC CORPORATION AND OR ITS SUBSIDIARIES SYMANTEC IS WILLING TO LICENSE THE SOFTWARE TO YOU AS AN INDIVIDUAL THE COMPANY OR THE LEGAL ENTITY THAT WILL BE UTILIZING THE SOFTWARE REFERENCED BELOW AS YOU OR YOUR ONLY ON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS OF THIS LICENSE AGREEMENT READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE THIS IS A LEGAL AND ENFORCEABLE CONTRACT BETWEEN YOU AND THE LICENSOR BY OPENING THIS zi 1 do not accept the terms in the license agreement Installatield In the License Agreement panel click I accept the t
193. the local administrator Migrating to the current version of Symantec Client Security 87 Server migration Installing new server components To migrate from an earlier version of Symantec Client Security you must install the server and antivirus management components Installing the Symantec System Center console and components You can install the Symantec System Center console and components from the Symantec Client Security CD To install the Symantec System Center console and components 1 2 From the Symantec Client Security CD run Setup exe On the Install Administrator Tools menu click Install Symantec System Center In the welcome panel click Next In the License Agreement panel click I accept the terms in the license agreement and then click Next In the Select Components panel ensure that all items are selected and then click Next In the Destination Folder panel click Next for the default installation path In the Ready to Install the Program panel click Install When the installation is complete click Finish and then restart the computer Installing the antivirus server program You can install the antivirus server program from the Symantec Client Security CD To install Symantec Client Security server 1 2 From the Symantec Client Security CD run Setup exe In the Symantec Client Security panel click Install Symantec Client Security gt Deploy Symantec Client Security Server
194. ting You can use this evaluation period to address any installation issues before a full deployment to your production environment Before you begin the pilot you may want to review preinstallation considerations and installation requirements See General preinstallation considerations on page 61 See Installation requirements on page 72 Simulating a realistic network environment in a lab setting When you test Symantec Client Security server and client components in a lab setting you should do the following m Create a realistic and representative network environment See How to create a representative network environment on page 57 m Test Symantec Client Security server installations See Testing Symantec Client Security client installations on page 58 m Obtain a virus test file See Obtaining a virus test file on page 58 m Test Symantec Client Security client installations See Testing Symantec Client Security client installations on page 58 Planning the installation 57 Best practice Piloting Symantec Client Security in a lab setting How to create a representative network environment Table 2 7 describes how to get the most out of a trial in which you test Symantec Client Security servers Table 2 7 Creating a representative network environment Hardware Set up your hardware to at least the minimum requirements needed configuration Installation m Install to at least two S
195. tion Settings Manager Lets you export and import policy files to provide backup and restore functionality Ad Blocking Enhanced version lets you tailor settings for specific Web sites and HTML strings New platform support The following platforms are now supported m Windows XP Tablet PC Symantec Client Security client m Novell NetWare 6 5 Symantec Client Security server New folder names Folders that were named Symantec AntiVirus Corporate Edition Norton AntiVirus Corporate Edition or NAV in earlier product versions are now named Symantec AntiVirus How Symantec Client Security works Symantec Client Security lets you deploy and manage security protection according to the requirements of your enterprise To understand how Symantec Client Security works and to determine how you can most effectively implement a security solution it is important to understand the following key concepts m The Symantec System Center m Installation m Protection updating m Communication m Alerting m The Digital Immune System 26 Introducing Symantec Client Security How Symantec Client Security works How the Symantec System Center works The Symantec System Center comprises components that let you perform management operations such as installing protection on workstations and network servers updating virus definitions and managing network servers and workstations running Symantec Client Security The
196. tions select a computer then click Change Destination Destination computers Server Destination Folder os C program files sav Windows NT Change Destination lt Back Cancel 2 Inthe Server Summary panel do one of the following m To accept the default Symantec Client Security installation path click Next m To change the path select a computer and then click Change Destination In the Change Destination dialog box select a destination click OK and then click Next 128 Installing Symantec Client Security servers Deploying the server installation across a network connection If you are installing to a NetWare server the new folder name is limited to eight characters Select Symantec AntiVirus Server Group x 4 Symantec AntiVirus Server Group is a group of protected servers You can set Server Group wide options for the servers in a server group You can type in a new SAV server group name select an existing name or accept the default name Symantec AntiVirus Server Group rus 1 Symantec AntiVirus Server Gr Primary Server O AH ath Albany Acct m ij Sh Albuquerque Prod01 A EEEESEEEA a Alpena Fin01 dh Anchorage Eng01 Sh Aram HRO1 EN Austin Fac01 Ah Baltimore Test01 xl lt Back Cancel 3 Inthe Select Symantec AntiVirus Server Group panel do one of the following Under Symantec AntiVirus Server Group type a name for a new server grou
197. tranet must be set to Medium so that Symantec ActiveX controls can be downloaded to the client When the installation is complete the security level can be restored to its original setting Make sure that users understand the system requirements and have the administrator rights that are required for the products that they are installing For example to install Symantec Client Security client users who are installing to Windows NT based workstations must have administrator rights on their own computers and must be logged on with administrator rights If your package restarts the client computer at the end of the installation notify your users that they should save their work and close their applications before they begin the installation For example the silent antivirus client installation on Windows 98 computers restarts the computer at the end of the setup program Installing Symantec Client Security clients 161 Installing Symantec Client Security clients locally You can include a URL in your email message that points to the client installation as follows For Internet Information Server http Server_name Virtual_home_directory Webinst where Server_name is the name of the Web based server Virtual_home_directory is the name of the alias that you created and Webinst is the folder that you created on the Web server for example http Server_name Avclientinstall Webinst For Apache Web Server http Server_name Webinst
198. ue with To finish an unmanaged installation on page 165 Installing Symantec Client Security clients 165 Installing Symantec Client Security clients locally To set up and finish a managed installation 1 Inthe Select Server panel do one of the following m Inthe Server Name text box type the name and then click Next m Click Browse select a server click OK to confirm and then click Next If you don t see the server that you want click Find Computer and search for the computer by name or IP address 2 Inthe Ready to Install the Program panel click Install 3 Tocompete the installation you must restart the computer To finish an unmanaged installation 1 Inthe Install Options panel do the following m Ifyou want to enable Auto Protect ensure that Auto Protect is checked m If you want to run LiveUpdate at the end of the installation ensure that LiveUpdate is checked 2 Click Next 3 Inthe Ready to Install the Program panel click Install 4 Ifyou chose to run LiveUpdate after installation do the following m Follow the instructions in the LiveUpdate Wizard m When LiveUpdate is done click Finish 5 Inthe Symantec Client Security panel click Finish 6 To compete the installation you must restart the computer 166 Installing Symantec Client Security clients About installing clients using third party products About installing clients using third party products You can install Symantec Client Se
199. un on Java enabled general purpose desktop computers and servers Programs 2 License to Distribute Software Subject to the terms and conditions of this Agreement including but not limited to Section 4 Java Technology Restrictions of these Supplemental Terms Sun grants you a non exclusive non transferable limited license to reproduce and distribute the Software provided that i you distribute the Software complete and unmodified unless otherwise specified in the applicable README file and only bundled as part of and for the sole purpose of running your Programs ii the Programs add significant and primary functionality to the Software iii you do not distribute additional software intended to replace any component s of the Software unless otherwise specified in the applicable README file iv you do not remove or alter any proprietary legends or notices contained in the Software v you only distribute the Software subject to a license agreement that protects Sun s interests consistent with the terms contained in this Agreement and vi you agree to defend and indemnify Sun and its licensors from and against any damages costs liabilities settlement amounts and or expenses including attorneys fees incurred in connection with any claim lawsuit or action by any third party that arises or results from the use or distribution of any and all Programs and or Software vi include the following statement as part
200. unch Symantec Client Security after all volumes have been mounted and cluster services have been started in the Autoexec ncf file Launching Symantec Client Security once these tasks are completed ensures that all volumes are detected 68 Preparing to install Symantec Client Security Preparing for Symantec Client Security server installation Terminal Server protection You can install either Symantec Client Security antivirus client or antivirus server to Terminal Servers Symantec Client Security antivirus protection works on Terminal Servers in much the same way that it works on Windows NT 2000 2003 file servers Alerting is the only difference Do not install Symantec Client Security firewall client to Terminal Servers Users who are logged on to the server console receive alerts Users who are connected through a Terminal client session do not receive alerts How to view Terminal Servers from the Symantec System Center console Terminal Servers appear the same as file servers in the console from which they are managed Both types of servers are represented with the same icon in the Symantec System Center console Terminal Server and Terminal Services limitations The following limitations apply to antivirus protection on Terminal Server and Terminal Services m Symantec Client Security does not protect mapped drives on computers that can be accessed by applications that are running during a session on Terminal Server m The
201. urity you can deploy a client installation from the Symantec System Center To install a client upgrade from the Symantec System Center 1 In the Symantec System Center in the left pane click System Hierarchy or any object under it On the Tools menu click NT Client Install NT Client Install is available only if the NT Client Install tool was selected when you installed the Symantec System Center This component is selected for installation by default Continue the installation See Running the client setup program on page 145 How to determine parent servers and policy When Symantec Client Security is installed to servers each server receives a full set of installation files for all supported platforms in the folder Program Files Sav Clt inst on a Windows NT based server and SYS SAV clt inst on a NetWare server Note If you have servers running Symantec Client Security that you know will never serve as parents you can remove the Clt inst directory and its sub directories to reclaim approximately 50 MB of hard disk space Migrating to the current version of Symantec Client Security 93 Client migration When the antivirus policy is set on the server the policy settings are saved in the Grc dat file This file exists in all of the installation sets and is updated any time that the policy is changed When Symantec Client Security is then installed to clients from these installation sets the policy is carried t
202. value of 0 indicates a client installation ENABLEAUTOPROTECT lt val gt Determines whether Auto Protect is enabled after the installation is complete where lt val gt is one of the following values m 1 This enables Auto Protect after installation m lt n gt Any other integer value disables Auto Protect after installation The default setting is 1 enabled NETWORKTYPE lt val gt Describes the management state of the target computer when installation is complete where lt val gt is one of the following m 1 Managed m 2 Unmanaged default m4 Server SERVERGROUPNAME Specifies the name of the server group that the lt server group name gt target server will join You can create a new server group by using a unique server name SERVERGROUPPASS lt password gt Specifies the password of the server group that the target server will join INSTALLDIR lt target directory gt Specifies the installation directory on the target computer The default directory is C Program Files Symantec AntiVirus If the path specified contains long file names use quotation marks around it 178 Windows Installer msi command line reference Symantec Client Security properties Symantec Client Security client properties Table A 3 describes the properties that are configurable for the Symantec Client Security client installation Table A 3 Symantec Client Security properties ENABLEAUTOPROTECT lt val gt
203. ver m The Central Quarantine Server and the Central Quarantine Console can be installed on the same or different supported Windows computers Custom Content Publishing Application You can use LiveUpdate to automatically distribute and update content of virtually any type including documents and program files You can work with Symantec content or any content that is related to other products or services You can target content to classes of client computers based on the target client s network location computer name registry information files currently installed on the computer and other parameters Using the Custom Content Publishing Application CCPA you create modify and publish updates that are uploaded to the Central LiveUpdate server When the LiveUpdate client runs it looks for custom content packages in addition to LiveUpdate virus definitions and product updates and authenticates the package to determine if it can be trusted See the LiveUpdate Administrator s Guide Install the Custom Content Publishing Application CCPA on a computer that is running a supported Windows operating system LiveUpdate Administrator Lets you configure one or more intranet FTP HTTP or LAN servers to act as internal LiveUpdate servers Install on a Windows NT computer that is running the Symantec Client Security server program Symantec Client Firewall Administrator Lets you create and modif
204. ver installation methods Push You can push a Symantec Client Security server Install the Symantec System Center installation directly from the Symantec Client with the antivirus management snap Security CD or from the Symantec System Center in and the AV Server Rollout tool to push the server installation from the Symantec System Center See Deploying the server installation across a network connection on page 120 116 Installing Symantec Client Security servers About Symantec Client Security server installation Table 6 1 Server installation methods Windows Installer You can customize and deploy an installation Create a custom msi installation msi deployment package using tools that are compatible with using the components and options Windows Installer Symantec Client Security uses specific to Symantec Client Security Windows Installer technology for all client and installation packages server installations See Windows Installer msi Symantec Client Security uses the standard command line reference on Windows Installer deployment options provided page 173 by Microsoft The only prerequisite is that you are familiar with Windows Installer package creation and deployment Symantec Packager You can create a package with Symantec Packager m Create acustom Symantec Client self extracting that includes a preconfigured Windows Installer Security server Windows executable package or set of packag
205. w submission it analyzes the virus generates the repair and tests it Then it builds new virus definitions files including the new virus fingerprint and returns the new virus definitions files to the gateway Usually this process occurs Introducing Symantec Client Security What you can do with Symantec Client Security automatically however some cases require the intervention of Symantec Security Response m Deploys repairs The Quarantine Agent downloads the new virus definitions and installs them on the Central Quarantine Server The updated definitions are then pushed to the submitting computer if they are needed For details about configuring the Central Quarantine and using the Digital Immune System see the Symantec Central Quarantine Administrator s Guide What you can do with Symantec Client Security You can use Symantec Client Security to accomplish the following key protection tasks on your network servers and workstations m Deploy protection efficiently m Protect against blended threats m Protect against other threats m Respond to intrusions m Manage Symantec Client Security clients based on their connectivity m Centrally manage and update security m Ensure that remote clients comply with your security policy m Verify security status m Establish and enforce policies m View history and event log data Deploy protection efficiently Symantec Client Security uses Microsoft Windows Installer msi
206. where Server_name is the name of the computer on which Apache Web Server is installed The IP address of the server computer can be used in place of the Server_name Installing Symantec Client Security clients locally If the client computer is connected to the network installing directly from the Symantec Client Security CD is the least preferred option because the CD might get damaged or lost and only one user can install at a time Also installing Symantec Client Security client in managed mode is more difficult because the user must specify a Symantec Client Security server to connect to when installing from the CD If users do not specify a Symantec Client Security server to connect to when they install from the Symantec Client Security CD the Symantec Client Security client is installed in unmanaged mode This means that users are responsible for getting their own virus definitions files and program updates using the Internet To change the client s status to managed use one of the following methods Reinstall the client from the server or use one of the other installation methods Copy the configurations file Gre dat from the intended parent server to the client This method is faster and requires fewer resources See Configuring clients using the configurations file on page 170 If you make the Symantec Client Security CD available on a shared network drive users must map to that drive on their workstations to ensur
207. will be offered the following choices m Setup Type panel Click Complete to install all of the components that are included with the default installation or Custom to select components m Network Setup Type panel Click Managed to have the client managed by a parent server or Unmanaged to run without a parent server If you select Managed you must know the name of the Symantec Client Security server to which the client will connect m Install Options panel Check Auto Protect if you want to enable Auto Protect Check LiveUpdate if you want LiveUpdate to run at the end of the installation If you chose to run LiveUpdate after installation follow the instructions in the LiveUpdate Wizard Deploying the client installation across a network connection You can remotely install the Symantec Client Security client to computers running supported Microsoft Windows operating systems that are connected to the network You can install to multiple clients at the same time without having to visit each workstation individually An advantage to remote installation is that users do not need to log on to their computers as administrators prior to the installation if you have administrator rights to the domain to which the client computers belong To push the Symantec Client Security antivirus client installation to computers across your network complete the following tasks in the order in which they are listed m Start the antivirus client installation
208. y 27 How Symantec Client Security works Alert Management System console The AMS console is installed to the same computer on which the Symantec System Center console is installed and supports alerts from AMS clients and servers The AMS console lets you configure alert actions for Symantec Client Security servers that have the AMS service installed Symantec AntiVirus snap in The Symantec AntiVirus snap in lets you perform management tasks from the Symantec System Center including setup and configuration of client and server groups event management and protection updating Symantec Client Firewall snap in The Symantec Client Firewall snap in lets you centrally distribute firewall policy files NT Client Install tool The NT Client Install tool lets you remotely install the Symantec Client Security client to one or more Windows NT based computers AV Server Rollout tool The AV Server Rollout tool lets you remotely install the Symantec Client Security server to the Windows NT based servers that you select How installation works The methods that you use to install Symantec Client Security and the components that you select depend on how you plan to implement security at your site Installation typically involves the following processes m Installing the Symantec System Center console and the default management components m Installing Symantec Client Security servers m Installing Symantec Client Security clients
209. y Symantec Client Security features that can be installed using a customized Windows Installer package These features are used by the Windows Installer ADDLOCAL property to specify the features that are installed See Command line examples on page 182 Symantec Client Security server features Table A 5 describes the features that are configurable for the Symantec Client Security server installation Table A 5 Symantec Client Security server features SAVMain Specifies the basic Symantec Client Security server files This feature is required SAVUI Makes the user interface available to the target computer This feature is optional SAVHelp Include Symantec Client Security Help files This feature is optional Symantec Client Security antivirus client features Table A 6 describes the features that are configurable for the Symantec Client Security antivirus client components Table A 6 Symantec Client Security antivirus client features SAVMain Specifies the basic Symantec Client Security client files This feature is required SAVUI Makes the user interface available to the target computer SAVHelp Lets you include Symantec Client Security Help files Windows Installer msi command line reference 181 Using the log file to check for errors Table A 6 Symantec Client Security antivirus client features EMailTools Lets you include all Auto Protect email components OutlookSnapin Lets y
210. y firewall policy files Install on a computer that is running the Symantec Client Security firewall client 54 Planning the installation Methods for updating virus definitions files Methods for updating virus definitions files Symantec Client Security provides several methods for keeping the virus definitions files current across all networked and non networked computers The information in Table 2 6 will help you understand the various methods the types of clients to which they apply and considerations for using each method Table 2 6 lists the update methods and the types of clients on which to use them Table 2 6 Virus definitions files update methods Virus Definition Transport Method Use with fully managed and sometimes managed computers This method allows primary servers to push updated virus definitions to secondary servers and secondary servers to the clients that they manage Primary servers may receive updated virus definitions from an internal LiveUpdate server if you have one or the Symantec LiveUpdate server If you use a single computer on your network as a source for updating virus definitions you can reduce network exposure to the Internet Additionally if the computer is configured as an internal LiveUpdate server you can automate the procedure for updating virus definitions For a large network you can create more than one internal LiveUpdate server for failover protection When you are upd
211. y receive any new configuration data and the latest virus definitions files updates By default if a parent server does not communicate with a sometimes managed client for 30 days the icon is removed from the Symantec System Center display The Symantec System Center console 52 Planning the installation About administration tools Table 2 4 Symantec Client Security client types Lightly managed These clients are configured outside the Symantec Configurations file Grc dat System Center console through a configurations file Gre dat and are otherwise not managed Lightly managed clients are typically mobile computers that do not connect to the network but have email If a lightly managed client requires a configuration change you can create a new configurations file and copy it to the client You can change the configuration of lightly managed clients by pushing a new configurations file to clients using third party software Unmanaged These clients do not connect to the network and have Configurations file no parent server with which to communicate They will Gre dat during not appear in the Symantec System Center even if they installation are later connected to the network m Self managed These clients need to download their own virus definitions updates LiveUpdate is built in to each Windows client so that it can automatically get new virus definitions files updates Roaming These clients are typically
212. ymantec Client Security servers mixing Windows NT based and NetWare computers if needed m Perform a complete installation to each server including AMS if needed m Install the Symantec System Center to at least one computer that is using a 32 bit operating system Install to connected and stand alone computers if necessary m Match client to server operating system combinations for example a Windows NT workstation logging on to NetWare servers Communication m Match the communication protocols in your test environment to those in your production environment Install to all operating systems that you expect to use m If your network uses routers include a router in your test environment this is particularly important for mixed protocol environments Management m Create at least one server group that contains two or more servers m Create at least one client group that contains two or more Symantec Client Security clients Note If you are using a Windows NT Workstation 4 0 computer in a lab setting as a Symantec Client Security server the maximum number of computers that can simultaneously connect to a Windows NT Workstation 4 0 is 10 This Microsoft imposed limitation does not limit TCP connections that can be made to acomputer but affects only file shares named pipes and so on anything that requires the SERVER service Symantec Client Security can have as many inbound connections as it needs to fu
213. ymantecAntiVirusUser group using Nwadmin32 or ConsoleOne On the server console load Vpregedt nlm Click O pen Click VirusProtect6 Press Enter Click O pen again click LoginOptions and then press Enter In the left pane of the window click E dit to edit values Click DoInstallOnWin95 and then select one of the following m OPTIONAL Prompts the user whether to start the installation m FORCE Silently starts the installation m NONE Do not install These entries are case sensitive If you previously installed clients and need to force a new update increment the WinNTClientVersion to a higher number Unload the Symantec AntiVirus NLM from the NetWare server Type the following command to reload the NLM Load Sys Sav Vpstart Test the client installation by logging on as a member of the SymantecAntiVirusUser group from a Novell NetWare client Installing Symantec Client Security clients Installing the AMS client stand alone program on an unmanaged client Installing the AMS client stand alone program on an unmanaged client When you install the Symantec Client Security client program the AMS client software is not installed as part of the client installation If you want to use the alerting features that AMS provides for unmanaged clients you can install the AMS client program that is included on the Symantec Client Security CD To install the AMS2 client stand alone program on an unmanaged client 1 Inthe
214. ystem Center ccccceesesseeseeeeseeeeseeeeeseeees 168 Installing the AMS client stand alone program on an unmanaged client 2sc scssecdiasgesesdieeadetecsssiies aielissstneesaeeeseuecnesbecaes 169 Post installation client tasks 0 ceeessseceseseseseceeeseseceeececesesescseececeeeeteeseaeaees 169 How to protect the Symantec Client Security registry key on Windows NT 4 0 computers eee eeeseseseeeeceseeceseeceeeseseeceseeeeseseeaeaes 169 Configuring clients using the configurations file 0 cceeeseseseseeeeeeenees 170 Obtaining the configurations file 0 0 eeeceeseseseteeeeseseseseseseseseeees 171 Copying the configurations file to the antivirus client 171 Uninstalling Symantec Client Security clients 0 0 ceeseseeeeeteeeeeeeees 172 Windows Installer msi command line reference Installing Symantec Client Security using command line parameters 173 Default Symantec Client Security client installation Default Symantec Client Security server installation Windows Installer commands eeeeseseesssseeseceeesesesceceeeeeeceeeetaeaeaeeceeeeeeeees Windows Installer commands and properties ccccccccscesseseeeeseesees Symantec Client Security properties ccccccesessesesseseseeeeseseeeeeeseeeeseseeeees Symantec Client Security server properties cccceeeeeeeseseteeeeeees Symantec Client Security client properties 0 ccceceeeeseseseeeeseees Symantec Client Security firewall client
215. ystem Center management components If you plan to use the Symantec System Center for management services including the rollout of the installation to managed computers it is important to have an understanding of the management components and issues related to their installation During installation of the Symantec System Center the management components are installed by default unless you specify otherwise Table 2 1 lists and describes Symantec System Center management components Table 2 1 Symantec System Center management components The Symantec System The Symantec System Center is the m Install the Symantec System Center Center console console that you use to administer console to the computers from which managed Symantec products The you plan to manage Symantec Client Symantec System Center is a stand alone Security application that runs under Microsoft m Install to at least one computer to view Management Console and administer your network If your organization is large or you work out of several offices you can install the Symantec System Center to as many computers as you need Rerun the installation program and select the appropriate option m The Symantec System Center does not need to be installed on a network server or an antivirus server Alert Management The AMS console provides alerts from m Install the AMS console to the same System AMS AMS clients and servers computer on which the Symantec cons
Download Pdf Manuals
Related Search