1. Manuals
  2. Brands
  3. Symantec Manuals
  4. Software
  5. 10551441 - AntiVirus Corporate Edition
  6. Reference manual

Symantec 10551441 - AntiVirus Corporate Edition Reference Manual

Reference guide
Hide thumbs Also See for 10551441 - AntiVirus Corporate Edition:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administrator's Manual, User Manual
Symantec AntiVirus™
Corporate Edition
Reference Guide

Advertisement

Table of Contents
loading

Related Manuals for Symantec 10551441 - AntiVirus Corporate Edition

Summary of Contents for Symantec 10551441 - AntiVirus Corporate Edition

  • Page 1 Symantec AntiVirus™ Corporate Edition Reference Guide...
  • Page 2 NO WARRANTY. The technical documentation is being delivered to you AS-IS, and Symantec Corporation makes no warranty as to its accuracy or use. Any use of the technical documentation or the information contained therein is at the risk of the user.

  • Page 3: Technical Support

    Technical support As part of Symantec Security Response, the Symantec global Technical Support group maintains support centers throughout the world. The Technical Support group’s primary role is to respond to specific questions on product feature/ function, installation, and configuration, as well as to author content for our Web-accessible Knowledge Base.

  • Page 4: Customer Service

    Recent software configuration changes and/or network changes ■ Customer Service To contact Enterprise Customer Service online, go to www.symantec.com, select the appropriate Global Site for your country, then choose Service and Support. Customer Service is available to assist with the following types of issues: Questions regarding product licensing or serialization ■...

  • Page 5: Table Of Contents

    Introducing the reference guide What is in the reference guide ................7 Chapter 2 Antivirus protection and email servers About configuring Symantec AntiVirus on email servers ......9 Stand-alone server configuration ............. 10 Managed client configuration ..............11 Unmanaged client configuration .............. 11 File scanning on Exchange servers ..............
  • Page 6 6 Contents Chapter 5 Windows services Symantec AntiVirus services ................25 Symantec System Center services ..............28 Chapter 6 Cryptography basics Overview ....................... 29 About cryptographic keys and algorithms ............30 About one-way hashes and digital signatures ..........31 About digital certificates and PKIs ..............32 About SSL ......................

  • Page 7: Introducing The Reference Guide

    ■ This reference guide contains technical product information for Symantec AntiVirus, including information on tools that are on the Symantec AntiVirus CD. It is intended for system administrators and others who install and maintain this product in a networked, corporate environment.
  • Page 8 Symantec AntiVirus and the Symantec System Center. Those names appear in the Windows Services control panel. Event Log entries This chapter lists the events written by Symantec AntiVirus to the Windows Event Log. Cryptography basics This chapter provides an overview of the cryptography concepts that administrators need to understand if they do not know the difference between a digital signature and a digital certificate.

  • Page 9: Antivirus Protection And Email Servers

    ■ About configuring Symantec AntiVirus on email servers Symantec AntiVirus antivirus software is a file system scanner, and is not designed to handle server functions. Products that are specifically designed to protect Microsoft® Exchange, Domino®, and other gateway servers handle server functions.

  • Page 10: Stand-Alone Server Configuration

    Configure the servers in the server group to receive virus definitions updates from the primary server by using the Virus Definition Transport Manager (VDTM). If a Symantec antivirus product for the email server is also installed, disable the LiveUpdate™ schedule for that product. The virus definitions downloads are exactly the same.

  • Page 11: Managed Client Configuration

    Be sure to disable all email Auto-Protect options if they are installed and enabled. Warning: If you configure Symantec AntiVirus as a client on an email server, be sure to disable email Auto-Protect if it is installed. This feature monitors the standard mail ports, and can cause performance degradation or failure if it is installed on email servers.

  • Page 12: File Scanning On Exchange Servers

    12 Antivirus protection and email servers File scanning on Exchange servers Warning: If you configure Symantec AntiVirus as a client on an email server, be sure to disable email Auto-Protect if it is installed. This feature monitors the standard mail ports, and can cause performance degradation or failure if it is installed on mail servers.

  • Page 13: Directories To Include

    You can exclude single files by using the client and server software that is installed on the Exchange server. You cannot exclude single files by using the Symantec System Center with server and client group configurations. Therefore, for all three configurations, you must exclude Tmp.edb by using the Symantec AntiVirus user interface on the Exchange...
  • Page 14 14 Antivirus protection and email servers File scanning on Exchange servers Microsoft Exchange Server 5.5 Table 2-1 lists the directories and files to exclude for Microsoft Exchange Server 5.5. Table 2-1 Files to exclude for Microsoft Exchange Server 5.5 Directory and files Default file location Exchange databases Default location: Exchsrvr\Mdbdata...

  • Page 15: Extensions To Exclude

    Antivirus protection and email servers File scanning on Exchange servers Microsoft Exchange Server 2003 Table 2-3 lists the directories and files to exclude for Microsoft Exchange Server 2003. Table 2-3 Files to exclude for Microsoft Exchange Server 2003 Directory and files Default file location Exchange databases Default location: Exchsrvr\Mdbdata...

  • Page 16: Directories To Exclude When Other Symantec Products Are Installed

    16 Antivirus protection and email servers File scanning on Exchange servers Directories to exclude when other Symantec products are installed Excluding these directories is critical to product operation. Each product uses its temp directory as a processing directory. If the temp directories are not excluded from file system scanning, the antivirus programs might conflict and cause unexpected behavior, including potential data loss.

  • Page 17: Reset Acl Tool

    By default, these computers allow all users to modify the data stored in the registry for any application, including Symantec AntiVirus. Reset ACL removes the permissions that allow full access by all users to the following Symantec AntiVirus registry key and its subkeys:...
  • Page 18 Configure Symantec AntiVirus. ■ For example, users cannot set Auto-Protect or email scanning options. The options associated with these operations appear dimmed in the Symantec AntiVirus interface. In addition, the user can modify scan options, but the changes are not saved in the registry or processed.

  • Page 19: Importer Tool

    Note: In most cases, you should not need the Importer tool. The Find Computer feature of the Symantec System Center can usually find and identify Symantec AntiVirus servers on the network by means of address caching and the normal...

  • Page 20: How The Importer Tool Works

    The Importer tool runs on any computer on which the Symantec System Center is installed. You can use it to import pairs of computer names and IP addresses from a text file into the address cache registry entries used by the Symantec System Center.

  • Page 21: Deleting Entries From The Address Cache

    Importer tool Deleting entries from the address cache To create a data file Create a new file with a text editor such as Notepad. Type the data in the following format: <server name><comma><IP address><linefeed> Avoid typing incorrect IP addresses for servers. No validation is performed to determine if two servers have the same IP address in the Importer text file.

  • Page 22: Advanced Usage

    22 Importer tool Advanced usage To delete entries from the address cache In the Symantec System Center console, on the Tools menu, click Discovery Service. Under Cache Information, click Clear Cache Now. Once you run Discovery after the data import, the correct data is available for future discovery sessions.

  • Page 23: Getting Help While Using The Importer Tool

    Importer tool Getting Help while using the Importer tool entries created in the registry. The Discovery Service can then find the computers each time that the Discovery Service is run. Getting Help while using the Importer tool You can access Help on Importer switch and syntax information. To get Help while using the Importer tool At the command line, type the following: Importer...

  • Page 24: Known Problems

    The Importer modifies the AddressCache key under HKLM, so the user needs local administrator rights. The Importer tool aids in the discovery process of the Symantec System Center. The Importer determines whether the Symantec System Center is present on the local computer. If not, an error message appears.

  • Page 25: Windows Services

    Symantec AntiVirus services ■ Symantec System Center services ■ Symantec AntiVirus services Table 5-1 lists the names and descriptions for Symantec AntiVirus server services. These appear in the Windows Services control panel. Table 5-1 Symantec AntiVirus server services Service name...
  • Page 26 Virus protection tray icon VPtray.exe Service that provides the system tray icon. Table 5-2 lists the names and descriptions for Symantec AntiVirus client services. These appear in the Windows Services control panel. Table 5-2 Symantec AntiVirus client services Service name...
  • Page 27 Temper Protection SPBBCSvc.exe Service that protects Symantec proccesses. Symantec AntiVirus Rtvscan.exe One of the main Symantec Client AntiVirus virus scanning services. Most Symantec AntiVirus client- related tasks are performed in this service. Client roaming service Savroam.exe Provides roaming server data to roaming clients.

  • Page 28: Symantec System Center Services

    28 Windows services Symantec System Center services Symantec System Center services Table 5-3 lists the names and descriptions for Symantec System Center services. These appear in the Windows Services control panel. Table 5-3 Symantec System Center services Service name Binary name...

  • Page 29: Cryptography Basics

    About SSL ■ Overview Symantec AntiVirus communications use the Secure Sockets Layer (SSL) protocol, which Netscape® created to conduct secure transactions between Web servers and clients. Most online transactions that involve money moving across the Internet use SSL. SSL uses a Public Key Infrastructure (PKI), digital certificates, and cryptography.

  • Page 30: About Cryptographic Keys And Algorithms

    30 Cryptography basics About cryptographic keys and algorithms About cryptographic keys and algorithms In its simplest form, a cryptographic key is a secret code that a cryptographic algorithm (instruction sequence) uses to encrypt and decrypt messages. This algorithm might be nothing more than transposing one alphabetic letter with another.

  • Page 31: About One-Way Hashes And Digital Signatures

    Cryptography basics About one-way hashes and digital signatures About one-way hashes and digital signatures A one-way hash is an algorithm that takes the contents of a variable-length computer file (message) and produces a fixed-length value. This fixed-length value has at least three names: hash, hash value, and message digest. If you change one bit in the computer file and then rerun the hashing algorithm on the file, the second value differs from the first value.

  • Page 32: About Digital Certificates And Pkis

    Two root CAs that are widely used across the Internet are VeriSign® and Entrust®. Figure 6-1 illustrates the type of digital certificate that Symantec AntiVirus uses, which is based on the X.509v3 standard. This certificate is a self-signed server group root certificate.
  • Page 33 Cryptography basics About digital certificates and PKIs Figure 6-1 Digital certificate example Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption // Hashing and asymmetric algorithms Issuer: OU=Server Group Root CA, CN=4930435c2aa91e4abb4e6c9d527eb762 Validity Not Before: Nov 20 05:47:44 2001 GMT Not After: Nov 20 05:47:44 2002 GMT Subject: Subject: OU=Server Group Root CA, CN=4930435c2aa91e4abb4e6c9d527eb762 Subject Public Key Info:...
  • Page 34 Entrust and VeriSign), and the primary server in each server group performs root CA activities. The primary server creates a self-signed certificate that serves as the highest level of trust, and is valid for 10 years. Symantec AntiVirus does not implement an RA or CRL, but does use CSRs. Finally,...

  • Page 35: About Ssl

    Cryptography basics About SSL About SSL Netscape developed SSL to secure traffic between Web servers and browsers. SSL uses public and private keys, and digital certificates to negotiate a symmetric key and algorithm to use to encrypt traffic between the two. However, most Web browsers rarely query the root CA to see if a certificate is valid.
  • Page 36 Symantec AntiVirus server certificates are digitally signed by a self-signed server group root CA, so server certificates contain information that identifies the root CA. When Symantec AntiVirus clients receive a server certificate, they validate that the server group root CA signed it by comparing it to the server group root CA certificate that is installed locally.

  • Page 37: Event Log Entries

    Also, the Windows Application Log might not completely conform to this list. For example, event number 34 appears as a log forwarding error in the Symantec System Center, but the event number 34 appears as an Information event for starting Event and Settings Manager.
  • Page 38 Occurs when new definitions are downloaded by a scheduled definitions update. Scan Action Auto-Changed Occurs when Symantec AntiVirus has deleted or quarantined more than 5 infected files within the last minute. The number of files quarantined or deleted and the time interval are configurable from the registry.
  • Page 39 Event Log entries Symantec AntiVirus events Table 7-1 Events Event Event number Description Symantec AntiVirus Auto-Protect Occurs when Auto-Protect fails to Load Error load. Symantec AntiVirus Auto-Protect Occurs when Auto-Protect loads Loaded successfully. Symantec AntiVirus Auto-Protect Occurs when Auto-Protect is Unloaded unloaded.
  • Page 40 40 Event Log entries Symantec AntiVirus events Table 7-1 Events Event Event number Description License Deallocated Occurs when a license is deallocated. Definitions Rollback Occurs when definitions are rolled back. Definitions Unprotected Occurs when a computer is not protected with definitions.
  • Page 41 Event Log entries Symantec AntiVirus events Table 7-1 Events Event Event number Description Login Failed Occurs when a user login is not authenticated and fails. Login Succeeded Occurs when a user login is authenticated and successful. Unauthorized Communications Occurs when an attempt is made to access functionality that is not permitted.
  • Page 42 42 Event Log entries Symantec AntiVirus events...

  • Page 43: How Certificates Are Implemented

    Other certificate details ■ How certificates establish a chain of trust This version of Symantec AntiVirus introduces a new and enhanced network security communications architecture that uses the Secure Sockets Layer (SSL) protocol and digital certificates over TCP. This new architecture encrypts...
  • Page 44 44 How certificates are implemented How certificates establish a chain of trust Figure 8-1 Certificates and the chain of trust The primary server in each server group creates and manages a self-signed root certificate. This certificate is called the server group root certificate, and is the foundation on which servers and clients trust each other in a server group.

  • Page 45: How Clients And Servers Authenticate Certificates

    CA certificate is also valid for 10 years. When a user successfully authenticates to a server group (unlocks it from the Symantec System Center), the user initially authenticates by using a user name and password. The user then receives a temporary login certificate that is signed by the login CA certificate.

  • Page 46: Authentication Paths And Methods

    If a specific user account is deleted in the Symantec System Center, the temporary login certificate that is associated with that user cannot be renewed after it expires, regardless of the time zone. If the login certificate expires after the user authenticates to a server or client, the user is automatically issued another valid login certificate.

  • Page 47: Certificate Store Directories

    Symantec System Center. The default names of these directories are different. For example, on servers the default name is \SAV, and on the computer that hosts the Symantec System Center, the default name is \Symantec System Center.

  • Page 48: File Naming Conventions

    48 How certificates are implemented File naming conventions Table 8-2 Certificate store directories and files Component Directory Secondary server Certs: Contains the login CA and server certificates. Private-keys: Contains the private keys for the login CA and servers. Cert-signing-requests: Empty. Roots: Contains the root certificate for the first server group in which it is a member.

  • Page 49: Server Certificates And Private Keys

    How certificates are implemented File naming conventions The following examples show actual names for a certificate and private key: 4930435c2aa91e4abb4e6c9d527eb762.0.servergroupca.cer ■ 4930435c2aa91e4abb4e6c9d527eb762.0.servergroupca.pvk ■ The server group root private key is used only to add new servers to a server group, so you should safely archive the key after you set up a server group with a primary server, and after you add any necessary secondary servers.

  • Page 50: Other Certificate Details

    <counter> field incremented by one. All server group root certificates are in the \pki\roots directory under the directory that contains the Symantec System Center files.

  • Page 51: Server Group Root Key Archival

    How certificates are implemented Other certificate details Server group root key archival You must closely guard the private key that is associated with the server group root certificate. No tool should be capable of moving your private key from the primary server in your environment.

  • Page 52: About Preserving Certificates And Issue Time

    When a server group contains two or more antivirus servers, every server other than the primary antivirus server is defined as a secondary server. Symantec AntiVirus servers do not require server operating systems, and do not support email scanning.
  • Page 53 Importer tool See also server services; services about 7, 19 Defwatch 27 advanced usage 22 Symantec AntiVirus 27 and the Find Computer feature 19 command line and the Importer tool 19 getting help with 23 computer names how it works 20...
  • Page 54 Resetacl.exe 17 Rtvscan.exe 26, 27 Savroam.exe 27 security and the Reset ACL tool 17 server services See also client services; services Defwatch 25 Intel PDS 26 Symantec AntiVirus 26 services 25 See also client services; server services Symantec System Center 28...

This manual is also suitable for:

Antivirus corporate edition

Table of Contents