Configuring Symantec Antivirus Enterprise Edition Book

Foreword

Chapter 1 Introduction To Norton AntiVirus Corporate Edition (NAVCE)

A Brief History of Computer Viruses

Malware

Viruses

Worms

Macro Viruses

Trojan Horses

Other Miscellaneous Malicious Programs

Fighting Back with Antivirus Programs

Commercial Antivirus Programs

Computer Associates

Network Associates

Panda Software

Freeware Antivirus Programs

Antivirus Solutions and the Enterprise

What s New in NAVCE v7.6

Introducing Norton Antivirus Extensible (NAVEX)

Engine Technology

Centralizing Antivirus Administration

The NAVCE Client/Server Architecture

NAVCE Communication Methods

Server-to-Server Communication

Server-to-Client Communication

Introducing Symantec Security Response

Symantec Scan and Deliver

Symantec AntiVirus Research Automation (SARA)

Symantec Support for Operating Systems and Networks

Supported Operating Systems for Clients

DOS PCs

Windows 3.x

The Remaining Windows Family

Supported Operating Systems for Servers

Windows NT 4.0 and Windows 2000

Novell NetWare

Support for Cluster Servers,Terminal Servers, and More

Windows NT 4.0/2000 Cluster Servers

Novell NetWare Cluster Servers

Windows NT 4.0/2000 Terminal Servers

Citrix MetaFrame 1.8

Supported Networking Protocols

Symantec AntiVirus Corporate Edition 8.0

Windows Client Support

Windows Server Support

NetWare Server Support

Symantec Product Specialist Certification Information

Exam Objectives

Topic 1: Symantec AntiVirus Solution

Topic 2: Installation

Topic 3:The Discovery Process

Topic 4: Updating Virus Definitions

Topic 5: Scanning and Configuring Client E-mail

Topic 6: Virus Scans

Topic 7: Client/Server Communication

Topic 8: Central Quarantine and Quarantine Server

Topic 9: Alert Management System (AMS2)

Chapter 2 Designing a Managed Antivirus Infrastructure

Understanding NAVCE Server Groups

Server Group Planning Considerations

Choosing Servers to Be Part of a Group

NAVCE for Windows NT/2000

NAVCE for NetWare

Creating a NAVCE Server Group

Creating or Changing a Server Group Password

Planning NAVCE Server Roles

Primary Servers

Secondary Servers

Master Primary Server

Parent Servers

Determining NAVCE Client Configurations

Managed Clients

Sometime Managed

Lightly Managed

Unmanaged

NAVCE Licensing

The Symantec Value Program

Symantec Elite Program

The Commit Option

The Forecast Option

Support for Decentralized Purchasing

Product Offerings

Chapter 3 Implementing Symantec System Center and Alert Management System2 (AMS2)

Understanding the Symantec System Center

SSC Minimum Requirements

Additional Requirements for SSC Snap-ins

Recommended Configurations

Exploring SSC Features

Discovery Services

Server Groups Administration

Task Initiation

Managing Alerts

Remote Capabilities

Symantec Snap-ins for SCC

AMS2Snap-in

The Norton AntiVirus Corporate Edition

Management Snap-in

Symantec System Center Console Add-ons

Implementing SSC

Uninstalling Legacy NAVCE and LANDesk Products

Installing SSC

Installing the AMS2Snap-in

Installing the Norton AntiVirus Corporate Edition

Management Snap-in

Installing Symantec System Center Console Add-ons

Understanding SSC Services Running on

Windows NT/2000 Servers

Troubleshooting:The SSC Does Not Retain

Configuration Settings

Troubleshooting: If You Don t See Clients in the SSC

Uninstalling SSC

Uninstalling the Norton AntiVirus Corporate Edition

Management Snap-in

Manually Uninstalling the SSC and Its Snap-ins

The SSC Discovery Process

The Discovery Cycle

Load from Cache Only

Local Discovery

Intense Discovery

IP Discovery

Adding Clients on LANs without WINS

Considering Network Bandwidth Utilization

SSC Console Traffic

Server-to-Server Traffic

Discovery Cycle Traffic

NAVCE Client/Server Traffic

NAVCE Server/Client Traffic

Manually Generated Traffic: NAVCE Client Enumeration

Manually Generated Traffic: Server Role Reassignment

Manually Generated Traffic: Moving NAVCE

Servers between Groups

Manually Generated Traffic: Refreshing SSC Console

Introducing Alert Management System2

Processing Alert Management

Compatible AMS2 Alerts for each Operating System

Implementing Alert Management System2

Uninstalling Alert Management System2

Configuring AMS2 Alerts

Configuring Alert Messages

Configuring Default Alert Messages

Configuring AMS2 Message Box Alerts

Configuring AMS2 Broadcast Alerts

Configuring AMS2 Alerts to Run Programs

Configuring the Load an NLM Alert

Configuring the Send E-mail Alert

Configuring the Send Page Alert

Configuring for a Known Paging Service

Configuring for an Unknown Paging Service

Configuring Alerts for SNMP

Configuring the Send SNMP Trap Alert

Configuring Alerts for the Windows NT/2000/XP

Event Log

Managing Configured Alerts

Testing Configured Alerts

Exporting Alerts to Other Systems

Introducing NAVCE Notification Methods Not

Requiring AMS2

Customizable Messages

Histories and the Event Log

Understanding Scan Histories

Understanding Virus Histories

Understanding Virus Sweep Histories

Understanding the Event Log

Chapter 4 Implementing Central Quarantine 2.01

Introducing Central Quarantine 2.01

Implementing Quarantine Console 2.01

Quarantine Console 2.01 System Requirements

Recommended Configuration

Installing Quarantine Console 2.01

Uninstalling Quarantine Console 2.01

Implementing Quarantine Server 2.01

Quarantine Server 2.01 System Requirements

Recommended Configuration

Installing Quarantine Server 2.01

Understanding the Quarantine Server Services

Running on NT/2000 Servers

Uninstalling Quarantine Server 2.01

Configuring Central Quarantine 2.01

Configuring Quarantine Server for Internet-Based Scan and Deliver

Configuring Quarantine Server for Email-Based Scan and Deliver

Configuring Submissions of Suspected Viruses to SSR

Receiving and Testing Updated Fingerprints from SSR

Configuring Managed Client PCs to Route Suspected

Viruses to the Quarantine Server

Troubleshooting Central Quarantine 2.01

Chapter 5 Implementing NAVCE 7.6 to Servers

Understanding NAVCE 7.6 Servers

Windows NT / 2000 Server System Minimum

Requirements

Utilizing Windows NT 4.0 Workstation or Windows 2000

Professional Systems as NAVCE Servers

Novell NetWare Server System Minimum Requirements

Implementing NAVCE 7.6 to Servers

Developing a Deployment Plan

Windows NT/2000 NAVCE Server Installation

Considerations

Installing NAVCE 7.6 to Windows NT/2000 Servers

Configuring NAVCE 7.6 Servers

Uninstalling NAVCE 7.6 from Windows NT/2000 Servers

Uninstalling NAVCE Using the Command Line

Manual Uninstall

Understanding NAVCE 7.6 Registry Keys on NT/2000 Servers

NAVCE Registry Components

AddressCache Registry Key

ClientConfig Registry Key

DomainData Registry Key

Clients Registry Key

Children Registry Key

Understanding NAVCE 7.6 Services

Running on NT/2000 Servers

Norton AntiVirus Server (rtvscan.exe)

DefWatch (defwatch.exe)

Intel Ping Discovery Service (pds.exe)

Introducing the grc.dat File

The grc.dat File

Chapter 6 Implementing NAVCE 7.6 to Client PCs

Understanding NAVCE 7.6 Client PCs

Check-in Intervals

Intel Ping Discovery Service

Communication Tools

NAVCE 7.6 Client PC System Requirements

MS-DOS Client PC System Requirements

Windows 3.x Client PC System Requirements

Windows 9x/Me/NT/2000/XP Client PC System

Requirements

Implementing NAVCE 7.6 to Client PCs

Developing a Deployment Plan

Installing NAVCE 7.6 to Client PCs

Installing from an Internal Web Server

IIS Web Server Client Installations 2

Apache Web Server Client Installations

Installing from a Client Disk Image on a NAVCE Server 2

Remotely Installing NAVCE Client to NT/2000/XP Client PCs

Installing the NAVCE Client Locally

Installing the NAVCE Client through Logon Scripts

Installing the NAVCE Client from Floppy Disks or a Self-Extracting Deliverable Package

Understanding Third-Party Installation Methods

Using Microsoft IntelliMirror to Deploy the AVCE Client

Using Microsoft Systems Management Server to Deploy the NAVCE Client

Using Novell ZENworks for Desktops to Deploy the NAVCE Client

Uninstalling NAVCE from Client PCs

Understanding NAVCE 7.6 Registry Keys on NT/2000/XP Client PCs

Windows 9x/NT/2000/XP

Understanding NAVCE 7.6 Services Running on NT/2000/XP Client PCs

Norton AntiVirus Server (RTVScan.exe)

DefWatch (defwatch.exe)

vpexrt.exe

vptray.exe

Testing Your Deployment

Chapter 7 Upgrading from Prior Versions

NAVCE Upgrade Considerations

Testing Your Deployment

Developing an Upgrade Plan

Testing Your Rollout

Planning Virus Definition Update Methods

Upgrading from NAVCE 7.0 and 7.5

Upgrading from NAVCE 6.x

Upgrading the Norton System Center

Exploring Automatic Migration Options

Upgrading from NAV for NetWare 3

Automatically Migrating NAVCE Client PCs

Upgrading 16-Bit Windows Client PCs

Upgrading Windows 9x/Me Client PCs

Upgrading Windows NT Client PCs

Upgrading Unmanaged NAVCE Client PCs

Upgrading Remote Client PCs

Migrating from Third-Party LAN Antivirus Products

Sample Project Plan for NAVCE Upgrade

Identifying Project Resources and Major Tasks

Determining Timelines

Identifying Task Dependencies

Chapter 8 Configuring Your NAVCE 7.6 Environment

Configuring NAVCE 7.6 Clients

Installing a NAVCE Client in Unmanaged Mode

Exploring and Configuring the NAVCE Client

Configuring NAVCE Services Load Options

File System Realtime Protection Options

Enable/Disable File System Realtime Protection

Configuring File System Realtime Protection

Advanced Options

Configuring File System Realtime Protection File

Types Options

Configuring File System Realtime Protection Actions

Configuring File System Realtime Protection Virus

Notification Message Options

Configuring File and Folder Exclusions for File System

Realtime Protection

Configuring Drive Types for File System Realtime

Protection

Other Types of Scans and Clients

Configuring Windows NT 4.0/2000 Cluster

Server Protection

Configuring Windows NT 4.0 Terminal Server Protection

Configuring Windows 2000 Terminal Services Protection

Enabling Terminal Services on a Windows 2000 Server

Switching from Application Server to Remote

Administration Mode

Installing NAVCE on Windows 2000 Terminal Server

Configuring NAVCE 7.6 Servers

Configuring Multiple NAVCE Clients and Servers

Configuring Roaming for NAVCE 7.6 Clients

Features of Roaming Client Support

Roaming Client Support Requirements

Implementing Roaming Client Support

Summary 3

Solutions Fast Track 3

Frequently Asked Questions 3

Chapter 9 Securing Your NAVCE 7.6 Environment 3

Evaluating Security Requirements for Your Organization

Determining Your Security Policies

Writing It All Down: Drafting Your Network Security Policy 3

Acceptable Use Policy

Internet Usage

Disaster Recovery Policy

Antivirus Policy 3

Identifying Threats to Network Security 3

Natural Disasters 3

Hackers 3

Social Engineering 3

Internal Threats 3

Viruses/Trojans/Worms 3

Network-Based Attacks 3

Developing a Security Solution for NAVCE 7.6 3

Designating a Server

Selecting a Network Protocol 3

Implementing Your Security Solution for NAVCE 7.6 3

Installing Central Quarantine Server 3

Configuring Central Quarantine Server 3

Configuring Firewall Settings 3

Enabling NAVCE Communication 3

Configuring LiveUpdate Access 3

Allowing Access for AMS2 3

Configuring Quarantine Server Ports

Securing NAVCE 7.6 Windows NT/2000 Servers

Locking Down the NAVCE Installation

Creating or Changing a Server Group Password

Hardening the Windows Operating System 3

Providing Physical Security for Your Windows NT/200

Server

Configuring the Operating System for Maximum

Security

Protecting Terminal Servers

Restricting Virus Scans on Terminal Servers

Managing Access to the NAVCE 7.6 Registry Keys on

NT/2000 Servers

Auditing Access to the Windows Registry

Securing NAVCE 7.6 Novell NetWare Servers

Enabling NetWare Servers to Forward to Quarantine

Server Using the IPX Protocol

Configuring FTP Downloads of Antivirus Updates for

NetWare Servers

Testing the FTP Function in Novell NetWare

Securing Your NetWare Servers

Securing NAVCE 7.6 Client PCs

Monitoring NAVCE Client Definitions

Preventing a User from Canceling a Virus Scan

Managing Access to the NAVCE 7.6 Registry Keys on

NT/2000/XP Client PCs

Introducing the Reset ACL (resetacl.exe) Tool

Special Considerations When Using the Reset ACL Tool

Undoing resetacl.exe Changes

Chapter 10 Updating Virus Protection

Introducing the Virus Definition Transport Method (VDTM)

The RTVScan Timer Loop

Features of the Virus Definition Transport Method

Configuring a Server to Use VDTM

Introducing Symantec LiveUpdate

LiveUpdate versus VDTM

Considerations for Configuring LiveUpdate

Configuring External LiveUpdate

Configuring Internal LiveUpdate

LiveUpdate Administration Utility Introduction and

System Requirements

Installing Symantec LiveUpdate 1.5.3.

Administration Utility

Configuring LiveUpdate Using the LiveUpdate

Administration Utility

Configuring Servers and Clients to Connect to the

Internal LiveUpdate Server

Introducing Intelligent Updater

Chapter 11 Troubleshooting Your NAVCE 7.6 Environment 4

Troubleshooting Basics

DNS Issues

Reverse Zones

DNS Configuration Notes

DNS Troubleshooting Applications

Dynamic DNS and the NAVCE Environment

Alternative Forms of Name Resolution

DHCP Issues

Directory Services Issues

Firewalls and the NAVCE Environment

Troubleshooting Servers

Windows NT/2000 Servers

Installation Errors

Configuring a Primary NAVCE Server

Verifying Check-in Frequency and keepalive Packets

Verifying Client/Server Communication

Inability to Communicate with Clients through the SSC

Setting the Preferred Protocol

Configuring Clients

Combining 16-Bit and 32-Bit Clients

Failed Notifications

NAVCE Server Installation Issues

Uninstalling NAVCE Server

LiveUpdate Issues

DUAL NIC Systems

Additional Fixes

Novell NetWare Servers

Installation Issues

Debugging NAVCE in NetWare

NetWare Servers and Windows NT/2000

Configuring a Preferred Protocol for a NetWare Server

Problems Conducting Scans in NetWare Servers

Troubleshooting Client PCs

Solving Hard-Drive Issues

Printing Problems

Problems Creating a Rescue Disk

Scanning for Additional Files

vptray Issues

Placing a Shortcut in the Windows Startup Folder

Exchange Server Issues

Outlook Express Issues

Windows Me and the RestoreTemp and

_RestoreArchive Folders

NAVCE Fails after Using the Windows Me/XP System

Restore Feature

Modifying Files

Obtaining and Installing Old Definition Files

NAVCE Installation Issues

Registry Permissions

NTFS Permissions

Verifying Distributed Component Object Model

Configuration

Uninstalling Client Versions of NAVCE

Uninstalling NAVCE from Windows NT/2000/XP

Client Systems

Uninstalling NAVCE from Windows 9x and Me Client

Systems

Troubleshooting Roaming Client Support

Server List File Size Limits

File Syntax

DNS Issues

Fully Qualified Domain Names versus Host Names

DNS and Duplicate Host Names

Addressing Performance Issues

Problems after Using LiveUpdate

Maximum Number of Clients and the Registry Size Value

Slow Client Logoff in Terminal Services

Achieving Balance

Page Faults and RTVScan

Tracking Performance

Improving Performance

Accessing Information Databases

Additional Symantec Search Engines

Third-Party Search Engines

Search Techniques

Chapter 12 Scanning for Viruses and

Handling Virus Outbreaks

Virus Scanning Methods

Real-Time Scans

Scheduled Scans

Manual Scans

Configuring Computer Virus Scans

Configuring Manual Scans

Configuring Manual Scans from Symantec System Center

Configuring Manual Scans from the Client

Symantec Bloodhound Heuristics

Symantec Striker

Configuring Real-Time Scans

File Systems

Messaging Systems

Locking Real-Time Scanning Options

Configuring Scheduled Scans for Servers

Scheduling Scans for Specific Servers

Scheduling Scans for Server Groups

Configuring Scheduled Scans for Client PCs

Configuring Logon Scans

Configuring Startup Scans

Configuring Custom Scans

Analyzing the Results of Computer Virus Scans

Understanding Computer Virus Outbreaks

Identifying Computer Virus Outbreaks

Responding to Computer Virus Outbreaks

Communicating the Outbreak

Containing a Virus Outbreak

Using Virus Sweeps

Cleaning up a Virus Outbreak

Understanding Alert Management Server2

Using Built-in Notifications

Displaying Notification Messages to End Users

Using the Virus History Feature

Taking Actions Against Infected Files

Recovering from Boot Sector Viruses

Managing the Virus Outbreak Process

Frequently Asked Questions 5

Chapter 13 Backup and Disaster Recovery 5

Introduction 5

Basic Principles of Backup and Disaster Recovery 5

Creating a Baseline of Your Network

Leaving Room for Growth

Planning for Data Retention

Creating a Workable Backup Schedule 5

Creating a Tape Rotation Scheme 5

Providing an Offsite Storage Location

Striking a Balance Between Cost and Convenience

Training Your Staff

Involving Your Users in the Disaster Recovery Process

Testing Your Backups

Designing a Disaster Recovery Plan

Defining Mission-Critical Criteria for Your Organization

Identifying Vulnerabilities

Implementing a Backup Strategy

Choosing Backup Software

Selecting Hardware and Media

Floppy Disks

Hard Drives and Disks

CD-R/CD-RW/DVD-R

Iomega Drives

Magnetic Tapes

Jukeboxes, Stack Loaders, and the Like

Magneto-Optical and Floptical Disks

Creating a Backup Schedule

Defining Support and Service Levels for Your Organization

Backing Up Dedicated NAVCE 7.6 Servers

Using NTBackup in Windows 2000

Using the Command Line to Schedule Backups

Testing NAVCE Server Backup Jobs

Restoring Dedicated NAVCE 7.6 Servers

Appendix A Norton AntiVirus 20

and 2003 Professional Edition

Introducing NAV 2003 and NAV 2003 Professional Edition

System Requirements

NAV 2003 System Requirements

NAV 2003 Professional Edition System Requirements

Installing NAV 2003

Preparing for the Installation

Beginning the Installation

First-Time Use

Troubleshooting the Installation

Configuring NAV 2003 LiveUpdate

Interactive versus Express Mode

Configuring Auto-Protect

Configuring SmartScan

Configuring Bloodhound

The Auto-Protect Advanced Window

The Auto-Protect Exclusions List Window

Configuring Script Blocking

Configuring Manual Scan Options

Configuring E-mail Protection

Protecting Instant Messenger Traffic

Configuring The Miscellaneous Section

Password Protection for NAV 2003

Viewing Log Files

Saving Your Changes:The Options File

Troubleshooting NAV 2003

Uninstalling NAV 2003

Installing NAV 2003 Professional Edition

Post-Install Tasks

Configuring NAV 2003 Professional Edition

Conducting a Full Scan

Configuring the Norton Protected Recycle Bin

Troubleshooting NAV 2003 Professional Edition

Troubleshooting the Installation

Troubleshooting the Configuration

Uninstalling NAV 2003 Professional Edition