Symantec Protection for SharePoint Servers Implementation Guide

Transcription

1 Symantec Protection for SharePoint Servers Implementation Guide for Microsoft SharePoint 2003/2007

2 Symantec Protection for SharePoint Servers Implementation Guide The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version: Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo and are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party ( Third Party Programs ). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR and subject to restricted rights as defined in FAR Section "Commercial Computer Software - Restricted Rights" and DFARS , "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

3 Symantec Corporation 350 Ellis Street Mountain View, CA Printed in the United States of America.

4 Technical Support Contacting Technical Support Symantec Technical Support maintains support centers globally. Technical Support s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates. Symantec s support offerings include the following: A range of support options that give you the flexibility to select the right amount of service for any size organization Telephone and/or Web-based support that provides rapid response and up-to-the-minute information Upgrade assurance that delivers software upgrades Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis Premium service offerings that include Account Management Services For information about Symantec s support offerings, you can visit our website at the following URL: All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy. Customers with a current support agreement may access Technical Support information at the following URL: Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem. When you contact Technical Support, please have the following information available: Product release level

5 Hardware information Available memory, disk space, and NIC information Operating system Version and patch level Network topology Router, gateway, and IP address information Problem description: Error messages and log files Troubleshooting that was performed before contacting Symantec Recent software configuration changes and network changes Licensing and registration Customer service If your Symantec product requires registration or a license key, access our technical support Web page at the following URL: Customer service information is available at the following URL: Customer Service is available to assist with non-technical questions, such as the following types of issues: Questions regarding product licensing or serialization Product registration updates, such as address or name changes General product information (features, language availability, local dealers) Latest information about product updates and upgrades Information about upgrade assurance and support contracts Information about the Symantec Buying Programs Advice about Symantec's technical support options Nontechnical presales questions Issues that are related to CD-ROMs, DVDs, or manuals

6 Support agreement resources If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows: Asia-Pacific and Japan Europe, Middle-East, and Africa North America and Latin America

7 Contents Technical Support... 4 Chapter 1 Chapter 2 Introducing Symantec Protection for SharePoint Servers About Symantec Protection for SharePoint Servers What's new Components of Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works About real-time scanning About scheduled scanning and manual scanning What happens when a file is scanned About scanning policies in the Symantec Protection Engine About logging and notifications About on-demand reports and scheduled reports About handling large scanning volumes About deployment options (standalone and farm environments) About deploying Symantec Protection for SharePoint Servers in a standalone SharePoint environment About deploying Symantec Protection for SharePoint Servers in a farm environment About supported platforms How Symantec Protection Engine protects against viruses Where to get more information Installing Symantec Protection for SharePoint Servers Before you install About protecting the servers that are running the Symantec Protection for SharePoint Servers components About preventing conflicts with other products About stopping IIS during installation System requirements System requirements for Symantec Protection for SharePoint Servers integrated installation... 30

8 8 Contents System requirements for Symantec Protection for SharePoint console only System requirements for Symantec Protection Engine About installing Symantec Protection for SharePoint Servers About the installation options About installing Symantec Protection for SharePoint Servers (integrated installation) Installing only Symantec Protection Engine using the installation wizard About installing only the Symantec Protection for SharePoint console About repairing or modifying Symantec Protection for SharePoint Servers or its components Upgrading Symantec Protection for SharePoint Servers version 5.1.x to version 6.0.x Post-installation tasks Starting the Central Administration service in a farm environment Uninstalling Symantec Protection for SharePoint Servers Uninstalling the Symantec Protection for SharePoint console Uninstalling Symantec Protection Engine Chapter 3 Chapter 4 Using the Symantec Protection for SharePoint console About the Symantec Protection for SharePoint console Accessing the console Changing the service logon account information About the console home page Navigation links Feature links Status pane Configuring Symantec Protection for SharePoint Servers About configuring Symantec Protection for SharePoint Servers Configuring a password for the console About SharePoint Server Farm overview Configuring real-time scanning About manual scans and scheduled scans About configuring global manual and scheduled scanning options... 81

9 Contents 9 Scheduling scans Performing manual scans About importing and exporting settings Importing settings from a SharePoint deployment Exporting settings from a SharePoint deployment Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers About adding, removing, editing, and viewing registered Symantec Protection Engines Specifying the scanning mode for load balancing Checking for the latest virus definitions Chapter 5 Configuring Symantec Protection Engine Accessing the Symantec Protection Engine console About communication protocol settings Configuring ICAP-specific settings Ways to control which file types are scanned About licensing Symantec Protection Engine About license activation If you do not have a serial number Obtaining a license file Installing the license file About keeping your product and protection up-to-date About definition updates About LiveUpdate Configuring LiveUpdate to occur automatically Performing LiveUpdate on demand About Rapid Release Configuring Rapid Release updates to occur automatically Performing Rapid Release updates on demand About enabling security risk detection Chapter 6 Monitoring Symantec Protection for SharePoint Servers activity Ways to monitor Symantec Protection for SharePoint Servers activity About the status pane About SMTP logging Configuring SMTP logging Customizing SMTP messages About monitoring scanning activity Configuring the log file folder location

10 10 Contents Setting the logging level for each event source Setting the maximum storage time for log files Generating an on-demand report Scheduling a report About quarantine management Restoring quarantined files Deleting quarantined files Chapter 7 Troubleshooting Symantec Protection for SharePoint Servers About troubleshooting common issues Symantec Protection for SharePoint Servers link is missing from the SharePoint Central Administration site Unable to access the Symantec Protection Engine console Symantec Protection Engine registration fails Slow server response or high server load No reports are generated Connection failed error message Failure sending mail error message Unable to remember the console password Error 1722 when installing Symantec Protection Engine Scanning process error messages Unable to view information on the SharePoint Server Farm overview page Appendix A Error codes About error codes and messages Index

11 Chapter 1 Introducing Symantec Protection for SharePoint Servers This chapter includes the following topics: About Symantec Protection for SharePoint Servers What's new Components of Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works About deployment options (standalone and farm environments) How Symantec Protection Engine protects against viruses Where to get more information About Symantec Protection for SharePoint Servers Symantec Protection for SharePoint Servers provides virus scanning and repair services for the following SharePoint products: Windows SharePoint Services 2.0 (WSS 2.0) Windows SharePoint Services 3.0 (WSS 3.0) SharePoint Portal Server 2003 (SPS 2003) Microsoft Office SharePoint Server 2007 (MOSS 2007) Microsoft SharePoint Foundation 2010

12 12 Introducing Symantec Protection for SharePoint Servers What's new What's new Microsoft Office SharePoint Server 2010 Microsoft SharePoint Foundation 2013 Microsoft Office SharePoint Server 2013 In addition to virus scanning and repair services, Symantec Protection for SharePoint Servers provides logging, monitoring, and reporting of infected documents on the SharePoint server. Table 1-1 describes the new features in Symantec Protection for SharePoint Servers. Table 1-1 Feature New features Description SharePoint 2013 Support You can install Symantec Protection for SharePoint Servers on SharePoint Integration with the latest Symantec Protection Engine 7.0 Symantec Scan Engine is now referred as Symantec Protection Engine. Symantec Protection for SharePoint Servers has the latest version of Symantec Protection Engine 7.0 for virus scanning and repair services. For more information, see the Symantec Protection Engine Implementation Guide. Components of Symantec Protection for SharePoint Servers Symantec Protection for SharePoint Servers includes the following components, which you can install and configure separately: Symantec Protection Engine Provides virus scanning and repair services You can install Symantec Protection Engine on the SharePoint server. You can also install Symantec Protection Engine on a separate server that is not running SharePoint. This lets you move antivirus processing off-box, thereby reducing the CPU load on the SharePoint server. The latest version of Symantec Protection Engine 7.0 is included in the software package.

13 Introducing Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works 13 Symantec Protection for SharePoint console Provides a means for users to configure how Symantec Protection Engine and the SharePoint server should communicate with each other, handle infected files, and monitor scanning activity. The Symantec Protection for SharePoint console refers to the administrative console of Symantec Protection for SharePoint Servers. You can configure how Symantec Protection for SharePoint Servers handles the communication between the Symantec Protection Engine and the SharePoint server through this console. Symantec Protection for SharePoint Servers also interprets the results that are returned from the protection engine after scanning. See About deploying Symantec Protection for SharePoint Servers in a standalone SharePoint environment on page 22. See About deploying Symantec Protection for SharePoint Servers in a farm environment on page 23. See About deployment options (standalone and farm environments) on page 22. How Symantec Protection for SharePoint Servers works Symantec Protection for SharePoint Servers provides the following types of scanning: Real-time scanning of files as they are uploaded and downloaded from the SharePoint server See About real-time scanning on page 14. Scheduled scans and manual scans of the files that are stored on the SharePoint server See About scheduled scanning and manual scanning on page 15. In addition to scanning, Symantec Protection for SharePoint Servers does the following: Monitors scanning activity by its logging and notification feature See About logging and notifications on page 19. Generates on-demand reports and schedules distribution of reports by mail See About on-demand reports and scheduled reports on page 20.

14 14 Introducing Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works About real-time scanning Files are scanned in real time as they are uploaded and downloaded from the SharePoint server. You can configure to scan files on upload, download, or both. All files that are uploaded or downloaded are submitted for scanning, regardless of file type. Symantec Protection for SharePoint Servers also supports scanning of files that are uploaded to document library, calendars, contacts, lists, and so on. Note: If scanning fails for any reason during a real-time scan (for example, if the Symantec Protection Engine goes offline or reaches its scanning threshold), the scan is terminated. The scan request is not re-submitted until a user tries to upload or download the file. You can configure the following options for real-time scanning: Scan documents on upload. Scan documents on download. Allow users to download infected documents. Attempt to clean infected documents. You must set up real-time scanning to ensure protection of your SharePoint server before you let users start uploading or downloading files. For the most secure configuration, select the Scan documents on upload, Scan documents on download, and Attempt to clean infected files options. Warning: Selecting the option Allow users to download infected documents can put your organization at risk. Irreparable files might contain viruses that can infect your computer. SharePoint security ensures that only administrators can download the irreparable files if this option is not enabled. See Configuring real-time scanning on page 76. How caching works on the SharePoint server The SharePoint server caches the scanning results for each stored file. The cached information includes the date and the revision number of the virus definitions that were used to perform the scan. The cached information also includes the status of the file (whether the file is clean or infected). In real-time scanning, all files that are uploaded or downloaded are submitted for scanning. On download, the SharePoint server evaluates the status of the file and the virus definition that were used to determine whether the file must be scanned.

15 Introducing Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works 15 If another user requests access to that same file and the virus definitions have not changed, a redundant scan is avoided. Individual cache entries are updated whenever a stored file is changed. What happens when a file is uploaded When you try to upload a file to the SharePoint server, the file is submitted first to Symantec Protection Engine for scanning. If the file contains a virus that cannot be repaired, the file is not stored on the SharePoint server. You receive a notification that the file is infected and cannot be uploaded. If you configure the SharePoint server to attempt to clean infected files and if the infected file is a repairable file, then it is repaired and uploaded to the SharePoint server. What happens when a file is downloaded When you try to download a stored file, Symantec Protection for SharePoint Servers verifies the following information about the file: If the file was scanned on upload The status of the file (for example, if the file is clean) Whether the virus definition that were used during the latest scan are the most current If the file is infected, or if the virus definitions are not the most current, the file is submitted to Symantec Protection Engine for scanning. Based on the scan results, the file is handled according to the settings that you specify. See Configuring real-time scanning on page 76. If the file is clean and was scanned with the latest definitions, the file is not rescanned. It is automatically downloaded to you. If you configure the SharePoint server to attempt to clean infected files and if the infected file is a repairable file, then it is repaired and downloaded to the server. If the file contains a virus that cannot be repaired, the file is not downloaded to the user. You receive a notification that the file is infected and cannot be downloaded. (You can configure Symantec Protection for SharePoint Servers to permit users to download infected files. However, the most secure configuration is to disable this option. Files that contain viruses pose a risk to your organization. You are denied access to infected files by default.) About scheduled scanning and manual scanning You can schedule periodic scans of the documents that are stored on the SharePoint server. Schedule periodic scans of the document library to ensure that all files have been scanned for viruses. These scans ensure that the files that have not

16 16 Introducing Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works been previously scanned are scanned in a timely manner. Regular scans also ensure that scanning is kept up to date as virus definitions change. Scheduled scans occur at the time and frequency that you specify. You can force an immediate (manual) scan of the documents that are stored on the server. The options of Exclusion List, Optional Settings, and Infected File Detection Rules that you configure for scheduled scans also apply to manual scans. You can either perform a manual scan or a scheduled scan along with real-time scanning without any adverse effects. See About manual scans and scheduled scans on page 80. During scheduled scans and manual scans, all files are submitted for scanning, regardless of whether they were scanned previously or not. Only files in the Exclude folders list and the File extension exclude list are omitted from scanning. If a scan request fails because the protection engine is unavailable, the scan request is sent to the next protection engine, which is available and registered. You can configure the following options for manual scans and scheduled scans: Excluding files with specific extensions from being scanned See Excluding files with specific extensions from being scanned on page 82. Excluding folders from being scanned See Excluding folders from being scanned on page 83. Specifying the number of threads for scanning See Specifying the number of threads for scanning on page 83. Scanning all file versions in the document library See Scanning all file versions in the document library on page 84. Scanning only those files that were added or modified from the last scan See Scanning those files that have been added or modified since the last completed scan on page 84. Specifying the location for quarantined documents See Specifying the location for quarantined documents on page 85. Specifying file handling rules See Specifying file handling rules on page 86. Reviewing scan statistics See Reviewing scan statistics on page 88.

17 Introducing Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works 17 Preserving bandwidth and time during manual and scheduled scans You can designate which directories on the SharePoint server are scanned during scheduled scans and manual scans. You can scan all directories on the SharePoint server, or you can exclude certain directories from scanning. You can control which file types are scanned during manual scans and scheduled scans by specifying the file types passed to Symantec Protection Engine. You can save bandwidth and time by excluding those files types that are not likely to contain viruses and can be excluded from scanning. Based on the file extension,symantec Protection for SharePoint Servers makes an initial determination, about whether to pass a file to Symantec Protection Engine for scanning. You can limit scanning to only those files that have been added or modified since the last manual or scheduled scan. Symantec Protection for SharePoint Servers can compare the time a file was modified or added with the time of the last scan. This feature lets you conserve scanning resources by omitting files from scanning that have not been modified or added since the last scan. When this feature is disabled, all files are scanned during manual scans and scheduled scans. Quarantining infected files Symantec Protection for SharePoint Servers can quarantine the infected files that are found during a scheduled scan or manual scan. A copy of each infected item is forwarded to a quarantine directory. You can view a list of all these quarantined files in the Quarantine Management page. You can view, restore, or delete the quarantined file based on your analysis. The default quarantine location is C:\Program Files\Symantec\SharePoint\Quarantine. What happens when a file is scanned After the Symantec Protection for SharePoint console and Symantec Protection Engine are installed and properly configured, files are passed to Symantec Protection Engine for analysis. If Symantec Protection Engine does not find a virus in a file, Symantec Protection Engine indicates that the file is clean. If a virus is detected, Symantec Protection Engine does one of the following actions:

18 18 Introducing Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works Records a log entry that an infection was found Separate logging and alerting features are available through the Symantec Protection for SharePoint console and Symantec Protection Engine. You can activate logging and alerting options in Symantec Protection Engine to supplement those logging and alerting options that are available through the Symantec Protection for SharePoint console. The Symantec Protection for SharePoint console sends an notification and records a log entry when an infection is found. Attempts to repair the infected file Deletes unrepairable infected files from the container files If the file can be repaired, Symantec Protection Engine repairs it and passes a clean file back to Symantec Protection for SharePoint Servers. Configure the SharePoint antivirus settings to accept these repaired files so that infected files are replaced with repaired files on the SharePoint server. See Configuring real-time scanning on page 76. When a container file or archive file is submitted for scanning, Symantec Protection Engine decomposes the container file and scans each embedded file individually. If the container file contains unrepairable files, Symantec Protection Engine deletes the unrepairable files from the container or the archive file. The remaining clean contents are forwarded to the SharePoint server. Symantec Protection for SharePoint Servers handles this container file as a repaired file. (Configure the SharePoint antivirus settings to accept repaired files so that infected files can be replaced with repaired files.) Note: When a top-level file (a file that is not embedded in a container file) is infected and cannot be repaired, Symantec Protection Engine indicates it to Symantec Protection for SharePoint Servers and the SharePoint server. The SharePoint server denies access to the infected file by default. The file is deleted from the SharePoint server if you have configured it to do so. See Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers on page 93. About scanning policies in the Symantec Protection Engine When Symantec Protection Engine scans a file for viruses, it applies the scanning policies that you configure in the Symantec Protection Engine console. For example, you can limit the resources that Symantec Protection Engine uses by only scanning certain types of files. When an established threshold is met or exceeded during a scan, or a policy is violated, Symantec Protection Engine communicates this information to Symantec Protection for SharePoint Servers. Symantec Protection for SharePoint Servers treats the file as though an unrepairable infection was found. The policies that

19 Introducing Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works 19 you configure for handling infected files (that is, blocking or deleting files) are applied. The following scanning policies are available through the Symantec Protection Engine console: You can restrict the amount of resources that are used to process large container files. You can establish a mail policy to filter mail and mail attachments based on a number of attributes. Symantec Protection Engine uses a decomposer to extract the embedded files from a container file, scan all of the files, and reassemble the container file once scanning is complete. For overly large container files, this process can require a significant amount of resources. You can use these settings to control the resources that Symantec Protection Engine uses to process large container files and to prevent these overly large container files from being stored on the SharePoint server. You can specify the maximum amount of time spent in decomposing a container file, the maximum file size for individual files in a container file, maximum number of nested levels to be decomposed, and the maximum number of bytes that are read when determining whether a file is MIME-encoded. These mail policy settings are applied to all MIME-encoded messages. If MIME-encoded messages are posted for user access on the SharePoint server, you can use the mail policy settings in Symantec Protection Engine to filter based on attachment file size or file name, message origin, total message size, or message subject line. Note: Mail policy settings do not affect nonmime-encoded file types that are passed to Symantec Protection Engine for scanning. When a mail filter policy is violated, Symantec Protection Engine only applies the action to MIME-encoded messages. For more information, see the Symantec Protection Engine Implementation Guide. About logging and notifications Symantec Protection for SharePoint Servers logs events for the Scan Process, Symantec Protection Engine, and System report sources by default. You can specify the logging level for each of these report sources in Log File settings.

20 20 Introducing Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works See About monitoring scanning activity on page 141. The default location of the log files is <installdir>:\program Files\Symantec\SharePoint\Logfiles. Symantec Protection for SharePoint Servers provides Simple Mail Transfer Protocol (SMTP) logging capabilities. When SMTP logging is configured, an notification is sent to a specified recipient for chosen events. To configure SMTP logging, you must do the following: Enable the notification system. Identify an SMTP server and port number for forwarding the log messages. Provide the default origin and destination information for the SMTP messages. Select the event categories for which SMTP messages should be generated. You can choose separate sender and recipient addresses for each event category. See Configuring SMTP logging on page 127. You can also select the notification level so that Symantec Protection for SharePoint Servers sends an notification only for the events whose level you specify. You can provide separate recipient information for each type of message. Default message text is included, but you can customize individual messages. See Customizing SMTP messages on page 131. About on-demand reports and scheduled reports You can manually generate and analyze reports for a specified date range. You must select a report source (Protection Engines, Scan Processes, or System) and define the log data you to display. You can generate a detailed report of all logs or pie chart reports. Symantec Protection for SharePoint Servers displays a numerical statistical report beneath the pie chart. See Generating an on-demand report on page 144. You can configure Symantec Protection for SharePoint Servers to generate reports and distribute them by to specified recipients at a scheduled time. From the options available, select hourly, daily, weekly, monthly, or once to schedule the reports. Note: You must first configure notifications before you try to schedule a report by .

21 Introducing Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works 21 To schedule reports, you must do the following tasks: Select a schedule. Choose from the default schedules or create a new schedule. Select a report data range. Symantec Protection for SharePoint Servers retrieves data from within this specified date range. Choose a report source (Protection Engines, Scan Processes, or System) and report definition. These options determine the content of your scheduled report. Select a report format. Activate report generation by mail. Specify the sender and recipient's address. See Scheduling a report on page 145. About handling large scanning volumes In a simple Symantec Protection for SharePoint Servers configuration, a single Symantec Protection Engine handles the scanning and the repair services for the SharePoint server. However, larger traffic volumes can require multiple protection engines to handle virus scanning. If you process large traffic volumes or have multiple clients making virus scanning requests, you can install and configure multiple protection engines to handle the scanning load. If you install multiple protection engines to handle increased loads, you must register each Symantec Protection Engine with Symantec Protection for SharePoint Servers. Each Symantec Protection Engine must be installed on a separate computer on your network. See Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers on page 93. When you use multiple protection engines, you can specify how you want the scanning load to be distributed by selecting a scanning mode. The scanning modes are as follows: Cycle mode Scanning is distributed evenly across all registered Symantec Protection Engines using a continuous repeating sequence. In a standalone environment, this option is available only if multiple protection engines are registered; but in a farm environment, this option is available even if one protection engine is registered.

22 22 Introducing Symantec Protection for SharePoint Servers About deployment options (standalone and farm environments) Priority mode Scanning is distributed to Symantec Protection Engines based on priority. You specify the priority when you register a Symantec Protection Engine with Symantec Protection for SharePoint Servers. See To register a new Symantec Protection Engine on page 96. See To edit a Symantec Protection Engine registration on page 97. If you enable both modes, the priority mode takes precedence. If both the registered protection engines have the same priority, then the cycle mode takes precedence. See Specifying the scanning mode for load balancing on page 98. About deployment options (standalone and farm environments) Symantec Protection for SharePoint Servers includes the following components that can be installed separately or together: Symantec Protection for SharePoint console Symantec Protection Engine See Components of Symantec Protection for SharePoint Servers on page 12. See About the installation options on page 39. You must install Symantec Protection for SharePoint Servers and its components in different ways based on the following SharePoint environments: Standalone environment Farm environment About deploying Symantec Protection for SharePoint Servers in a standalone SharePoint environment In a standalone SharePoint environment, you can choose to do a full install of both components of Symantec Protection for SharePoint Servers on the same computer. You can also choose to move antivirus processing off-box by installing Symantec Protection Engine on a separate server. However, ensure that you install the Symantec Protection for SharePoint console on the SharePoint server. For a SharePoint standalone deployment, ensure that SharePoint is not configured with Microsoft SQL Server Desktop Engine or Windows Internal Database.

23 Introducing Symantec Protection for SharePoint Servers About deployment options (standalone and farm environments) 23 Symantec Protection 6.0 for SharePoint Servers does not support a SharePoint standalone configuration with Microsoft SQL Server Desktop Engine or Windows Internal Database. About deploying Symantec Protection for SharePoint Servers in a farm environment In a SharePoint farm environment, based on the SharePoint version used, deploy Symantec Protection for SharePoint Servers on the following servers: Windows SharePoint Services 2.0 SharePoint Portal Server 2003 Install the Symantec Protection for SharePoint console on each front-end Web server in the farm. The other component, which is the Symantec Protection Engine, can be installed on the same server as the Symantec Protection for SharePoint console or on a separate server. Windows SharePoint Services 3.0 Microsoft Office SharePoint Server 2007 Install the Symantec Protection for SharePoint console on each front-end Web server in the farm and at least on one server where Central Administration service is running. You can install the Symantec Protection for SharePoint console on the other Application servers in the farm to run on-demand or scheduled scans on these servers, if desired. However, you can run these scans from the front-end servers as well. The other component, which is Symantec Protection Engine, can be installed on the same server as the Symantec Protection for SharePoint console or on a separate server. About supported platforms You can install the Symantec Protection for SharePoint console on the following platforms: Microsoft Windows Server 2003 Microsoft Windows Server 2008 See System requirements for Symantec Protection for SharePoint console only on page 31.

24 24 Introducing Symantec Protection for SharePoint Servers How Symantec Protection Engine protects against viruses See About installing only the Symantec Protection for SharePoint console on page 50. Symantec Protection Engine runs on the following platforms: Sun Solaris Red Hat Linux Microsoft Windows 2000 Server Microsoft Windows Server 2003 Microsoft Windows Server 2008 You can deploy Symantec Protection Engine in any environment that is running any combination of these platforms. See System requirements for Symantec Protection Engine on page 32. See Installing only Symantec Protection Engine using the installation wizard on page 45. How Symantec Protection Engine protects against viruses Symantec Protection for SharePoint Servers sends the files to Symantec Protection Engine for virus scanning and repair. Symantec Protection Engine detects viruses, worms, and Trojan horses in all major file types (for example, Windows files, DOS files, and Microsoft Word and Excel files). Symantec Protection Engine includes a decomposer that handles most compressed and archive file formats and nested levels of files. Symantec Protection Engine provides protection against container files that can cause denial-of-service attacks (for example, container the files that are overly large, that contain large numbers of embedded compressed files, partial container files, or that have been designed to use resources maliciously and degrade performance). Symantec Protection Engine detects security risks such as adware, dialers, hacking tools, joke programs, remote access programs, spyware, and trackware. The Symantec Protection Engine also detects mobile code such as Java, ActiveX, and standalone script-based threats. Symantec Protection Engine uses Symantec AntiVirus technologies, for heuristic detection of new or unknown viruses.

25 Introducing Symantec Protection for SharePoint Servers Where to get more information 25 Where to get more information In addition to this guide, Symantec Protection for SharePoint Servers includes Help topics that you can access through the Help table of contents and index. You can also search for keywords in the Help. Context-sensitive Help is available on each page. You can visit the Symantec website for more information about your product. The following online resources for Symantec Protection for SharePoint Servers are available: Provides access to the technical support Knowledge Base, newsgroups, contact information, downloads, and mailing list subscriptions index.jsp Provides product news and updates Provides access to the virus encyclopedia, which contains information about all known threats; information about hoaxes; and access to white papers about threats index.jsp

26 26 Introducing Symantec Protection for SharePoint Servers Where to get more information

27 Chapter 2 Installing Symantec Protection for SharePoint Servers This chapter includes the following topics: Before you install System requirements About installing Symantec Protection for SharePoint Servers Upgrading Symantec Protection for SharePoint Servers version 5.1.x to version 6.0.x Post-installation tasks Uninstalling Symantec Protection for SharePoint Servers Before you install Do the following tasks before you install Symantec Protection for SharePoint Servers or its components: Provide antivirus protection for the servers on which the Symantec Protection for SharePoint Servers components run. See About protecting the servers that are running the Symantec Protection for SharePoint Servers components on page 28. Exclude certain directories from scanning by any other antivirus product that is running on the computers on which you install the components. See About preventing conflicts with other products on page 28.

28 28 Installing Symantec Protection for SharePoint Servers Before you install Plan to install the Symantec Protection for SharePoint console at a time when Microsoft Internet Information Server (IIS) can be stopped temporarily. See About stopping IIS during installation on page 29. Ensure that the computer on which you plan to install the console and Symantec Protection Engine meets the minimum system requirements. You can install both components together or on separate computers. See System requirements on page 29. Ensure that the ports 9455, 9466, and 9477 are available. For a SharePoint standalone deployment, ensure that SharePoint is not configured with Microsoft SQL Server Desktop Engine or Windows Internal Database. Symantec Protection 6.0 for SharePoint Servers does not support a SharePoint standalone configuration with Microsoft SQL Server Desktop Engine or Windows Internal Database. Symantec recommends that you back up the web.config file of the SharePoint Central Administration site. About protecting the servers that are running the Symantec Protection for SharePoint Servers components Before you install Symantec Protection Engine and the Symantec Protection for SharePoint console, consider to install additional antivirus protection such as Symantec AntiVirus Corporate Edition to protect the servers on which these components run. By design, Symantec Protection Engine scans only the files that are passed to it from Symantec Protection for SharePoint Servers. Symantec Protection for SharePoint Servers does not protect the operating systems of the computers on which Symantec Protection Engine and SharePoint Server run. Because both of these servers potentially handle viruses, they are vulnerable without real-time virus protection. To achieve comprehensive virus protection with Symantec Protection for SharePoint Servers, it is important to protect the Symantec Protection Engine server and the SharePoint server from virus attacks. To protect the host computers, install an antivirus program on these servers in addition to the Symantec Protection for SharePoint Servers components. About preventing conflicts with other products To prevent a conflict between the antivirus product that is running on the host computer and Symantec Protection for SharePoint Servers, configure any other

29 Installing Symantec Protection for SharePoint Servers System requirements 29 antivirus product that is running on the host computer to exclude certain directories from scanning. Table 2-1 lists the directories to exclude from scanning. Table 2-1 Directories to exclude from scanning Directories Windows:<Installdir>\temp Linux and Solaris : <Installdir>/temp <Installdir>\Program Files\Symantec\ SharePoint\Quarantine Server The server on which Symantec Protection Engine runs. These directories are the temporary directories that Symantec Protection Engine uses for scanning. The server on which Symantec Protection for SharePoint console runs. Symantec Protection for SharePoint Servers uses it as the default quarantine directory. About stopping IIS during installation System requirements During the installation, the Microsoft Internet Information Server (IIS) must be stopped temporarily. During the time that it takes to complete the installation, no access to IIS services is available. You must plan to install the Symantec Protection for SharePoint console when Microsoft IIS can be stopped temporarily. Microsoft IIS restarts automatically after the installation is complete. You can choose to install both components of Symantec Protection for SharePoint Servers together on the same computer or on different computers. The Symantec Protection for SharePoint console and Symantec Protection Engine are supported on both 32-bit and 64-bit computers for Windows 2003 Server and Windows 2008 Server. See System requirements for Symantec Protection for SharePoint Servers integrated installation on page 30.

30 30 Installing Symantec Protection for SharePoint Servers System requirements See System requirements for Symantec Protection for SharePoint console only on page 31. See System requirements for Symantec Protection Engine on page 32. System requirements for Symantec Protection for SharePoint Servers integrated installation Table 2-2 describes the minimum system requirements to install the Symantec Protection for SharePoint console and Symantec Protection Engine on the same server. Table 2-2 Requirement Minimum system requirements for Symantec Protection for SharePoint console and Symantec Protection Engine Details Hardware requirements Processor and Memory: As per the requirements of the version of Microsoft SharePoint Disk space: 6 GB One network interface card (NIC) running TCP/IP with a static IP address Internet connection to update antivirus definitions Operating system Symantec Protection for SharePoint Servers runs on the following platforms: Windows Server 2003 with Service Pack 2 or later Windows Server 2008 with Service Pack 2 or later You can use any of the following editions of Windows Server: Windows Server 2003 Standard/Enterprise/Data Center SP2/R2 Windows Server 2008 Standard/Enterprise/Data Center SP2/R2

31 Installing Symantec Protection for SharePoint Servers System requirements 31 Table 2-2 Requirement Software requirements Minimum system requirements for Symantec Protection for SharePoint console and Symantec Protection Engine (continued) Details Any of the following Microsoft SharePoint Server editions: Windows SharePoint Services 2.0 (WSS 2.0) with Service Pack 3 (SP 3) SharePoint Portal Server 2003 (SPS 2003) with Service Pack 3 (SP 3) Windows SharePoint Services 3.0 (WSS 3.0) Microsoft Office SharePoint Server 2007 Any of the following Web browsers: Microsoft Internet Explorer 6.0 (with the most recent service pack that is available) or higher. The following software components: Microsoft.NET Framework 2.0 SP1 or higher Microsoft ASP.NET 2.0 AJAX Extensions 1.0 Central Admin Site ASP.NET Version 2.0 or higher System requirements for Symantec Protection for SharePoint console only Table 2-3 describes the minimum system requirements to install the Symantec Protection for SharePoint console. Table 2-3 Requirement Minimum system requirements for the Symantec Protection for SharePoint console Details Hardware requirements Processor and Memory: As per the requirements of the version of Microsoft SharePoint Disk space: 512 MB (may vary depending on how long you choose to maintain log files)

32 32 Installing Symantec Protection for SharePoint Servers System requirements Table 2-3 Requirement Operating system Minimum system requirements for the Symantec Protection for SharePoint console (continued) Details The Symantec Protection for SharePoint console runs on the following platforms: Windows Server 2003 with Service Pack 2 or later Windows Server 2008 with Service Pack 2 or later You can use any of the following editions of Windows Server: Windows Server 2003 Standard/Enterprise/Data Center SP2/R2 Windows Server 2008 Standard/Enterprise/Data Center SP2/R2 Software requirements Any of the following Microsoft SharePoint Server editions: Windows SharePoint Services 2.0 (WSS 2.0) with Service Pack 3 (SP 3) SharePoint Portal Server 2003 (SPS 2003) with Service Pack 3 (SP 3) Windows SharePoint Services 3.0 (WSS 3.0) Microsoft Office SharePoint Server 2007 Any of the following Web browsers: Microsoft Internet Explorer 6.0 (with the most recent service pack that is available) or higher. The following software components: Microsoft.NET Framework 2.0 SP1 or higher Microsoft ASP.NET 2.0 AJAX Extensions 1.0 Central Admin Site ASP.NET Version 2.0 or higher System requirements for Symantec Protection Engine You can install Symantec Protection Engine on Windows, Linux, and Solaris. See System requirements to install Symantec Protection Engine on Windows on page 33. See System requirements to install Symantec Protection Engine on Solaris on page 34. See System requirements to install Symantec Protection Engine on Linux on page 35.

33 Installing Symantec Protection for SharePoint Servers System requirements 33 System requirements to install Symantec Protection Engine on Windows The following are the system requirements to install Symantec Protection Engine on Windows: Operating system Windows Server 2008 SP2 (32-bit and 64-bit) Windows Server 2008 R2 (64-bit) Windows Server 2012 (64-bit) Ensure that your operating system has the latest service patches available. Processor Memory Disk space Intel or AMD Server Grade Single Processor Quad Core systems or higher 4 GB of RAM or higher 5 GB of hard disk space Hardware Network interface card (NIC) running TCP/IP with a static IP address Internet connection to update definitions 100 Mbps Ethernet link (1 Gbps recommended) Software JRE 6.0 (update 25 or later), or JRE 7.0 (update 03 or later) It is recommended to use JRE 7.0 (update 03 or later). Note: Symantec Protection Engine supports only 32-bit versions of Java Runtime Environment. Symantec Protection Engine cannot be installed with 64-bit JRE versions. Microsoft Visual C (SP1 or later) redistributable package (x86) One of the following Web browsers to access the Symantec Protection Engine console: Microsoft Internet Explorer 8 or later Use Microsoft Internet Explorer to access the Symantec Protection Engine console from a Windows client computer. Mozilla Firefox 10 or later Use Mozilla Firefox to access the Symantec Protection Engine console from a Solaris or Linux client computer. The Web browser is only required for Web-based administration. The Web browser must be installed on a computer from which you want to access the Symantec Protection Engine console. The computer must have access to the server on which Symantec Protection Engine runs.

34 34 Installing Symantec Protection for SharePoint Servers System requirements System requirements to install Symantec Protection Engine on Solaris The following are the system requirements to install Symantec Protection Engine on Solaris: Operating system Solaris 10 and 11 Ensure that your operating system has the latest patches available. Processor Memory Disk space UltraSPARC 4 GB of RAM or higher 5 GB of hard disk space Hardware Network interface card (NIC) running TCP/IP with a static IP address Internet connection to update definitions 100 Mbps Ethernet link (1 Gbps recommended) Software JRE 6.0 (update 25 or later), or JRE 7.0 (update 03 or later) It is recommended to use JRE 7.0 (update 03 or later). If you install the self-extracting JRE, ensure that you note the installation location. You must provide the location of the JRE if the installer is unable to detect it. Note: Symantec Protection Engine supports only 32-bit versions of Java Runtime Environment. Symantec Protection Engine cannot be installed with 64-bit JRE versions. One of the following Web browsers to access the Symantec Protection Engine console: Mozilla Firefox 10 or later Use Mozilla Firefox to access the Symantec Protection Engine console from a Solaris or Linux client computer. Microsoft Internet Explorer 8 or later Use Microsoft Internet Explorer to access the Symantec Protection Engine console from a Windows client computer. The Web browser is only required for Web-based administration. You must install the Web browser on a computer from which you want to access the Symantec Protection Engine console. The computer must have access to the server on which Symantec Protection Engine runs.

35 Installing Symantec Protection for SharePoint Servers System requirements 35 System requirements to install Symantec Protection Engine on Linux The following are the system requirements to install Symantec Protection Engine on Linux: Operating system Red Hat Enterprise Linux Server 5.7 (32-bit and 64-bit) and later Red Hat Advanced Linux Server 5.7 (32-bit and 64-bit) and later Red Hat Enterprise Linux Server 6.2 (32-bit and 64-bit) and later Red Hat Advanced Linux Server 6.2 (32-bit and 64-bit) and later SUSE Linux Enterprise Server 11 (32-bit and 64-bit) Ensure that your operating system has the latest service patches available. Processor Memory Disk space Intel or AMD Server Grade Single Processor Quad Core systems or higher 4 GB RAM or higher 5 GB of hard disk space Hardware Network interface card (NIC) running TCP/IP with a static IP address Internet connection to update definitions 100 Mbps Ethernet link (1 Gbps recommended)

36 36 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers Software Ensure that the following packages are installed: GNU sharutils or later Use this package to expand the Rapid Release packages. ncompress or later Use this package to expand the Rapid Release packages. GNU C Library (glibc) Initscripts This package is required for Red Hat Linux only. aaa_base package This package is required for SUSE only. JRE 6.0 (update 25 or later), or JRE 7.0 (update 03 or later) It is recommended to use JRE 7.0 (update 03 or later). Install the JRE using Red Hat Package Manager (RPM). Ensure that you note the installation location. You must provide the location of the JRE if the installer is unable to detect it. Note: Symantec Protection Engine supports only 32-bit versions of Java Runtime Environment. Symantec Protection Engine cannot be installed with 64-bit JRE versions. One of the following Web browsers to access the Symantec Protection Engine console: Mozilla Firefox 10 or later Use Mozilla Firefox to access the Symantec Protection Engine console from a Solaris or Linux client computer. Microsoft Internet Explorer 8 or later Use Microsoft Internet Explorer to access the Symantec Protection Engine console from a Windows client computer. The Web browser is only required for Web-based administration. You must install the Web browser on a computer from which you want to access the Symantec Protection Engine console. The computer must have access to the server on which Symantec Protection Engine runs. Note: If any of the package binary is already present on the computer and if the installer is still unable to find it, you can add the path to the binary in LD_LIBRARY_PATH environment variable. About installing Symantec Protection for SharePoint Servers Symantec Protection for SharePoint Servers comprises the following components:

37 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers 37 Symantec Protection Engine Provides the virus scanning and repair services. The latest version of Symantec Protection Engine 7.0 is included in the software package. Symantec Protection for SharePoint console Provides you a means to configure how Symantec Protection Engine and the SharePoint server communicate with each other. The console also lets you configure how Symantec Protection for SharePoint Servers handles infected files and monitors scanning activity. You can install these components separately or together. Based on the SharePoint farm environment and SharePoint version used, you must install the Symantec Protection for SharePoint console on all front-end servers in the farm and at least on one server where Central Administration service is running. See About deployment options (standalone and farm environments) on page 22. During installation, Symantec Protection for SharePoint Servers installs both components together or separately based on the installation option that you choose. See About the installation options on page 39. The Symantec Protection for SharePoint Servers installation program checks for previous versions of the product and does one of the following: No previous version is detected Based on the installation option you choose, the installation program performs a full installation of Symantec Protection for SharePoint Servers and its components. See About the installation options on page 39.

38 38 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers A previous version of either component is detected The installation program does one of the following when it detects a previous version of Symantec Protection for SharePoint Servers or any of its components: Symantec Protection for SharePoint Servers (version 5.1): If the installation program detects an older version of Symantec Protection for SharePoint Servers, it uninstalls Symantec Protection for SharePoint Servers version 5.1.x and then installs Symantec Protection 6.0 for SharePoint Servers. The installation program does not retain any settings from the older version of the product. Symantec Protection for SharePoint Servers (version 6.0): If the installation program detects Symantec Protection for SharePoint Servers version 6.0, it upgrades the product to Symantec Protection 6.0.x for SharePoint Servers. The installation program retains all the settings from the older version of the product. Symantec Protection Engine 7.0: If the installer detects Symantec Protection Engine 7.0, it upgrades the product to Symantec Protection Engine 7.0.x. Symantec Scan Engine 5.1.x or 5.2.x: If the installer detects Symantec Scan Engine 5.1.x or 5.x.2, it upgrades the product to 7.0.x. Symantec Scan Engine 4.3: If the installer detects Symantec Scan Engine 4.3, it does not let you proceed with the installation unless you uninstall the previous version. During a fresh installation of Symantec Protection Engine, you can enter the file path of a valid license for automatic license activation. Symantec Protection for SharePoint Servers automatically registers the Symantec Protection Engine if you enter the license file path during a full installation. When you provide the license of Symantec Protection Engine during the installation process, you eliminate the need to register it through the Symantec Protection for SharePoint console. If you install Symantec Protection Engine separately, you can still enter the license file path during installation. Automatic activation occurs if the license is valid. However, you must register Symantec Protection Engine manually with Symantec Protection for SharePoint Servers.

39 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers 39 See Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers on page 93. Symantec Protection Engine installs a virtual administrative account during installation. Do not forget the password for this account because it is the only account that you can use to manage Symantec Protection Engine. You can change the password in the console, but to do so you must have the old password. See Accessing the Symantec Protection Engine console on page 103. If you do not have the license file at the time of installation, you can activate the license later through the Symantec Protection Engine console. See About licensing Symantec Protection Engine on page 109. The installation program installs the Symantec Protection for SharePoint console using the service logon details that you enter during the installation procedure. You can change the service logon details after installation. You can also password protect the console so that unauthenticated users cannot access or modify the settings. See Accessing the console on page 66. You can use the silent installation or remote installation feature for multiple installations on your network. See Installing the Symantec Protection for SharePoint console using the silent installation feature on page 53. See About installing Symantec Protection for SharePoint Servers using remote installation on page 45. About the installation options On a Windows platform, the software installer displays the following options: Install Symantec Protection 6.0 for SharePoint Servers (Full Install) Installs both Symantec Protection Engine and the Symantec Protection for SharePoint console. See About installing Symantec Protection for SharePoint Servers (integrated installation) on page 40. Install only the Symantec Protection Engine Installs Symantec Protection Engine only. This installation is useful if you want to move antivirus scanning off-box, thereby reducing the CPU load on the SharePoint Server. See Installing only Symantec Protection Engine using the installation wizard on page 45.

40 40 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers Install only the Symantec Protection for SharePoint console Installs the administrative console for Symantec Protection for SharePoint Servers See About installing only the Symantec Protection for SharePoint console on page 50. On a Linux/Solaris platform, you can install Symantec Protection Engine only. Because only Symantec Protection Engine is supported on Linux or Solaris. About installing Symantec Protection for SharePoint Servers (integrated installation) When you perform an integrated installation, you install both the Symantec Protection for SharePoint console and Symantec Protection Engine on the same server. Before you begin the installation procedure, ensure that your server meets the minimum system requirements. You must also ensure that the SharePoint server and all applicable updates are installed, configured, and working correctly before you begin installation. For more information, see the Microsoft documentation. See System requirements for Symantec Protection for SharePoint Servers integrated installation on page 30. You can do a consolidated install of Symantec Protection for SharePoint Servers or install either component separately using the software installer. However, you cannot do an integrated install using the silent install feature. You can install the Symantec Protection for SharePoint console and Symantec Protection Engine separately using the silent install feature. See Installing Symantec Protection for SharePoint Servers using the installation wizard on page 40. See Installing the Symantec Protection for SharePoint console using the silent installation feature on page 53. For more information about how to install Symantec Protection Engine using the silent install feature, see the Symantec Protection Engine Implementation Guide. Installing Symantec Protection for SharePoint Servers using the installation wizard You can install Symantec Protection for SharePoint Servers from the software package using an installation wizard. After installation is complete, the Symantec Protection for SharePoint console is installed as a Windows Server service. Symantec Protection for SharePoint console is listed as Symantec Protection 6.0 for SharePoint Servers in the Services Control

41 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers 41 Panel. Symantec Protection Engine is listed as a separate entry in the Services Control Panel. The Symantec Protection for SharePoint Servers service starts automatically when the installation is complete. Installation activities are recorded in the Windows Application Event Log and System log files at the default location C:\Program Files\Symantec\SharePoint\Logfiles. Note: Before you install Symantec Protection for SharePoint Servers, ensure that the ports 9455, 9466, and 9477 are available. To install Symantec Protection for SharePoint Servers using the installation wizard 1 Log on to the computer on which you plan to install the product as administrator or as a user with administrator rights. The logon user must also be one of the following: A user who configured SharePoint farm using SharePoint Configuration and Technology wizard. A farm administrator and db_owner of SharePoint configuration database. 2 Run the Symantec Protection for SharePoint Servers software installer. 3 On the main page, click Install. 4 In the next installer screen window, click Install Symantec Protection 6.0 for SharePoint Servers (Full Install). Symantec Protection Engine is installed first, then the Symantec Protection for SharePoint console is installed. The installer first checks if the computer has J2SE Runtime Environment (JRE) 5.0 Update 15 or a later version. If not, the installation process stops. You must manually install J2SE Runtime Environment (JRE) 5.0 Update 15 or a later version and then continue with the installation of Symantec Protection Engine. 5 In the Required Components window, follow the on-screen instructions. 6 On the Symantec Protection Engine License Setup page, click Browse to browse to select the appropriate license file. For more information on how to obtain a license file, see the Symantec Protection Engine Implementation Guide. You can also install the license at a later time through the Symantec Protection Engine console. See About licensing Symantec Protection Engine on page 109.

42 42 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers 7 Click Next. Symantec Protection Engine installation begins. 8 In the Welcome panel, click Next. 9 In the License Agreement panel, indicate that you agree with the terms of the Symantec Software License Agreement, and then click Next. If you do not indicate that you agree, the installation is canceled. 10 In the Destination Folder panel, select the location to install Symantec Protection Engine, and then click Next. The default location is C:\Program Files\Symantec\Protection Engine for 32-bit Windows platform, and C:\Program Files (x86)\symantec\protection Engine for 64-bit Windows platform. 11 In the UI Authentication method panel, select one of the following: Symantec Protection Engine-based authentication Windows Active Directory-based authentication For more information, see Symantec Protection Engine Implementation Guide. 12 Click Next.

43 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers If you select Symantec Protection Engine-based authentication, in the Administrative UI Setup panel, configure the following options: Administrator Password Confirm Administrator Password Administrator Port Type a password for the administrator account that you intend to use to manage Symantec Protection Engine. Confirm the password by typing it again. Type the port number on which the Web-based console listens. If you change the port number, use a number that is greater than 1024 that is not in use by any other program or service. The default port number is You can disable the console by typing 0. If you disable the console, you can configure Symantec Protection Engine by editing the configuration file. SSL Port Type the Secure Socket Layer (SSL) port number on which encrypted files are transmitted for increased security. The default SSL port number is If this port is already in use, select an SSL port that is not in use by any other program or service. Use a port number that is greater than If you selectwindows Active Directory-based authentication, do the following in the order listed below: In the UI Authentication method panel, select Windows Active Directory-based authentication, and then click Next. In the Windows Active Directory-based Authetication Settings panel, in the Group Name box, type a valid security group name in the Domain\Groupname format. Click Next. If the group name is incorrect, a Group Name Validation screen appears. Click Back to try the security group name again. Alternatively, click Next to continue the installation without a valid group name. The Symantec Protection Engine service starts after installation but you cannot access the console. Once the installation is complete, you must go to configuration.xml and enter the user name to access the console. In the Administrative UI Setup panel, configure the following options:

44 44 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers Administrator Port SSL Port Type the port number on which the Web-based console listens. If you change the port number, use a number that is greater than 1024 that is not in use by any other program or service. The default port number is You can disable the console by typing 0. If you disable the console, you can configure Symantec Protection Engine by editing the configuration file. Type the Secure Socket Layer (SSL) port number on which encrypted files are transmitted for increased security. The default SSL port number is If this port is already in use, select an SSL port that is not in use by any other program or service. Use a port number that is greater than Click Next. 16 In the URL filtering panel, select the provided option to enable URL filtering feature and downloading of URL definitions. 17 In the Ready to Install the Program panel, click Install. 18 Click Finish to complete installation of Symantec Protection Engine. Once installation of Symantec Protection Engine is complete, the installation of Symantec Protection for SharePoint console automatically begins. 19 In the Welcome panel, click Next. 20 In the License Agreement panel, indicate that you agree with the terms of the Symantec Software License Agreement, and then click Next. If you do not indicate that you agree, the installation is canceled. 21 In the Customer Information panel, in the User Name box, type the account name under which you are installing the Symantec Protection for SharePoint console. 22 In the Organization box, type the name of your organization. 23 Select who will have access to the console after installation. You can limit access to the account under which the console is installed, or you can let all users access the console. 24 Click Next.

45 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers Specify the user name and password for the account that is used to log on to the Symantec Service. The user account must be a member of the Local Administrators Group on the computer on which the SharePoint server is installed. If the SQL server is on a separate computer, the user account must be a member of the Local Administrators Group on that computer as well. The user account must be of a user who configured SharePoint farm using SharePoint Configuration and Technology wizard. The user name must be in the format domain\username or computer\username. 26 Click Next. 27 In the SharePoint Services Stop Information panel, indicate whether you agree to stop Microsoft IIS and Microsoft SharePoint Server services. If you do not want to stop IIS, select I do not agree that the services can be stopped. This option does not allow the installation to proceed. 28 Click Next. 29 In the Ready to Install the Program panel, click Install to begin the installation. 30 Click Finish when installation is complete. About installing Symantec Protection for SharePoint Servers using remote installation Symantec Protection for SharePoint Servers supports the remote installation of the entire product or any of its components through Systems Center Configuration Manager 2007 SP2. For more information, see the appropriate Microsoft documentation. Ensure that the server on which you plan to remotely install Symantec Protection for SharePoint Servers or its components meets the minimum system requirements. See System requirements on page 29. Installing only Symantec Protection Engine using the installation wizard You can install Symantec Protection Engine either on a Windows server that is running the SharePoint server or on a separate server that is not running SharePoint. This lets you move antivirus scanning off-box, thereby reducing the CPU load on the SharePoint server.

46 46 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers Install and configure Symantec Protection Engine before you configure the Symantec Protection for SharePoint console. You must ensure that the computer on which you install Symantec Protection Engine meets the system requirements. See System requirements for Symantec Protection Engine on page 32. During installation, you can choose the authentication mode for accessing the Symantec Protection Engine console. If you choose Symantec Protection Engine-based authentication then Symantec Protection Engine installs an administrator account. Symantec recommends that you remember the password for this account as it is the only account used to manage Symantec Protection Engine. If you want to change the password in the console, you must have the old password. If you choose Windows Active Directory-based authentication, Symantec Protection Engine allows users from the authorized Windows Active Directory security group to access the console. You can install the Symantec Protection Engine by using the software installer on a Windows 2000 Server or Windows 2003 Server or Windows 2008 Server. For more information about how to install Symantec Protection Engine, see Symantec Protection Engine Implementation Guide. To install Symantec Protection Engine with Symantec Protection Engine-based authentication 1 Log on to the computer on which you plan to install the product as administrator or as a user with administrator rights. 2 Run the Symantec Protection for SharePoint Servers software installer. 3 On the main page, click Install. 4 In the next installer screen window, click Install only the Symantec Protection Engine. The installer first checks if the computer has J2SE Runtime Environment (JRE) 5.0 Update 15 or a later version. If not, the installation process stops. You must manually install J2SE Runtime Environment (JRE) 5.0 Update 15 or a later version and then continue with the installation of Symantec Protection Engine.

47 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers 47 5 On the Symantec Protection Engine License Setup page, click Browse to browse to select the appropriate license file. For more information on how to obtain a license file, see the Symantec Protection Engine Implementation Guide. You can also install the license at a later time through the Symantec Protection Engine console. See About licensing Symantec Protection Engine on page Click Next. Symantec Protection Engine installation begins. 7 In the Welcome panel, click Next. 8 In the License Agreement panel, indicate that you agree with the terms of the Symantec Software License Agreement, and then click Next. If you do not indicate that you agree, the installation is canceled. 9 In the Destination Folder panel, select the location to install Symantec Protection Engine, and then click Next. The default location is C:\Program Files\Symantec\Scan Engine for 32-bit Windows platform, and C:\Program Files (x86)\symantec\scan Engine for 64-bit Windows platform. 10 In the UI Authentication method panel, select Symantec Protection Engine-based authentication, and then click Next.

48 48 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers 11 In the Administrative UI Setup panel, configure the following options: Administrator Password Confirm Administrator Password Administrator Port Type a password for the administrator account that you intend to use to manage Symantec Protection Engine. Confirm the password by typing it again. Type the port number on which the Web-based console listens. If you change the port number, use a number that is greater than 1024 that is not in use by any other program or service. The default port number is You can disable the console by typing 0. If you disable the console, you can configure Symantec Protection Engine by editing the configuration file. SSL Port Type the Secure Socket Layer (SSL) port number on which encrypted files are transmitted for increased security. The default SSL port number is If this port is already in use, select an SSL port that is not in use by any other program or service. Use a port number that is greater than Click Next. 13 In the URL filtering panel, select the provided option to enable URL filtering feature and downloading of URL definitions. You can also change the setting after installation. Go to Policies > Filtering > URL to enable this option. 14 In the Ready to Install the Program panel, click Install. 15 Click Finish to complete installation of Symantec Protection Engine. Symantec Protection Engine is listed as a separate entry in the Services Control Panel. To install Symantec Protection Engine with Windows Active Directory-based authentication 1 Log on to the computer on which you plan to install the product as administrator or as a user with administrator rights. 2 Run the Symantec Protection for SharePoint Servers software installer. 3 On the main page, click Install.

49 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers 49 4 In the next installer screen window, click Install only the Symantec Protection Engine. The installer first checks if the computer has J2SE Runtime Environment (JRE) 5.0 Update 15 or a later version. If not, the installation process stops. You must manually install J2SE Runtime Environment (JRE) 5.0 Update 15 or a later version and then continue with the installation of Symantec Protection Engine. 5 On the Symantec Protection Engine License Setup page, click Browse to browse to select the appropriate license file. For more information on how to obtain a license file, see the Symantec Protection Engine Implementation Guide. You can also install the license at a later time through the Symantec Protection Engine console. 6 Click Next. Symantec Protection Engine installation begins. 7 In the Welcome panel, click Next. 8 In the License Agreement panel, indicate that you agree with the terms of the Symantec Software License Agreement, and then click Next. If you do not indicate that you agree, the installation is canceled. 9 In the Destination Folder panel, select the location to install Symantec Protection Engine, and then click Next. The default location is C:\Program Files\Symantec\Scan Engine for 32-bit Windows platform, and C:\Program Files (x86)\symantec\scan Engine for 64-bit Windows platform. 10 In the UI Authentication method panel, select Windows Active Directory-based authentication, and then click Next. 11 In the Windows Active Directory-based Authetication Settings panel, in the Group Name box, type a valid security group name in the Domain\Groupname format. 12 Click Next. If the group name is incorrect, a Group Name Validation screen appears. Click Back to try the security group name again. Alternatively, click Next to continue the installation without a valid group name. The Symantec Protection Engine service starts after installation but you cannot access the console. Once the installation is complete, you must go to configuration.xml and enter the user name to access the console.

50 50 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers 13 In the Administrative UI Setup panel, configure the following options: Administrator Port SSL Port Type the port number on which the Web-based console listens. If you change the port number, use a number that is greater than 1024 that is not in use by any other program or service. The default port number is You can disable the console by typing 0. If you disable the console, you can configure Symantec Protection Engine by editing the configuration file. Type the Secure Socket Layer (SSL) port number on which encrypted files are transmitted for increased security. The default SSL port number is If this port is already in use, select an SSL port that is not in use by any other program or service. Use a port number that is greater than Click Next. 15 In the URL filtering panel, select the provided option to enable URL filtering feature and downloading of URL definitions. You can also change the setting after installation. Go to Policies > Filtering > URL to enable this option. 16 In the Ready to Install the Program panel, click Install. 17 Click Finish. About installing only the Symantec Protection for SharePoint console Ensure that you install the Symantec Protection for SharePoint console on a server that meets the system requirements. See System requirements for Symantec Protection for SharePoint console only on page 31. Based on the SharePoint farm environment and SharePoint version used, you must install the Symantec Protection for SharePoint console on all front-end servers in the farm and at least on one server where Central Administration service is running. See About deployment options (standalone and farm environments) on page 22. You should ensure that the SharePoint server and all applicable updates are installed, configured, and working correctly before you install the Symantec Protection for SharePoint console. For more information, see the Microsoft documentation.

51 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers 51 You can install the Symantec Protection for SharePoint console by using the software installer or you can use the silent install feature. See Installing the Symantec Protection for SharePoint console using the installation wizard on page 51. See Installing the Symantec Protection for SharePoint console using the silent installation feature on page 53. You can use the remote installation feature for multiple installations of Symantec Protection for SharePoint console or Symantec Protection Engine on your network. See About installing Symantec Protection for SharePoint Servers using remote installation on page 45. Installing the Symantec Protection for SharePoint console using the installation wizard You can install Symantec Protection for SharePoint console by using the software installer. When the installation is complete, the Symantec Protection for SharePoint console is installed as a Windows Server service and is listed as Symantec Protection 6.0 for SharePoint Servers in the Services Control Panel. The Symantec Protection for SharePoint Servers service starts automatically when the installation is complete. Installation activities are recorded in the Windows Application Event Log and System log files at the default location C:\Program Files\Symantec\SharePoint\Logfiles. Note: Before you install Symantec Protection for SharePoint Servers, ensure that the ports 9455, 9466, and 9477 are available. To install the Symantec Protection for SharePoint console using the installation wizard 1 Log on to the computer on which you plan to install the console as administrator or as a user with administrator rights. The logon user must also be one of the following: A user who configured SharePoint farm using SharePoint Configuration and Technology wizard. A farm administrator and db_owner of SharePoint configuration database. 2 Run the Symantec Protection for SharePoint Servers software installer. 3 On the main page, click Install.

52 52 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers 4 In the next installer screen window, click Install only the Symantec Protection for SharePoint console. 5 In the Required Components window, follow the on-screen instructions. 6 In the Welcome panel, click Next. 7 In the License Agreement panel, indicate that you agree with the terms of the Symantec Software License Agreement, and then click Next. If you do not indicate that you agree, the installation is canceled. 8 In the Customer Information panel, in the User Name box, type the account name under which you are installing the Symantec Protection for SharePoint console. 9 In the Organization box, type the name of your organization. 10 Select who will have access to the console after installation. You can limit access to only the account under which the console is installed, or you can let all users access the console. 11 Click Next. 12 Specify the user name and password for the account that is used to log on to the Symantec Service. The user account must be a member of the Local Administrators Group on the computer on which the SharePoint server is installed. If the SQL server is on a separate computer, the user account must be a member of the Local Administrators Group on that computer as well. The user account must be of a user who configured SharePoint farm using SharePoint Configuration and Technology wizard. The user name must be in the format domain\username or computer\username. 13 Click Next. 14 In the SharePoint Services Stop Information panel, indicate whether you agree to stop Microsoft IIS and Microsoft SharePoint Server services. If you do not want to stop IIS, select I do not agree that the services can be stopped. This option does not allow the installation to proceed. 15 Click Next. 16 In the Ready to Install the Program panel, click Install to begin the installation. 17 Click Finish when the installation is complete.

53 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers 53 Installing the Symantec Protection for SharePoint console using the silent installation feature The silent installation feature lets you automate the installation of Symantec Protection for SharePoint console. You can use the silent installation feature when you install multiple applications of Symantec Protection for SharePoint console and Symantec Protection Engine with identical input values. For more information about how to install Symantec Protection Engine using the silent install feature, see the Symantec Protection Engine Implementation Guide. Performing silent installations using default configuration values In Windows, you provide all of the information on the command-line first, and then run the installation silently. You can use the silent installation feature to install the application with the default configuration values. You can also generate a log of the installation events. You must change directories to the location of the Symantec Protection for SharePoint console installation program file, Symantec Protection 6.0 for SharePoint Servers.msi, in the software package, which is in following folder: 32BitSetup/DISK1/Symantec Protection 6.0 for SharePoint Servers.msi (for a 32-bit system) 64BitSetup/DISK1/Symantec Protection 6.0 for SharePoint Servers.msi (for a 64-bit system) To install the Symantec Protection for SharePoint console To installs the console with the default Local System Account as the service logon user. At the command line, type the following: msiexec /I "Symantec Protection 6.0 for SharePoint Servers.msi" /qn

54 54 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers To install the Symantec Protection for SharePoint console with service logon user input values At the command line, type the following: msiexec /I "Symantec Protection 6.0 for SharePoint Servers.msi" /qn IS_NET_API_LOGON_USERNAME=Domain\user IS_NET_API_LOGON_PASSWORD=password SPINTERNALDB=No Specify the service logon user as Server\user or Domain\user with the IS_NET_API_LOGON_USERNAME parameter. Specify the service logon password after the parameter. IS_NET_API_LOGON_PASSWORD. The default Local System Account is taken as the service logon user if the specified password is not correct. To install Symantec Protection for SharePoint console and log installation events At the command line, type the following: msiexec /I Symantec Protection 6.0 for SharePoint Servers.msi /qn /L C:\<filename>.log Specify the installation log file name in <filename>.log. The location of the installation log is C:\<filename>.log. You can modify the location of the log by changing the file location in the command-line entry. Note: Symantec Protection for SharePoint Servers also supports Microsoft Cluster. About repairing or modifying Symantec Protection for SharePoint Servers or its components If you have the Symantec Protection for SharePoint console and Symantec Protection Engine or either component installed on the computer, you can use the software installer to modify, repair, or remove both or either program. See About installing Symantec Protection for SharePoint Servers on page 36. If the current version of Symantec Protection for SharePoint Servers is installed on the computer, the installation program displays a modify, repair or remove screen based on the component present on the computer. The installation program does one of the following when you select the modify, repair, or remove option: Modify Reinstalls the component.

55 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers 55 Repair Remove Repairs any installation errors. Uninstalls the component of Symantec Protection for SharePoint Servers. Table 2-4 describes the action that is taken by the Symantec Protection for SharePoint Servers installation program when the current version of the product is installed on the computer. Table 2-4 Installation option Installation options Currently installed on the server Action Install Symantec Protection 6.0 for SharePoint Servers (Full Install) Symantec Protection for SharePoint console and Symantec Protection Engine 7.0 The modify/repair/remove panel for Symantec Protection Engine appears first. If you click "Cancel", the modify/repair/remove panel for Symantec Protection for SharePoint console appears. Symantec Protection Engine 7.0 Symantec Protection for SharePoint console The modify/repair/remove panel for Symantec Protection Engine appears first. If you click "Cancel", installation of Symantec Protection for SharePoint console begins. Installation of Symantec Protection Engine begins. If you click "Cancel" or finish installation of Symantec Protection Engine, the modify/repair/remove panel of Symantec Protection for SharePoint console appears. Install only the Symantec Protection Engine 7.0 Symantec Protection for SharePoint console and Symantec Protection Engine 7.0 The modify/repair/remove panel for Symantec Protection Engine appears. Symantec Protection Engine 7.0 Symantec Protection for SharePoint console The modify/repair/remove panel for Symantec Protection Engine appears. Installation of Symantec Protection Engine begins.

56 56 Installing Symantec Protection for SharePoint Servers Upgrading Symantec Protection for SharePoint Servers version 5.1.x to version 6.0.x Table 2-4 Installation option Installation options (continued) Currently installed on the server Action Install only the Symantec Protection for SharePoint console Symantec Protection for SharePoint console and Symantec Protection Engine 7.0 The modify/repair/remove panel for Symantec Protection for SharePoint console appears. Symantec Protection Engine 7.0 Symantec Protection for SharePoint console Installation of Symantec Protection for SharePoint console begins. The modify/repair/remove panel for Symantec Protection for SharePoint console appears. Upgrading Symantec Protection for SharePoint Servers version 5.1.x to version 6.0.x The Symantec Protection 6.0.x for SharePoint Servers installation program detects version 5.1.x of the product. When it detects version 5.1.x, it uninstalls Symantec Protection for SharePoint Servers version 5.1.x and then installs Symantec Protection 6.0.x for SharePoint Servers. Before you upgrade from version 5.1.x to version 6.0.x, you must know the following information: Based on the SharePoint version, the following software components are required: WSS 2.0/SPS 2003 Microsoft.NET Framework 2.0 SP1 or higher Microsoft ASP.NET 2.0 AJAX Extensions 1.0 ASP.NET version or higher for Central Admin Site WSS 3.0/MOSS 2007 Microsoft.NET Framework 2.0 SP1 or higher Microsoft ASP.NET 2.0 AJAX Extensions 1.0

57 Installing Symantec Protection for SharePoint Servers Post-installation tasks 57 Microsoft SharePoint Foundation 2010 Microsoft.NET Framework 2.0 SP1 or higher Microsoft Office SharePoint Server 2010 For SharePoint 2003/2007, Symantec Protection 6.0.x for SharePoint Servers does not support a SharePoint stand-alone configuration with Microsoft SQL Server Desktop Engine or Windows Internal Database. The following ports must be available: Symantec recommends you to perform the following tasks: Before you install, back up the web.config file of the SharePoint Central Administration site. Symantec Protection 6.0.x for SharePoint Servers installation program does not retain any settings from Symantec Protection for SharePoint Servers version 5.1.x. You must back up all the current Symantec Protection for SharePoint Servers settings of version 5.1.x before you upgrade to version 6.0.x. After you configure Symantec Protection 6.0.x for SharePoint Servers on any of your SharePoint servers, you can use the Import/Export settings feature to copy these settings to other SharePoint deployments. Back up the quarantine files from Symantec Protection for SharePoint Servers version 5.1.x. Post-installation tasks The post-installation tasks are as follows: Access the Symantec Protection for SharePoint console See Accessing the console on page 66. Enable real-time scanning See Configuring real-time scanning on page 76. Install the license for Symantec Protection Engine. This step is required if you did not install the license during installation. See Installing the license file on page 112.

58 58 Installing Symantec Protection for SharePoint Servers Post-installation tasks Register the Symantec Protection Engine with the Symantec Protection for SharePoint console See Scheduling scans on page 89. Configure Symantec Protection Engine. See Accessing the Symantec Protection Engine console on page 103. Enable security risk detection See About enabling security risk detection on page 118. Configure Symantec Protection for SharePoint Servers See About configuring Symantec Protection for SharePoint Servers on page 73. Starting the Central Administration service in a farm environment When you deploy Symantec Protection 6.0 for SharePoint Servers in a farm environment, you must install the console on all front-end servers in the farm and at least on one server where Central Administration service is running. See About deployment options (standalone and farm environments) on page 22. To start the Central Administration service on a front-end Web server 1 On the server that currently hosts the Central Administration website, click Start > Programs > Administrative Tools > SharePoint 3.0 Central Administration. This step accesses the Central Administration console. 2 On the Central Administration page, click Operations. By default, Operations can be seen in the left menu under Central Administration. 3 Under Topology and Services, click Services on server. 4 From the drop-down box near Server, click Change Server. A list of servers in the farm is displayed. 5 Click on the name of a front-end Web server in the farm. You can view a list of services that have been started (in green) or stopped (in red) on the selected server. 6 Click Start under Action for Central Administration if the status is "Stopped". Click Start under Action if the status is Stopped. 7 Access (remotely or directly) the front-end Web server on which Central Administration service was started.

59 Installing Symantec Protection for SharePoint Servers Uninstalling Symantec Protection for SharePoint Servers 59 8 From the command line prompt, once you access the front-end server on which the Central Administration service was started, run IISRESET. This command restarts the IIS services. 9 Restart the Symantec Protection 6.0 for SharePoint Servers service. If you do not find Symantec Protection 6.0 for SharePoint Servers in the list of services, you must install Symantec Protection 6.0 for SharePoint Servers on the server. 10 Click Start > Programs > Administrative Tools > SharePoint 3.0 Central Administration to access this front-end Web server's Central Administration page. Note: By default, when you click SharePoint 3.0 Central Administration, the first installed Central Administration console opens up. Hence, ensure that you have the correct fully qualified host name in the URL. 11 On the Central Administration page, click Operations. On the Central Administration page, click System Settings. By default, Operations can be seen in the left menu under Central Administration. By default, the System Settings option can be seen in the left menu under Central Administration. 12 Click the Symantec Protection 6.0 for SharePoint Servers link to access the Symantec Protection for SharePoint console. You can now configure Symantec Protection for SharePoint Servers. You must repeat these steps for each front-end Web server in the farm. Uninstalling Symantec Protection for SharePoint Servers You can uninstall both components of Symantec Protection for SharePoint Servers from the Windows Control Panel or by using the software installer. You can also silently uninstall the Symantec Protection for SharePoint console from the command line. See Uninstalling the Symantec Protection for SharePoint console on page 60. See Uninstalling Symantec Protection Engine on page 62.

60 60 Installing Symantec Protection for SharePoint Servers Uninstalling Symantec Protection for SharePoint Servers Uninstalling the Symantec Protection for SharePoint console When you uninstall Symantec Protection for SharePoint console, the quarantine folder and the respective quarantine tables in the SharePoint configuration database remain. You can uninstall the console from the Windows Control Panel, the software installer, or do a silent uninstall from the command line. To uninstall the Symantec Protection for SharePoint console from the Windows Control Panel 1 Log on to the computer as administrator or as a user with administrator rights. The logon user must also be one of the following: A user who configured SharePoint farm using SharePoint Configuration and Technology wizard. A farm administrator and db_owner of SharePoint configuration database. 2 Click Start > Control Panel and then select Programs and Features. 3 In the Add/Remove Programs Control Panel, click Symantec Protection 6.0 for SharePoint Servers. 4 Click Change/Remove. 5 Follow the on-screen instructions to complete the uninstallation. To uninstall the Symantec Protection for SharePoint console by using the software installer 1 Log on to the computer on which you plan to uninstall the console as administrator or as a user with administrator rights. The logon user must also be one of the following: A user who configured SharePoint farm using SharePoint Configuration and Technology wizard. A farm administrator and db_owner of SharePoint configuration database. 2 Run the Symantec Protection for SharePoint Servers software installer. 3 On the main page, click Install. 4 In the next installer page, click Install only the Symantec Protection for SharePoint console. 5 In the Welcome panel, click Next. The modify/repair/remove panel for Symantec Protection for SharePoint console appears. 6 Select Remove and click Next.

61 Installing Symantec Protection for SharePoint Servers Uninstalling Symantec Protection for SharePoint Servers 61 7 In the Remove the Program panel, click Remove. The Symantec Protection for SharePoint console uninstallation begins. 8 Click Finish. You can uninstall the Symantec Protection for SharePoint console by clicking the Install Symantec Protection 6.0 for SharePoint Servers (Full Install) option also. The modify/repair/remove panel for Symantec Protection Engine appears first. If you click Cancel, the modify/repair/remove panel for Symantec Protection for SharePoint console appears. To silently uninstall the Symantec Protection for SharePoint console 1 Change the directory to the location of the Symantec Protection for SharePoint console installation program file, Symantec Protection 6.0 for SharePoint Servers.msi, in the software package. For a 32-bit system, the location is 32BitSetup/DISK1/Symantec Protection 6.0 for SharePoint Servers.msi and for a 64-bit system, the location is 64BitSetup/DISK1/ Symantec Protection 6.0 for SharePoint Servers.msi. 2 At the command line, type the following: msiexec /X "Symantec Protection 6.0 for SharePoint Servers.msi" /qn This command silently uninstalls the Symantec Protection for SharePoint console with the default Local System Account. To silently uninstall the Symantec Protection for SharePoint console and log uninstallation events 1 Change the directory to the location of the Symantec Protection for SharePoint console installation program file, Symantec Protection 6.0 for SharePoint Servers.msi, in the software package For a 32-bit system, the location is 32BitSetup/DISK1/Symantec Protection 6.0 for SharePoint Servers.msi and for a 64-bit system, the location is 64BitSetup/DISK1/Symantec Protection 6.0 for SharePoint Servers.msi. 2 At the command line, type the following: msiexec /X "Symantec Protection 6.0 for SharePoint Servers.msi" /qn /L C:\<filename>.log The location of the uninstallation log is C:\<filename>.log. You can modify the location of the log by changing the file location in the command-line entry.

62 62 Installing Symantec Protection for SharePoint Servers Uninstalling Symantec Protection for SharePoint Servers Uninstalling Symantec Protection Engine When you uninstall Symantec Protection Engine, the license keys remain. If you want to permanently uninstall Symantec Protection Engine, you must manually uninstall the license keys. The default license directories are as follows: Windows Linux and Solaris C:\Program Files\Common Files\Symantec Shared\Licenses /opt/symantec/licenses You can uninstall Symantec Protection Engine from the Windows Control Panel, or by using software installer. To uninstall Symantec Protection Engine on Windows Server 1 Log on to the computer as an administrator or as a user with administrator rights. 2 On Windows 2000 Server/Server 2003, in the Add/Remove Programs window, select Symantec Protection Engine 7.0, and then click Remove. On Windows Server 2008, in the Programs and Features window, select Symantec Protection Engine 7.0, and then click Uninstall. 3 Follow the on-screen instructions to complete the uninstallation. For more information about how to uninstall Symantec Protection Engine on a Solaris or Linux computer, see the Symantec Protection Engine Implementation Guide. To uninstall Symantec Protection Engine by using the software installer 1 Log on to the computer on which you plan to uninstall the Symantec Protection Engine as administrator or as a user with administrator rights. 2 Run the Symantec Protection for SharePoint Servers software installer. 3 On the main page, click Install. 4 In the next installer screen window, click Install only the Symantec Protection Engine. 5 In the Welcome panel, click Next. The modify/repair/remove panel for Symantec Protection Engine appears. 6 Select Remove and click Next. 7 In the Remove the Program panel, click Remove. Symantec Protection Engine uninstallation begins.

63 Installing Symantec Protection for SharePoint Servers Uninstalling Symantec Protection for SharePoint Servers 63 8 Click Finish. 9 You can uninstall the Symantec Protection Engine by clicking the Install Symantec Protection 6.0 for SharePoint Servers (Full Install) option also. The modify/repair/remove panel for Symantec Protection Engine appears first. If you click Cancel, the modify/repair/remove panel for Symantec Protection for SharePoint console appears. See About repairing or modifying Symantec Protection for SharePoint Servers or its components on page 54.

64 64 Installing Symantec Protection for SharePoint Servers Uninstalling Symantec Protection for SharePoint Servers

65 Chapter 3 Using the Symantec Protection for SharePoint console This chapter includes the following topics: About the Symantec Protection for SharePoint console About the console home page About the Symantec Protection for SharePoint console The Symantec Protection for SharePoint console refers to the administrative interface for Symantec Protection for SharePoint Servers. You can access the Symantec Protection for SharePoint console through the SharePoint Central Administration Console. The integration of the Symantec Protection for SharePoint console into the SharePoint administrative interface makes it easy for regular SharePoint users to navigate. You can access the Symantec Protection for SharePoint console from any computer on your network that can access the server on which the Symantec Protection for SharePoint console is installed. However, you must have the permissions to access the SharePoint Central Administration page. Once you open the SharePoint Central Administration page, access to the Symantec Protection for SharePoint console is limited to only domain administrators or members of the Local Administrators group. You can ensure that only authenticated users can access and modify Symantec Protection for SharePoint Servers settings. Set a password so that only users who

66 66 Using the Symantec Protection for SharePoint console About the Symantec Protection for SharePoint console Accessing the console are aware of this password can gain access to the Symantec Protection for SharePoint console. See Configuring a password for the console on page 74. You can access the Symantec Protection for SharePoint console through the following ways: SharePoint Central Administration page See To access the console through the SharePoint Central Administration page on page 66. Internet Information Services (IIS) Manager See To access the console through Internet Information Services (IIS) Manager on page 67. Internet Explorer See To access the console through Internet Explorer on page 67. Access the console from the system on which the Symantec Protection for SharePoint console is installed. You can also access the console from other computers on the network, but you must be a member of the domain administrator group or the Local Administrators group. You can change the service logon user name and password for the Symantec Protection for SharePoint Servers after you log on. To access the console through the SharePoint Central Administration page 1 Click the Start button, and then point to Programs. Point to Administrative Tools, and then do the following tasks: For MOSS 2007 For SPS 2003 Click SharePoint 3.0 Central Administration Click SharePoint Central Administration 2 Type the user name and password of an account that has domain administrator or local administrator rights.

67 Using the Symantec Protection for SharePoint console About the Symantec Protection for SharePoint console 67 3 On the Central Administration page, click Operations to go to the operations page. By default, Operations can be seen in the left menu under Central Administration. 4 Click the Symantec Protection 6.0 for SharePoint Servers link to access the Symantec Protection for SharePoint console. See Symantec Protection for SharePoint Servers link is missing from the SharePoint Central Administration site on page 154. To access the console through Internet Information Services (IIS) Manager 1 Click the Start button, and then point to Programs. Point to Administrative Tools, and then click Internet Information Services (IIS) Manager. 2 In the left pane, expand your server name. 3 In the list, expand Web Sites. 4 Under Web Sites, right-click SharePoint Central Administration v3. and click Browse. 5 In the left pane, under your server name, select Sites, right-click SharePoint Central Administration v4 > Manage Web Site and then click Browse. 6 If you are prompted, type the user name and password of the user account with local administrator or domain administrator rights. The SharePoint Central Administration page appears in the right pane of the IIS Manager. 7 On the Central Administration page, click Operations to go to the operations page. By default, Operations can be seen in the left menu under Central Administration. 8 Click the Symantec Protection 6.0 for SharePoint Servers link to access the Symantec Protection for SharePoint console. See Symantec Protection for SharePoint Servers link is missing from the SharePoint Central Administration site on page 154. To access the console through Internet Explorer Do the following to access the Symantec Protection for SharePoint console through the Internet Explorer: Determine the port number of the Central Administration page on the server that is running the Symantec Protection for SharePoint console. Launch the Central Administration page through the Internet Explorer.

68 68 Using the Symantec Protection for SharePoint console About the Symantec Protection for SharePoint console Access the console through the Central Administration page. See To access the console through the SharePoint Central Administration page on page 66. To determine the port number of the Central Administration page 1 Click the Start button, and then point to Programs. Point to Administrative Tools, and then click Internet Information Services (IIS) Manager. 2 In the left pane, expand your server name. 3 In the list, expand Web Sites. 4 Under Web Sites, right-click SharePoint Central Administration v3. 5 In the left pane, under your server name, select Sites, right-click SharePoint Central Administration v4 and then click Browse. 6 In the menu, click Properties. You can see the TCP port number in the TCP port box under the Web Site tab. 7 From the menu, click Edit Bindings. In the Site Bindings window, under Port, you can see the TCP port number. To launch the Central Administration page through Internet Explorer 1 Launch the Web browser on any computer on your network that can access the server that is running the Symantec Protection for SharePoint console. 2 Go to the following URL: where <servername> is the host name or IP address of the server that is running the Symantec Protection for SharePoint console and <port> is the TCP port number that is assigned during installation to the Central Administration page. The Central Administration page appears. See To access the console through the SharePoint Central Administration page on page 66. Changing the service logon account information The components of Symantec Protection for SharePoint Servers have the following separate entries in the Services Control Panel.

69 Using the Symantec Protection for SharePoint console About the Symantec Protection for SharePoint console 69 Symantec Protection for SharePoint console Symantec Protection for SharePoint console is listed as Symantec Protection 6.0 for SharePoint Servers in the Services Control Panel. During the installation, you must type a service logon user name and password. The user account must be a member of the Local Administrators Group on the computer on which the SharePoint server is installed. If the SQL server is on a separate computer, the user account must also be a member of the Local Administrators Group on that computer. Symantec Protection Engine The user account must be of a user who configured SharePoint farm using SharePoint Configuration and Technology wizard. The user name should be in the following format: domain\username or computer\username. See To change the service logon account information on page 69. Symantec Protection Engine is installed with the local system account as the logon service account by default. To access the Symantec Protection Engine console, you need the virtual administrative account password. See Accessing the Symantec Protection Engine console on page 103. You can change the service logon account for Symantec Protection for SharePoint Servers through the Services Control Panel any time after installation. To change the service logon account information 1 In the Windows Control Panel, double-click Administrative Tools. 2 In the Administrative Tools window, double-click Services. 3 In the list of services, right-click Symantec Protection 6.0 for SharePoint Servers and click Properties. 4 Under the LogOn tab, select Thisaccount. Type the user name and password. The user name must be in the format domain\username or computer\username. The user account must be a member of the Local Administrators Group on the computer on which the SharePoint server is installed. If the SQL server is on a separate computer, the user account must be a member of the Local Administrators Group on that computer as well. The user account must be of a user who configured SharePoint farm using SharePoint Configuration and Technology wizard. 5 Confirm the password by typing it again. 6 Click Ok.

70 70 Using the Symantec Protection for SharePoint console About the console home page About the console home page Figure 3-1 shows the Symantec Protection for SharePoint Servers home page. Figure 3-1 Symantec Protection for SharePoint Servers home page Navigation links Click the navigation links at the top of the page to return to the console home page or to go back to the previous page from anywhere in the Symantec Protection for SharePoint console. Feature links Use the feature links to navigate to the main features for Symantec Protection for SharePoint Servers. When you click a link, the page that contains that feature's options appears. Table 3-1 provides the information about the feature links.

71 Using the Symantec Protection for SharePoint console About the console home page 71 Table 3-1 Link Global Settings Feature links functions Description Global Settings has the following links: SharePoint Server Farm Overview: Lists the details of all the registered servers in the farm. This option is available only in a SharePoint Server farm environment. See About SharePoint Server Farm overview on page 75. Real-time scan settings: Lets you configure the real-time scan settings for upload and download of documents from the SharePoint server. See Configuring real-time scanning on page 76. Manual scan and scheduled scan settings: Lets you run an immediate (manual) scan, schedule scans of the documents that are stored on the SharePoint server, and configure settings for manual scans and scheduled scans of the SharePoint server content. See About manual scans and scheduled scans on page 80. Console settings: Lets you configure password protection for the console. See Configuring a password for the console on page 74. Import/Export Settings: Lets you import Symantec Protection for SharePoint Servers settings from one SharePoint deployment to another SharePoint deployment when you have multiple SharePoint configurations on your network. See About importing and exporting settings on page 91. Symantec Protection Engines Symantec Protection Engines has the following links: Register a new Symantec Protection Engine: Lets you register a Symantec Protection Engine. See Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers on page 93. List and edit all registered Symantec Protection Engines: Lets you add, delete, and edit registered Symantec Protection Engines. See About adding, removing, editing, and viewing registered Symantec Protection Engines on page 96. Global Symantec Protection Engine settings: Lets you configure the auto-check interval for the status of registered Symantec Protection Engines, and other settings relevant to all registered Symantec Protection Engines. See Specifying the scanning mode for load balancing on page 98. See Checking for the latest virus definitions on page 99.

72 72 Using the Symantec Protection for SharePoint console About the console home page Table 3-1 Link Management Feature links functions (continued) Description Management has the following links: Log file settings: Lets you set the event logging level and log file location. See About SMTP logging on page notification settings: Lets you specify and customize notifications. See Configuring SMTP logging on page 127. Quarantine Management: Lets you view a list of all the quarantined files. See About quarantine management on page 149. Reports Reports has the following links: On-demand reports: Lets you examine system, scan process, and Symantec Protection Engine data in either a report or a pie chart format. See Generating an on-demand report on page 144. Schedule reports: Lets you schedule an hourly, daily, weekly, or monthly report. You can generate and distribute the report by to the specified users. See Scheduling a report on page 145. Status pane The status pane on the console home page provides an overview of the current status of the Symantec Protection Engines. You also can view a graphic overview of the maximum and currently used scanning threads for all active online Symantec Protection Engines. See About the status pane on page 123.

73 Chapter 4 Configuring Symantec Protection for SharePoint Servers This chapter includes the following topics: About configuring Symantec Protection for SharePoint Servers About SharePoint Server Farm overview Configuring real-time scanning About manual scans and scheduled scans About importing and exporting settings Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers About configuring Symantec Protection for SharePoint Servers Symantec Protection for SharePoint Servers lets the SharePoint server communicate with Symantec Protection Engine to request virus scanning. Symantec Protection for SharePoint Servers interprets the results that are returned from Symantec Protection Engine after scanning. You configure Symantec Protection for SharePoint Servers through the Symantec Protection for SharePoint console. You can access the console from the SharePoint server administrative interface. See Accessing the console on page 66.

74 74 Configuring Symantec Protection for SharePoint Servers About configuring Symantec Protection for SharePoint Servers You can configure the following options through the Symantec Protection for SharePoint console: Configuring a password for the console See Configuring a password for the console on page 74. About SharePoint Server Farm overview See About SharePoint Server Farm overview on page 75. Configuring real-time scanning See Configuring real-time scanning on page 76. About configuring global manual and scheduled scanning options See About configuring global manual and scheduled scanning options on page 81. Scheduling scans See Scheduling scans on page 89. Performing a manual scan See Performing manual scans on page 91. Specifying file handling rules See Specifying file handling rules on page 86. Excluding files with specific extensions from being scanned See Excluding files with specific extensions from being scanned on page 82. Excluding folders from being scanned See Excluding folders from being scanned on page 83. Specifying the location for quarantined documents See Specifying the location for quarantined documents on page 85. Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers See Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers on page 93. Specifying the scanning mode for load balancing See Specifying the scanning mode for load balancing on page 98. Checking for the latest virus definitions See Checking for the latest virus definitions on page 99. Configuring a password for the console You can ensure that only authenticated users can access and modify Symantec Protection for SharePoint Servers settings by securing the console with a password. When you initially install Symantec Protection for SharePoint Servers, no password

75 Configuring Symantec Protection for SharePoint Servers About SharePoint Server Farm overview 75 is set. You must set the password through the console after installation. The password once set is replicated for all the servers in the SharePoint Server Farm environment. You can also configure a time-out setting. The time-out setting locks the console if there is no activity for the amount of time that you specify. Users can only unlock the console with the password. For added security, the console contains a logout feature. The logout feature lets users lock the console when they step away from the computer. The console can only be unlocked with the password. The logout link appears at the top-right of the console. Note: You must set and save the console password for the logout link to appear on the console. To configure a password for the console 1 On the home page of the Symantec Protection for SharePoint console, under Global Settings, click Console settings. 2 Check Password protect the Symantec Protection for SharePoint console. 3 In the password field, type the password. Note: Blank passwords are not supported. 4 Check Show password to see the password. The password text is hidden by default. 5 In the Timeout box, type the number of minutes of inactivity at which the console locks. 6 Click Save. About SharePoint Server Farm overview You can view the details of all the registered servers in the SharePoint Server Farm environment. The information about each server, server address, and its role in the farm, the server's state and the operating system details are listed in the SharePoint Server Farm Overview page. If Symantec Protection for SharePoint Server is installed, the details of the product are displayed. The Connection bar indicates the status of Symantec Protection Engine if protection engine is enabled. In case Symantec Protection for SharePoint

76 76 Configuring Symantec Protection for SharePoint Servers Configuring real-time scanning Server is not installed, a message is displayed and you are warned that infected files may get uploaded. To list the details of the servers in the farm On the Symantec Protection for SharePoint console home page, under Global Settings, click SharePoint Server Farm Overview. The details like server name, address, and state of all the servers in the farm are displayed. Click the navigation link at the top of the page to return to the console home page. Configuring real-time scanning Real-time scanning means that you can specify whether you want files scanned as they are being uploaded to and downloaded from the SharePoint server. All uploaded files and downloaded files are submitted for scanning, unless the file type is listed as a default blocked type under Security configuration in the SharePoint Central Administration page. All the files that are uploaded or downloaded through WebDAV are also scanned. When a user attempts to upload a file that contains an unrepairable virus, the user receives a notification that the file is infected. The file is not stored on the SharePoint server. When a user attempts to download a file from the SharePoint server that is infected and unrepairable, the file is not passed to the user. The user receives a notification that access to the file is denied. See How caching works on the SharePoint server on page 14. See What happens when a file is uploaded on page 15. See What happens when a file is downloaded on page 15. To configure real-time scan settings 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Real-time scan settings. 2 On the Real-time scan settings page, under Number of Threads, click Edit Settings.

77 Configuring Symantec Protection for SharePoint Servers Configuring real-time scanning 77 3 On the AntiVirus page, in the AntiVirus Settings section, select any of the following options to enable its features: Scan documents on upload Scan files before they are uploaded (stored) on the SharePoint server. Infected files that cannot be repaired are not uploaded to the SharePoint server. This option is disabled by default. Scan documents on download Scan files that have already been stored on the SharePoint server before they are downloaded to a requesting user. Allow users to download infected documents This option is disabled by default. Lets users download infected files that cannot be repaired. Do not select this option unless you want to resolve a virus infection. Warning: If you permit users to download infected files, you may expose your network to virus attacks. Your network is particularly vulnerable if you are not using real-time virus protection on other areas of your network. See About protecting the servers that are running the Symantec Protection for SharePoint Servers components on page 28. Attempt to clean infected documents Attempts to repair files that contain viruses. This option is disabled by default. 4 In the Time out duration box, type the amount of time that the virus scanner runs before the scanning process times out. The default setting is 300 seconds (5 minutes). You can adjust this duration based on the performance. 5 In the Number of threads box, type the number of threads that real-time scanning processes will use and then click Ok. The default setting is 5. You can adjust this value based on the performance. 6 On the SymantecProtectionforSharePointconsole home page, under Global Settings, click Real-time scan settings. 7 Select the Bypass scanning when all protection engines are busy check box to continue to upload or download files even if all the registered protection engines are busy.

78 78 Configuring Symantec Protection for SharePoint Servers Configuring real-time scanning 8 Select the Bypass scanning when all protection engines are offline or disabled check box to continue to upload or download files even if no registered protection engine is available to scan the file. 9 Select the Scan all content that was bypassed when all protection engines were offline or busy check box to scan all the content that was previously bypassed while uploading as the protection engines were offline or disabled. 10 Select the Allow security risk files check box to upload or download files which are otherwise threats to your network. 11 Select the Allow encrypted files check box to upload or download encrypted files which may probably be infected files and are threats to your network. 12 Select the Allow unscannable files check box to upload or download files that cannot be scanned and may be threats to your network.

79 Configuring Symantec Protection for SharePoint Servers Configuring real-time scanning On the Real-time scan settings page, in the Infection Auto Rescan section, select any of the following options to enable its features. If this feature is enabled, action is taken on all the infected files. The Infection Auto Rescan options are available only if Scan documents on upload or Scan documents on download options are enabled. Allow auto rescan Rescan when infected file is detected Symantec Protection for SharePoint Servers lets you automatically rescan the files by applying the rules that are configured in the manual scan and scheduled scan settings page. Rescans infected files that are found upon searching the entire SharePoint Server for any file having the same file name as the infected file detected during real-time scanning. Rescan when security risk file is detected Rescans security risk files that are found upon searching the entire SharePoint Server for any file having the same file name as the infected file detected during real-time scanning. This option is not available if Allow security risk files option is selected. Rescan when encrypted file is detected Rescans encrypted files that are found upon searching the entire SharePoint Server for any file having the same file name as the infected file detected during real-time scanning. Rescan when unscannable file is detected Scan on entire SharePoint Server This option is not available if Allow encrypted files option is selected. Rescans unscannable files that are found upon searching the entire SharePoint Server for any file having the same file name as the infected file detected during real-time scanning. This option is not available if Allow unscannable files option is selected. Scans the entire SharePoint Server, including paths specified in the Exclude folders list. If this feature is not enabled then action is taken only during manual and scheduled scan.

80 80 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans 14 The parameters for the command line tool CmdSymScan located at <installdir>:\program Files\Symantec\SharePoint are as follows: Command show <parameter> set <parameter> Parameter show autorescanthreads show autorescanqueuecount show autorescanblocksec set autorescanthreads <number> set autorescanqueuecount <number> set autorescanblocksec <number> Description Shows the thread counts for auto rescan. Shows the default count of queued items for auto rescan. Shows the default block time in seconds for auto rescan. Sets the value of auto rescan threads between 1 and 10. Sets the default count of queued items for auto rescan between 1 and 5,000. Sets the default block time in seconds for auto rescan between 0 and 10, Select one of the following: Save Restore Saves your settings. Reverts your settings to the last saved settings. Note: The settings configured for real-time scanning are replicated across all the servers in the SharePoint Server Farm environment. About manual scans and scheduled scans Schedule periodic scans of the document library to ensure that all files have been scanned for viruses. Scheduled scans occur at the time and frequency that you specify. Both manual scanning and scheduled scanning can occur at the same time and does not affect real-time scanning of uploaded and downloaded files. You can also force an immediate (manual) scan of the documents in the document library. The options that you configure for scheduled scans also apply to manual scans. You should perform a manual scan whenever you make configuration

81 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans 81 changes to Symantec Protection Engine such as changes to mail filter policy settings, container processing limits, or other processing limits. You can improve scanning performance by excluding certain directories or folders from being scanned. You can also specify which file types to omit from scanning. During a manual or scheduled scan, all files are submitted for scanning except the files and folders contained in exclusion lists. You can also limit scanning to only those files that have been added or modified since the last manual scan or scheduled scan. Symantec Protection for SharePoint Servers can compare the time a file was modified or added with the time of the last scan. This feature lets you conserve scanning resources by omitting files from scanning that have not been modified or added since the last scan. When this feature is disabled, all files are scanned during manual scans and scheduled scans. About configuring global manual and scheduled scanning options You can configure the following options for both scheduled scans and manual scans: Excluding files with specific extensions from being scanned See Excluding files with specific extensions from being scanned on page 82. Excluding folders from being scanned See Excluding folders from being scanned on page 83. Specifying the number of threads for scanning See Specifying the number of threads for scanning on page 83. Scanning all file versions in the document library See Scanning all file versions in the document library on page 84. Scanning only those files that were added or modified from the last scan See To scan only those files that have been added or modified since the last completed scan on page 85. Specifying the location for quarantined documents See Specifying the location for quarantined documents on page 85. Specifying file handling rules See Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers on page 93. Reviewing scan statistics See Reviewing scan statistics on page 88.

82 82 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans Note: In the SharePoint Server Farm environment, you must select a server to schedule a manual scan. The parameters for the command line tool CmdSymScan located at <Installdir>:\Program Files\Symantec\SharePoint lets to start or stop a scan or to set the date of the last manual scan performed. Command startscan stopscan syncfarm? help setdatemanual show? set? clearconsolepassword PathToBeExcluded Description Starts a scan Stops a scan Synchronizes the settings for all the servers in the SharePoint Server Farm environment Provides help for the available parameters Provides help for the available parameters Sets the date of the last completed scan time with the current date and time Lists all the parameters available for the show command Lists all the parameters available for the set command Clears the console password Excludes a specific folder from a manual or scheduled scan. Excluding files with specific extensions from being scanned Viruses are found only in file types that contain executable code. You can save bandwidth and time by excluding those files types that are not likely to contain viruses from scanning. The default file extension exclude list displays the extensions for those file types that are not likely to contain viruses and can be excluded from scanning. You can customize this list.

83 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans 83 To exclude files with specific extensions from being scanned 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and scheduled scan settings. 2 Under Exclusion List, on the right pane, in the File extension exclude list box, add or delete the file extensions that you do not want to scan. Use a period with each extension in the list. Separate each extension with a semicolon (for example,.htm;.css;.gif;.aspx). 3 Click Save. Excluding folders from being scanned You can exclude directories or folders from manual scans or scheduled scans. To exclude document libraries from manual and scheduled scans 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and scheduled scan settings. 2 In the Exclusion List section, the Number of excluded paths list displays the number of selected paths that are excluded from a manual or scheduled scan. 3 Click Add exclude path. In the Exclude folder page, the Exclude Path section under Exclude folders gives the current excluded paths. There are no exclude folders or paths defined by default. 4 In the Microsoft SharePoint Server Folder section, select the folder, directory, or path that you want to exclude from a scan. 5 Scroll down to the bottom of the page and click Add. You can view the added folder or path in the Exclude Path section. 6 To include a folder or path back into a scan, click the Remove icon against the path. Specifying the number of threads for scanning Symantec Protection for SharePoint Servers sends several documents in parallel for scanning based on the number of threads that you specify. This process improves the performance significantly.

84 84 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans To specify the number of threads for scanning 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and scheduled scan settings. 2 Under the Optional Settings feature, in the Number of threads box, specify the number of threads that you want Symantec Protection for SharePoint Servers to use during scanning. The default number of threads is 10. You can specify any value between 1 and 25. The number of threads that you specify here is only for manual scans and scheduled scans. See Configuring real-time scanning on page Click Save. Scanning all file versions in the document library Microsoft Windows SharePoint Services lets users keep multiple versions of a document. This option also lets users revert to a previous version. To scan all file versions in the document library 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and scheduled scan settings. 2 Under the Optional Settings feature, in the right pane, check Scan all file versions in the document library. If you enable the option Scan all file versions in the document library, Symantec Protection Engine scans all versions of a document. 3 Click Save. Scanning those files that have been added or modified since the last completed scan You can limit scanning to only those files that have been added or modified since the last completed manual scan or scheduled scan. Symantec Protection for SharePoint Servers compares the time a file was modified or added with the time of the last completed scan. This feature lets you conserve scanning resources by omitting files from scanning that have not been modified or added since the last scan. When this feature is disabled, all files are scanned during manual scans and scheduled scans.

85 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans 85 To scan only those files that have been added or modified since the last completed scan 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and scheduled scan settings. 2 Under the Optional Settings feature, in the right pane, select the Scan only modified or new files since last completed scan check box. If no manual or scheduled scan has been completed, then this option is inactive. If a previous scan has been completed, the end time appears. 3 Click Save. Specifying the location for quarantined documents You can quarantine any of the file types that are detected during a manual scan or scheduled scan. When you specify the option to "Copy to Quarantine and Delete", Symantec Protection for SharePoint Servers puts a copy of the file in the quarantine folder. Then it deletes the file. You can access and remove files directly from the quarantine folder. See Specifying file handling rules on page 86. You can specify the location of the quarantine folder. The default location is as follows: C:\Program Files\Symantec\SharePoint\Quarantine. Whatever location you choose for the quarantine folder, ensure that you omit this folder from being scanned by any antivirus scanning program.

86 86 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans To specify the location for quarantined documents 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and scheduled scan settings. 2 Under Optional Settings, in the Quarantine folder text box, type the path to the quarantine folder. Symantec Protection for SharePoint Servers stores infected files that it finds during a scheduled scan or a manual scan in this folder. The default location is as follows: C:\Program Files\Symantec\SharePoint\Quarantine\ You can also set the path for the quarantine folder by typing the following at the command line: CmdSymScan set quarantinefolder new path To view the path for the quarantine folder, type the following at the command line: CmdSymScan show quarantinefolder 3 Click Save. Specifying file handling rules You can specify how you want Symantec Protection for SharePoint Servers to process the following types of files that are detected during a manual scan or scheduled scan: Infected files Infected files are files that are infected with one or more viruses. You can configure Symantec Protection for SharePoint Servers to attempt to repair the file, log the detection of infected file, delete it, or copy it to quarantine and then delete the infected file under Basic Virus Rule. Unrepairable virus files If you configure Symantec Protection for SharePoint Servers to attempt to repair infected files, you can also specify how you want to process an unrepairable, infected file. You can configure Symantec Protection for SharePoint Servers to log the detection of an unrepairable file, delete an unrepairable infected file or copy it to the quarantine and then delete the unrepairable infected file. Unscannable files Unscannable files include partial container files, malformed container files, and encrypted container files. You can configure Symantec Protection for SharePoint Servers to log the detection of unscannable files (but take no action with the file), delete the unscannable file, or copy it to the quarantine and then delete the unscannable file.

87 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans 87 Encrypted files Files containing security risks Infected files are often encrypted to deflect scanning attempts. Encrypted files cannot be decrypted and scanned without the appropriate decryption tool. You can configure Symantec Protection for SharePoint Servers to log the detection of encrypted files (but take no action with the file), delete the encrypted file, copy it to the quarantine and then delete the encrypted file. Symantec Protection 6.0 for SharePoint Servers detects files with security risks like spyware, adware, hack tools, dialers, joke programs etc. You can configure Symantec Protection for SharePoint Servers to delete the file that contains the security risk, copy it to the quarantine and then delete the file, or log the detection of a security risk, but take no action with the file. You must also enable security risk detection on Symantec Protection Engine. See About enabling security risk detection on page 118. See Specifying the location for quarantined documents on page 85. Note: Symantec Protection Engine contains a decomposer that extracts the contents of a container file and scans the contents for risks. If the container file includes an unrepairable virus, an encrypted file, an unscannable file, or a file that contains a security risk, that specific file is handled according to its file detection rules. The decomposer then re-assembles the container file and sends it back to Symantec Protection for SharePoint Servers. Symantec Protection for SharePoint Servers considers the file repaired and handles it according to how you have configured the Basic Virus Rule. You can minimize the likelihood that infected files will be stored on the SharePoint server by choosing to scan files before they are uploaded. If the files are found to be infected, they are not uploaded. If the SharePoint server was in operation before you added antivirus scanning, you may have infected files already stored on the SharePoint server. Scheduled scans of the SharePoint server should identify any infected files that have been stored on the server. See Scheduling scans on page 89.

88 88 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans To specify file handling rules 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and scheduled scan settings. 2 In the Infected File Detection Rules section, select the actions that you want Symantec Protection for SharePoint Servers to take for files that are detected during a scan. 3 Click Save. Reviewing scan statistics You can view the statistics of an ongoing or completed scan under "Scan Statistics" in the manual and scheduled scan page. Table 4-1 describes each entry in the scan statistics section. Table 4-1 Scan statistic Last start time Ends at/ Is running Last completed scan Files collected Files processed Scan Statistics Description Displays the date and time when the scan started. Displays the date and time when the scan ended. If its an ongoing scan, this field is renamed as "Is running" and displays the time interval that the scan has been running. Displays the date and time of the last complete scan of the entire document library. Displays the total number of files in the document library. Displays the current number of files that Symantec Protection for SharePoint Servers is processing out of "Files collected". Symantec Protection for SharePoint Servers checks each file for any exclusions (folder or extension) and sends it for scanning. Once a scan is complete, the files processed will be equal to the files collected. Exclude by folder Exclude by extension Clean files Unrepairable files Repairable files Displays the number of files that have been excluded by folder. Displays the number of files that are excluded by extension. Displays the number of clean files. Displays the number of unrepairable files. Displays the number of files with repairable viruses.

89 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans 89 Table 4-1 Scan statistic Encrypted files Files containing security risks Unscannable files Access denied files Scan Statistics (continued) Description Displays the number of files with encrypted content. Displays the number of files that contain security risks. See About enabling security risk detection on page 118. Displays the number of files that have unscannable content. Displays the number of files that come under the following categories: System files with no access permission Files that have been checked out for editing Files that are not readable and cannot be scanned by Symantec Protection Engine Files repaired and replaced Displays the number of files that have been repaired and replaced in the document library. You must specify the file handling rules accordingly. See Specifying file handling rules on page 86. Files quarantined Displays the number of files that have been quarantined to the quarantine folder. You must specify the file handling rules accordingly. See Specifying file handling rules on page 86. See Specifying the location for quarantined documents on page 85. Files deleted Displays the number of files that have been deleted from the document library. You must specify the file handling rules accordingly. See Specifying file handling rules on page 86. Files log only Displays the number of logged files. Scheduling scans You can choose how frequently scheduled scans occur, and you can choose the time of day that the scheduled scan starts. Before you configure a scheduled scan, ensure that you have configured the global manual and scheduled scanning options. See About configuring global manual and scheduled scanning options on page 81.

90 90 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans You can configure the following scanning options before you enable scheduled scanning: Exclude file types from scans See Excluding files with specific extensions from being scanned on page 82. Exclude the libraries on the SharePoint server that you do not want scanned during scheduled scans. The remaining document libraries on SharePoint server will be scanned during scheduled scans. If you do not exclude any document library, Symantec Protection Engine will scan all document libraries on the SharePoint server. See Excluding folders from being scanned on page 83. Specify the number of threads for manual and scheduled scans See Specifying the number of threads for scanning on page 83. Scan all versions of the document If you enable document versioning on your SharePoint server, multiple versions of a document exists as users can check documents in and out. Symantec Protection Engine will scan all versions of the same document. See Scanning all file versions in the document library on page 84. Scan only those files that were added or modified from the last completed scan This option preserves bandwidth and time during a manual or scheduled scan. Symantec Protection for SharePoint Servers compares the last modified time with the last scan time. This comparison ensures that only those files whose "last modified time" is after the last scan time are sent for scanning. See Scanning those files that have been added or modified since the last completed scan on page 84. You can enable scheduled scanning by selecting the frequency and time that the scans will occur. To enable or disable scheduled scanning 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and scheduled scan settings. Note: In the SharePoint Server Farm environment, you must select a server to schedule a scan. 2 Under Scheduled Scan, select one of the following options: Off Daily Weekly

91 Configuring Symantec Protection for SharePoint Servers About importing and exporting settings 91 The default setting is Off. 3 Type the time (hr:mm) of the day in the 24-hour format to start the scheduled scan. The default setting is 00:00 A.M. 4 If you select Weekly, select the day or days of the week on which you want the scheduled scan to occur. 5 Click Save. Performing manual scans 6 The Next run time displays the date and time of the next scheduled scan. You can force an immediate scan of the SharePoint server. All files are sent for scanning irrespective of whether they were previously scanned or not. Before you perform a manual scan, ensure that you have configured the global manual and scheduled scanning options. See About configuring global manual and scheduled scanning options on page 81. To perform a manual scan 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and scheduled scan settings. Note: In the SharePoint Server Farm environment, you must select a server to schedule a manual scan. 2 Under Manual Scan, on the right pane, click Scan Now. You can view the date, time, and other statistics like the number of infected files, during and after a manual scan under Scan Statistics. See Reviewing scan statistics on page 88. About importing and exporting settings When you have multiple SharePoint deployments on your network, you can import Symantec Protection for SharePoint Servers settings from one SharePoint deployment to another SharePoint deployment. You can import the settings by using the options available on the Import/Export Settings page. Before you import the settings, you must save a copy of settings of the SharePoint deployment from which you want to import the settings. You can use the Export

92 92 Configuring Symantec Protection for SharePoint Servers About importing and exporting settings option on the Import/ExportSettings page to save a copy of the settings. Symantec Protection for SharePoint Servers saves these settings in an XML file. Once you save a copy of the settings, you can use the Import option to import the XML file and apply the settings. Note: Symantec recommends that you do not modify the XML file before you import it. Table 4-2 lists the settings that Symantec Protection for SharePoint Servers imports. Table 4-2 Import settings Settings Real-time scan settings Manual scan and scheduled scan settings Description Imports all the settings that you specify under Real-time scan settings. Imports all the settings that you specify under Manual scan and scheduled scan settings. However, Symantec Protection for SharePoint Servers does not import the exclude folder path that you specify under Exclusion List. Log file settings notification settings Imports all the settings that you specify under Log File settings. Imports all the settings that you specify under notification settings. Symantec Protection for SharePoint Servers also imports all the templates. Global Symantec Protection Engine settings Imports all the settings that you specify under Global Symantec Protection Engine settings. See Importing settings from a SharePoint deployment on page 92. See Exporting settings from a SharePoint deployment on page 93. Importing settings from a SharePoint deployment When you have multiple SharePoint deployments on your network, you can import Symantec Protection for SharePoint Servers settings from one SharePoint deployment to another SharePoint deployment. Before you import the settings,

93 Configuring Symantec Protection for SharePoint Servers Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers 93 you must save a copy of settings of the SharePoint deployment from which you want to import the settings. See Exporting settings from a SharePoint deployment on page 93. To import settings from a SharePoint deployment 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Import/Export Settings. 2 Under Import, click Browse and select the XML file that has the settings that you want to import. 3 Click Import. See About importing and exporting settings on page 91. Exporting settings from a SharePoint deployment Symantec Protection for SharePoint Servers lets you save a copy of the settings of a SharePoint deployment. You can save a copy of the settings when you want to back up all the Symantec Protection for SharePoint Servers settings of a SharePoint deployment. Symantec Protection for SharePoint Servers saves these settings in an XML file. You can later use the XML file and import the settings to another SharePoint deployment where you want to apply the same settings. See Importing settings from a SharePoint deployment on page 92. To export settings from a SharePoint deployment 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Import/Export Settings. 2 Click Export and save a copy of the settings. See About importing and exporting settings on page 91. Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers Symantec Protection Engine provides the scanning and repair services for Symantec Protection for SharePoint Servers. In a SharePoint Server Farm environment, Symantec Protection Engine must be registered on all the front-end servers. You can install Symantec Protection Engine on the SharePoint server. You can also install Symantec Protection Engine on a separate server that is not running SharePoint. This lets you move antivirus scanning off-box, thereby reducing the CPU load on the SharePoint server.

94 94 Configuring Symantec Protection for SharePoint Servers Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers If you install Symantec Protection for SharePoint console and Symantec Protection Engine on the same computer and you have a valid Symantec Protection Engine license file, Symantec Protection Engine is automatically registered with Symantec Protection for SharePoint Servers. If you do not have the license file during installation, you can install the license later through the Symantec Protection Engine console. Once you install a valid license file, you must register Symantec Protection Engine with the Symantec Protection for SharePoint Servers. See About licensing Symantec Protection Engine on page 109. See To register a new Symantec Protection Engine on page 96. You configure Symantec Protection Engine separately from the Symantec Protection for SharePoint console through its own Web-based administrative interface. See Accessing the Symantec Protection Engine console on page 103. Install and configure Symantec Protection Engine before you register it with Symantec Protection for SharePoint Servers. Table 4-3 describes the information that you must provide for each Symantec Protection Engine so that Symantec Protection for SharePoint Servers can pass files for scanning. Table 4-3 Option Host or IP address TCP/IP port Description Symantec Protection Engine registration fields Description Specify a host name or IP address for each Symantec Protection Engine that will provide scanning services for the SharePoint server. You can install Symantec Protection Engine on the SharePoint server. You can also install Symantec Protection Engine on a separate server that is not running SharePoint. This lets you move antivirus scanning off-box, thereby reducing the CPU load on the SharePoint server. For more information, see the Symantec Protection Engine Implementation Guide. Specify a TCP/IP port number through which files are passed to Symantec Protection Engine for scanning. The port number must be exclusive to Symantec Protection Engine. This is the port number that you specified during the Symantec Protection Engine installation. The default port is You can add a description (up to 50 characters) for each Symantec Protection Engine.

95 Configuring Symantec Protection for SharePoint Servers Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers 95 Table 4-3 Option Symantec Protection Engine registration fields (continued) Description Enable this Symantec Protection Engine During the registration process, you can choose to enable Symantec Protection Engine. A disabled Symantec Protection Engine is dropped from rotation and is not available for scanning. You can still view the disabled Symantec Protection Engine in the list of registered protection engines. You can enable or disable a registered protection engine after the registration process. See To edit a Symantec Protection Engine registration on page 97. Priority Specify a priority for the registered Symantec Protection Engine. The priority determines the volume of files that are sent to the protection engine during a scanning process. You can select any one of the following priorities for the protection engine: Lowest Below normal Normal Above normal Highest Note: The priority setting is applicable only when multiple protection engines are registered. You can change the priority at any time after the Symantec Protection Engine is registered. After you register a Symantec Protection Engine, Symantec Protection for SharePoint Servers periodically polls the Symantec Protection Engine for its status and virus definition information. You can set the time interval at which Symantec Protection for SharePoint Servers periodically polls each registered Symantec Protection Engine. You can view the status and virus definition information on the Symantec Protection for SharePoint console. See To view the list of registered Symantec Protection Engines on page 98. You can add a Symantec Protection Engine, remove a Symantec Protection Engine, edit an entry or view the list of registered Symantec Protection Engines.

96 96 Configuring Symantec Protection for SharePoint Servers Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers About adding, removing, editing, and viewing registered Symantec Protection Engines You can register a protection engine, remove an existing protection engine, edit an entry, and view the list of registered Symantec Protection Engines. To register a new Symantec Protection Engine 1 On the Symantec Protection for SharePoint console home page, under Symantec Protection Engines, click Register a new Symantec Protection Engine. Note: In the SharePoint Server Farm environment, you must select a server to register a Symantec Protection Engine. 2 In the Step 1: Start Registration page, specify the following details about Symantec Protection Engine that you want to register: Host or IP address Type the host name or IP address of the computer on which Symantec Protection Engine is running. If the computer on which Symantec Protection Engine is running is configured to have multiple IP addresses, specify the address on which Symantec Protection Engine listens. TCP/IP Port Type the port number on which Symantec Protection Engine listens. The port number that you specify here must match the port number that you specified during Symantec Protection Engine installation. The default port number for Symantec Protection Engine is 1344 when ICAP is used as the communication protocol. Description Type a description that can be used to identify Symantec Protection Engine. You can type a maximum of 50 number of characters. 3 Click Next. 4 In the Step 2: Complete Registration page, verify the Symantec Protection Engine details. Click Back to make any modifications. 5 After you verify the details, select the Enable this Symantec Protection Engine check box to activate this Symantec Protection Engine.

97 Configuring Symantec Protection for SharePoint Servers Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers 97 6 Select the scanning priority that you want to assign to this Symantec Protection Engine from the drop-down list. See Specifying the scanning mode for load balancing on page Click Register. The registered Symantec Protection Engine appears in the Registered Symantec Protection Engines list. To remove a registered Symantec Protection Engine 1 On the Symantec Protection for SharePoint console home page, under Symantec Protection Engines, click List and Edit all registered Symantec Protection Engines. Note: In the SharePoint Server Farm environment, you must select a server to remove a registered Symantec Protection Engine. 2 In the Details column beside the Symantec Protection Engine that you want to remove, click Show. Details, response data, and statistics of the selected Symantec Protection Engine appear. 3 Click Delete. To edit a Symantec Protection Engine registration 1 On the Symantec Protection for SharePoint console home page, under Symantec Protection Engines, click List and Edit all registered Symantec Protection Engines. 2 In the Details column beside the Symantec Protection Engine that you want to modify, click Show. Details, response data, and statistics of the selected Symantec Protection Engine appear. 3 Modify any of the Symantec Protection Engine details. 4 Click Save.

98 98 Configuring Symantec Protection for SharePoint Servers Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers To view the list of registered Symantec Protection Engines 1 On the Symantec Protection for SharePoint console home page, under Symantec Protection Engines, click List and Edit all registered Symantec Protection Engines. You can view a list of all registered Symantec Protection Engines with the priority, host name, virus definition date, description, and status. 2 In the Details column beside the Symantec Protection Engine whose details that you want to view, click Show. Details, response data, and statistics of the selected Symantec Protection Engine appears. Specifying the scanning mode for load balancing Symantec Protection Engine performance depends on scan volume, the number of client SharePoint servers making requests to Symantec Protection Engine, and memory and disk space requirements. If you are processing large traffic volumes or have multiple clients making virus scanning requests, you can install and configure multiple Symantec Protection Engines to handle the virus scanning load. You can specify how you want the scanning load to be distributed by selecting a scanning mode. The scanning modes are as follows: Cycle mode Priority mode Scanning is distributed evenly across all registered Symantec Protection Engines using a continuous repeating sequence. In a standalone environment, this option is available only if multiple protection engines are registered; but in a farm environment, this option is available even if one protection engine is registered. Scanning is distributed to Symantec Protection Engines based on priority. When you register a Symantec Protection Engine, you specify the priority. See Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers on page 93. If you enable both modes, the priority mode takes precedence. If both the registered protection engines have the same priority, then the cycle mode option takes precedence.

99 Configuring Symantec Protection for SharePoint Servers Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers 99 To specify the scanning mode for load balancing 1 On the Symantec Protection for SharePoint console home page, under Symantec Protection Engines, click Global Symantec Protection Engine settings. 2 Under Select Modes, on the right pane, select the scanning mode that you want to use for load balancing. See To register a new Symantec Protection Engine on page 96. See To edit a Symantec Protection Engine registration on page 97. Note: By default, the cycle mode is enabled in a SharePoint Sever Farm environment. 3 Click Save. Checking for the latest virus definitions Virus definition files contain the necessary information for Symantec Protection Engine to detect and eliminate viruses. Updated virus definitions files are supplied by Symantec regularly and whenever a new virus threat is discovered. Virus definition files are dated and have a version number so that when virus definitions change, Symantec software can determine the most current set of definitions. When new virus definition files are available, Symantec LiveUpdate technology automatically downloads the files and installs them in the proper location on the computer that is running Symantec Protection Engine. If an error occurs during this process or there is a problem with the new virus definition files, Symantec Protection Engine attempts to roll back to the previous virus definitions and continue scanning. Occasionally, if you are running more than one Symantec Protection Engine, the versions of the virus definition files that are in use may temporarily differ until LiveUpdate has had a chance to update definitions for all of the protection engines. For more information, see the Symantec Protection Engine Implementation Guide. When you enable the auto-check feature, Symantec Protection for SharePoint Servers regularly polls the registered protection engines to verify that they are online. Symantec Protection for SharePoint Servers also determines whether the registered Symantec Protection Engines have the latest definitions. You can specify how often you want Symantec Protection for SharePoint Servers to perform an auto-check. Symantec Protection for SharePoint Servers also has a feature that you can use to perform an on-demand check of definitions.

100 100 Configuring Symantec Protection for SharePoint Servers Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers The latest virus definition version and date number among the Symantec Protection Engines is registered with Symantec Protection for SharePoint Servers. View the virus definition version and date number that is registered with Symantec Protection for SharePoint Servers under Latest Virus Definitions. You can configure Symantec Protection for SharePoint Servers to remove a Symantec Protection Engine if its virus definition files is older than the registered virus definition files. You must specify a threshold time within which the virus definition files must be made the latest. For a Symantec Protection Engine with an old virus definition version and date, Symantec Protection for SharePoint Servers first generates a warning message on the console page. Symantec Protection for SharePoint Servers logs this warning message and sends out an notification. If the virus definition files are not updated within the threshold time, the Symantec Protection Engine is taken offline. Table 4-4 describes the options to check the status of registered protection engines and their virus definition versions. Table 4-4 Option Refresh Virus definitions checking options Description Immediately polls all registered Symantec Protection Engines for the latest virus definition among them. Symantec Protection for SharePoint Servers registers the latest virus definition date and version number and displays this information. Symantec Protection Engine auto check Polls all registered protection engines automatically at the specified auto check interval for the online or offline status, latest virus definition date, and version. Auto check interval (in seconds) notification interval (in minutes) The interval (in seconds) that Symantec Protection for SharePoint Servers polls the registered protection engines for their status and virus definition dates. The default value is 60 seconds. The interval (in minutes) after which notifications are sent. The default value is 5 minutes. Take a Symantec Protection Engine offline if its virus definition is not the latest Takes a protection engine offline if the virus definition on the Symantec Protection Engine is older than the registered virus definition with Symantec Protection for SharePoint Servers.

101 Configuring Symantec Protection for SharePoint Servers Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers 101 Table 4-4 Option Threshold time before taken offline (hours) Virus definitions checking options (continued) Description The time interval (hours) within which the virus definition files on the Symantec Protection Engine must be updated. Symantec Protection for SharePoint Servers takes the Symantec Protection Engine offline if the virus definition files are not updated within the threshold time. The default value is 3 hours. Note: The auto-check settings configured for Symantec Protection Engine are replicated across all the servers in the SharePoint Server Farm environment. To manually check for the latest virus definitions 1 On the Symantec Protection for SharePoint console home page, under Symantec Protection Engines, click Global Symantec Protection Engine settings. Note: In the SharePoint Server Farm environment, you must select a server where you want to refresh the latest virus definitions. 2 Under Latest Virus Definitions, on the right pane, click Refresh. Symantec Protection for SharePoint Servers polls the registered protection engines for the latest virus definition among them. This value is then displayed above the Refresh button. To automatically check for the latest virus definitions 1 On the Symantec Protection for SharePoint console home page, under Symantec Protection Engines, click Global Symantec Protection Engine settings. 2 Under Auto-Check Options, on the right pane, select the SymantecProtection Engine auto check check box. 3 In the Auto-check interval (in seconds) box, type the interval (in seconds) in which you want the auto-check process to occur. Symantec Protection for SharePoint Servers polls the registered protection engines at the interval that you specify for their statuses, and their virus definition versions. The default setting is 60 seconds. You can enter a value between 20 and 360.

102 102 Configuring Symantec Protection for SharePoint Servers Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers 4 In the notification (in minutes) box, type the interval after which you want notifications to be sent to the recipient address specified while configuring the Notification Settings. The default setting is 5 minutes. 5 Select the Take a Symantec Protection Engine offline if its virus definition is not the latest check box to take a Symantec Protection Engine that does not have the latest definitions out of rotation. Symantec Protection for SharePoint Servers compares its virus definition version with the version on each registered Symantec Protection Engine. If any Symantec Protection Engine has a virus definition older than the registered virus definition, that protection engine is taken offline. 6 Click Save.

103 Chapter 5 Configuring Symantec Protection Engine This chapter includes the following topics: Accessing the Symantec Protection Engine console About communication protocol settings Ways to control which file types are scanned About licensing Symantec Protection Engine About keeping your product and protection up-to-date About LiveUpdate About Rapid Release About enabling security risk detection Accessing the Symantec Protection Engine console The Symantec Protection Engine console is a Web-based interface that lets you manage Symantec Protection Engine. The interface is provided through a built-in HTTPS server. You can access the interface by using a virtual administrative account that you set up at installation. You can access the Symantec Protection Engine console by using a Web browser on any computer on your network that can access the server that is running Symantec Protection Engine. Note: Symantec Protection Engine no longer supports accessing the console through an HTTP server.

104 104 Configuring Symantec Protection Engine Accessing the Symantec Protection Engine console If you did not install the license file at the time of installation, the License page automatically appears the first time that you access the Symantec Protection Engine console. This License page is the only page that is active. If at least one valid scanning license is installed, the Home page automatically appears. Each time that you start a new browser session and open the console, the Home page appears. As long as the browser session continues to run, each time that you open the Symantec Protection Engine console, you return to the page that you were on when you logged out or when the session times-out. For more information, see the Symantec Protection Engine Implementation Guide. To access the console 1 Launch a Web browser on any computer on your network that can access the server that is running Symantec Protection Engine. 2 Go to the following URL: where <servername> is the host name or IP address of the server that is running Symantec Protection Engine and <port> is the port number that you selected during installation for the built-in Web server. The default port number is If a Security Alert dialog box appears, click Yes to confirm that you trust the integrity of the applet, and then click Yes to display the Web page. 4 In the Login Name box, type a valid login name. 5 In the EnterPassword box, type the password for the administrative account. 6 Press Enter. On successful login, Administrator is displayed on the upper right-hand side corner of the Symantec Protection Engine console. To access the console with Symantec Protection Engine-based authentication 1 Launch a Web browser on any computer on your network that can access the server that is running Symantec Protection Engine. 2 In a Web browser, type the following address: where <servername> is the host name or IP address of the server that is running Symantec Protection Engine and <port> is the port number that you selected during installation for the built-in Web server. The default port number is 8004.

105 Configuring Symantec Protection Engine About communication protocol settings If a Security Alert dialog box appears, click Yes to confirm that you trust the integrity of the applet, and then click Yes to display the Web page. 4 In the Login Name box, type a valid login name. 5 In the Password box, type the password for the administrative account. 6 Press Enter. On successful login, Administrator is displayed on the upper right-hand side corner of the Symantec Protection Engine console. To access the console with Windows Active Directory-based authentication 1 Launch a Web browser on any computer on your network that can access the server that is running Symantec Protection Engine. 2 In a Web browser, type the following address: where <servername> is the host name or IP address of the server that is running Symantec Protection Engine and <port> is the port number that you selected during installation for the built-in Web server. The default port number is If a Security Alert dialog box appears, click Yes to confirm that you trust the integrity of the applet, and then click Yes to display the Web page. 4 In the Login Name box, type a valid login name in the Domain\Username format. 5 In the Password box, type the password for your Windows Active Directory login name. 6 Press Enter. On successful login, the login name is displayed on the upper right-hand side corner of the Symantec Protection Engine console. About communication protocol settings You must configure Symantec Protection Engine to use ICAP as the communication protocol. At installation, ICAP is the default communication protocol. For more information, see the Symantec Protection Engine Implementation Guide. Configuring ICAP-specific settings After installation, you must configure several ICAP-specific options.

106 106 Configuring Symantec Protection Engine About communication protocol settings Table 5-1 describes the configuration options for ICAP. Table 5-1 Option Bind address Configuration options for ICAP Description Symantec Protection Engine detects all of the available IP addresses that are installed on the host. By default, Symantec Protection Engine accepts scanning requests on (binds to) all of the scanning IP addresses that it detects. You can configure up to 64 IP addresses as scanning IP addresses. You can specify whether you want Symantec Protection Engine to bind to all of the IP addresses that it detects, or you can restrict access to one or more interfaces. If you do not specify at least one IP address, Symantec Protection Engine binds to all of the scanning IP addresses that it detects. If Symantec Protection Engine fails to bind to any of the selected IP addresses, an event is written to the log as a critical error. Even if Symantec Protection Engine is unable to bind to any IP address, you can access the console. However, scanning functionality is unavailable. Note: You can use (the loopback interface) to let only the clients that are running on the same computer connect to Symantec Protection Engine. Port number The port number must be exclusive to Symantec Protection Engine. You must use the same port number for all of the scanning IP addresses that you want to bind to Symantec Protection Engine. The default port number is If you change the port number, use a number that is equal to or greater than No other program or service should use this port number. Note: This setting must match the port number you enter for the Symantec Protection Engine when you register it with Symantec Protection for SharePoint Servers. See Scheduling scans on page 89. Scan policy Symantec Protection for SharePoint Servers controls the scan policy. Use the default settings. When an infected file is found, Symantec Protection Engine attempts to repair infected files and delete unrepairable files from archive or container files.

107 Configuring Symantec Protection Engine About communication protocol settings 107 Table 5-1 Option Enable trickle Configuration options for ICAP (continued) Description This setting is not applicable for the SharePoint server and should be left at the default setting. Note: Symantec Protection for SharePoint Servers will not function properly if you activate data trickling. To configure ICAP-specific options 1 On the Symantec Protection Engine console, click Configuration. 2 Under Views, click Protocol. 3 In the content area under Select Communication Protocol, click ICAP. The configuration settings are displayed for the selected protocol. You must manually stop and start the service if you change the protocol setting through the Symantec Protection Engine console. 4 Under ICAP Protocol Configuration, in the Bind address box, type a bind address, if necessary. By default, Symantec Protection Engine binds to all interfaces. You can restrict access to a specific interface by typing the appropriate bind address. 5 In the Port number box, type the TCP/IP port number that Symantec Protection for SharePoint Servers uses to pass files to Symantec Protection Engine for scanning. The default setting for ICAP is port Use the default Scan policy setting. The default setting is Scan and repair or delete. 7 On the toolbar, select one of the following: Save Saves your changes. You can continue to make changes in the administrative interface until you are ready to apply them. Apply Applies your changes. Your changes are not implemented until you apply them.

108 108 Configuring Symantec Protection Engine Ways to control which file types are scanned To configure ICAP options 1 In the console on the primary navigation bar, click Configuration. 2 In the sidebar under Views, click Protocol. 3 In the content area under Select Communication Protocol, click ICAP. 4 In the Manual Restart Required dialog box, click OK 5 Under ICAP Configuration, in the Bind address table, select the scanning IP addresses that you want to bind to Symantec Protection Engine. Check Select All to select every IP address in the Bind address table. Only four IP addresses appear in the Bind address table. Click the scroll bar to view additional IP addresses. By default, Symantec Protection Engine binds to all interfaces. 6 In the Port number box, type the TCP/IP port number that the client application uses to pass files to Symantec Protection Engine for scanning. The default setting for ICAP is port If you change the port number, use a number that is equal to or greater than No other program or service should use this port number. You must use the same port number for every scanning IP addresses that you want to bind to Symantec Protection Engine. 7 In the Scan policy list, select how you want Symantec Protection Engine to handle infected files. The default setting is Scan and repair or delete. 8 On the toolbar, select one of the following options: Save Saves your changes. Use this option to continue making changes in the console until you are ready to apply them. Apply Applies your changes. Your changes are not implemented until you apply them. Ways to control which file types are scanned Symantec Protection for SharePoint Servers lets you save bandwidth and time by specifying the file types that are passed to Symantec Protection Engine for scanning during manual scans and scheduled scans. You can configure the

109 Configuring Symantec Protection Engine About licensing Symantec Protection Engine 109 Symantec Protection for SharePoint console to exclude certain file types from scanning using an exclusion list. Symantec Protection for SharePoint Servers makes this initial determination of whether to send the file for scanning based on the file extension of the top-level file. Note: The exclusion list on the Symantec Protection for SharePoint console applies only to files that are scanned during manual scans and scheduled scans. All files that are downloaded or uploaded to the SharePoint server are submitted for scanning regardless of file type. (You must configure Symantec Protection for SharePoint Servers to submit files for scanning on download and upload.) See Excluding files with specific extensions from being scanned on page 82. All top-level files that are sent to Symantec Protection Engine are scanned regardless of file extension. Symantec Protection Engine is configured by default to scan all files. There is a file extension exclude list and a file type exclude list on the Symantec Protection Engine as well. However, priority is given to the extension exclude list that you configure through the Symantec Protection for SharePoint console. All files that are sent to Symantec Protection Engine are scanned regardless of file extension. It is recommended that you let Symantec Protection Engine scan all files regardless of file extension. To scan all files regardless of extension 1 In the console on the primary navigation bar, click Policies. 2 In the sidebar under Views, click Scanning. 3 In the content area under Files to Scan, click Scan all files. 4 On the toolbar, select one of the following: Save Saves your changes. This option lets you continue making changes in the console until you are ready to apply them. Apply Applies your changes. Your changes are not implemented until you apply them. About licensing Symantec Protection Engine You activate key features for Symantec Protection Engine, including scanning for threats and security risks, by installing the appropriate license. You must

110 110 Configuring Symantec Protection Engine About licensing Symantec Protection Engine install the licenses through the Symantec Protection Engine console if you did not install it during installation. Note: If you have multiple Symantec Protection Engines, you must install the license for each protection engine through its console. For complete scanning functionality and definition updates, you need the following licenses: Product licenses Product licenses activate scanning functionality. The AV Scanning license activates the threat and the security risk scanning features. Content licenses Content licenses let you receive product updates. The AV Content license lets you receive updated threat and security risk definitions. Updated definitions ensure that your server is protected from risks. About license activation The first time that you open the console after installation, only the License view is active. You must install the AV Scanning license to access the Configuration, Reports, Monitors, and System pages in the console. You can activate scanning features and definitions updates for Symantec Protection Engine with licenses. A separate license must be installed for each feature. If you purchase additional product features from Symantec as they become available for Symantec Protection Engine, these features will require a new license. Symantec issues a serial number for each type of license that you purchase. This serial number is required to register your product and your maintenance agreement. The serial number is provided on a license certificate, which is mailed separately and arrives in the same time frame as your software. For security reasons, the license certificate is not included in the Symantec Protection Engine software distribution package. See If you do not have a serial number on page 111. License activation involves the following process:

111 Configuring Symantec Protection Engine About licensing Symantec Protection Engine 111 Obtain a license file from Symantec. To request a license file, you must have the license serial number for each license that you want to activate. After you complete the registration process, Symantec sends you the appropriate license file by . See Obtaining a license file on page 111. Install the license file. You must install the content and product licenses on each server on which you run Symantec Protection Engine. When you install the licenses, you can enable the scanning processes and update your product and its associated content. See Installing the license file on page 112. If you do not have a serial number Obtaining a license file Your license certificate, which contains the serial numbers for the licenses that you have purchase. The license certificate should arrive within three to five business days of when you receive your software. If you do not receive the license certificate, contact Symantec Customer Service at or your reseller to check the status of your order. If you have lost your license certificate, contact Symantec License Administration. See Where to get more information on page 25. Each license certificate or upgrade certificate has a serial number. The serial number is used to request a license file and to register for support. To request a license file, you must have the serial number for the license. The serial number is printed on the license certificate that is mailed to you. The format of a serial number is a letter followed by 10 digits, for example, F If you purchased multiple types of licenses but register them separately, Symantec sends you a separate license file for each license. You must install each license file separately. If you register multiple licenses at the same time, Symantec sends you a single license file that contains all of your licenses. The license file that Symantec sends to you is contained within a.zip file. The.slf file that is contained within the.zip file is the actual license file. Ensure that your inbound environment permits.zip message attachments. Warning: License files are digitally signed. If you try to edit a license file, you will render it invalid.

112 112 Configuring Symantec Protection Engine About licensing Symantec Protection Engine To obtain a license file Installing the license file 1 In a Web browser, type the following address: Your Web browser must use 128-bit encryption to view the site. 2 If a Security Alert dialog box appears, click OK. 3 Follow the procedures on the Symantec Licensing Portal to register your license and request your license file. Symantec sends you an message that contains the license file in an attachment. If the message does not arrive within two hours, an error might have occurred. Try again to obtain the license file through the Symantec website. If the problem continues, contact Symantec Technical Support. See Where to get more information on page 25. A license file contains the information that is required to activate one or more features in a product. A license file is also required to update the product and its associated content. A license file might contain one or more types of licenses. The number of licenses it contains depends on whether you registered the license serial numbers separately or at the same time. See Obtaining a license file on page 111. You can install the license file through the console. If you disabled the console, you can install the license file by copying it to a specific directory location. Note: You must restart Symantec Protection Engine manually after saving the license files. To install the license file through the console 1 When you receive the message from Symantec that contains the license file, save the file that is attached to the message to the computer from which you will access the Symantec Protection Engine console. 2 Access the Symantec Protection Engine console. See Accessing the Symantec Protection Engine console on page In the console on the primary navigation bar, click System. If no license has been installed, when you open the console, the System tab is selected by default.

113 Configuring Symantec Protection Engine About keeping your product and protection up-to-date In the sidebar under Views, click License. 5 Under Tasks, click Install License. 6 In the Install License window, click Browse. 7 In the Load File window, browse to the folder location where you saved the license file, select it, and then click Open. 8 In the Install License window, click Install. A status message indicates that the license was successfully installed. To install the license file without using the console Based on the operating system, save the license file that you receive in an message from Symantec in the following location: Windows 64-bit Windows 2008 Solaris or Linux C:\Program Files (x86)\common Files\Symantec Shared\Licenses C:\ProgramData\Symantec Shared\Licenses /opt/symantec/licenses About keeping your product and protection up-to-date About definition updates You can update the Symantec Protection Engine content. The content updates ensure that your network is up-to-date with the most current antivirus and DDR/URL definitions. You can update Symantec Protection Engine with the latest definitions without any interruption in scanning. Definition files contain the necessary information to detect and eliminate risks, such as viruses and adware. Symantec supplies updated definition files at least every week and whenever a new risk is discovered. You can update risk definitions using LiveUpdate, Rapid Release, or Intelligent Updater. Symantec Protection Engine automatically uses the most current definitions files for scanning. However, if a problem is discovered with the current definitions, you can revert (roll back) to the previous set of antivirus or URL/DDR definitions. When you perform a content update, Symantec Protection Engine downloads and installs the most current definitions. If an error occurs, Symantec Protection

114 114 Configuring Symantec Protection Engine About LiveUpdate About LiveUpdate Engine tries to roll back to the previous definitions. If the rollback is successful, Symantec Protection Engine continues scanning using the previous definitions. If the rollback is unsuccessful, scanning is disabled. You must have a valid license to update definitions. For more information, see the Symantec Protection Engine Implementation Guide. When you install or upgrade Symantec Protection Engine, LiveUpdate is enabled by default to run every two hours. You can modify this schedule, or you can run LiveUpdate manually. See Configuring LiveUpdate to occur automatically on page 114. See Performing LiveUpdate on demand on page 115. When Symantec Protection Engine performs a LiveUpdate, the definitions that are downloaded are automatically selected as the active definitions. However, you can revert to the previous version of the antivirus definitions. The definition set that you choose remains active until the next LiveUpdate runs. The definition set that is downloaded by LiveUpdate then becomes the active definition set. For more information, see the Symantec Protection Engine Implementation Guide. Symantec Protection Engine uses Symantec Java LiveUpdate technology. To run LiveUpdate, you must have the Java 2SE Runtime Environment (JRE) 5.0 Update 6 or later (within the version 5 platform) installed. Configuring LiveUpdate to occur automatically You can schedule LiveUpdate to occur automatically at a specified time interval to ensure that Symantec Protection Engine always has the most current definitions. When you install a valid AV Content license, Symantec Protection Engine automatically attempts to perform a LiveUpdate. To continue receiving automatic updates, you must schedule LiveUpdate. When LiveUpdate is scheduled, LiveUpdate runs at the specified time interval that is relative to the LiveUpdate base time. The default LiveUpdate base time is the time that Symantec Protection Engine was installed. You can change the LiveUpdate base time by editing the configuration file. If you change the scheduled LiveUpdate interval, the interval adjusts based on the LiveUpdate base time. For more information about modifying configuration files, see the Symantec Protection Engine Implementation Guide.

115 Configuring Symantec Protection Engine About Rapid Release 115 To configure LiveUpdate to occur automatically 1 In the console on the primary navigation bar, click System. 2 In the sidebar under Views, click LiveUpdate Content. 3 In the content area under LiveUpdate Content, check Enable scheduled LiveUpdate. The default setting is enabled. 4 In the LiveUpdate interval drop-down list, select the interval. You can choose from 2, 4, 8, 10, 12, or 24-hour intervals. The default setting is 2 hours. 5 On the toolbar, select one of the following: Save Saves your changes. This option lets you continue making changes in the console until you are ready to apply them. Apply Applies your changes. Your changes are not implemented until you apply them. Performing LiveUpdate on demand You can run LiveUpdate on demand to force an immediate update of definitions. If you have scheduled LiveUpdate, the next scheduled LiveUpdate attempt occurs at its scheduled time. To perform LiveUpdate on demand About Rapid Release 1 In the console on the primary navigation bar, click System. 2 In the sidebar under Views, click LiveUpdate Content. 3 Under Definition Details, select a definitions set that you want to update. 4 Under Tasks, click LiveUpdate Content. You can configure Symantec Protection Engine to obtain uncertified definition updates with Rapid Release. You can configure Symantec Protection Engine to retrieve Rapid Release definitions every 5 minutes to every 120 minutes. See Configuring Rapid Release updates to occur automatically on page 116.

116 116 Configuring Symantec Protection Engine About Rapid Release See Performing Rapid Release updates on demand on page 117. Rapid Release definitions are created when a new threat is discovered. Rapid Release definitions undergo basic quality assurance tests by Symantec Security Response. However, they do not undergo the intense testing that is required for a LiveUpdate release. Symantec updates Rapid Release definitions as needed to respond to high-level outbreaks. Rapid Release definitions might be made available before the LiveUpdate definitions quality assurance process is complete. Rapid Release definitions provide a quick response to new threats and security risks. You can augment Rapid Release definitions later on by more robust detection capabilities in certified definitions. Warning: Rapid Release definitions do not undergo the same rigorous quality assurance tests as LiveUpdate definitions. Symantec encourages users to rely on the full quality-assurance-tested definitions whenever possible. Ensure that you deploy Rapid Release definitions to a test environment before you install them on your network. If you use a proxy or firewall that blocks FTP communications, the Rapid Release feature does not function. Your environment must allow FTP traffic for the FTP session to succeed. The Rapid Release definitions that are downloaded are automatically selected as the active definitions. However, you can revert to the previous version of the antivirus definition set. The definition set that you choose remains active until the next definition update runs. Rapid Release does not support URL and DDR definition updates. You must update URL and DDR definitions using LiveUpdate. See About LiveUpdate on page 114. Configuring Rapid Release updates to occur automatically You can schedule Rapid Release updates to occur automatically at a specified time interval to ensure that Symantec Protection Engine always has the most current definitions. Scheduled Rapid Release updates are disabled by default. To receive automatic Rapid Release updates, you must enable and schedule Rapid Release. When Rapid Release is scheduled, Rapid Release runs at the specified time interval that you select.

117 Configuring Symantec Protection Engine About Rapid Release 117 Configuring Rapid Release updates to occur automatically 1 On the Symantec Protection Engine administrative interface, in the left pane, click System. 2 Under Views, click Rapid Release Content. 3 In the content area under Rapid Release Content, check Enable scheduled Rapid Release to enable automatic downloads of Rapid Release definitions. This option is disabled by default. 4 In the Rapid Release interval box, to specify the interval between which you want Symantec Protection Engine to download Rapid Release definitions, do any of the following steps: Type the interval. Click the up arrow or down arrow to select the interval. You can select any number between 5 minutes and 120 minutes. The default value is 30 minutes. 5 On the toolbar, select one of the following: Save Saves your changes. You can continue to make changes in the administrative interface until you are ready to apply them. Apply Applies your changes. Your changes are not implemented until you apply them. Performing Rapid Release updates on demand You can run Rapid Release on demand to force an immediate update of definitions. If you have scheduled Rapid Release, the next scheduled Rapid Release try occurs at its scheduled time. To perform Rapid Release updates on demand 1 In the console on the primary navigation bar, click System. 2 In the sidebar under Views, click Rapid Release Content. 3 Under Tasks, click Rapid Release Content.

118 118 Configuring Symantec Protection Engine About enabling security risk detection About enabling security risk detection Symantec Protection Engine can detect security risks. Security risks are the programs that do any of the following: Provide unauthorized access to computer systems Compromise data integrity, privacy, confidentiality, or security Present some type of disruption or nuisance These programs can put your employees and your organization at risk for identity theft or fraud if they: log keystrokes; capture and instant messaging traffic; and harvest personal information, such as passwords and login identifications. Security risks can be introduced into your system unknowingly when users: visit a website; download shareware or freeware software programs; click links or attachments in messages; or through instant messaging clients. Security risks can also be installed after or as a by-product when a user agrees to an end user license agreement from another software program. Table 5-2 lists the categories of security risks that Symantec Protection Engine detects. Table 5-2 Category Spyware Adware Security risk categories Description Standalone programs that can secretly monitor system activity and detect passwords and other confidential information and then relay the information back to a remote computer. Standalone or appended programs that gather personal information through the Internet and relay it back to a remote computer without the user's knowledge. Adware might monitor browsing habits for advertising purposes. It can also deliver advertising content.

119 Configuring Symantec Protection Engine About enabling security risk detection 119 Table 5-2 Category Other risks Security risk categories (continued) Description Other risks include the following: Hacking tools Programs that are used to gain unauthorized access to a user's computer. For example, a keystroke logger tracks and records individual keystrokes and sends this information to a remote computer. The remote user can perform port scans or vulnerability scans. Hack tools might also be used to create viruses. Dialers Programs that use a computer, without the user's permission or knowledge, to dial out through the Internet to a 900 number or FTP site, typically to accrue charges. Joke programs Programs that alter or interrupt the operation of a computer in a way that is intended to be humorous or bothersome. For example, a joke program might move the Recycling Bin away from the mouse when the user attempts to click on it. Remote access programs Programs that let a remote user gain access to a computer over the Internet to gain information, attack, or alter the host computer. Trackware Standalone or appended applications that trace a user's path on the Internet and relay the information to a remote computer. If a security risk is detected, Symantec Protection Engine applies the Infected files detection rule that you configured on the Symantec Protection for SharePoint console; however, security risks cannot be repaired. See Specifying file handling rules on page 86. To enable security risk detection 1 In the console on the primary navigation bar, click Policies. 2 In the sidebar under Views, click Scanning. 3 In the content area under Security Risk Scanning, check the security risks that you want Symantec Protection Engine to detect.

120 120 Configuring Symantec Protection Engine About enabling security risk detection 4 On the toolbar, select one of the following: Save Saves your changes. This option lets you continue making changes in the console until you are ready to apply them. Apply Applies your changes. Your changes are not implemented until you apply them. 5 On a Windows server, go to the configuration.xml file in the default location of C:\Program Files\Symantec\Protection Engine\. 6 In Solaris and Linux, the default location for the XML file is /opt/symcscan/bin/. 7 Set the "EnableNonViralThreatCategoryResp" parameter in the configuration.xml file to true. 8 Stop and start the Symantec Protection Engine for changes to be implemented. For more information, see the Symantec Protection Engine Implementation Guide.

121 Chapter 6 Monitoring Symantec Protection for SharePoint Servers activity This chapter includes the following topics: Ways to monitor Symantec Protection for SharePoint Servers activity About the status pane About SMTP logging About monitoring scanning activity About quarantine management Ways to monitor Symantec Protection for SharePoint Servers activity You can obtain information about Symantec Protection for SharePoint Servers activity in the following ways: Examine the Symantec Protection for SharePoint console home page You can obtain the current status of registered Symantec Protection Engines, the current number of available scanning threads, and the status of the threads. See About the status pane on page 123.

122 122 Monitoring Symantec Protection for SharePoint Servers activity Ways to monitor Symantec Protection for SharePoint Servers activity Activate SMTP logging You can activate Simple Mail Transfer Protocol (SMTP) logging capabilities so that notification messages are sent to specified recipients for chosen events. Examine the Symantec Protection Engine response data See About SMTP logging on page 124. You can view the scan statistics for each registered Symantec Protection Engine. See To view the list of registered Symantec Protection Engines on page 98. View the logs You can view log entries for selected types of events. See About monitoring scanning activity on page 141. Generate reports and schedule reports by mail You can manually generate log reports for protection engines, scan processes, or the system for any date range. You can also schedule the generation of these reports by to specified recipients. See Generating an on-demand report on page 144. See Scheduling a report on page 145. Examine the scan statistics You can see the scan statistics after every manual scan or scheduled scan. Examine the Symantec Protection Engine logs and reports See Reviewing scan statistics on page 88. Symantec Protection Engine has its own monitoring tools as well. You can activate logging and alerting options in the Symantec Protection Engine to supplement those that are available through the Symantec Protection for SharePoint console. See the Symantec Protection Engine Implementation Guide for more information. A number of options are available for managing the logs and statistics. You can specify the log level for each logging source, specify how long log entries are maintained on the system, and specify the logging destination path. See About monitoring scanning activity on page 141. Note: The monitoring and logging options that you configure in the Symantec Protection for SharePoint console are separate from the options that are available through the Symantec Protection Engine console. Activate logging and monitoring options for Symantec Protection for SharePoint Servers and Symantec Protection Engine based on your organization needs. For more information, see the Symantec Protection Engine Implementation Guide.

123 Monitoring Symantec Protection for SharePoint Servers activity About the status pane 123 About the status pane The status pane at the bottom of the home page lets you monitor up-to-date metrics on the registered Symantec Protection Engines. You can also examine the number of scanning threads in use at any time. The status pane updates itself automatically every 10 seconds when you visit the Symantec Protection for SharePoint console home page. Figure 6-1 Status pane Table 6-1 describes the information that is displayed in the status pane. Table 6-1 Information Status pane information Description Symantec Protection Engines Status Displays the current status of all registered Symantec Protection Engines. The scan overview includes the following information: Total number of registered Symantec Protection Engines (online, offline, and disabled) Total number of disabled Symantec Protection Engines You can manually disable a registered Symantec Protection Engine. The Symantec Protection Engine is dropped out of rotation but you can enable it at any point of time. See To edit a Symantec Protection Engine registration on page 97. Total number of active online Symantec Protection Engines Total number of offline Symantec Protection Engines

124 124 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging Table 6-1 Information Connections Status pane information (continued) Description Gives a graphic overview of the maximum and currently used scanning threads for all active online Symantec Protection Engines. The vertical bar displays the following information: Maximum number of threads available for scanning The number that appears at the end of the vertical bar specifies the total number of available threads for all active online protection engines. Number of threads currently available for scanning The green portion of the vertical bar displays the number of threads currently available out of the total number of scanning threads. Number of threads currently being used for scanning The red section of the vertical bar displays how many available threads are currently used for an ongoing scan. Note: If you are running more than one Symantec Protection Engine, these values are the cumulative total. About SMTP logging Symantec Protection for SharePoint Servers provides Simple Mail Transfer Protocol (SMTP) logging capabilities. When SMTP logging is configured, an notification is sent to a specified recipient for chosen events. You can select the logging level for events related to system, scan process, and Symantec Protection Engine. See About monitoring scanning activity on page 141. You can also select the notification level so that Symantec Protection for SharePoint Servers sends an notification only for the events whose level you specify. You can provide separate destination information for each type of message. Default message text is included, but you can customize individual messages. See Customizing SMTP messages on page 131. Note: The SMTP logging that you configure for the Symantec Protection for SharePoint Servers is separate from the SMTP logging that is available through the Symantec Protection Engine console. You can activate either or both of these features to meet the needs of your organization. For more information, see the Symantec Protection Engine Implementation Guide.

125 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging 125 Symantec Protection for SharePoint Servers logs events from the following event sources: Scan Process Symantec Protection Engines System You can set the logging level to None, Error, Warning, Information, or Verbose for each event source. Table 6-2 lists the types of events for which notification messages are generated. Table 6-2 Event source Scan Process Types of events for SMTP logging Logging level Verbose Information Warning Error Description Logs verbose information related to virus scanning (for example, a scan has started or ended). This level also includes all of the events that are logged at the Information, Warning, and Error levels. Logs information that is related to virus scanning (for example, a file was scanned and no virus was found, scan statistics information). This level also includes all of the events that are logged at the Warning and Error levels. Logs warnings that are related to virus scanning (for example, a virus was found and the file was repaired or was unable to be repaired, unscannable content, encrypted content, and files containing security risks). This level also includes all of the events that are logged at the Error level. Logs errors that are related to virus scanning (for example, an error occurred while a file was being scanned).

126 126 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging Table 6-2 Types of events for SMTP logging (continued) Event source Symantec Protection Engine System Logging level None Verbose Information Warning Error None Verbose Description Does not log any event. Logs verbose information that is related to the Symantec Protection Engine (for example, the protection engine check starts, and the protection engine check ends). This level also includes all of the events that are logged at the Information, Warning, and Error levels. Logs information that is related to the Symantec Protection Engine (for example, the protection engine check is successful). This level also includes all of the events that are logged at the Warning and Error levels. Logs warnings that are related to the Symantec Protection Engine (for example, the protection engine is offline, the virus definitions are too old, or the protection engine check failed). This level also includes all of the events that are logged at the Error level. Logs errors that are related to the Symantec Protection Engine (for example, a protection engine handling error). No events are logged. Any settings change made on the Symantec Protection for SharePoint console is logged when you click Enter on the page.

127 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging 127 Table 6-2 Types of events for SMTP logging (continued) Event source Logging level Information Warning Error None Description Information that is related to system functionality (for example, Symantec Protection for SharePoint Servers has started or stopped) and any settings change made on the Symantec Protection for SharePoint console are logged. This level also includes all of the events that are logged at the Error level. There are no warning events for the system event source. Any settings change made on the Symantec Protection for SharePoint console is logged when you click Enter on the page. Errors that are related to system functionality (for example, an internal run-time error occurred, or an error while checking the IP or host name of the Symantec Protection Engine) and any settings change made on the Symantec Protection for SharePoint console are logged. Any settings change made on the Symantec Protection for SharePoint console is logged when you click Enter on the page. Configuring SMTP logging To configure SMTP logging, you must do the following tasks, in this order: Enable the notification system. Identify an SMTP server and port number for forwarding the log messages. Provide the default origin and destination information for the SMTP messages. Select the event categories for which SMTP messages must be generated.

128 128 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging You can choose separate sender and recipient addresses for each event category. You can also customize the message for each type of event. See Customizing SMTP messages on page 131. To enable or disable the notification system 1 On the Symantec Protection for SharePoint console, under Management, click notification settings. 2 Under Global Settings, select the Enable notification system check box. If this option is not selected, no notifications are sent for logged events. To identify an SMTP server and port number 1 On the Symantec Protection for SharePoint console, under Management, click notification settings. 2 Under Global Settings, in the SMTP Server Host or IP Address box, type the IP address or the host name of the SMTP server that will forward the SMTP messages. In the SMTPServerPort box, type the port number on which the SMTP server listens. It can be any number between 1 and The default setting is If the server requires authentication, do all of the following: User Name Password Type the user name. Type the password. To provide the default origin and destination information for SMTP messages 1 On the Symantec Protection for SharePoint console, under Management, click notification settings. 2 Under Global Settings, in the From Address box, type the default originating address. Format the address according to your company policies. For example: <username>@<domainname> where <username> is the sender's user name, and <domainname> is the appropriate domain name.

129 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging In the Server Display Name box, type the server name that you want to appear in the SMTP messages that are generated by the Symantec Protection for SharePoint Servers. The name must be identifiable by the recipient as relating to Symantec Protection for SharePoint Servers. If you do not specify an Server Display Name, the FromAddress appears in the From field for SMTP messages by default. 4 In the To Address box, type the address of the default recipient to whom the notifications are sent. Type multiple recipient addresses on separate lines. You can specify a maximum of 20 recipient addresses. 5 Click Save. To select the events for which SMTP messages should be generated 1 On the Symantec Protection for SharePoint console, under Management, click notification settings. 2 Select the Enable the notification system check box. See To enable or disable the notification system on page 128. This option enables SMTP logging for all event categories by default. 3 Under Virus Found Notification Settings, the Enable Notification option is selected by default. Clear the option if you do not want to set up this feature. You can also determine when you want the notifications to be sent by selecting any one of the following options: Always send an notification Sends s if an infected file is detected and also when an infected file is repaired. Send an notification when an infected file is detected Send an notification when an action is taken on an infected file Sends an only when an infected file is detected. Sends an only when an action is taken on an infected file. 4 Do one of the following:

130 130 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging To use the default sender and recipient address To specify a different sender and recipient Select the Use default sender and recipient check box. Do all of the following: Clear the Use default sender and recipient check box. In the From Address box, type the address that you want to appear in the From field in the message. In the Address Display Name box, type the address display name. In the To Address box, type the recipient address. You can specify a maximum of 20 recipients. Separate multiple entries with a line space. 5 Click Edit Template to customize the SMTP message. See Customizing SMTP messages on page Click Save. 7 Repeat steps 3 through 6 for the following event categories: Symantec Protection Engine Notification Settings Manual/Scheduled Scan Notification Settings Information Notification Settings Scanning Process Notification Settings Error Notification Settings. 8 Under Level of Notification, select the notification level for this notification from the drop-down list. This option applies to all of the notification settings except Virus Found Notification Settings. Symantec Protection for SharePoint Servers sends notifications of the selected type for each event category. 9 Click Save. Note: The settings configured for Notifications Settings page are replicated across all the servers in the SharePoint farm environment.

131 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging 131 Customizing SMTP messages When you configure SMTP logging, notifications are sent for the event categories that you enabled. Default message text is included for each type of event, but you can customize individual messages. You can use keywords to customize the messages. Each event category has the following default SMTP templates and trigger events: Table 6-3 Event categories and their default SMTP templates and events Event category Virus found notification Default SMTP template Virus Found Mail Event that triggers a notification A virus is found during a real-time scan, manual scan, or scheduled scan (Warning). Symantec Protection Engine notification Protection Engine Notify Mail The virus definition is older than the registered virus definitions with Symantec Protection for SharePoint Servers. (Warning) Symantec Protection Engine has gone offline (Warning) The check of Symantec Protection Engine is OK. (Information) Symantec Protection Engine is online. (Information) Start checking Symantec Protection Engine (Verbose) The check of Symantec Protection Engine is complete.(verbose) Manual/Scheduled Scan notification Manual/Schedule Scan Summary Mail At the end of a manual scan or scheduled scan, a mail that contains the scan summary is sent. (Information)

132 132 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging Table 6-3 Event categories and their default SMTP templates and events (continued) Event category Information notification Default SMTP template System Notify Mail Event that triggers a notification Start and stop of Symantec Protection for SharePoint Servers (Information) Start of SharePoint 2003/2007 Administration system (Information) Symantec Protection for SharePoint console as a SharePoint sub-system is being loaded.(information) Scanning Process notification Scan Process Notify Mail An error has occurred during a scan process. (Error) A scan process is aborted. (Warning) Unscannable content is found. (Warning) Encrypted content is found. (Warning) Files containing security risk is found. (Warning) A scan process has started. (Verbose) A scan process has ended. (Verbose) Error notification Error Notify Mail An undefined error was found (Error) About keywords Each default SMTP template has default text in the message body. You can customize the template by adding or deleting keywords. Table 6-4 lists the keywords that are available in the Virus Found Mail template.

133 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging 133 Table 6-4 Keywords Keywords to customize the Virus Found Mail template Description Date (%DataTimeStamp%) Description (%Description%) File size (%FileSize%) Infection count (%InfectCount%) Mail Server (%SendServer%) Mail Server Port (%SendServerPort%) Mail address Recipient (%SendTo%) Mail address Sender (%SendFrom%) Request Mode (%RequestMode%) Scan mode (%Mode%) Scan result (%Result%) Scan time (%ScanTime%) Source of notify (%Source%) Type of notify (%Notifytype%) URL/File Name (%URL%) Displays the date and time that the event occurred. Describes the status of the file after a scan. Displays the size of the file. Gives the number of infections within the file. In container files, there can be more than one infected file. Displays the host name or IP address of the mail server. Displays the port number of the mail server. Displays the recipient address that is entered in the To Address address box for the selected event. Displays the originating address that is entered in the From Address address box for the selected event Describes the type of request that is sent to Symantec Protection Engine. For any file, the first request type is a "scan." Based on the results, a second "clean" request is sent. Displays whether the scan is a real-time scan, manual scan, or a scheduled scan. Describes the action taken on the file (for example, infected but cleaned, deleted). Displays the amount of time that Symantec Protection Engine took to scan the file. Displays the server (host name or IP address) that is the subject of the event. Displays the type of event (information, warning, or error). Displays the path name of the file.

134 134 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging Table 6-4 Keywords Keywords to customize the Virus Found Mail template (continued) Description Virus information (%VirusString%) Displays details about the selected event (for example, virus details, action taken). Table 6-5 lists the keywords that are available in the Protection Engine Notify Mail. Table 6-5 Keywords Keywords to customize the Protection Engine Notify Mail template Description Date (%DataTimeStamp%) Mail Server (%SendServer%) Mail Server Port (%SendServerPort%) Mail address Recipient (%SendTo%) Mail address Sender (%SendFrom%) Protection engine host (%Host%) Protection engine information (%EngineInfo%) Protection engine port (%Port%) Protection engine State (%State%) Scan result (%Result%) Source of notify (%Source%) Displays the date and time that the event occurred. Displays the host name or IP address of the mail server. Displays the port number of the mail server. Displays the recipient address that is entered in the To Address address box for the selected event. Displays the originating address that is entered in the From Address address box for the selected event. Displays the host name or IP address of the Symantec Protection Engine. Displays the Symantec Protection Engine statistics including its software version, virus definition date, and revision number. Displays the port number of the Symantec Protection Engine. Displays the current state of the Symantec Protection Engine (online, offline, or disabled). Gives the result of the event. An example is Symantec Protection Engine check was successful. Displays the server (host name or IP address) that is the subject of the event.

135 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging 135 Table 6-5 Keywords Keywords to customize the Protection Engine Notify Mail template (continued) Description Type of command (%Commandtype%) Type of notify (%Notifytype%) Displays the type of command. An example is "Checking" when it is checking the status of the Symantec Protection Engine. Displays the type of event (information, warning, or error). Table 6-6 lists the keywords that are available in Manual/Schedule Scan Mail. Table 6-6 Keywords Keywords to customize the Manual/Schedule Scan Notify Mail template Description Clean Files (%CleanFilesCount%) Date (%DataTimeStamp%) Deleted Files (%DeletedFilesCount%) Encrypt Files (%EncryptFilesCount%) End Time Manual Scan (%EndTime%) Errors Files (%ErrorsFilesCount%) Exclude by extension (%ExcludeExtFilesCount%) Exclude by folder (%ExcludeFolderCount%) Files found (%CollectedFilesCount%) Infected Files (%InfectedFilesCount%) Displays the number of clean files after the manual or scheduled scan. Displays the date and time that the event occurred. Displays the number of files that were deleted after the manual or scheduled scan. Displays the number of encrypted files found during the manual or scheduled scan. Displays the time at which the scan was completed. Displays the number of files with errors found during the manual or scheduled scan. Shows how many files were excluded from the scan because their file extension was in the file extension exclusion list. Displays how many paths or directories were excluded from the scan. Displays the number of files that were found in the SharePoint document libraries. Displays the number of infected files found during the manual or scheduled scan.

136 136 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging Table 6-6 Keywords Keywords to customize the Manual/Schedule Scan Notify Mail template (continued) Description Item Text (%ItemText%) Mail Server (%SendServer%) Mail Server Port (%SendServerPort%) Mail address Recipient (%SendTo%) Mail address Sender (%SendFrom%) Processed Files (%ProcessedFilesCount%) Quarantined Files (%QuarantinedFilesCount%) Repairable Files (%RepairableFilesCount%) Repaired Files (%RepairedFilesCount%) Security Risk Files (%SecurityFilesCount%) Source of notify (%Source%) Start Time Manual Scan (%StartTime%) Type of Scan Schedule/Manual (%ScanRuntype%) Unscannable Files (%UnscannableFilesCount%) Gives the result of the event. Displays the host name or IP address of the mail server. Displays the port number of the mail server. Displays the recipient address that is entered in the To Address address box for the selected event. Displays the originating address that is entered in the From Address address box for the selected event Displays the number of files that were processed from the collected files. Displays the number of files that were quarantined as a result of a manual scan or scheduled scan. Displays the number of repairable files found during the manual scan or scheduled scan. Displays the number of files that were repaired during the manual scan or scheduled scan. Displays the number of files containing security risks found during the manual scan or scheduled scan. Displays the server (host name or IP address) that is the subject of the event. Shows the start time of the manual scan. Displays the scan type (manual scan or scheduled scan). Displays the number of unscannable files found during the manual or scheduled scan. Table 6-7 lists the keywords that are available in the System Notify Mail template.

137 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging 137 Table 6-7 Keywords Date (%DataTime Stamp%) Item ID (%ItemID%) Item Text (%ItemText%) Item Type (%ItemType%) Mail Server (%SendServer%) Mail Server Port (%SendServer Port%) Mail address Recipient (%SendTo%) Mail address Sender (%SendFrom%) Source of notify (%Source%) Keywords to customize the System Notify Mail template Description Displays the date and time that the event occurred. Unique ID given to the event. Displays a description of the event. An example is "Symantec Protection for SharePoint Servers is started." Displays the type of event (information, warning, or error). Displays the host name or IP address of the mail server. Displays the port number of the mail server. Displays the recipient address that is entered in the To Address address box for the selected event. Displays the originating address that is entered in the From Address address box for the selected event. Displays the server (host name or IP address) that is the subject of the event. Table 6-8 lists the keywords that are available in the Schedule Report send mail template. Table 6-8 Keywords Keywords to customize the Schedule Report send mail template Description Date (%DataTimeStamp%) End Time Manual Scan (%EndTime%) Job Name (%JobName%) Mail Server (%SendServer%) Displays the date and time that the event occurred. Displays the end date for the report data range. Displays the report name. Displays the host name or IP address of the mail server.

138 138 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging Table 6-8 Keywords Keywords to customize the Schedule Report send mail template (continued) Description Mail Server Port (%SendServerPort%) Mail address Recipient (%SendTo%) Mail address Sender (%SendFrom%) Report Status (%ReportStatus%) Report name (%Reportname%) Source of notify (%Source%) Start Time Manual Scan (%StartTime%) Displays the port number of the mail server. Displays the recipient address that is entered in the To Address address box for the selected event. Displays the originating address that is entered in the From Address address box for the selected event. Displays whether the report has been generated or not. If there is no data in the specified date range, then the appropriate message appears here. Displays the selected report source and report definition for the report. For example, Protection Engines-All Log Items. Displays the server (host name or IP address) that is the subject of the event. Displays the start date for the report data range. Table 6-9 lists the keywords that are available in the Scan Process Mail template. Table 6-9 Keywords Keywords for customizing the Scan Process Mail template Description Date (%DataTimeStamp%) Description (%Description%) File size (%FileSize%) Mail Server (%SendServer%) Mail Server Port (%SendServerPort%) Mail address Recipient (%SendTo%) Displays the date and time that the event occurred. Describes the status of the file after a scan. Displays the size of the file. Displays the host name or IP address of the mail server. Displays the port number of the mail server. Displays the recipient address that is entered in the To Address address box for the selected event.

139 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging 139 Table 6-9 Keywords Keywords for customizing the Scan Process Mail template (continued) Description Mail address Sender (%SendFrom%) Request Mode (%RequestMode%) Scan mode (%Mode%) Scan result (%Result%) Scan time (%ScanTime%) Source of notify (%Source%) Type of notify (%Notifytype%) URL/File Name (%URL%) Displays the originating address that is entered in the From Address address box for the selected event. Describes the type of request that is sent to the Symantec Protection Engine. For any file, the first request type is a "scan." Based on the results, a second "clean" request is sent. Displays whether the scan is a real-time scan, manual scan, or a scheduled scan. Describes the action taken on the file (for example, infected but cleaned, deleted). Displays the amount of time that Symantec Protection Engine took to scan the file. Displays the server (host name or IP address) that is the subject of the event. Displays the type of event (information, warning, or error). Displays the path name of the file. Table 6-10 lists the keywords that are available in the Error Notify Mail template. Table 6-10 Keywords Keywords for customizing the Error Notify Mail template Description Date (%DataTimeStamp%) Error ID (%ErrorID%) Error Module (%ErrorModule%) Displays the date and time that the event occurred. Displays the error code number. Displays the exact program module where the error has occurred. This information is meant for debugging purposes. You can view this information in the Windows Event Viewer as well.

140 140 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging Table 6-10 Keywords Keywords for customizing the Error Notify Mail template (continued) Description Error Source (%ErrorSource%) Error Stack (%ErrorStack%) Error Text (%ErrorText%) Mail Server (%SendServer%) Mail Server Port (%SendServerPort%) Mail address Recipient (%SendTo%) Mail address Sender (%SendFrom%) Source of notify (%Source%) Scan time (%ScanTime%) Source of notify (%Source%) Displays the source of the error. This information is meant for debugging purposes. You can view this information in the Windows Event Viewer as well. Displays the error stack information. This information is meant for debugging purposes. You can view this information in the Windows Event Viewer as well. Displays the error message. Displays the host name or IP address of the mail server. Displays the port number of the mail server. Displays the recipient address that is entered in the To Address address box for the selected event. Displays the originating address that is entered in the From Address address box for the selected event. Displays the server (host name or IP address) that is the subject of the event. Displays the amount of time that Symantec Protection Engine took to scan the file. Displays the server (host name or IP address) that is the subject of the event. To customize SMTP messages 1 On the Symantec Protection for SharePoint console, under Management, click notification settings. 2 Under any event category, click Edit Template. The Modify Template page appears. 3 In the Modify Template page, modify the subject text.

141 Monitoring Symantec Protection for SharePoint Servers activity About monitoring scanning activity To add a variable, in the Value Keyword list, click the drop-down menu, select the keyword that you want to insert, and then click Add. The variable is appended to the end of the subject. Cut and paste the variable to the desired location in the subject. 5 In the message body text, modify the existing text. 6 To add a variable from the Value Keyword list to the message body, click the drop-down menu, select the keyword that you want to insert, and then click Add. The variable is appended to the bottom of the message. Cut and paste the variable to the desired location in the message body. You can add text to identify the variable in the message. 7 Click Save to save your changes or click Cancel to discard the changes and go to the notifications page. 8 Repeat steps 2 through 7 for each type of event category for which you want to customize the message. About monitoring scanning activity The Symantec Protection for SharePoint Servers log files contain all log entries for all types of events. You can configure the location of the log file folder. The monitoring tools that are available through the Symantec Protection for SharePoint console let you organize and view only the log entries that you want to see. Table 6-11 describes how log entries are first organized by the types of event sources Table 6-11 Event source Event sources and logs Description of logs Scanning Process log Symantec Protection Engine log System log Displays logs related to virus scanning Displays logs related to the registered Symantec Protection Engines Displays logs related to system functionality You can specify a logging level (None, Error, Warning, Information, and Verbose) for each event source and a maximum storage time for the logs. You can further limit the display to only certain types of entries, or you can choose to display all logs for the selected event.

142 142 Monitoring Symantec Protection for SharePoint Servers activity About monitoring scanning activity Symantec Protection for SharePoint Servers displays the event source log data in a detailed report format or as a pie chart. You can also export and save the displayed log entries to a file. You can schedule the generation of reports to specified recipients. Configuring the log file folder location You can configure the location where Symantec Protection for SharePoint Servers logs the Scanning Process, Symantec Protection Engine, and System events. To configure the log file folder location 1 On the Symantec Protection for SharePoint console, under Management, click Log File settings. 2 Under Global Log File Settings, on the right pane, specify the path for the log file folder in the Log file location box. The default log file location is <Installdir>:\Program Files\Symantec\SharePoint\Logfiles. You can also set the path for the log file folder by typing the following at the command line: CmdSymScan set logfilefolder <parameter> To view the path of the log file folder, type the following at the command line: CmdSymScan show logfilefolder In a SharePoint farm environment, you cannot edit the default log file location. 3 Click Save. Setting the logging level for each event source Events related to each event source (Scanning Process, Symantec Protection Engine, and System) are logged to the log file folder. You can configure the logging level for each event source so that events of only the specified type are logged. Note: The settings configured for log files are replicated across all the servers in the SharePoint farm environment. See Table 6-2 on page 125.

143 Monitoring Symantec Protection for SharePoint Servers activity About monitoring scanning activity 143 To set the logging level for each event source 1 On the Symantec Protection for SharePoint console, under Management, click Log File settings. 2 Under Scanning Process Log File Settings, on the right pane, under Log file level, in the drop-down list, select the event logging level. By default, the logging level is Information for Scanning Process Log File Settings. 3 Click Save. 4 Repeat steps 2 through 3 for Symantec Protection Engine Log File Settings and System Log File Settings. By default, the logging level is Warning for Symantec Protection Engine Log File Settings and Information for System Log File Settings. Setting the maximum storage time for log files You can specify how long the log files are stored on the server. The default storage time is one month for each event source (Scanning Process, Symantec Protection Engine, and System). After the threshold is met, log files are over-written with new logs. If no new logs are created after the threshold is met, the old log files remain. Note: The settings configured for log files are replicated across all the servers in the SharePoint farm environment. To set the maximum storage time for the log files 1 On the Symantec Protection for SharePoint console, under Management, click Log File settings. 2 Under Scanning Process Log File Settings, on the right pane, under Maximum storage time, from the drop-down list, select the time frame threshold to store log files. The default setting is one month. 3 Click Save. 4 Repeat steps 2 through 3 for Symantec Protection Engine Log File Settings and System Log File Settings.

144 144 Monitoring Symantec Protection for SharePoint Servers activity About monitoring scanning activity Generating an on-demand report You can manually generate and analyze reports for a specified date range. You must select a report source (Protection Engines, Scan Processes, and System) and define the log data you want displayed. Symantec Protection for SharePoint Servers generates only detailed reports of all logs for Protection Engines and System. With the Scan Processes report source, you can generate a report of any of the following: Pie chart report of real-time statistics (Scan Statistic (Real-time)) Pie chart report of manual scan and scheduled scan statistics (Scan Statistic (Manual + Schedule)) Pie chart report of automatic rescan statistics (Scan Statistic (Auto Re-scan)) Pie chart report of real-time scan, auto rescan, manual scan, and scheduled scan statistics (Scan Statistic (All)) Detailed report of all logs (Detailed) List of all the infections found is generated and bar graph for a few of the latest infections found is displayed during real-time scan, auto rescan, manual scan, and scheduled scan (Infections found (all)) List of all the infections found is generated and bar graph for a few of the latest infections found is displayed during manual scan and scheduled scan (Infections found (manual/scheduled)) List of all the infections found is generated and bar graph for a few of the latest infections found is displayed (Infections found (Auto Re-scan)) List of all the infections found is generated and bar graph for a few of the latest infections found is displayed during real-time scanning (Infections found (real-time scanning)) The color legend explains what each color in the pie chart represents. Symantec Protection for SharePoint Servers displays a numerical statistical report beneath the pie chart. To generate an on-demand report 1 On the Symantec Protection for SharePoint console, under Report, click On-demand reports. 2 In the right pane, under Report Date Range, from the SharePoint Server drop-down list, select a server where your want the on-demand report to be generated. This option is available only for a SharePoint farm environment.

145 Monitoring Symantec Protection for SharePoint Servers activity About monitoring scanning activity Select the From and To date range for the report that you want to generate. 4 From the Report Source drop-down list, select a report source. 5 Select a Report Definition based on the data that you want to view. For Protection Engines and System, Symantec Protection for SharePoint Servers generates detailed reports of All Logs data only. For Scan Processes, select Scan Statistics (Real-time), Scan Statistics (Manual + Schedule), Scan Statistics (Auto Re-scan), Scan Statistics (All), Infections found (all), Infections found (Auto Re-scan), Infections found (manual/scheduled), Infections found (real-time scanning) or Detailed. 6 Click Show Report. You can save the report in a.pdf,.xls,.rtf, or.txt format. 7 In the report display, from the Format drop-down list, select a format. 8 Click the icon with a floppy disk graphic to save the report. 9 Click the Printer icon to print the report. Note: Reports are generated only if the logging levels are Information or Verbose. Scheduling a report You can schedule regular generation of reports and have them automatically ed to you. This feature makes remote monitoring of your SharePoint document library possible. You must first configure notifications before you try to schedule a report by . See Configuring SMTP logging on page 127. To schedule reports, you must do the following tasks: 1 Select a schedule. 2 Select from the default schedules or create a new schedule. 3 Select a report data range. Symantec Protection for SharePoint Servers collects data from within this specified date range. 4 Select a report source (Protection Engines, Scan Processes, or System) and report definition. These options determine the content of your scheduled report.

146 146 Monitoring Symantec Protection for SharePoint Servers activity About monitoring scanning activity 5 Select a report format. 6 Activate report generation by mail. 7 Specify the sender and recipient's address. 8 Edit the default schedule report template and save it. 9 Click Copy to copy the created report. This option is available only if there are two or more servers with Symantec Protection for SharePoint Servers installed. Note: The SharePoint Server Farm users must select a server to create a scheduled report. To select a schedule 1 On the Symantec Protection for SharePoint console, under Report, click Schedule reports. 2 On the right pane, click Create schedule report. 3 In the Name box, type the name that you want to identify this schedule report. 4 From the Schedule drop-down list, you can select one of the following default schedules: Daily (Every night at midnight) Monthly (Last day of the month at midnight) Weekly (Every Friday at midnight) 5 Click Edit to make changes to the default schedules. Note: If you edit any schedule, all reports that use the schedule are affected. If you click Delete, the entire schedule is deleted. 6 Click New to create a new schedule. Specify the following information for a new schedule: New Schedule name Type a scheduler name that will easily identify this schedule.

147 Monitoring Symantec Protection for SharePoint Servers activity About monitoring scanning activity 147 Schedule Type Select one of the following schedule types: Hourly: In the Run the schedule every drop-down list, select the hourly interval. Daily: In the Repeat after this number of days box, type the daily interval. Weekly: Under On the following days, check the days of the week on which you want to generate the report. Day of Month: Under Months and On day of month, select the month and the day of the month that you want to generate the report. Select the option LastDay under Ondayofmonth to schedule the report on the last day of the selected months. Once: There are no extra options to select for this schedule type. Start Time (hh:mm) Start Date (mm/dd/yyy) End Date (mm/dd/yyy) Specify the time that Symantec Protection for SharePoint Servers starts generating the report. Select the date that Symantec Protection for SharePoint Servers begins generating the report. Select the date after which Symantec Protection for SharePoint Servers should not generate reports. If you check "Never ends", the report generation will not end. If you select "Once" as the schedule type, the end date is not applicable. 7 Click Save to save the schedule you created. You can view this schedule in the Schedule drop-down list along with other default schedules. Note: If you click Delete, the entire schedule is deleted. To select a report data range, report source, and report format 1 Once you have selected a schedule, under Report data range, select a report data range from the drop-down list. Symantec Protection for SharePoint Servers collects data from within the specified data range and generates a report. 2 Under Report Source, from the drop-down list, select one of the following: Protection Engines

148 148 Monitoring Symantec Protection for SharePoint Servers activity About monitoring scanning activity Scan Processes System 3 Under Report Definition, select an entry based on the data you want in the report. For Protection Engines and System, Symantec Protection for SharePoint Servers generates detailed reports of All Logs data (Detailed) only. For Scan Processes, select from any of the following: Scan Statistics (Real-time), Scan Statistics (Manual + Schedule), Scan Statistics (All), Scan Statistics (Auto Re-scan), Detailed, (Infections found (all)), (Infections found (Auto Re-scan)), (Infections found (manual/scheduled)), (Infections found (real-time scanning)) or Detailed. 4 Under Report format, click the drop-down list and select one of the following report types: Adobe (pdf) Excel (xls) Word (rtf) Text (txt) To activate report generation by 1 Select the Activate this report generation check box to have the report generated and distributed by . If this option is not selected, generated reports are not distributed by . 2 Select the Use default sender and recipient check box if you want to use the default sender and recipient addresses as was specified in Global Settings under notification settings. 3 Clear the Use default sender and recipient check box if you want to specify different sender and recipient addresses. 4 In the From Address box, type the default originating address. Format the address according to your company policies. For example: <username>@<domainname> where <username> is the sender's user name, and <domainname> is the appropriate domain name.

149 Monitoring Symantec Protection for SharePoint Servers activity About quarantine management In the Address Display Name box, type the server name that you want to appear in the SMTP messages that are generated by the Symantec Protection for SharePoint Servers. The name must be easily identifiable by the recipient as relating to Symantec Protection for SharePoint Servers. 6 In the To Address box, type the address of the default recipient to whom the notifications are sent. Type multiple recipient addresses on separate lines. You can specify a maximum of 20 recipient addresses. 7 Click Save. If you click Delete, the entire schedule report is deleted. To edit the default scheduled report mail template 1 On the Symantec Protection for SharePoint console, under Management, click notification settings. 2 Under Information Notification Settings, click Edit Template to customize the SMTP message. The Modify Template page appears. 3 Under Template, click the drop-down menu and select Schedule Report Send Mail. 4 In the Modify Template page, modify the subject text. 5 To add a variable, in the Value Keyword list, click the drop-down menu, select the keyword that you want to insert, and then click Add. The variable is appended to the end of the subject. Cut and paste the variable to the desired location in the subject. See About keywords on page In the message body text, modify the existing text. 7 Click Save to save the settings or click Cancel to discard the changes and go to the notifications page. About quarantine management Symantec Protection for SharePoint Servers provides you the option to quarantine the infected files that are found during a manual scan or a scheduled scan. A copy of each of these files is available in the quarantine directory. You can view a list of all these quarantined files on the Quarantine Management page. The Quarantine Management page also lets you view file information such as file

150 150 Monitoring Symantec Protection for SharePoint Servers activity About quarantine management name, user name, server name, and quarantine location. You can also view the date and time of quarantine, reason for quarantine, and the file size. At a later stage, you can analyze the quarantined file. Note: The Quarantine Management page does not display files quarantined using older versions of Symantec Protection for SharePoint Servers. Based on your analysis, you can take one of the following appropriate actions: Restore the quarantined file Delete the quarantined file When you restore the quarantined file, Symantec Protection for SharePoint Servers restores the file at the location where you first uploaded the file on SharePoint. It also restores all the metadata that is associated with the file. Symantec Protection for SharePoint Servers thus ensures that no important data that is related to the file is lost due to the file being quarantined. When you delete the quarantined file, Symantec Protection for SharePoint Servers deletes the file from the quarantine directory and also deletes any associated metadata. Restoring quarantined files See Restoring quarantined files on page 150. See Deleting quarantined files on page 151. Symantec Protection for SharePoint Servers provides you the option to quarantine the infected files that are found during a manual scan or a scheduled scan. When a file is quarantined, Symantec Protection for SharePoint Servers creates a copy of each of the file in the quarantine directory. It also retains any metadata that is associated with the file. This metadata is not lost until you delete the quarantined file. You can view a list of all the quarantined files on the QuarantineManagement page. When you restore the quarantined file, Symantec Protection for SharePoint Servers restores the file at the location where you first uploaded it. It also restores all the metadata that is associated with the file. Symantec Protection for SharePoint Servers thus ensures that no important data that is related to the file is lost due to the file being quarantined.

151 Monitoring Symantec Protection for SharePoint Servers activity About quarantine management 151 To restore a quarantined file Deleting quarantined files 1 On the Symantec Protection for SharePoint console home page, under Management, click Quarantine Management. 2 On the Quarantine Management page, select the check box next to the file that you want to restore. In the SharePoint Server farm environment, you must select a server to view a list of quarantined files. 3 Click Restore Selection to restore the selected files. See About quarantine management on page 149. See Deleting quarantined files on page 151. Symantec Protection for SharePoint Servers provides you the option to quarantine the infected files that are found during a manual scan or a scheduled scan. When a file is quarantined, Symantec Protection for SharePoint Servers creates a copy of each of the file in the quarantine directory. It also retains any metadata that is associated with the file. This metadata is not lost until you delete the quarantined file. You can view a list of all the quarantined files on the QuarantineManagement page. Symantec Protection for SharePoint Servers provides the option to delete a quarantined file. When you delete the quarantined file, Symantec Protection for SharePoint Servers deletes the file from the quarantine directory and also deletes any associated metadata. To delete a quarantined file 1 On the Symantec Protection for SharePoint console home page, under Management, click Quarantine Management. 2 On the Quarantine Management page, select the check box against the file that you want to delete. In the SharePoint server farm environment, you must select a server to view a list of quarantined files. 3 Click Delete Selection to delete to the selected files. See About quarantine management on page 149. See Restoring quarantined files on page 150.

152 152 Monitoring Symantec Protection for SharePoint Servers activity About quarantine management

153 Chapter 7 Troubleshooting Symantec Protection for SharePoint Servers This chapter includes the following topics: About troubleshooting common issues About troubleshooting common issues You can troubleshoot the following list of common issues seen in Symantec Protection for SharePoint Servers: Symantec Protection for SharePoint Servers link is missing from the SharePoint Central Administration site Unable to access the Symantec Protection Engine console Symantec Protection Engine registration fails Slow server response or high server load No reports are generated Connection failed error message Failure sending mail error message Unable to remember the console password Error 1722 when installing Symantec Protection Engine Scanning process error messages Unable to view information on the SharePoint Server Farm overview page

154 154 Troubleshooting Symantec Protection for SharePoint Servers About troubleshooting common issues Symantec Protection for SharePoint Servers link is missing from the SharePoint Central Administration site After the first installation of the product or after a Microsoft SharePoint upgrade, the link to Symantec Protection for SharePoint Servers might not appear. If this issue occurs, try the following steps: Determine if you have installed the Symantec Protection for SharePoint console on the correct server in a farm environment. See About deployment options (standalone and farm environments) on page 22. Access the console through the Internet Explorer and ensure that you have the correct server name and port number in the URL. See To access the console through Internet Information Services (IIS) Manager on page 67. Determine whether the Symantec Protection for SharePoint Servers service is installed and started. See To determine whether the Symantec Protection for SharePoint Servers service is installed and started on page 154. Reload Symantec Protection for SharePoint Servers. Restart the SharePoint server. Reset the Internet Information Services (IIS) Manager. To determine whether the Symantec Protection for SharePoint Servers service is installed and started 1 Click Start > Programs > Administrative Tools > Computer Management. 2 In the ComputerManagementwindow, in the left pane, expand Servicesand Applications, and then click Services. 3 In the right pane, scroll down to Symantec Protection for SharePoint Servers. The status of the Symantec Protection for SharePoint Servers service appears in the Status column. If the Symantec Protection for SharePoint Servers service is stopped, nothing appears in the Status column. Right-click on Symantec Protection for SharePoint Servers and select Start to restart the service. To reset the Internet Information Services (IIS) Manager From the command prompt, run IISRESET.

155 Troubleshooting Symantec Protection for SharePoint Servers About troubleshooting common issues 155 Unable to access the Symantec Protection Engine console To access the Symantec Protection Engine console, launch a Web browser on any computer on your network that can access the server that is running Symantec Protection Engine. See Accessing the Symantec Protection Engine console on page 103. Ensure that you type https instead of http. The default port number is However, ensure that you enter the same port number that you configured while installing Symantec Protection Engine. See Installing only Symantec Protection Engine using the installation wizard on page 45. Symantec Protection Engine registration fails If you receive an error message "Cannot connect to host or IP address" when you try to register a Symantec Protection Engine, do the following steps: Determine whether the Symantec Protection Engine service is started See To determine whether the Symantec Protection Engine service is started on page 155. Determine whether a valid license is installed See To determine whether a valid Symantec Protection Engine license is installed on page 156. To determine whether the Symantec Protection Engine service is started 1 Click Start > Programs > Administrative Tools > Computer Management. 2 In the Computer Management window, in the left pane, expand Services and Applications, and then click Services. 3 In the right pane, scroll down to Symantec Protection Engine. The status of the Symantec Protection Engine service appears in the Status column. If the Symantec Protection Engine service status is stopped, nothing appears in the Status column. 4 Right-click on Symantec Protection Engine and select Start to restart the service.

156 156 Troubleshooting Symantec Protection for SharePoint Servers About troubleshooting common issues To determine whether a valid Symantec Protection Engine license is installed 1 Open the Symantec Protection Engine console. See Accessing the Symantec Protection Engine console on page On the primary navigation bar, click System. If no license has been installed, when you open the console, the System tab appears by default. See Installing the license file on page Once you install a valid license, access the Symantec Protection for SharePoint console and try to register the Symantec Protection Engine again. See Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers on page 93. Slow server response or high server load Symantec Protection for SharePoint Servers allocates a specified number of threads for concurrent scans. Scan requests are processed concurrently during manual scans or scheduled scans which causes scans to complete faster.for example, if you specify five threads, then five documents are scanned simultaneously. When the number of threads exceeds 25, you will notice a slow server response or a higher server load. To reduce the number of threads 1 From the Symantec Protection for SharePoint console home page, under Global Settings, click Manual and scheduled scan. 2 Under Optional Settings, reduce the number entered in the box Number of threads. 3 The recommended number of threads for an optimal performance is Click Save. No reports are generated Symantec Protection for SharePoint Servers does not generate reports (on-demand reports or scheduled reports) when there is no data in the log files for the specified report type and data range. The absence of data in the log files can be due to any of the following reasons: No significant event has occurred for the report source, report definition, and data range that you specified Check the log files folder to verify if events are logged for the date range, and report source you specified.

157 Troubleshooting Symantec Protection for SharePoint Servers About troubleshooting common issues 157 See About SMTP logging on page 124. The log file level is set at a higher logging level If the scanning process log file level is set at Warning but only events that come under Information or Verbose have occurred, then the log file will contain no data. Try lowering the log file level to Verbose and generate a report again. See Setting the logging level for each event source on page 142. The log files have been deleted after the maximum storage duration The maximum storage duration for log files is one month by default. The log files are over-written with new event logs after the maximum storage duration. You can increase the maximum storage duration limit also. See Setting the maximum storage time for log files on page 143. Connection failed error message If an error message Symantec Protection 6.0 for SharePoint Servers connection failed. Please check that the 'Symantec Protection 6.0 for SharePoint Servers' service is started or contact your administrator. appears when the Symantec Protection 6.0 for SharePoint Servers service is restarted, try the following: Verify if the Symantec Protection 6.0 for SharePoint Servers service is started. If the service is started, refresh the Internet Explorer browser. Verify if the service logon user account has the necessary permissions. To verify if the Symantec Protection for SharePoint Servers service is started 1 Click Start > Programs > Administrative Tools > Computer Management. 2 In the Computer Management window, in the left pane, expand Services and Applications, and then click Services. 3 In the right pane, scroll down to Symantec Protection for SharePoint Servers. The status of the Symantec Protection for SharePoint Servers service appears in the Status column. If the Symantec Protection for SharePoint Servers service status is stopped, nothing appears in the Status column.right-click on Symantec Protection for SharePoint Servers and select Start to restart the service. To verify if the service logon user account has the necessary permissions 1 Click Start > Programs > Administrative Tools > Computer Management. 2 In the Computer Management window, in the left pane, expand Services and Applications, and then click Services. 3 In the right pane, scroll down to Symantec Protection for SharePoint Servers.

158 158 Troubleshooting Symantec Protection for SharePoint Servers About troubleshooting common issues 4 Right-click on Symantec Protection for SharePoint Servers and select Properties. 5 Click the Log on tab. The current log on user account is selected under "Log on as". If Local System account is selected, the user account will not have the necessary permissions to access the SQL database and Symantec Protection Engine installed on other servers. 6 Select This account and specify the user name and password for the account used to log on to the Symantec Service. The user account must be a member of the Local Administrators Group on the computer on which the SharePoint server is installed. If the SQL server is on a separate computer, the user account must be a member of the Local Administrators Group on that computer as well. The user account must be of a user who configured SharePoint farm using SharePoint Configuration and Technology wizard. The user name must be in the format domain\username or computer\username. 7 Type the password again in the Confirm password box. 8 Click Ok. Failure sending mail error message If an error message "Error in System: Failure sending mail" appears in the notification settings page, try the following steps: Verify the accuracy of the Global Settings details in the notification settings page. See Configuring SMTP logging on page 127. Read the System logs to determine the cause of the error. The default location is <installdir>:\program Files\Symantec\SharePoint\Logfiles\system. Read the entries in Symantec AntiVirus in the Event Viewer. Unable to remember the console password If you forget the console password, you can reset the password. The command line tool CmdSymScan lets you remove the password. It is located at the location <installdir>:\program Files\Symantec\SharePoint. Type the following command in the command prompt:

159 Troubleshooting Symantec Protection for SharePoint Servers About troubleshooting common issues 159 cmdsymscan clearconsolepassword You are not prompted for a password again. Error 1722 when installing Symantec Protection Engine To troubleshoot this error message, try the following steps: 1 Change the values of the TEMP and TMP environment variables to a different temporary folder. 2 Try installing Symantec Protection Engine once again. Scanning process error messages You may encounter error messages in the log files while performing a manual scan or a real time scan. You need to change the settings of the backlog size. Following are the error messages in the log files: An error was detected during the scanning process. Error: Protection Engine: 500 Server Error. Please contact your administrator to verify this message. The scanning process was aborted. Message: Protection Engine: 0. Please contact your administrator to verify this message. The scanning process was aborted. Message:. Please contact your administrator to verify this message. To scan process error messages 1 On a Windows server, go to the configuration.xml file in the following default location: C:\Program Files\Symantec\Scan Engine\ 2 Set the ConnectionBacklog value parameter in the configuration.xml file to Stop and start Symantec Protection Engine to implement the changes. Unable to view information on the SharePoint Server Farm overview page When you install Symantec Protection for SharePoint console on a new front-end Web server or central administration server, you may not view any information on the SharePoint Server Farm overview page. To view the information on the SharePointServerFarmoverview page, you need to restart Symantec Protection for SharePoint Servers service on all the servers where you have installed it.

160 160 Troubleshooting Symantec Protection for SharePoint Servers About troubleshooting common issues

161 Appendix A Error codes This appendix includes the following topics: About error codes and messages About error codes and messages Symantec Protection for SharePoint Servers has several error codes and messages that are logged into the Event log, displayed on the console, and sent by . Table A-1 describes the error codes, its type, the action taken by Symantec Protection for SharePoint Servers, and the message shown on the console. Table A-1 Possible errors, codes, and their description Error Code Action Message Comments/Solution 2041 Mail and Event Log entry Symantec Protection 6.0 for SharePoint Servers is stopping. Type: Information The Symantec Protection for SharePoint Servers service is stopping Mail and Event Log entry Symantec Protection 6.0 for SharePoint Servers has stopped. Type: Information The Symantec Protection for SharePoint Servers service has stopped Mail and Event Log entry Symantec Protection 6.0 for SharePoint Servers is starting. Type: Information The Symantec Protection for SharePoint Servers service is starting.

162 162 Error codes About error codes and messages Table A-1 Possible errors, codes, and their description (continued) Error Code Action Message Comments/Solution 2044 Mail and Event Log entry Symantec Protection 6.0 for SharePoint Servers has started. Type: Information The Symantec Protection for SharePoint Servers service has started Mail, Event Log entry and GUI message Check for protection engine failed. Error: Error TextType: Error Undefined error while checking for Symantec Protection Engine GUI message Please check that the Symantec Protection 6.0 for SharePoint Servers service is started or contact your administrator. Type: Information The connection between the SharePoint server and Symantec Protection for SharePoint console cannot be established. Check the services. Restart the services if they have stopped Mail, and Event Log entry Function check protection engine state, error text Type: Error An undefined error has occurred while checking the Symantec Protection Engine status.

163 Error codes About error codes and messages 163 Table A-1 Possible errors, codes, and their description (continued) Error Code Action Message Comments/Solution 8003 Mail, Event Log entry and GUI message All virus scanners are at maximum load. Please try again later. The file has not been saved. Please contact your administrator for more information. Type: Error All registered Symantec Protection Engines are at their maximum load. Symantec Protection Engine has 128 threads for scanning by default. Modify the maximum number of available threads through the Symantec Protection Engine console. For more information, see the Symantec Protection Engine Implementation Guide.

164 164 Error codes About error codes and messages

165 Index A adware security risks 118 Allow auto rescan 76 Allow users to download infected documents 76 AntiVirus Settings 76 Attempt to clean infected documents 76 auto check interval 99 C Central Administration starting 58 Central Administration page determine port number 66 launch through Internet Explorer 66 configuration options, connector registering protection engine 93 configuration options, console list 73 manual and scheduled scans 80 configuration options,console real-time scanning 76 container file 17 content license 109 cycle mode 21 D decomposer 18 default quarantine location 17 definitions updating using LiveUpdate 114 using Rapid Release 115 deleting unrepairable files 86 denial of service attacks 24 deployment options 22 downloading files from SharePoint description 15 E error codes and messages 161 Error notification 131 event source logging level 142 exclude file extensions 82 exclude folders from scans 83 F feature links 70 file handling rules 86 file types to scan protection engine 108 G global manual and scheduled scan options configure 81 global settings 70 H home page, administration obtaining status information 123 I ICAP configure options 105 default protocol 105 ICAP-specific settings bind address 105 configure 105 data trickle 105 port number 105 scan policy 105 Infection Auto Rescan 76 Information notification 131 install only the Symantec Protection Engine install only the Symantec Protection for SharePoint console 39 install Symantec Protection 6.0 for SharePoint Servers (Full Install) 39

166 166 Index installation options about 39 install only the Symantec Protection Engine install only the Symantec Protection for SharePoint console 39 install Symantec Protection 6.0 for SharePoint Servers (Full Install) 39 installation wizard install only Symantec Protection Engine 45 Symantec Protection for SharePoint console 51 Symantec Protection for SharePoint Servers 40 installing Symantec Protection for SharePoint console 50 J J2SE Runtime Environment (JRE) 5.0 Update K keywords about 132 error notify mail template 132 manual/schedule scan notify mail template 132 protection engine notify mail template 132 scan process mail template 132 schedule report send mail template 132 system notify mail template 132 virus found mail template 132 L license content license 109 locating the serial number 111 product license 109 license activation 110 licensing installing 112 license file installing 112 obtaining 111 obtaining a license file 111 serial number 111 types of licenses 109 LiveUpdate about 114 automatic 114 licensing requirement 109 on demand 115 LiveUpdate (continued) updating definitions automatically 114 on demand 115 load balancing 98 log file folder location configure 142 log files default location 19 logging configure SMTP logging 19 event source 141 event sources 124 report sources 19 SMTP 19, 124 standard about 141 logging level 124 logout feature 74 M management 70 manual scans about 15 deleting unrepairable files 86 perform 91 starting a scan 91 manual scans and scheduled scans about 80 Manual/Scheduled Scan notification 131 maximum storage time 143 Microsoft Internet Information Server (IIS) 27 Microsoft Office SharePoint Server Microsoft Systems Management Server Microsoft Windows 2000 Server/ Server MIME-encoded messages 18 MOSS N navigation links 70 number of scan threads 83 O on-demand report generate 144

167 Index 167 P password configuration logout 74 post-installation tasks 57 priority mode 21 product license 109 Product licenses 109 protection, updating using LiveUpdate 114 using Rapid Release 115 Q quarantine location 85 Quarantine Management About 149 delete quarantined file 151 restore quarantined file 150 R Rapid Release about 115 automatic update 116 automatic updates 116 on demand updates 117 real-time scanning configure 76 options 14 real-time scans about 14 configuring 76 Red Hat Linux 23 registering protection engine adding protection engines 96 deleting a protection engine 96 description 93 editing a protection engine entry 96 remote installation about 45 Microsoft Systems Management Server systems Center Configuration Manager report on-demand 144 schedule 145 Reports 70 Rescan when encrypted file is detected 76 Rescan when infected file is detected 76 Rescan when security risk file is detected 76 Rescan when unscannable file is detected 76 S Scan documents on download 76 Scan documents on upload 76 Scan on entire SharePoint Server 76 scan statistics 88, 121 scanning activity monitoring 141 scanning all file versions 84 scanning mode 98 scanning modes 21 Scanning Process notification 131 scans licensing requirements 109 schedule report activate 145 how 20, 145 scheduled scans about 15 configuring 89 deleting unrepairable files 86 scheduled scans and manual scans about 15 preserve bandwidth and time 17 quarantine 17 scheduling scans 89 security risks categories of 118 configuration.xml 118 detecting 118 serial numbers, licensing 111 service logon account change 68 SharePoint Portal Server silent installation default configuration values 53 Symantec Protection for SharePoint console 53 Simple Mail Transfer Protocol (SMTP) 19 SMTP events 127 SMTP logging about 121, 124 configure 127 configuring 124 customizing messages 131 default origin and destination information 127 identifying SMTP server 127

168 168 Index SMTP logging (continued) providing origination and destination information 127 server and port number 127 types of events 124 SMTP messages customizing 131 default SMTP template 131 error notify mail 131 event category 131 manual/schedule scan summary mail 131 protection engine notify mail 131 scan process notify mail 131 system notify mail 131 virus found mail 131 SPS spyware security risks 118 status pane about 72, 123 connections 123 Symantec Protection Engines Status 123 Sun Solaris 23 Symantec AntiVirus 4.3 for Microsoft SharePoint 11, 54 Symantec AntiVirus Corporate Edition 28 Symantec Protection Engine access console 103 add,remove,edit,view 96 adding a protection engine 96 communication protocol settings 105 configuring ICAP 105 container files 24 cyclic mode 98 deleting a protection engine 96 description 93 editing an entry 96 enable 93 file types 108 host or IP address 93 ICAP 105 installation wizard 45 installing 45 license activation 110 licensing 109 load balancing 98 platforms 23 priority 93 priority mode 98 Symantec Protection Engine (continued) Rapid Release 116 register 93 registering with connector 93 scan policies 18 specifying which file types to scan 108 system requirements 32 System requirements to install Symantec Protection Engine on Linux 35 System requirements to install Symantec Protection Engine on Solaris 34 System requirements to install Symantec Protection Engine on Windows 33 TCP/IP port 93 uninstall 62 uninstall on Windows 2000 Server/Server uninstall using product CD 62 version 12 virus protection 24 Symantec Protection Engine auto check 99 Symantec Protection Engine notification 131 Symantec Protection Engines link on the console 70 Symantec Protection for SharePoint console about 12, 65 configure password 74 hardware requirements 31 how to access 66 installing 50 operating system requirements 31 options to configure 73 password configuration 74 platforms 23 silent installation 53 silent uninstall 60 silently uninstall and log uninstallation events 60 software requirements 31 system requirements 31 uninstalling 60 Symantec Protection for SharePoint console home page about 70 feature links 70 global settings 70 management 70 navigation links 70 reports 70

169 Index 169 Symantec Protection for SharePoint console home page (continued) status pane 72 Symantec Protection Engines 70 Symantec Protection for SharePoint Servers about 11 before you install 27 caching 14 Central Administration 58 components 12 configuring 73 deployment options download a file 15 error codes 161 farm environment 22, 58 handle large scanning volumes 21 how it works 13 installation options 39 installation wizard 40 installing 36 keep product up-to-date 113 log files 141 logging and notifications 19 monitoring 13, 121 more information 25 on-demand reports 20 post-installation tasks 57 real-time scanning of files 13 remote installation 45 repair or modify 54 reporting 13 scanning modes 21 scheduled reports 20 scheduled scans and manual scans 13 SharePoint versions supported 11 software components 12 standalone environment 22 status pane 123 system requirements 29 troubleshoot common issues 153 link missing 154 uninstalling 59 upgrade 36 upload a file 15 What's new 12 when a file is scanned 17 working 13 Symantec Protection for SharePoint Servers integrated installation about installing 40 hardware requirements 30 operating system 30 software requirements 30 system requirements 30 System log files 40 system requirements 29 Systems Center Configuration Manager T Take a Symantec Protection Engine offline 99 Threshold time 99 Trojan horses 24 U uninstalling Symantec Protection for SharePoint Servers 59 uploading files to SharePoint description 15 V virus definition automatically check 99 check 99 manually check 99 Rapid Release definitions 116 virus definitions files 99 Virus found notification 131 virus protection 24 virus scanning how scanning works 17 manual 15 real-time 14 scheduled 15 W Windows Application Event Log 40 Windows Server Windows SharePoint Services Windows SharePoint Services worm 24 WSS WSS