Symantec Antivirus 10 Installation
[1/12/2011 02:35:00 PM | ]

It is recommended you run the Symantec client code on servers. The Symantec server code should only be used for those systems which will be managing Symantec clients. When you install the Symantec server code, that system becomes a Symantec parent server which manages Symantec clients.

If you will be managing servers which are running the Symantec Antivirus client code, you need to install Symantec System Center (SSC) and the Symantec Server code. This system will be used to manage your servers which are running the Symantec client software.

NOTE: When you install the client code on a server, you should install the client WITHOUT the email plugins. The email plugins on a server are not necessary and create more overhead. Also, there have been reported problems with the email plugins.

A. How to install and configure SSC with SAV for SERVER.

  1. To install SAV for server, extract the SAV10 zip file available on the IBM Virus CERT download site.
  2. Go to the CD1 folder, then click setup.exe
  3. Click on "Install Symantec AntiVirus"
  4. Click on "Install Symantec AntiVirus Server"
  5. Install the Server
  6. Reboot
  7. The "Symantec System Center" (SSC) is used to provide a management interface to manage your parent server. It can be on the same server as the parent server or it can be a different server.
  8. Following the same path, install "Symantec System Center" (SSC)
  9. Reboot
  10. Opening SSC, make the parent server the primary parent server by unlocking the server group and making it the primary.
  11. If you click on "Install Other Administration Tools", you can install other components.
  12. You can install a Reporting Server which provides AV reporting.

Note: For more information on SAV10 and it's components, go to CD1/Docs in the zip file you extracted.

Configure your SAV server to Receive Daily Virus Definitions (without using LiveUpdate)

  1. Download and unzip AdvCEGetter_current.zip.
  2. There is a Word document with details.
  3. Create a scheduled task to run QuickCeg.bat at intervals you define. At least once a day is required for ITCS104 compliance.

Note: QuickCeg.bat will query Symantec for new virus definitions. If new virus definitions are present, they will be automatically downloaded. If the definitions are current on your server, new virus definitions will not be downloaded. A log file is created every time QuickCeg is ran.

  • New virus definitions are available using QuickCeg.bat.
  • You can use QuickCeg.bat to check for new virus definitions every hour
B. Installing Clients

There are many techniques available from Symantec to install managed clients. These various methods are outlined in CD1/Docs/savinst.pdf.

  1. One simple method is to go to your parent server, open Windows Explorer and go to this directory:
    C:\Program Files\SAV\Symantec AntiVirus\Symantec AntiVirus\CLT-INST\WIN32
  2. Copy the WIN32 directory to another location and zip it.
  3. Use this zip file to install your clients by unzipping the file, and clicking on setup.exe. It already contains your grc.dat file and PKI certificate file.

VERY IMPORTANT: In SAV10 for a client to be managed, it requires two files.
1. GRC.DAT
2. PKI file.

It is recommended both files be from the primary parent server. The grc.dat file is the configuration file which tells your client who it's parent server is. SAV10 now utilizes encrypted communication between parent server and client. This encryption uses a PKI certificate. If your client does not have the PKI file from a parent server, it will not be able to communicate to the parent server.

Configuring Managed Clients to Comply with ITCS104

Every setting on the client is managed in the SSC. You can manage whether to display virus notification popups (or not), to show the Symantec AV icon in the system tray (or not), or to lock the Auto Protect setting. Everything is self explanatory. You go into SSC, find the appropriate setting and turn it on or off. At any time, you can click on "Help" and SSC will provide further information.

I will outline some key settings so your clients comply with ITCS104.

Daily Virus Definitions Checks - Managed clients receive new virus definitions automatically using VDTM (instead of LiveUpdate). The client check-in time is configurable. If you setup your parent server to receive new virus definitions from Symantec using ADVCegetter, your managed clients will receive new virus definitions every time Symantec releases new virus definitions very quickly. To configure your clients to receive new virus definitions using VDTM:

1. Open SSC
2. Right click on the Server Group and go to All Tasks, Symantec AntiVirus, Virus Definition Manager
3. The typical configuration will look like this:

4. In the bottom section section (How Clients Retrieve Virus Definitions Updates) be sure to enable "Update virus definitions from parent server".
5. If you click on Settings, you can configure how often a client will check for updates. Recommended setting is 120 minutes.

Server Tuning Options -
If you are managing SAV9 & SAV10 clients, please make sure there is a checkmark next to "Allow this server to manage 9.x and earlier clients and servers". If this is not
checked, your server will only be able to manage SAV10 clients.

Other Considerations -
Email Plugins - By default SAV10 will detect your system is a server and not install the email plugins. If for some reason, you have SAV10 installed and the email plugins are installed, it is highly recommended you remove the email plugins. The email plugins are known to cause problems on very busy servers.

Tamper Protection - We recommend you enable Tamper Protection. However, if your server is really busy and you want to reduce overhead, you may consider disabling it.

SAV10 Communication (for firewalls) - SAV10 uses encrypted TCP communication instead of UDP which is what was used by SAV9 and earlier versions. If you have clients or servers which communicate across a firewall, you need to make sure the appropriate holes are opened to allow communication.

Account Management - A new feature of SAV10 is account management. SAV10 now has the ability to create individual accounts which can access the Symantec System Center. You can also grant different levels of access (read only, Administrator, Central Quarantine Account, Gateway Security Account). This is accessed by right clicking on your server group and selecing "Account Management".

64 Bit Systems

Symantec Antivirus 10 will run on AMD 64 bit processors.

To install Symantec Antivirus 10 on 64 bit Itanium 2 processors, you will need to click on setup.exe in the /SAVWIN64 folder.

64 bit systems can be managed by a Symantec parent server. However, it must receive it's virus signature updates using LiveUpdate. It will not be able to receive virus signature updates from the Symantec parent server using VDTM.