Chapter 8 Configuring Antivirus Devices; Symantec Antivirus Configuration; Configure The Av Server To Publish Events To Mars Appliance - Cisco CS-MARS-20-K9 - Security MARS 20 User Manual

Configuring Antivirus Devices
Antivirus (AV) devices provide detection and prevention against known viruses and anomalies.
This chapter describes how to configure and add the following devices and systems:
•
•
•

Symantec AntiVirus Configuration

Configuring the Symantec AV requires performing two tasks:
•
•
In addition, you can perform the following task to expedite populating the Agent list in MARS:
•

Configure the AV Server to Publish Events to MARS Appliance

To configure the AV server to publish events to MARS, follow these steps:
Log in to the Windows server running Symantec AV.
Step 1
To identify the Local Controller as a valid SNMP trap destination, click Administrative Tools >
Step 2
Services > SNMP Service > Traps > Trap destinations.
Enter the IP address of the Local Controller in the Trap Destination page, and click OK to close all open
Step 3
windows.
Select Start > All Programs > Symantec System Center Console.
Step 4
In the Symantec System Center window, click System Hierarchy.
Step 5
Step 6 Under System Hierarchy, right-click the appropriate server group name and unlock the server group by
supplying the configured password.
Unlocking the server enables you to configure it.
78-17020-01
Symantec AntiVirus Configuration, page 8-1
McAfee ePolicy Orchestrator Devices, page 8-8
Cisco Incident Control Server, page 8-13
Configure the AV Server to Publish Events to MARS Appliance, page 8-1
Add the Device to MARS, page 8-7
Export the AntiVirus Agent List, page 8-7
C H A P T E R
User Guide for Cisco Security MARS Local Controller
8
8-1