NPI Group

SW Manual (SWM)
For Symantec End Point Protection 11
update 5

SWM Revision History

P/N: 18-015-0085
Rev

Description

Sheet

Author

Approve
d by

A00

First Release

All

Igal
Avraham

Yuval
Golan

A04

SR updates

All

Igal
Avraham

08/2010

A05

SR updated to automatically
install the DB and User`

All

Igal
Avraham

08/2010

A06

New remarks: Hercules user,

ODBC connection

All

Igal
Avraham

10/2010

A07

Upgrade SAV 10.x to SEP 11.x

All

Igal
Avraham

11/2010

A08

How to manual update SEP

client with Virus definition

All

Igal
Avraham

02/2011

A09
A10

How to Change SEP client

feature sets. New
Deployment method.

All

Igal
Avraham

05/2011

A11

Update Exclusion list per new

subsystems : Correlation,
RBE, UMD, WDS

All

Sharon
Lesch

Igal
Avraha
m

V009412

12/6/2011

A12

Add appendix - Project

Exceptional Request

All

Igal
Avraham

Yuval
Golan

V009539

31/7/2011

P/N 18-015-0085

1 of 50

ECO

Date

04/2010

Rev A13

NPI Group
A13

Change STG product to SAV

10.x

All

Signature
Author
Approved by

Rev:

Igal
Avraham
Yuval
Golan

Igal
Avraham

Date

Yuval
Golan

15/09/201
1

Description
Page:1
Symantec End Point Protection
11 update 5

Of:

SWM

A13

Notice
This material is proprietary of Verint. Any unauthorized reproduction, use or disclosure of this
material, or any part thereof, is strictly prohibited. This material is meant solely for the use of
Verint employees and Verint customers.

P/N 18-015-0085

2 of 50

Rev A13

NPI Group
Table of Contents
1.

SCOPE AND OBJECTIVES.................................................................................................4

1.1
1.2
1.3
2.

Target Audience...........................................................................................................4
Terms and Abbreviations..........................................................................................4
References.....................................................................................................................4
PREFACE....................................................................................................................................4

2.1

3.

2.1.1

Prerequisites..................................................................................................................4
MANUALS DOCUMENTS 4

2.1.2

HARDWARE

2.1.3

SOFTWARE MEDIA

2.1.4

LICENSES5

OVERVIEW................................................................................................................................5

3.1
3.2
3.3
4.

About viruses................................................................................................................5
About Symantec Antivirus Solution.....................................................................5
About Updating............................................................................................................5
SYMANTEC ANTIVIRUS INSTALLATION PROCESS:...........................................6

4.1
4.2
4.2.1

Installation flow............................................................................................................6
Automatic installation via SR tool (Supplied by PDD group).....................6
SQL EXPRESS 2008 R2 / SQL 2008 SERVER INSTALLATION 6

4.2.2

MS SQL EXPRESS 2008 R2 TCP/IP COMMUNICATION. 10

4.2.3

RESTORE THE SEP 11 DATABASE

4.3.1

Configure the Symantec EndPoint Protection Manger...............................14

CONFIGURE A SEP MANAGEMENT SERVER.
14

4.3.2

REMOVE THE OLD SEP MANAGER FROM THE DB

4.4.1

Deploy Symantec EndPoint 11 Clients............................................................24

INSTALL UNMANAGED CLIENT VIA SR (STANDALONE SERVERS).
24

4.3

4.4

12

22

4.4.2 HOW TO DEPLOY THE SEP CLIENT AND/OR CHANGE FROM UNMANAGED TO
MANAGED
25

5.

4.4.3

MANUALLY CHANGE THE SEP CLIENT TO MANAGED

4.4.4

HOW TO CHANGE/DISABLE SEP 11 CLIENT FEATURES

4.4.5

DEPLAY THE SYMANTEC AV CLIENT FOR LINUX

33
35

36

FILES AND FOLDER EXCLUSIONS.............................................................................38

CONFIGURATION T ABLES FOR RELIANT AND S TARGATE .....................................................38

5.1
5.2
5.3
5.4
5.5
6.
6.1

Reliant 10.3 Configuration.....................................................................................38

Reliant 10.4 - updates.............................................................................................43
StarGate Configuration...........................................................................................44
Vantage Configuration............................................................................................46
Audiolog Configuration...........................................................................................49
VIRUS DEFINITIONS UPDATES...................................................................................50
Manual updates the SEPM manager..................................................................50

P/N 18-015-0085

3 of 50

Rev A13

NPI Group
6.2
7.

How to manually update definitions for a unmanaged SEP Client.................................52

APPENDIX.................................................................................................................................53

7.1
How to Migrate From Symantec Antivirus System Center Console to Symantec
Endpoint Protection Manager.............................................................................................................53
7.2
How to fix kill.exe virus not detected.............................................................................57

P/N 18-015-0085

4 of 50

Rev A13

NPI Group
1. Scope and objectives
1.1 Target Audience
The Target audiences of this document are: Operations, Subcontractors and PDD.

1.2 Terms and Abbreviations

SWM Software Manual
SEP Symantec Endpoint Protection Solution
TBD - To Be Defined
N/A - Not Applicable.

1.3 References
Verint P/N 18-xxx-xxx

[A]Document name
[B]
[C]

2.

Preface
This document describes the procedure of installing and configuring of
Symantec End Point Protection 11.x / 12.x in:
Product
Reliant

Version
10.4 and above
10.1 SP 4.5 India

Audio Log

5.x

Anti Virus solution

Symantec End Point Protection 11.x
Manager and clients
Symantec End Point Protection 11.x
Clients

RELIANT (10.3 and above / India projects 10.1 SP4 and above), STAR-GATE
and VANTAGE systems.

2.1 Prerequisites
Prior to the installation, make sure that the entire required reference manuals
and installation files are available.

2.1.1

2.1.2

Manuals Documents
Projects SPD documents
Projects NDD documents
Licenses
No Licenses needed for SEP 11 OEM Edition, the solution is based on
agreement.

P/N 18-015-0085

5 of 50

Royalty

Rev A13

NPI Group
3.

Overview

3.1 About viruses

Computer viruses pose a potential threat to any computer system.
Since viruses can cause severe and irreversible damage, preventative
measures must be taken at recognized points of infection. The
Internet presents a particularly good breeding ground for viruses and,
as such, it must be approached with caution.
Although the RELIANT, STAR-GATE and VANTAGE systems are not
connected directly to the Internet, it records and processes telephone
and communication data, some of which includes Internet sessions.
This indirect connection to the Internet presents the critical point in
defending the RELIANT, STAR-GATE and VANTAGE systems from
viruses. Protection is achieved by installing Symantec Antivirus
Solution softwares in computers interconnected by RELIANT internal
network (LAN/WAN).

3.2 About Symantec Antivirus Solution

Symantec Endpoint Protection Manager Server/Client for desktops and
servers offers centralized policy management with scalable, crossplatform virus protection on an enterprise-wide basis. Key features are:

Centralized virus protection and monitoring from a single

management console
Enforceable anti-virus policy management across multiple platforms
Rapid deployment and automatic virus protection via closed loop
automation.

Symantec Endpoint Protection Manager Console- Using this feature will

provide you to manage all the clients such as updating virus definition,
installing new clients, configuration, Policies, Reports, etc.

3.3 About Updating

Frequent updates are part of the dynamic Antivirus protection.
Symantec Antivirus Solution can be installed in a Client-Server
configuration, which provides the ability to update virus definitions
and engine extensions on the Server and deploying the updated
definition automatically over the entire Client-Server system. The
support person should only load an updated Virus Definition File to
the Server. To maximize system uptime, there is no need to reboot
servers or re-deploy application software.

P/N 18-015-0085

6 of 50

Rev A13

NPI Group
4.

Symantec Antivirus Installation Process:

4.1 Installation flow

There are two ways to install the Symantec Endpoint Protection Manager application:
-

Automatic Installation using SR Tool.

Install SQL 2008 Server on MPS (Reliant) / HM or GSA or IOPS (Star Gate)
server
Install SEP 11 Manager on the same server the SQL 2008 installed.
Restore SEP11 database to the SQL 2008 installed on the SEP
management server
Verification of the automatic installation components
Login to Symantec Endpoint Protection Manager Console.
Upload last definitions updates.
Distribute SEP client to Servers and workstations

4.2 Automatic installation via SR tool (Supplied by

PDD group).
Note: generally the SR tool installs all components on the relevant
server.
This process shows only AV related installations.
Note: In a Reliant environment - Before using the SR to install the
relevant components, make sure you have Hercules user either in
the MPS domain controller or your standalone server.

4.2.1
SQL Server/Express 2008 R2 and SEP manager
installation
1. Choose MPS in Reliant or the Managmanet server in Star Gate
platform and install/upgrade option and press next.
2. In prerequisites check verify no errors and press next.
2.1. Microsoft SQL Express 2008 R2 for Projects without Citrix
Environment.
OR
2.2. Microsoft SQL Server 2008 for Projects WITH Citrix
Environment.

2.3. In the master installer chose the Symantec Endpoint

Protection Manager as well.

P/N 18-015-0085

7 of 50

Rev A13

NPI Group

1. In the right Panel type the Hercules password: Rel.

3.

Press NEXT twice and Install.

The SR component reboots the Server between the Windows
Installer 4.5 and Microsoft SQL Server 2008 installations for
Changes to take effect.
-

Leave SR defaults
If you receive a warning message, click YES and continue.

P/N 18-015-0085

8 of 50

Rev A13

NPI Group
Wait for installation to complete.

P/N 18-015-0085

9 of 50

Rev A13

NPI Group

4.2.2

MS SQL Express 2008 R2 TCP/IP communication.

NOTE: SR installs and enables the TCP/IP protocol please check .

By default, when you finish the installation of SQL Express 2008 R2, the
only communication protocol that is opened is Shared Memory.
Since the Symantec End Point Protection manager needs to communicate
with the SQL Express we should open the TCP/IP protocol.
1. Click on Start Menu Program Microsoft SQL Server 2008 R2
Configuration Tool SQL Server Configuration Manager.
2. Open SQL Server Configuration manager (Local) SQL Server
Network Configuration Protocols for VerintSEM5.
3. Right-click on TCP/IP and choose properties.
4. In the Protocol Tab change the Enable value to YES.

P/N 18-015-0085

10 of 50

Rev A13

NPI Group
5. In the IP Addresses Tab change the IP All TCP Port Value to 1433

a. This is usually sets by the master installer:

6. Open windows services and locate the SQL Server (VerintSEM5)
Service.
7. Restart the SQL Server (VerintSEM5) Service.

P/N 18-015-0085

11 of 50

Rev A13

NPI Group
4.2.3

SEP 11 Database verification.

NOTE: SR import the SEP database, create and assign the user for
the SEP manager please check.

1. Browse to Server management Studio :

Use SQL Server Authentication to login to the SQL 2008 console
Use the followings:
Server name:
SEP_manager_server_name/VERINTSEM5
Password:

you supply during the installation (Rel7)

Example for Reliant system:

2. After login:
a. Check for the existence of the Database name
VerintSem5 under Databases.
b. Check that the user Hercules assign to the database under
Databases\VerintSem5\Security\Users

P/N 18-015-0085

12 of 50

Rev A13

NPI Group
Note: in case the DB was not restored and you can find the VerintSem5 DB
please run the following procedure
1.
2.
3.
4.
5.

Close the management console

At the SEP_manager_server Open Drive D:\SEP11DB
Double click on restore_database.sql
Enter the user and password as described above.
Execute the script

6. Wait for the results:

7. Check the Data base for the VerintSem5 according to the beginning
of the procedure.
8. If the Hercules User doesnt exist please repeat steps 3-5 with the
script: create_user.sql
The results should be as follow:

Close the SQL Server management studio console.

P/N 18-015-0085

13 of 50

Rev A13

NPI Group
4.3 Configure the Symantec Endpoint Protection
Manger
4.3.1

Configure a SEP Management server.

Launch the Management Server Configuration Wizard

Chose Advanced and click next

Chose the appropriate amount of SEP clients that should connect to the
SEP manager (Unless specified otherwise we use 100-500) and click next.

P/N 18-015-0085

14 of 50

Rev A13

NPI Group

Chose Install an additional management server and click next

The reason we choose additional management server is that the Database that we have
restored previously contains already the site configuration with all the necessary information and
we dont want to overwrite the site information with the option install my first site

P/N 18-015-0085

15 of 50

Rev A13

NPI Group
Leave the setting in the next page and click next

Use the following parameters in the next page as shown in the

screenshot:
-

Database server SEP_manager_server_name

Database name VerintSem5
Authentication SQL Server Authentication
User Hercules
Password Nine1One

Please make sure you type all parameters correctly.

In case you receive unable to connect you probably typed
incorrectly, please cancel the wizard and rerun.

P/N 18-015-0085

16 of 50

Rev A13

NPI Group

Click next and if you get a warning message, click YES

P/N 18-015-0085

17 of 50

Rev A13

NPI Group
Wait a few seconds and the configuration finish.

After you click FINISH the SEP manager login console starts
Login with Hercules / Rel7 user name

P/N 18-015-0085

18 of 50

Rev A13

NPI Group
If you get a warning message during login please follow those steps.

To fix this warning message issue, we should fix the ODBC connection.
-

Open Data Sources (ODBC) from the following location:

o
o

On Windows 2008 R2 64bit- c:\Windows\SysWOW64\odbcad32.exe

On Windows 2003 32bit - c:\WINDOWS\system32\odbcad32.exe

Go to System DSN Tab

Choose SymantecEndPointSecurityDSN and click on Configure.

P/N 18-015-0085

19 of 50

Rev A13

NPI Group
-

In the server field, enter the name of the

SEP_manager_server_name and the name of the instance.
For Example : MPS1\VerintSem5 and click next

Enter the name of the user and password. E.g. Hercules and
Nine1One password and click next

P/N 18-015-0085

20 of 50

Rev A13

NPI Group
-

In the next page change the default database to VerintSem5 and

click next and finish

Test the connection and if successfully Click OK

Go to Services and Restart the IIS Admin Service and the

associate services when you prompt to.

P/N 18-015-0085

21 of 50

Rev A13

NPI Group
Launch the Symantec Endpoint protection manager console again and
login to the SEP manager console.

4.3.2

Remove the old SEP manager from the DB

We need to verify that the current server is defined as SEP Admin server.
1. Open the SEP Manager Console click on Admin on the left Toolbar, and
select servers:

2. Make sure that the server exists in the list.

Note: please check the server list. If you find one of the MPS with the IP:
10.161.47.80 DELETE IT

P/N 18-015-0085

22 of 50

Rev A13

NPI Group

P/N 18-015-0085

23 of 50

Rev A13

NPI Group
4.4 Deploy Symantec Endpoint 11 Clients
-

For STAND-ALONE servers install unmanaged client from the SR.

For a centralized solution: Install Managed client by using Symantec Server
(for installation with Active Directory etc..).

4.4.1
-

Install unmanaged client via SR (Standalone

servers).

Launch the SR tool.

Chose the correct platform
Install the SEP Client only.
The SR will automatically select the correct architecture (x86 / x64)

P/N 18-015-0085

24 of 50

Rev A13

NPI Group
4.4.2
How to deploy the SEP client and/or change from
unmanaged to managed
Please use the procedure below:
1. Create new custom installation settings
2. Create new Installation feature set
3. Export the new SEP clients
4. Deploy the client by using the Symantec migration and deployment
wizard

4.4.2.1

Create a new custom installation settings

To create custom installation settings to restore client-server

communication, please follow the steps outlined below:
1. Open the Symantec End Point Manager
2. In the SEPM, click on Admin.
3. Click on Install Packages.
4. Click on Client Install Settings.
5. Click on Add Client Install Settings...
6. Name the new Client Installation settings as Verint Client
Installation settings
7. In the Client Install Settings window, at the bottom you will see
Upgrade settings, Choose the "Remove all previous logs and
policies, and reset the communication settings" option and click
OK.

P/N 18-015-0085

25 of 50

Rev A13

NPI Group

P/N 18-015-0085

26 of 50

Rev A13

NPI Group
4.4.2.2

Create a new installation feature set

To create a new installation feature set to remove all features

except from the Antivirus and Antispyware, please follow the steps
outlined below:
1. Open the Symantec End Point Manager
2. In the SEPM, click on Admin.
3. Click on Install Packages.
4. Click on Client Install Feature sets
5. Click on Add Client Install Feature Set...
1. In the Name field type Verint Only Antivirus and
Antispyware
2. In the Select the feature to include: remove all features
except from Antivirus and Antispyware protection " option
and click OK.

P/N 18-015-0085

27 of 50

Rev A13

NPI Group
4.4.2.3

Export the new SEP 11 clients

To export the SEP 11 client with the new previous created

definitions embedded in the package, please follow the steps
outlined below:
1. Open the Symantec End Point Manager
2. In the SEPM, click on Admin.
3. Click on Install Packages.
4. Click on Client Install Package
5. Right Click on the first client (SEP client 32bit) in the right pane and
chose Export
6. Create a new folder which the new client will be exported to, for
example: D:\New Client
1. Create the following subfolders under D:\New Client
1. D:\New Client\x86
2. D:\New Client\x64
2. In the EXPORT folder click Browse and select relevant folder.
3.

In the "Installation Settings and features" select the VERINT

settings from the "drop down list".

4. In the "Policy settings" Mark "V to "Export Package with

policy, and VERINT and click OK.
7. Export the SEP 11 64bit in the same procedure, this time export to
D:\New Client\x64.

P/N 18-015-0085

28 of 50

Rev A13

NPI Group

P/N 18-015-0085

29 of 50

Rev A13

NPI Group
4.4.2.4

Deploy the client by using the Symantec migration

and deployment wizard

After the custom/features installation settings are created and

saved and the clients already exported to a folder, you are ready to
deploy the installation package to your clients. Follow the steps
below:
1. Launch the Migration and Deployment Wizard by going to Start>
All Programs>Symantec Endpoint Protection
Manager>Migration and Deployment Wizard.
2. Select Next at the "Welcome" screen,
3. Ensure Deploy the client is enabled and click next.
4. Enable the "Select an existing client install package to deploy",
and then click Finish.
5. In the "Push Deployment Wizard, click the Browse button.
6. In the "Browse for Folder" dialog box, navigate to and open the folder
that you exported your installation package to, and select the needed
subfolder for 32/64bit clients
7. Click OK, and then click next.
8. In the "Select one or more computers... screen", either:
Note: Be aware to add servers with correlated OS type 32 / 64 bit
a. Drill down into the "Microsoft Windows Network" to Add
your workstations to the "Computers to deploy to" pane.

P/N 18-015-0085

30 of 50

Rev A13

NPI Group
Or
b. Click the Add or Import Computer button and select the
computers based upon "IP Address" or "Host name." (You
may also use a text file list populated with either Host names or
IP Addresses)

Once your workstations are added to the "Computers to deploy"

pane, click Finish. A progress indicator appears as the Symantec
Endpoint Protection software is deployed.

P/N 18-015-0085

31 of 50

Rev A13

NPI Group

The Symantec Endpoint Protection software will now install

automatically to the workstations and become a managed client in the
Symantec End Point Manager.

Click CLOSE and youll receive a message to review the deployment log.

You have successfully deployed the SEP 11.

The SEP 11 client will automatically receive pre-defined policies
from the SEP manager.

P/N 18-015-0085

32 of 50

Rev A13

NPI Group
4.4.3

Manually change the SEP client to managed

The master installer is changing the SEP client from unmanaged to manage
automatically, the following procedure explain how to manually perform this
action.
In order to assign the Clients to the manager we need to upload the Manager
Policy to the client

4.4.3.1

Download Policy XML from the Manager

Open the SEP Manager Console

Click on Clients
Expand My Company and Right Click on Verint
Choose Export Communications Settings

Click on Browse and choose the location as D:

Preferred Policy Mode should be Computer Mode

P/N 18-015-0085

33 of 50

Rev A13

NPI Group

Click on Export

4.4.3.2

Upload Policy XML to the SEP Clients

On the designated server:

i. Start Run \\MPS1\d$ or the equivalent Star Gate
Server
ii. Copy the My Company_Verint_sylink.xml you exported
earlier to the server desktop.
Open the client application at the designated server
i. Start Program Symantec Endpoint Protection
Symantec Endpoint Protection
Click on
Troubleshooting
The management console should show that the server is not
managed:

Note: if the server is already managed by different server you need to un-assign
it.

At the management Troubleshooting click on Communication

Settings Import

Navigate to Desktop and choose the

Company_Verint_sylink.xml
Wait ~ 10 minutes for it sign to the SEP server:

P/N 18-015-0085

34 of 50

Rev A13

NPI Group

Note: the Server will be shown as IP/Host name per client DNS configuration.

At the SEP manager Server you can see the server listed under
clients Verint

4.4.4

How to Change/Disable SEP 11 client features

To modify installed features for managed clients

In Symantec Endpoint Protection Manager, click Admin.
1. Click Install Packages on the bottom.
2. Click Client Install Feature Set on the top.
3. If a feature set that meets your needs does not exist, then choose Add
Client Install Feature Set.
4. Give the feature set a unique name.
5. Select /deselect the features you need (Antivirus/Antispyware, Network
Threat Protection, Proactive Threat Protection).
6. Choose OK.
7. On the left, click Clients.
8. Select the group with your Symantec Endpoint Protection clients in it, and
then click the Install Packages tab in the right pane.
9. Under Tasks, choose Add Client Install Package.
10. In that screen, select the correct package in the drop down menu for use
with this group (32 bit or 64 bit base install files). Both packages can be
separately assigned to the same group.
11. Uncheck Maintain existing client features when updating.
12. Below that, select the feature set you want to use from the dropdown
menu.

P/N 18-015-0085

35 of 50

Rev A13

NPI Group
13. If you do not choose Upgrade Schedule, then clients will receive the
instructions to change their installation when they check in with the
manager. This launches MSIEXEC on the client.
14. After the installation completes, a restart is required if the change installs
or uninstalls Network Threat Protection.
For unmanaged clients, or to change a managed client on an individual basis
local to that managed client, use Add or Remove Programs to change the
installation.
To modify installed features for unmanaged clients
Open Add or Remove Programs.
1. Select Symantec Endpoint Protection, and then click Change.
2. Click Next.
3. Select Modify, and click next.
4. Use the drop down menus next to the individual component to either
"This feature will be installed...", "This feature, and all subcomponents,
will be installed...", or "This feature will not be available."
5. Click Next.
6. Click Install to modify the installation.
7. After the installation completes, a restart is required if the change installs
or uninstalls Network Threat Protection.
Network overhead considerations
As each existing Symantec Endpoint Protection client already contains all
components (whether or not they are installed) and the version is not
being upgraded, no installation files are actually sent over the network.
No network bandwidth or traffic spikes should occur when changing the
installed feature set.

4.4.5

Deploy the Symantec AV client for Linux

4.4.5.1

Software system requirements

Symantec Antivirus supports the following Linux distributions:

Red Hat Enterprise Linux 3.0 ES (RHEL3ES)

SuSE LINUX Enterprise Server 9 (SLES9)
Novell Linux Desktop 9 (NLD9)

These distributions are supported on computers using Intel 486-, 586-, and 686compatible CPUs.
The Java Runtime Environment (JRE) 1.4 or higher must be installed on your

P/N 18-015-0085

36 of 50

Rev A13

NPI Group
Linux computers to use the user interface. JRE is also required to run Java Live
Update.
X11 with a KDE or Gnome desktop environment is required to see the system tray
icon, user status window, and event notifications.
Installation Packages for SAV

Sav - Symantec Antivirus Auto-Protect features. Only specific kernel versions

are supported.
Savap - The Symantec Antivirus graphical user interface.X11 must already be
installed.
Savjlu - The Java Live Update features. If this package is not installed,
alternative methods must be used to update definitions

The setup binaries for SAV for Linux can be found at:
\3rdparty\SEP 11 u5 Client\SAVLINUX

4.4.5.2

Installing Symantec Antivirus for Linux locally

On the command line, type the following: rpm Uhv <file_name>.rpm

Installing Symantec Antivirus for Linux from a remote server
On the command line, type the following: rpm i
ftp://<someserver.com/someshare/file name>.rpm

P/N 18-015-0085

37 of 50

Rev A13

NPI Group
5. Files and Folder exclusions
In order to avoid the SEP client from scanning unwanted files and folders
in our systems, a policy has been set in the Symantec End Point Manager
to apply on all SEP client when they first connect to the SEP Manager
server.
This policy contains all files extensions and folders for all projects and if a
file/folder is not exist on a particular server/workstation the SEP client
ignore it.
Since this policy is part of the SEP manager database, there is no need to
run config tool or configure any component.
Note: Security Risk Exceptions are global, and apply to all Scheduled Scans
as well as Real-time Auto Protect.

The following pages contain all files and folders exclusions for the variant
servers.

CONFIGURATION TABLES

FOR

RELIANT

AND

STARGATE

5.1 Reliant 10.3 Configuration

Microsoft Office
Word 97 - 2003 Document

P/N 18-015-0085

38 of 50

Rev A13

NPI Group
5.2 Reliant 10.4 updates
Microsoft Office
Word 97 - 2003 Document

5.3 StarGate Configuration

Microsoft Office
Word 97 - 2003 Document

5.4 Vantage Configuration

Microsoft Office
Word 97 - 2003 Document

5.5 Audiolog Configuration

Microsoft Office
Word 97 - 2003 Document

P/N 18-015-0085

39 of 50

Rev A13

NPI Group
6. Virus definitions updates
6.1 Manual updates the SEPM manager
When updating the SEPM antivirus definition content is not possible by running LiveUpdate
(LUALL.exe) or scheduling LiveUpdate through the SEPM GUI and then manually updating the
definitions content on the SEPM is the next preferred method.

Cause: When the SEPM is behind a closed firewall/proxy or has no direct access to the Internet or
an internal LiveUpdate server, the SEPM will not be able to retrieve content.

Solution:
The file *. JDB can be used to update the virus definitions for Symantec Endpoint
Protection Manager.
Please note that the .JDB file only contains antivirus/antispyware definitions and will not provide
updated content for the firewall component for the SEP clients.

Use the .JDB Daily Certified definitions or the .JDB Rapid Release definitions to update Symantec
Endpoint Protection Manager Content.

To download the .JDB daily certified definitions:

a.

In a browser with access to the internet, go to the following URL:

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce

b.

On the next web page, "Symantec Endpoint Protection / Symantec Antivirus Corporate
Edition", there are multiple headings/product categories presented. Be aware that each set of
definitions available are grouped by 32 bit or 64 bit product installation sets. Download the correct
(32 bit or 64 bit) .JDB file according to the Windows platform where the Symantec Endpoint
Protection Manager is installed and save the file to the Windows desktop.

To download the .JDB Rapid Release definitions:

a.

In a browser with access to the internet, go to the following URL:

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr

b.

Download the available .JDB file and save the file to the Windows desktop.

To use the .JDB file to update definitions for Symantec Endpoint Protection
Manager:
a.

After downloading, rename the file extension from ".zip" to ".jdb". (Most browsers detect
the file type and automatically change the extension. This must be changed back to .JDB for use in
the SEPM.)

P/N 18-015-0085

40 of 50

Rev A13

NPI Group
b.

Copy the .JDB file to the "C:\Program Files\Symantec\Symantec Endpoint Protection

Manager\data\inbox\content\incoming" (The location listed in this line is the default installation
location and is presented as an example only).

c.

In a period of time from 30 seconds to a minute, the .JDB file will be processed. As the .JDB
file is processed, all files and subfolders are removed from the "Incoming" folder.

Verify that the SEPM content is updated:

a.

To verify that the SEPM content has been updated, look in the following folders:
32-bit definitions: "C:\Program Files\Symantec\Symantec Endpoint Protection
Manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}"
64-bit definitions: "C:\Program Files\Symantec\Symantec Endpoint Protection
Manager\Inetpub\content\{1CD85198-26C6-4bac-8C72-5D34B025DE35}"

b.

Typically, there will be 3 numbered folders present. The folder naming convention is
"yymmddxxx". For example "100602034". This is the date and build (revision) number of the
definition set installed. Please note that the definition set installed may have been published the
previous day and a set for the current day may not yet be available.

c.

Looking inside the folder that matches the set downloaded and installed, there should be a
folder named "Full" and a zip file named "Full.zip".

d.

Looking inside the "Full" folder, there should be the files typically associated with a virus
definition set.

The differences between downloads - Important Notes:

1.

For the 32-bit Intelligent Updater files for clients, the file names end with "i32.exe" and the
64-bit client file names end with "i64.exe".

2.

The Intelligent Updater file names for SAV clients end with "i32.exe" or "i64.exe".

3.

The Intelligent Updater file names for SEP clients end with "v5i32.exe" or "v5i64.exe".

4.

The Intelligent Updater file name that ends in "x86.exe" is only for certain products and
should only be used with those products.

5.

The SEPM updater file has a ".JDB" extension.

6.

The SAV Parent updater file has an ".XDB" extension and only updates 32-bit virus
definitions; SAV parent servers do not serve 64-bit definitions. 64-bit systems cannot be SAV parent
servers.

P/N 18-015-0085

41 of 50

Rev A13

NPI Group
6.2 How to manually update definitions for a
unmanaged SEP Client.
How to update definitions for the Symantec Endpoint Protection Client using
the .jdb file.
The *.jdb file can be used to update virus definitions for the Symantec Endpoint
Protection Client. Use the Daily Certified or Rapid Release *.jdb to update
Symantec Endpoint Protection Client.
Directly on the Client:
1. Download the *.jdb File from our Symantec Security Response Website:
http://www.symantec.com/avcenter/defs.download.html for certified
definitions or
http://www.symantec.com/avcenter/rapidrelease.download.html for Rapid
Release definitions.
2. Copy the file on the Client PC into the folder:
C:\Documents and Settings\All Users\Application
Data\Symantec\Symantec Endpoint Protection\inbox
On Windows 2003 the path is C:\Document and Settings\All Users\...
On Windows 2008/R2 the path is C:\Users\All Users\....
3. After a few minutes the client will have the new Antivirus Definitions.

P/N 18-015-0085

42 of 50

Rev A13

NPI Group

P/N 18-015-0085

43 of 50

Rev A13

NPI Group
7.
8. Appendix
8.1 How to Migrate From Symantec Antivirus System
Center Console to Symantec Endpoint Protection
Manager
In order to upgrade the SAV System center to Symantec Endpoint Protection, you
must follow the below procedure for success upgrade.
Migrations that are supported:
The client installation detects the following software and migrates the software if
it is detected:
a. Symantec Antivirus client and server 9.x and later
b. Symantec Client Security client and server 2.x and later
Migrations that are blocked:
The client installation routines check for the existence of the following
software and blocks migration if this software is detected:
a. Symantec Antivirus client and server 8.x and earlier
b. Symantec Client Security client and server 1.x
c. Symantec Client Firewall 5.0
d. Symantec System Center, all versions
e. Symantec Reporting Server 10.x
f.

Confidence Online Heavy by Whole Security, all versions

g. Norton Antivirus and Norton Internet Security, all versions

You must uninstall this software first and then install Symantec
Endpoint Protection clients.
Migrations that are not supported:
The following software is not migrated and can coexist on the same
computer as Symantec Endpoint Protection client software:
a. Symantec Client Firewall Administrator, all versions
b. LiveUpdate Server
To install the latest version of LiveUpdate Server,
you must first uninstall the legacy version.

P/N 18-015-0085

44 of 50

Rev A13

NPI Group
Migrating Symantec Antivirus and Symantec Client Security
Preparing legacy installations for migration:
With the Symantec System Center, you must change settings for clients and
servers to simplify the migration process. For example, if a client runs an
antivirus scan during migration, migration is blocked until the scan finishes and
the migration may fail. Also, you need to disable the uninstallation password
feature for client software if it is enabled. If you do not, users are prompted to
enter the password in interactive mode.
Note: If you migrate groups and settings from the Symantec System Center, the
policies that are migrated for those groups include these modifications. You may
want to revert these settings after the migration. For example, you may want to
turn on scheduled scans. Also, you do not need to disable the uninstall password
if it is enabled. The migration ignores the password.
Preparing all legacy installations:
These procedures apply to all legacy software installations that are supported for
migration.
Note: If you use client groups that do not inherit settings, prepare
these groups the same way that you prepare server groups and
management servers.
Disabling scheduled scans:
If a scan is scheduled to run and is running while the client migration occurs,
migration may fail. A best practice is to disable scheduled scans during migration
and then enable after migration.
To disable scheduled scans
1. In the Symantec System Center, do one of the following actions:
a. Right-click a management server.
b. Right-click a client group.
2. Click All Tasks > Symantec Antivirus > Scheduled Scans.
3. In the Scheduled Scans dialog box, on the Server Scans tab, uncheck all
scheduled scans.
4. On the Client Scans tab, uncheck all scheduled scans, and then click OK.
5. Repeat this procedure for all primary management servers, secondary
management servers, and all client groups.

P/N 18-015-0085

45 of 50

Rev A13

NPI Group
Deleting histories
All histories are now stored in a database. History file deletion speeds the
migration process.
To delete histories
1. In the Symantec System Center, right-click a server group.
2. Click All Tasks > Symantec Antivirus > Configure History.
3. In the History Options dialog box, change the Delete after values to 1 day.
4. Click OK.
5. Repeat this procedure for all server groups if you have more than one.
Migrating Symantec Antivirus and Symantec Client Security
Disabling LiveUpdate
If LiveUpdate runs on client computers during migration, conflicts may occur.
Therefore, you must turn off LiveUpdate on client computers during migration.
To turn off LiveUpdate
1. In the Symantec System Center, right-click a server group.
2. Click All Tasks > Symantec AntiVirus > Virus Definition Manager.
3. In the Virus Definition Manager dialog box, check Update only the primary
server of this server group, and then click Configure.
4. In the Configure Primary Server Updates dialog box, uncheck Schedule for
Automatic Updates, and then click OK.
5. In the Virus Definition Manager dialog box, uncheck the following selections:
* Update virus definitions from parent server
* Schedule client for automatic updates using LiveUpdate
* Enable continuous LiveUpdate
6. Check do not allow client to manually launch LiveUpdate, and then click OK.
7. Repeat this procedure for all server groups if you have more than one.
Turning off the roaming service
If the roaming service is running on client computers, the migration might hang
and fail to complete. If the roaming service is turned on, you must turn it off
before starting the migration.
Note: If your roaming clients run Symantec Antivirus version 10.x, you must
unlock your server groups before you disable the roaming service. This practice
helps ensure that roaming clients are properly authenticated with certificates to
their parent server.
To turn off the roaming service
1. In the Symantec System Center, right-click a server group.
2. Click All Tasks > Symantec Antivirus > Client Roaming Options.
3. In the Client Roaming Options dialog box, in the Validate parent every minutes
box, type 1.
4. In the Search for the nearest parent every minutes box, type 1, and then press
OK.

Migrating Symantec Antivirus and Symantec Client Security

P/N 18-015-0085

46 of 50

Rev A13

NPI Group
5. Wait a few minutes.
6. In the Symantec System Center, right-click a server group.
7. Click All Tasks > Symantec Antivirus > Client Roaming Options.
8. In the Client Roaming Options dialog box, uncheck Enableroamingonclients
that have the Symantec Antivirus Roaming service installed.
9. Click OK.
About preparing Symantec 10.x/3.x legacy installations
Symantec Antivirus 10.x and Symantec Client Security 3.x provide the additional
features that must be properly configured for successful migration.
Unlocking server groups
If you do not unlock server groups before migration, unpredictable results may
occur. Also, if the roaming service is enabled for clients, the unlocking the server
group helps ensures that the clients properly authenticate to a parent server.
Clients that properly authenticate to a parent server get placed in the database.
Clients that get placed in the database automatically appear in the correct
legacy group in the console after installation.
To unlock a server group
1. In the Symantec System Center, right-click a locked server group, and then
click Unlock Server Group.
2. In the Unlock Server Group dialog box, type the authentication credentials if
necessary, and then click OK.
Turning off Tamper Protection
Tamper Protection can cause unpredictable results during migration. You must
turn off Tamper Protection before starting the migration.
To turn off Tamper Protection
1. In the Symantec System Center, right-click one of the following categories:
* Server group Migrating Symantec Antivirus and Symantec Client
Security
* Primary or secondary management server
2. Click AllTasks>SymantecAntiVirus>ServerTamperProtection Options.
3. In the Server Tamper Protection Option dialog box, uncheck
EnableTamperProtection.
4. Click OK.
5. Do one of the following actions:
* If you selected a server group, repeat this procedure for all server
groups if you have more than one.
* If you selected a management server, repeat this procedure for all
management servers in all server groups.

P/N 18-015-0085

47 of 50

Rev A13

NPI Group
8.2 How to fix kill.exe virus not detected
The kill.exe virus is not detected due to predefined path in the centralized
exception that Symantec add in the first place.
The following procedure is for existing environments.
The updated SEP database contains this fix.
1.
2.
3.
4.
5.
6.

Open Symantec End Point Protection manager Console

Navigate to Policies
In the Policies click on Centralized Exception
In the right pane, right click on Verint Exception and chose edit
Navigate to Centralized Exception.
In the Exception Item locate the %[COMMON PROGRAMS]%
and delete it.
7. The SEP Clients will be updated in a short while.

P/N 18-015-0085

48 of 50

Rev A13

NPI Group
8.3 PER - Project Exceptional Request
8.3.1

Internal application/software productization

In all Verint products we are using the following Anti Virus solutions
regarding Symantec
No.
1

Departmen
t
NPI

Project
version
10.4 and above
10.3 SP1
10.1 SP4.5
India
7.10 SPx

2.
3.

WAM-WIS
Stargate

4.

Audiolog

6.x
5.x
5.x
4.x

5.

8.3.2

Tactical

Vendor and version

Symantec
11.x
Symantec
Symantec
11.x
Symantec
Symantec
Symantec
Symantec
Symantec
11.x
Symantec
Symantec
10.2)

End Point Protection

Anti Virus 10.x
End Point Protection
Anti Virus 10.x
Anti Virus 10.x
Anti Virus 10.x
Anti Virus 10.x
End Point Protection
Anti Virus 10.x
Anti Virus 10.x (Vista

Procedure when implementing a different A/V product

In case the customer want to use his/her own A/V solution, please use the
following procedure:
1. Run a sanity test in your LAB with the A/V solution the customer
requested.
2. Check with the customer to use the exclusion list tables on section 5
pages 58 when configuring the A/V policy
In order to avoid the SEP client from scanning unwanted files and folders
in our systems to avoid access blocking and poor performance, a policy
has been set in the Symantec End Point Protection Manager that applies
on all SEP clients when they first connect to the SEP Manager server.
This policy contains all files extensions and folders for all projects and if a
file/folder is not exist on a particular server/workstation the SEP client
ignore it.
Since this policy is part of the SEP manager database, there is no need to
run config tool or configure any component.
Note: Security Risk Exceptions are global, and apply to all Scheduled Scans
as well as Real-time Auto Protect.

3. Check for any delays/errors when using our own systems.

P/N 18-015-0085

49 of 50

Rev A13

NPI Group
4. Check with the customer about the Virus definition updates procedure.

P/N 18-015-0085

50 of 50

Rev A13