30 Introducing Symantec AntiVirus
How Symantec AntiVirus works
How the Digital Immune System works
Write to Windows NT Event Log
■
Send SNMP Trap
■
Load an NLM
■
2
AMS
server is installed by default when the Symantec AntiVirus server
program is installed using the AV Server Rollout tool. Managed antivirus clients
2
do not require AMS
client to generate alerts.
When you install an unmanaged Symantec AntiVirus client, AMS
installed by default. To install AMS
2
the stand-alone AMS
AntiVirus CD.
The Digital Immune System is a fully automated, closed-loop antivirus system
that manages the entire antivirus process, including virus discovery, virus
analysis, and deployment and repair of files that could not be repaired on a
client computer. This automated system dramatically reduces the time between
when a virus is found and when a repair is deployed, which decreases the
severity of many threats.
The Digital Immune System works with the Central Quarantine and performs
the following actions:
Identifies and isolates viruses
■
When a client computer configured to repair infected files cannot repair a
specific file, it forwards the file first to the local Quarantine and then to the
Central Quarantine Server where more current virus definitions may be
available.
Rescans the file and submits viruses to Symantec Security Response
■
If the Central Quarantine has more current virus definitions than the
submitting computer, it may be able to fix the file. If so, it pushes the newer
definitions to the submitting computer. If the file cannot be repaired, it is
sent to a Symantec Security Response gateway for further analysis.
2
to an unmanaged client, you must install
client software that is available on the Symantec
2
client is not