Endpoint Protection

 View Only

  • 1.  Symantec Antivirus Protection (Linux)

    Posted Feb 27, 2012 08:29 PM

    I will be deploying SAV to RHEL clients for an enterprise deployment.  

     

    A couple questions:

     

    1) Can you manage SAV clients via SEPM?  If not, how are SAV clients managed? How do they report?  get updates?  

     

    2)  Which one of the files are deployed to the linux clients?

     

     

     



  • 2.  RE: Symantec Antivirus Protection (Linux)

    Posted Feb 27, 2012 09:35 PM

    Hi,

     

    This article will clear all your doubts..

    Management of Symantec AntiVirus (SAV) for Linux:

    http://www.symantec.com/docs/TECH102587

     

    Best practice to install Symantec Antivirus for Linux:

    http://www.symantec.com/docs/TECH150596

     

    Hope this helps you!!



  • 3.  RE: Symantec Antivirus Protection (Linux)

    Posted Feb 27, 2012 09:39 PM

    hello ,

    please check out beloe link

     

    https://www-secure.symantec.com/connect/forums/linux-server-0



  • 4.  RE: Symantec Antivirus Protection (Linux)

    Broadcom Employee
    Posted Feb 27, 2012 09:41 PM

    1) Can you manage SAV clients via SEPM?  If not, how are SAV clients managed? How do they report?  get updates?  

    No, SAV clients cannot be managed by SEPM. THey will be updated using the configuration in SSC console. Note that SAV is EOSL from July 4 2012. You should be migrating them to SEP.

     

    2)  Which one of the files are deployed to the linux clients?

     

    Under RPM folder you will be seeing install packages, under doc folder there is install guide for linux, please go through it for install.



  • 5.  RE: Symantec Antivirus Protection (Linux)

    Posted Feb 27, 2012 11:17 PM

    SAV linux clients can be updated by configuring Liveudpate Administrator

    RPM packages can be installed for linux clients

    Regards



  • 6.  RE: Symantec Antivirus Protection (Linux)

    Posted Feb 28, 2012 06:10 AM

    The above advice is accurate. 

    One additional piece of infromation that may be of interest: though SAV For Linux clients cannot be managed by a SEPM, several of their logs can be forwarded to the SEPM and included in the SEPM's reports/notifications/alerts...

    Symantec AntiVirus for Linux (SAVFL) Reporter 1.0.10 Release Notes
    Article: DOC3474   |  Created: 2010-12-15   |  Updated: 2011-11-01   | 
    Article URL http://www.symantec.com/docs/DOC3474

    Hope this helps! &: )

    Please do update the thread with any additional questions, or mark this thread as "solved" for the benefit of future admins with the same question.
     



  • 7.  RE: Symantec Antivirus Protection (Linux)

    Posted Feb 28, 2012 09:11 AM

    As I understand it:

    Only way to manage SAV clients is via LiveUpdate Administrator 2.1 however, the following Symantec article provides a solution for using LiveUpdate and incidcates the following:

    http://www.symantec.com/business/support/index?page=content&id=TECH154896

     

    "Solution

     There are circumstances in which the use of LUA is recommended by Symantec Technical Support.

    • When a mixture of Symantec products are in use. For example: Symantec Endpoint Protection (SEP), legacy Symantec AntiVirus (SAV) clients that are not yet migrated to SEP, several Symantec Mail Security for Microsoft Exchange (SMSMSE) and Symantec Scan Engine (SSE) servers."
       

    Where it says SAV clients that are not migrated to SEP - what does that mean?  Does SEP now support Linux (namely RHEL)?

     

    Also, is it true that SAV is end of life in July?  What will replace it?  This is just before our go-live date, so I am wondering if it is even worth to install.



  • 8.  RE: Symantec Antivirus Protection (Linux)

    Posted Feb 28, 2012 09:29 AM

    Hi JRS,

    SAV 10.1 is the product that will be reaching its end of life in July.  Here is an article with more information:

    End of life announcement for Symantec AntiVirus Corporate Edition and Symantec Client Security
    Article: TECH178551   |  Created: 2012-01-09   |  Updated: 2012-02-17   | 
    Article URL http://www.symantec.com/docs/TECH178551 
     

    "SAV for Linux" (SAVFL) is a completely different product, designed to protect Linux boxes.  It shipped with SAV 10 and also ships with the current endpoint ptoduct, Symantec Endpoint Protection (SEP).  SAVFL is not going to reach its End of Life this year.  SAVFL will continue to be shipped with SEP for the foreseeable future.

    One clarification: SAVFL machines can be updated via an in-house LUA 2.x server, but LUA servers cannot manage them.  (LUA servers just provide LiveUpdate content) 

    Hope this helps! &: )



  • 9.  RE: Symantec Antivirus Protection (Linux)

    Posted Feb 28, 2012 10:32 AM

    Mick2009,

    This very much helps.  But one last question.  Since there is nothing that can managed SAV clients,   LU administrator will provide contents udpates, but I will need to configure scan scheduling, etc. individually on every Linux agent?

     



  • 10.  RE: Symantec Antivirus Protection (Linux)
    Best Answer

    Posted Feb 28, 2012 03:16 PM

    Hi,

    SAVFL (SAv for Linux)  -

    Reports and Logs-- Can be forwarded toSEPM 12.1 but not to SEPM 11.x

    Or else you can configure a  Central Syslog and all SAVFL clients can fowards theirlogs to Syslog.

    Virus Definition Updates --either configure all machines to directly connect to the internet and download the definitions or if you want Central Liveupdate server which can download Virus Definitions from Internet and distribute it to your SAVFL clients use LU Admin it does just that..

    Centrally Managing Policies--

    Now this is the most important however the most tricky one because you cannot centrally manage the policies/Settings for SAVFL.

    SAVFL clients store all these policies/settings in a file called GRC.DAT

    Make the changes on 1 machine after the changes are applied copy the GRC.DAT file 

    Write a script and deploy the GRC.DAT file to all the clients where you want to change the policy.

    you can use ConfigEd tool check this doc:

    http://www.symantec.com/docs/TECH102587