Symantec Protection for SharePoint Servers Implementation Guide

Transcription

1 Symantec Protection for SharePoint Servers Implementation Guide

2 2 Symantec Protection for SharePoint Servers Implementation Guide The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version 5.1a Legal Notice Copyright 2008 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party ( Third Party Programs ). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON- INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR and subject to restricted rights as defined in FAR Section Commercial Computer Software - Restricted Rights and DFARS , Rights in Commerical Computer Software or Commerical Computer Software Documentation, as applicable, and any successor regulations. Any use, modification, reporoduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S Government shall be solely in accordance with the terms of this Agreement.

3 3 Symantec Corporation Stevens Creek Blvd. Cupertino, CA

4 4 Technical support Contacting Technical Support Symantec Technical Support maintains support centers globally. Technical Support s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Secuirty Response to provide alerting services and virus definition updates. Symantec s maintenance offerings include the following: A range of support options that give you the flexibility to select the right amount of service for any site organization Telephone and Web-based support that provides rapid response and up-tothe-minute information Upgrade assurance that delivers automatic software upgrade protection Global support that is available 24 hours a day, 7 days a week Advanced features, including Account Management Services For information about Symantec s Maintenance Programs, you can visit our Web site at the following URL: Customers with a current maintenance agreement may access Technical Support information at the following URL: Before contacting Technical Support, make sure that you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem. When you contact Technical Support, please have the following information available: Product release level Hardware information Available memory, disk space, and NIC information Operating system Version and patch level Network topology Router, gateway, and IP address information Problem description:

5 5 Error messages and log files Troubleshooting that was performed before contacting Symantec Recent software configuration changes and network changes Licensing and registration Customer Service If your Symantec product requires registration or a license key, access our technical support Web page at the following URL: Customer service information is available at the following URL: Customer Service is available to assist with the following types of issues: Questions regarding product licensing or serialization Product registration updates such as address or name changes General product information (features, language availability, local dealers) Latest information about product updates and upgrades Information about upgrade assurance and maintenance contracts Information about the Symantec Buying Programs Advice about Symantec s technical support options Nontechnical presales questions Issues that are related to CD-ROMs or manuals Maintenance agreement resources If you want to contact Symantec regarding an existing maintenance agreement, please contact the maintenance agreement administration team for your region as follows: Asia-Pacific and Japan: [email protected] Europe, Middle-East, and Africa: [email protected] North America and Latin America: [email protected] Additional enterprise services Symantec offers a comprehensive set of services that allow you to maximize your investment in Symantec products and to develop your knowledge,

6 6 expertise, and global insight, which enable you to manage your business risks proactively. Enterprise services that are available include the following: Symantec Early Warning Solutions Managed Security Services Consulting services Educational Services These solutions provide early warning of cyber attacks, comprehensive threat analysis, and countermeasures to prevent attacks before they occur. These services remove the burden of managing and monitoring security devices and events, ensuring rapid response to real threats. Symantec Consulting Services provide on-site technical expertise from Symantec and its trusted partners. Symantec Consulting Services offer a variety of prepackaged and customizable options that include assessment, design, implementation, monitoring and management capabilities. Each is focused on establishing and maintaining the integrity and availability of your IT resources. Educational Services provide a full array of technical training, security education, security certification, and awareness communication programs. To access more information about Enterprise services, please visit our Web site at the following URL: Select your country or language from the site index.

7 Symantec Corporation Software License Agreement SYMANTEC CORPORATION AND/OR ITS SUBSIDIARIES ("SYMANTEC") IS WILLING TO LICENSE THE LICENSED SOFTWARE TO YOU AS THE INDIVIDUAL, THE COMPANY, OR THE LEGAL ENTITY THAT WILL BE UTILIZING THE LICENSED SOFTWARE (REFERENCED BELOW AS "YOU" OR "YOUR") ONLY ON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS OF THIS LICENSE AGREEMENT. READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT CAREFULLY BEFORE USING THE LICENSED SOFTWARE. THIS IS A LEGAL AND ENFORCEABLE CONTRACT BETWEEN YOU AND SYMANTEC. BY OPENING THE LICENSED SOFTWARE PACKAGE, BREAKING THE LICENSED SOFTWARE SEAL, CLICKING THE "I AGREE" OR "YES" BUTTON OR OTHERWISE INDICATING ASSENT ELECTRONICALLY, OR LOADING THE LICENSED SOFTWARE OR OTHERWISE USING THE LICENSED SOFTWARE, YOU AGREE TO THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT. IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS, CLICK THE "I DO NOT AGREE" OR "NO" BUTTON OR OTHERWISE INDICATE REFUSAL AND MAKE NO FURTHER USE OF THE LICENSED SOFTWARE. UNLESS OTHERWISE DEFINED HEREIN, CAPITALIZED TERMS WILL HAVE THE MEANING GIVEN IN THE DEFINITIONS SECTION OF THIS LICENSE AGREEMENT AND SUCH CAPITALIZED TERMS MAY BE USED IN THE SINGULAR OR IN THE PLURAL, AS THE CONTEXT REQUIRES. 1. Definitions: Content Updates means content used by eertain Symantec products which is updated from time to time, including but not limited to: updated antispyware products; updated antispam rules for antispam products; updated virus definitions for antivirus and crimeware products; updated URL lists for content filtering and antiphishing products; updated firewall rules for firewall products; updated intrusion detection data for intrusion detection products; updated lists of authenticated web pages for website authentication products; updated policy compliance rules for policy compliance products; and updated vulnerability signatures for vulnerability assessment products. Documentation means the user documentation Symantec provides with the Licensed Software. License Instrument means one or more of the following applicable documents which further defines Your license rights to the Licensed Software: a Symantec license certificate or a similar license document issued by Symantec, or a written agreement between You and Symantec, that accompanies, precedes or follows this License Agreement. Licensed Software means the Symantec software product, in object code form, accompanying this License Agreement, including any Documentation included in, or provided for use with, such software or that accompanies this License Agreement. Support Certificate means the certificate sent by Symantec confirming Your purchase of the applicable Symantec maintenance/support for the Licensed Software. Upgrade means any version of the Licensed Software that has been released to the public and which replaces the prior version of the Licensed Software on Symantec s price list pursuant to Symantec s thencurrent upgrade policies. Use Level means the license use meter or model (which may include operating system, hardware system, application or machine tier limitations, if applicable) by which Symantec measures, prices and licenses the right to use the Licensed Software, in effect at the time an order is placed for such Licensed Software, as indicated in this License Agreement and the applicable License Instrument. 2. License Grant Subject to Your compliance with the terms and conditions of this License Agreement, Symantec grants to You the following rights: (i) a non-exclusive, non-transferable (except as stated otherwise in Section 16.1) license to use the Licensed Software solely in support of Your internal business operations in the quantities and at the Use Levels described in this License Agreement and the applicable License Instrument; and (ii) the right to make a single uninstalled copy of the Licensed Software for archival purposes which You may use and install for disaster-recovery purposes (i.e. where the primary installation of the Licensed Software becomes unavailable for use). 2.1 Term The term of the Licensed Software license granted under this License Agreement shall be perpetual (subject to Section 14) unless stated otherwise in Section 17 or unless You have obtained the Licensed

8 Software on a non-perpetual basis, such as, under a subscription or term-based license for the period of time indicated on the applicable License Instrument. If You have obtained the Licensed Software on a nonperpetual basis, Your rights to use such Licensed Software shall end on the applicable end date as indicated on the applicable License Instrument and You shall cease use of the Licensed Software as of such applicable end date. 3.License Restrictions You may not, without Symantec s prior written consent, conduct, cause or permit the: (i) use, copying, modification, rental, lease, sublease, sublicense, or transfer of the Licensed Software except as expressly provided in this License Agreement; (ii) creation of any derivative works based on the Licensed Software; (iii) reverse engineering, disassembly, or decompiling of the Licensed Software (except that You may decompile the Licensed Software for the purposes of interoperability only to the extent permitted by and subject to strict compliance under applicable law); (iv) use of the Licensed Software in connection with service bureau, facility management, timeshare, service provider or like activity whereby You operate or use the Licensed Software for the benefit of a third party; (v) use of the Licensed Software by any party other than You; (vi) use of a later version of the Licensed Software other than the version that accompanies this License Agreement unless You have separately acquired the right to use such later version through a License Instrument or Support Certificate; nor (vii) use of the Licensed Software above the quantity and Use Level that have been licensed to You under this License Agreement or the applicable License Instrument. 4.Ownership/Title The Licensed Software is the proprietary property of Symantec or its licensors and is protected by copyright law. Symantec and its licensors retain any and all rights, title and interest in and to the Licensed Software, including in all copies, improvements, enhancements, modifications and derivative works of the Licensed Software. Your rights to use the Licensed Software shall be limited to those expressly granted in this License Agreement. All rights not expressly granted to You are retained by Symantec and/or its licensors. 5.Content Updates If You purchase a Symantec maintenance/support offering consisting of or including Content Updates, as indicated on Your Support Certificate, You are granted the right to use, as part of the Licensed Software, such Content Updates as and when they are made generally available to Symantec s end user customers who have purchased such maintenance/support offering and for such period of time as indicated on the face of the applicable Support Certificate. This License Agreement does not otherwise permit You to obtain and use Content Updates. 6.Upgrades/Cross-grades Symantec reserves the right to require that any upgrades (if any) of the Licensed Software may only be obtained in a quantity equal to the number indicated on the applicable License Instrument. An upgrade to an existing license shall not be deemed to increase the number of licenses which You are authorized to use. Additionally, if You upgrade a Licensed Software license, or purchase a Licensed Software license listed on the applicable License Instrument to cross-grade an existing license (i.e. to increase its functionality, and/ or transfer it to a new operating system, hardware tier or licensing meter), then Symantec issues the applicable Licensed Instrument based on the understanding that You agree to cease using the original license. Any such license upgrade or crossgrade is provided under Symantec's policies in effect at the time of order. This License Agreement does not separately license You for additional licenses beyond those which You have purchased, and which have been authorized by Symantec as indicated on the applicable License Instrument. 7.Limited Warranty 7.1. Media Warranty If Symantec provides the Licensed Software to You on tangible media, Symantec warrants that the magnetic media upon which the Licensed Software is recorded will not be defective under normal use, for a period of ninety (90) days from delivery. Symantec will replace any defective media returned to Symantec within the warranty period at no charge to You. The above warranty is inapplicable in the event the Licensed Software media becomes defective due to unauthorized use of the Licensed Software. THE FOREGOING IS YOUR SOLE AND EXCLUSIVE REMEDY FOR SYMANTEC S BREACH OF THIS WARRANTY Performance Warranty Symantec warrants that the Licensed Software, as delivered by Symantec and when used in accordance with the Documentation, will substantially conform to the Documentation for a period of ninety (90) days from delivery. If the Licensed Software does not comply with this warranty and such non-compliance is reported by You to Symantec within the ninety (90) day warranty period, Symantec will do one of the

9 following, selected at Symantec s reasonable discretion: either (i) repair the Licensed Software, (ii) replace the Licensed Software with software of substantially the same functionality, or (iii) terminate this License Agreement and refund the relevant license fees paid for such non-compliant Licensed Software. The above warranty specifically excludes defects resulting from accident, abuse, unauthorized repair, modifications or enhancements, or misapplication. THE FOREGOING IS YOUR SOLE AND EXCLUSIVE REMEDY FOR SYMANTEC S BREACH OF THIS WARRANTY. 8.Warranty Disclaimers TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE WARRANTIES SET FORTH IN SECTIONS 7.1 AND 7.2 ARE YOUR EXCLUSIVE WARRANTIES AND ARE IN LIEU OF ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS. SYMANTEC MAKES NO WARRANTIES OR REPRESENTATIONS THAT THE LICENSED SOFTWARE, CONTENT UPDATES OR UPGRADES WILL MEET YOUR REQUIREMENTS OR THAT OPERATION OR USE OF THE LICENSED SOFTWARE, CONTENT UPDATES, AND UPGRADES WILL BE UNINTERRUPTED OR ERROR-FREE. YOU MAY HAVE OTHER WARRANTY RIGHTS, WHICH MAY VARY FROM STATE TO STATE AND COUNTRY TO COUNTRY. 9.Limitation of Liability TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW AND REGARDLESS OF WHETHER ANY REMEDY SET FORTH HEREIN FAILS OF ITS ESSENTIAL PURPOSE, IN NO EVENT WILL SYMANTEC OR ITS LICENSORS, RESELLERS, SUPPLIERS OR AGENTS BE LIABLE TO YOU FOR (i) ANY COSTS OF PROCUREMENT OF SUBSTITUTE OR REPLACEMENT GOODS AND SERVICES, LOSS OF PROFITS, LOSS OF USE, LOSS OF OR CORRUPTION TO DATA, BUSINESS INTERRUPTION, LOSS OF PRODUCTION, LOSS OF REVENUES, LOSS OF CONTRACTS, LOSS OF GOODWILL, OR ANTICIPATED SAVINGS OR WASTED MANAGEMENT AND STAFF TIME; OR (ii) ANY SPECIAL, CONSEQUENTIAL, INCIDENTAL OR INDIRECT DAMAGES WHETHER ARISING DIRECTLY OR INDIRECTLY OUT OF THIS LICENSE AGREEMENT, EVEN IF SYMANTEC OR ITS LICENSORS, RESELLERS, SUPPLIERS OR AGENTS HAS BEEN ADVISED SUCH DAMAGES MIGHT OCCUR. IN NO CASE SHALL SYMANTEC S LIABILITY EXCEED THE FEES YOU PAID FOR THE LICENSED SOFTWARE GIVING RISE TO THE CLAIM. NOTHING IN THIS AGREEMENT SHALL OPERATE SO AS TO EXCLUDE OR LIMIT SYMANTEC S LIABILITY TO YOU FOR DEATH OR PERSONAL INJURY ARISING OUT OF NEGLIGENCE OR FOR ANY OTHER LIABILITY WHICH CANNOT BE EXCLUDED OR LIMITED BY LAW. THE DISCLAIMERS AND LIMITATIONS SET FORTH ABOVE WILL APPLY REGARDLESS OF WHETHER OR NOT YOU ACCEPT THE LICENSED SOFTWARE, CONTENT UPDATES OR UPGRADES. 10.Maintenance/Support Symantec has no obligation under this License Agreement to provide maintenance/support for the Licensed Software. Any maintenance/support purchased for the Licensed Software is subject to Symantec s then-current maintenance/support policies. 11.Software Evaluation If the Licensed Software is provided to You for evaluation purposes and You have an evaluation agreement with Symantec for the Licensed Software, Your rights to evaluate the Licensed Software will be pursuant to the terms of such evaluation agreement. If You do not have an evaluation agreement with Symantec for the Licensed Software and if You are provided the Licensed Software for evaluation purposes, the following terms and conditions shall apply. Symantec grants to You a nonexclusive, temporary, royalty-free, non-assignable license to use the Licensed Software solely for internal nonproduction evaluation. Such evaluation license shall terminate (i) on the end date of the pre-determined evaluation period, if an evaluation period is predetermined in the Licensed Software or (ii) sixty (60) days from the date of Your initial installation of the Licensed Software, if no such evaluation period is predetermined in the Licensed Software ( Evaluation Period ). The Licensed Software may not be transferred and is provided AS IS without warranty of any kind. You are solely responsible to take appropriate measures to back up Your system and take other measures to prevent any loss of files or data. The Licensed Software may contain an automatic disabling mechanism that prevents its use after a certain period of time. Upon expiration of the Licensed Software Evaluation Period, You will cease use of the Licensed Software and destroy all copies of the Licensed Software. All other terms and conditions of this License Agreement shall otherwise apply to Your evaluation of the Licensed Software as permitted herein.

10 12.U.S. Government Restricted Rights The Licensed Software is deemed to be commercial computer software as defined in FAR and subject to restricted rights as defined in FAR Section "Commercial Computer Licensed Software - Restricted Rights" and DFARS , Rights in Commercial Computer Licensed Software or Commercial Computer Licensed Software Documentation, as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software by the U.S. Government shall be solely in accordance with the terms of this License Agreement. 13.Export Regulation You acknowledge that the Licensed Software and related technical data and services (collectively "Controlled Technology") are subject to the import and export laws of the United States, specifically the U.S. Export Administration Regulations (EAR), and the laws of any country where Controlled Technology is imported or re-exported. You agree to comply with all relevant laws and will not to export any Controlled Technology in contravention to U.S. law nor to any prohibited country, entity, or person for which an export license or other governmental approval is required. All Symantec products, including the Controlled Technology are prohibited for export or reexport to Cuba, North Korea, Iran, Syria and Sudan and to any country subject to relevant trade sanctions. You hereby agree that You will not export or sell any Controlled Technology for use in connection with chemical, biological, or nuclear weapons, or missiles, drones or space launch vehicles capable of delivering such weapons. 14.Termination This License Agreement shall terminate upon Your breach of any term contained herein. Upon termination, You shall immediately stop using and destroy all copies of the Licensed Software. 15.Survival The following provisions of this License Agreement survive termination of this License Agreement: Definitions, License Restrictions and any other restrictions on use of intellectual property, Ownership/Title, Warranty Disclaimers, Limitation of Liability, U.S. Government Restricted Rights, Export Regulation, Survival, and General. 16. General Assignment You may not assign the rights granted hereunder or this License Agreement, in whole or in part and whether by operation of contract, law or otherwise, without Symantec s prior express written consent Compliance with Applicable Law You are solely responsible for Your compliance with, and You agree to comply with, all applicable laws, rules, and regulations in connection with Your use of the Licensed Software Audit An auditor, selected by Symantec and reasonably acceptable to You, may, upon reasonable notice and during normal business hours, but not more often than once each year, inspect Your records and deployment in order to confirm that Your use of the Licensed Software complies with this License Agreement and the applicable License Instrument. Symantec shall bear the costs of any such audit, except where the audit demonstrates that the Manufacturer s Suggested Reseller Price (MSRP) value of Your non-compliant usage exceeds five percent (5%) of the MSRP value of Your compliant deployments. In such case, in addition to purchasing appropriate licenses for any overdeployed Licensed Software, You shall reimburse Symantec for the auditor s reasonable actual fees for such audit Governing Law; Severability; Waiver If You are located in North America or Latin America, this License Agreement will be governed by the laws of the State of California, United States of America. If you are located in China, this License Agreement will be governed by the laws of the Peoples Republic of China. Otherwise, this License Agreement will be governed by the laws of England. Such governing laws are exclusive of any provisions of the United Nations Convention on Contracts for Sale of Goods, including any amendments thereto, and without regard to principles of conflicts of law. If any provision of this License Agreement is found partly or wholly illegal or unenforceable, such provision shall be enforced to the maximum extent permissible, and remaining provisions of this License Agreement shall remain in full force and effect. A waiver of any breach or default under this License Agreement shall not constitute a waiver of any other subsequent breach or default Third Party Programs This Licensed Software may contain third party software programs ( Third Party Programs ) that are available under open source or free software licenses. This License Agreement does not alter any rights or obligations You may have under those open source or free software licenses. Notwithstanding anything to the contrary contained in such licenses, the disclaimer of warranties and the limitation of liability provisions

11 in this License Agreement shall apply to such Third Party Programs Customer Service Should You have any questions concerning this License Agreement, or if You desire to contact Symantec for any reason, please write to: (i) Symantec Enterprise Customer Care, 555 International Way, Springfield, Oregon 97477, U.S.A., (ii) Symantec Enterprise Customer Care Center, PO BOX 5689, Dublin 15, Ireland, or (iii) Symantec Enterprise Customer Care, 1 Julius Ave, North Ryde, NSW 2113, Australia Entire Agreement This License Agreement and any related License Instrument are the complete and exclusive agreement between You and Symantec relating to the Licensed Software and supersede any previous or contemporaneous oral or written communications, proposals, and representations with respect to its subject matter. This License Agreement prevails over any conflicting or additional terms of any purchase order, ordering document, acknowledgement or confirmation or other document issued by You, even if signed and returned. This License Agreement may only be modified by a License Instrument that accompanies or follows this License Agreement. 17. Additional Terms and Conditions Your use of the Licensed Software is subject to the terms and conditions below in addition to those stated above. infrastructure. A Server(s) can run server software for other computers or devices If You use the Licensed Software exclusively for Your internal business operations, a Per-User License is required for each User that has access to a Microsoft SharePoint computing environment protected by the Licensed Software. If You permit external access to a Server on which a Microsoft SharePoint computing environment protected by the Licensed Software resides, a Per-Server License is required for each such Server. If You require use of the Licensed Software both on a Per-User basis and on an a Per-Server basis, You must purchase both types of licenses described above in Sections 17.1 and If the Licensed Software you have licensed is on a per-server basis as described in Section 17.2, the following additional use(s) and restriction(s) apply: i) You may use the Licensed Software only with files that are received from third parties through a Microsoft SharePoint front-end server; ii) You may use the Licensed Software only with files received from less than 10,000 unique third parties per month; and iii) You may not charge or assess a fee for use of the Licensed Software for Your internal business For the avoidance of doubt, You may only use the Licensed Software in a Symantec-supported computing environment, as described in further detail in the thencurrent Licensed Software Documentation Per-User License You may use the Licensed Software for the number of licensed User(s) and at the Use Levels as have been licensed to You by Symantec herein and as indicated in the applicable License Instrument ( Per-User License ). Your License Instrument shall constitute proof of Your right to make and use such copies. For purposes of this License Agreement, User(s) means an individual person and/or device authorized by You to use and/or benefit from the use of the Licensed Software, or is the person and/or device that actually uses any portion of the Licensed Software Per-Server License You may use the Licensed Software for the number of licensed Server(s) and at the Use Levels as have been licensed to You by Symantec herein and as indicated in the applicable License Instrument ( Per-Server License ). Your License Instrument shall constitute proof of Your right to make and use such copies. For purposes of this License Agreement, Server(s) means a standalone system or an individual computer acting as a service or resource provider to client computers by sharing the resources within the network

12 12

13 Contents Technical support Chapter 1 Chapter 2 Introducing Symantec Protection for SharePoint Servers About Symantec Protection for SharePoint Servers What s new Components of Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works About real-time scanning About scheduled scanning and manual scanning What happens when a file is scanned About scanning policies in the Symantec Scan Engine About logging and notifications About on-demand reports and scheduled reports About deployment options About handling large scanning volumes How Symantec Scan Engine protects against viruses Where to get more information Installing Symantec Protection for SharePoint Servers Before you install About protecting the servers that are running the Symantec Protection for SharePoint Servers components About preventing conflicts with other products About stopping IIS during installation System requirements System requirements for Symantec Protection for SharePoint Servers integrated installation System requirements for Symantec Protection for SharePoint console only System requirements for Symantec Scan Engine... 40

14 14 Contents About installing Symantec Protection for SharePoint Servers About the installation options About installing Symantec Protection for SharePoint Servers (integrated installation) Installing only Symantec Scan Engine using the installation wizard Installing Symantec Scan Engine on a 64-bit computer About installing only the Symantec Protection for SharePoint console About repairing or modifying Symantec Protection for SharePoint Servers or its components Post-installation tasks Uninstalling Symantec Protection for SharePoint Servers Uninstalling the Symantec Protection for SharePoint console Uninstalling Symantec Scan Engine Chapter 3 Chapter 4 Using the Symantec Protection for SharePoint console About the Symantec Protection for SharePoint console Accessing the console Changing the service logon account information About the console home page Navigation links Feature links Status pane Configuring Symantec Protection for SharePoint Servers About configuring Symantec Protection for SharePoint Servers Configuring a password for the console Configuring real-time scanning About manual scans and scheduled scans About configuring global manual and scheduled scanning options Scheduling scans Performing manual scans Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers Specifying the scanning mode for load balancing Checking for the latest virus definitions... 90

15 Contents 15 Chapter 5 Chapter 6 Configuring Symantec Scan Engine Accessing the Symantec Scan Engine console About communication protocol settings Configuring ICAP-specific settings Ways to control which file types are scanned About licensing Symantec Scan Engine About license activation If you do not have a serial number Obtaining a license file Installing the license file About keeping your product and protection up-to-date About product updates About definition updates About LiveUpdate Configuring LiveUpdate to occur automatically Performing LiveUpdate on demand About enabling security risk detection Monitoring Symantec Protection for SharePoint Servers activity Ways to monitor Symantec Protection for SharePoint Servers activity About the status pane About SMTP logging Configuring SMTP logging Customizing SMTP messages About monitoring scanning activity Configuring the log file folder location Setting the logging level for each event source Setting the maximum storage time for log files Generating an on-demand report Scheduling a report...130

16 16 Contents Chapter 7 Appendix A Troubleshooting Symantec Protection for SharePoint Servers About troubleshooting common issues Symantec Protection for SharePoint Servers link is missing from the SharePoint Central Administration site Unable to access the Symantec Scan Engine console Symantec Scan Engine registration fails Slow server response or high server load No reports are generated Failure sending mail error message The connection to the Symantec SharePoint Security Service cannot be established. Code Virus Found: There is no Symantec Scan Engine available. The file was not saved. Code: Unable to remember the console password Error 1722 when installing Symantec Scan Engine Error codes About error codes and messages Index

17 Chapter 1 Introducing Symantec Protection for SharePoint Servers About Symantec Protection for SharePoint Servers What s new Components of Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works How Symantec Scan Engine protects against viruses Where to get more information

18 18 Introducing Symantec Protection for SharePoint Servers About Symantec Protection for SharePoint Servers About Symantec Protection for SharePoint Servers Symantec Protection for SharePoint Servers, replaces the former version Symantec AntiVirus 4.3 for Microsoft SharePoint, and provides virus scanning and repair services for the following SharePoint products: Windows SharePoint Services 2.0 (WSS 2.0) Windows SharePoint Services 3.0 (WSS 3.0) SharePoint Portal Server 2003 (SPS 2003) Microsoft Office SharePoint Server 2007 (MOSS 2007) (32-bit and 64-bit) In addition to virus scanning and repair services, Symantec Protection for SharePoint Servers provides logging, monitoring, and reporting of infected documents on the SharePoint server. What s new Table 1-1 describes the new features in Symantec Protection for SharePoint Servers. Table 1-1 Feature New features Description Support for all SharePoint server versions Support for 64-bit operating systems Symantec Protection for SharePoint Servers currently supports the following SharePoint server versions: Windows SharePoint Services 2.0 Windows SharePoint Services 3.0 SharePoint Portal Server 2003 Microsoft Office SharePoint Server 2007 You can install Symantec Protection for SharePoint Servers, or any of its components on both 32-bit and 64- bit operating systems. See System requirements on page 37. Support for Windows Server 2008 Of the two components of Symantec Protection for SharePoint Servers, you can install the Symantec Protection for SharePoint console on a Windows Server 2008 platform (32-bit) also. See System requirements for Symantec Protection for SharePoint console only on page 39. Note: You cannot install Symantec Scan Engine on a Windows Server 2008 platform.

19 Introducing Symantec Protection for SharePoint Servers What s new 19 Table 1-1 Feature New features Description Support for Microsoft Search Server 2008 Express (32-bit) Remote installation Integration with the SharePoint Central Administration page Enhanced security with password protection Multi-threaded scanning Byte-by-byte scanning Symantec Protection for SharePoint Servers provides antivirus protection for Microsoft Search Server 2008 Express (32-bit) as well. You can remotely install the Symantec Protection for SharePoint console and Symantec Scan Engine, together or separately using either Microsoft Systems Management Server 2003 or Systems Center Configuration Manager See About installing Symantec Protection for SharePoint Servers using remote installation on page 49. The Symantec Protection for SharePoint console is integrated into the SharePoint Central Administration page so that regular SharePoint users find it easier to use. The Symantec Protection for SharePoint console has password protection to prevent unauthenticated users from accessing the console. See Configuring a password for the console on page 72. Multi-threaded scanning enables Symantec Protection for SharePoint Servers to scan several documents simultaneously. This process improves performance. When you upload a file, Symantec Protection for SharePoint Servers sends a file byte-by-byte to Symantec Scan Engine for scanning. This feature ensures real-time protection.

20 20 Introducing Symantec Protection for SharePoint Servers Components of Symantec Protection for SharePoint Servers Components of Symantec Protection for SharePoint Servers Symantec Protection for SharePoint Servers includes the following components, which you can install and configure separately: Symantec Scan Engine Symantec Protection for SharePoint console Provides virus scanning and repair services You can install Symantec Scan Engine on the SharePoint server. You can also install Symantec Scan Engine on a separate server that is not running SharePoint. This lets you move antivirus processing offbox, thereby reducing the CPU load on the SharePoint server. The latest version of Symantec Scan Engine 5.1 is included on the distribution CD. Provides a means for users to configure how Symantec Scan Engine and the SharePoint server should communicate with each other, handle infected files, and monitor scanning activity. The Symantec Protection for SharePoint console refers to the administrative console of Symantec Protection for SharePoint Servers. You can configure how Symantec Protection for SharePoint Servers handles the communication between the Symantec Scan Engine and the SharePoint server through this console. Symantec Protection for SharePoint Servers also interprets the results that are returned from the scan engine after scanning. See About deploying Symantec Protection for SharePoint Servers in a stand-alone SharePoint environment on page 29. See About deploying Symantec Protection for SharePoint Servers in a farm environment on page 30. How Symantec Protection for SharePoint Servers works Symantec Protection for SharePoint Servers provides the following types of scanning: Real-time scanning of files as they are uploaded and downloaded from the SharePoint server See About real-time scanning on page 21.

21 Introducing Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works 21 Scheduled scans and manual scans of files that are stored on the SharePoint server See About scheduled scanning and manual scanning on page 23. In addition to scanning, Symantec Protection for SharePoint Servers does the following: Monitors scanning activity by its logging and notification feature See About logging and notifications on page 27. Generates on-demand reports and schedules distribution of reports by mail See About on-demand reports and scheduled reports on page 28. About real-time scanning Files are scanned in real time as they are uploaded and downloaded from the SharePoint server. You can configure whether files are scanned on upload, download, or both. All files that are uploaded or downloaded are submitted for scanning, regardless of file type. Note: If scanning fails for any reason during a real-time scan (for example, if the Symantec Scan Engine goes offline or reaches its scanning threshold), the scan is terminated. The scan request is not re-submitted until a user tries to upload or download the file. You can configure the following options for real-time scanning: Scan documents on upload. Scan documents on download. Allow users to download infected documents. Attempt to clean infected documents. Enable real-time scanning to ensure protection of your SharePoint server before you let users upload or download files. For the most secure configuration, enable the Scan documents on upload, Scan documents on download, and Attempt to clean infected files options.

22 22 Introducing Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works If you enable the option Allow users to download infected documents, only administrators can download infected files. Users only get a virus found message. Warning: Enabling the option Allow users to download infected documents can put your organization at risk. Unrepairable files might contain viruses that can infect your computer. SharePoint security ensures that only administrators can download the unrepairable files if you enable this option. However, use this option only when you want to resolve a virus issue. See Configuring real-time scanning on page 73. How caching works on the SharePoint server The SharePoint server caches the scanning results for each stored file. The cached information includes the date and revision number of the virus definitions that were used to perform the scan. The cached information also includes the status of the file (whether the file is clean or infected). In real-time scanning, all files that are uploaded or downloaded are submitted for scanning. On download, the SharePoint server evaluates the status of the file and the virus definition that were used to determine whether the file must be scanned. If another user requests access to that same file and the virus definitions have not changed, a redundant scan is avoided. Individual cache entries are updated whenever a stored file is changed. What happens when a file is uploaded When a user tries to upload a file to the SharePoint server, the file is submitted first to Symantec Scan Engine for scanning. If the file contains a virus that cannot be repaired, the file is not stored on the SharePoint server. The user receives a notification that the file is infected and cannot be uploaded. If you configure the SharePoint server to repair infected files and the infected file can be repaired, the repaired file is uploaded to the SharePoint server. What happens when a file is downloaded When a user tries to download a stored file, Microsoft SharePoint verifies the following information about the file: If the file was scanned on upload The status of the file (for example, if the file is clean) Whether the virus definition that were used during the latest scan are the most current

23 Introducing Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works 23 If the file is infected, or if the virus definitions are not the most current, the file is submitted to Symantec Scan Engine for scanning. Based on the scan results, the file is handled according to the settings that you specify. See Configuring real-time scanning on page 73. If the file is clean and was scanned with the latest definitions, the file is not rescanned. It is automatically downloaded to the user. The SharePoint server passes clean files to the user. If you configure the SharePoint server to attempt to clean infected files and the infected file can be repaired, the repaired file is passed to the user. The infected file that is stored on the SharePoint server is replaced with the clean file. If the file contains a virus that cannot be repaired, the file is not downloaded to the user. The user receives a notification that the file is infected and cannot be downloaded. (You can configure Symantec Protection for SharePoint Servers to permit users to download infected files. However, the most secure configuration is to disable this option. Files that contain viruses pose a risk to your organization. Users are denied access to infected files by default.) Note: Infected files that cannot be repaired are not automatically deleted from the SharePoint server. To remove infected files from the SharePoint server, activate a scheduled scan or perform a manual scan and select the option to delete unrepairable infected files from the SharePoint server. About scheduled scanning and manual scanning You can schedule periodic scans of the documents that are stored on the SharePoint server. Schedule periodic scans of the document library to ensure that all files have been scanned for viruses. These scans ensure that files that have not been previously scanned are scanned in a timely manner. Regular scans also ensure that scanning is kept up to date as virus definitions change. Scheduled scans occur at the time and frequency that you specify. Scheduled scanning occurs in the background and does not affect real-time scanning of uploaded and downloaded files. You can force an immediate (manual) scan of the documents that are stored on the server. The options that you configure for scheduled scans also apply to manual scans. See About manual scans and scheduled scans on page 75. During scheduled scans and manual scans, all files are submitted for scanning, regardless of whether they were scanned previously or not. Only files in the Exclude folders list and the File extension exclude list are omitted from

24 24 Introducing Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works scanning. If a scan request fails because the scan engine is unavailable, the scan request is sent to the next available registered scan engine. You can configure the following options for manual scans and scheduled scans: Excluding files with specific extensions from being scanned See Excluding files with specific extensions from being scanned on page 76. Excluding folders from being scanned See Excluding folders from being scanned on page 77. Specifying the number of threads for scanning See Specifying the number of threads for scanning on page 77. Scanning all file versions in the document library See Scanning all file versions in the document library on page 78. Scanning only those files that were added or modified from the last scan See Scanning those files that have been added or modified since the last completed scan on page 78. Specifying the location for quarantined documents See Specifying the location for quarantined documents on page 79. Specifying file handling rules See Specifying file handling rules on page 80. Reviewing scan statistics See Reviewing scan statistics on page 82. Preserving bandwidth and time during manual and scheduled scans You can designate which directories on the SharePoint server are scanned during scheduled scans and manual scans. You can scan all directories on the SharePoint server, or you can exclude certain directories from scanning. You can also control which file types are scanned during manual scans and scheduled scans by specifying which file types are passed to Symantec Scan Engine. Viruses are found only in file types that contain executable code. You can save bandwidth and time by excluding those files types that are not likely to contain viruses and can be excluded from scanning. Symantec Protection for SharePoint Servers makes an initial determination, based on file extension, about whether to pass a file to Symantec Scan Engine for scanning. You can limit scanning to only those files that have been added or modified since the last manual or scheduled scan. Symantec Protection for SharePoint Servers can compare the time a file was modified or added with the time of the

25 Introducing Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works 25 last scan. This feature lets you conserve scanning resources by omitting files from scanning that have not been modified or added since the last scan. When this feature is disabled, all files are scanned during manual scans and scheduled scans. Quarantining infected files Symantec Protection for SharePoint Servers can quarantine infected files that are found during a scheduled scan or manual scan. A copy of each infected item is forwarded to a quarantine directory. This feature lets you preserve a copy of all files, even infected ones, in the event that a file must be retrieved. The infected items can be accessed or deleted from the quarantine by the administrator. The default quarantine location is C:\Program Files\Symantec\SharePoint\Quarantine. What happens when a file is scanned After the Symantec Protection for SharePoint console and Symantec Scan Engine are installed and properly configured, files are passed to Symantec Scan Engine for analysis. If Symantec Scan Engine does not find a virus in a file, Symantec Scan Engine indicates that the file is clean. If a virus is detected, Symantec Scan Engine does one of the following actions: Records a log entry that an infection was found Attempts to repair the infected file Separate logging and alerting features are available through the Symantec Protection for SharePoint console and Symantec Scan Engine. You can activate logging and alerting options in Symantec Scan Engine to supplement those logging and alerting options that are available through the Symantec Protection for SharePoint console. The Symantec Protection for SharePoint console sends an notification and records a log entry when an infection is found. If the file can be repaired, Symantec Scan Engine repairs it and passes a clean file back to Symantec Protection for SharePoint Servers. Configure the SharePoint antivirus settings to accept these repaired files so that infected files are replaced with repaired files on the SharePoint server. See Configuring real-time scanning on page 73.

26 26 Introducing Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works Deletes unrepairable infected files from container files When a container file or archive file is submitted for scanning, Symantec Scan Engine decomposes the container file and scans each embedded file individually. If the container file contains unrepairable files, Symantec Scan Engine deletes the unrepairable files from the container or archive file. The remaining clean contents are forwarded to the SharePoint server. This container file is handled by Symantec Protection for SharePoint Servers as a repaired file. (Configure the SharePoint antivirus settings to accept repaired files so that infected files can be replaced with repaired files.) Note: When a top-level file (a file that is not embedded in a container file) is infected and cannot be repaired, Symantec Scan Engine indicates this to Symantec Protection for SharePoint Servers and the SharePoint server. The SharePoint server denies access to the infected file by default. The file is deleted from the SharePoint server if you have configured it to do so. See Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers on page 85. About scanning policies in the Symantec Scan Engine When Symantec Scan Engine scans a file for viruses, it applies the scanning policies that you configure in the Symantec Scan Engine console. For example, you can limit the resources that Symantec Scan Engine uses by only scanning certain types of files. When an established threshold is met or exceeded during a scan, or a policy is violated, Symantec Scan Engine communicates this information to Symantec Protection for SharePoint Servers. Symantec Protection for SharePoint Servers treats the file as though an unrepairable infection was found. The policies that you configure for handling infected files (that is, blocking or deleting files) are applied.

27 Introducing Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works 27 The following scanning policies are available through the Symantec Scan Engine console: You can restrict the amount of resources that are used to process large container files. Symantec Scan Engine uses a decomposer to extract the embedded files from a container file, scan all of the files, and reassemble the container file once scanning is complete. For overly large container files, this process can require a significant amount of resources. You can use these settings to control the resources that Symantec Scan Engine uses to process large container files and to prevent these overly large container files from being stored on the SharePoint server. You can specify the maximum amount of time spent in decomposing a container file, the maximum file size for individual files in a container file, maximum number of nested levels to be decomposed, and the maximum number of bytes that are read when determining whether a file is MIME-encoded. You can establish a mail policy to filter mail and mail attachments based on a number of attributes. These mail policy settings are applied to all MIME-encoded messages. If MIME-encoded messages are posted for user access on the SharePoint server, you can use the mail policy settings in Symantec Scan Engine to filter based on attachment file size or file name, message origin, total message size, or message subject line. Note: Mail policy settings do not affect nonmime-encoded file types that are passed to Symantec Scan Engine for scanning. When a mail filter policy is violated, Symantec Scan Engine only applies the action to MIME-encoded messages. For more information, see the Symantec Scan Engine Implementation Guide. About logging and notifications Symantec Protection for SharePoint Servers logs events for the Scan Process, Symantec Scan Engine and System report sources by default. You can specify the logging level for each of these report sources in Log File settings. See About monitoring scanning activity on page 126. The default location of the log files is <installdir>:\program Files\Symantec\SharePoint\Logfiles. Symantec Protection for SharePoint Servers provides Simple Mail Transfer Protocol (SMTP) logging capabilities. When SMTP logging is configured, an notification is sent to a specified recipient for chosen events.

28 28 Introducing Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works To configure SMTP logging, you must do the following: Enable the notification system. Identify an SMTP server and port number for forwarding the log messages. Provide the default origin and destination information for the SMTP messages. Select the event categories for which SMTP messages should be generated. You can choose separate sender and recipient addresses for each event category. See Configuring SMTP logging on page 114. You can also select the notification level so that Symantec Protection for SharePoint Servers sends an notification only for the events whose level you specify. You can provide separate recipient information for each type of message. Default message text is included, but you can customize individual messages. See Customizing SMTP messages on page 117. About on-demand reports and scheduled reports You can manually generate and analyze reports for a specified date range. You must select a report source (Scan Engines, Scan Processes, or System) and define the log data you to display. You can generate a detailed report of all logs or piechart reports. Symantec Protection for SharePoint Servers displays a numerical statistical report beneath the pie-chart. See Generating an on-demand report on page 129. You can configure Symantec Protection for SharePoint Servers to generate reports and distribute them by mail to specified recipients at a scheduled time. Select an hourly, daily, weekly, monthly, one time, or any of the default schedules for scheduled reports. Note: You must first configure notifications before you try to schedule a report by . To schedule reports, you must do the following tasks: Select a schedule. Choose from the default schedules or create a new schedule. Select a report data range. Symantec Protection for SharePoint Servers retrieves data from within this specified date range.

29 Introducing Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works 29 Choose a report source (Scan Engines, Scan Processes, or System) and report definition. These options determine the content of your scheduled report. Select a report format. Activate report generation by mail. Specify the sender and recipient s address. See Scheduling a report on page 130. About deployment options Symantec Protection for SharePoint Servers includes the following components that can be installed separately or together: Symantec Protection for SharePoint console Symantec Scan Engine See Components of Symantec Protection for SharePoint Servers on page 20. See About the installation options on page 45. You must deploy Symantec Protection for SharePoint Servers and its components in different ways based on the following SharePoint environments: Stand-alone SharePoint environment Farm environment About deploying Symantec Protection for SharePoint Servers in a stand-alone SharePoint environment In a stand-alone SharePoint environment, you can choose to do a full install of both components of Symantec Protection for SharePoint Servers on the same computer. You can also choose to move antivirus processing off-box by installing Symantec Scan Engine on a separate server. However, ensure that you install the Symantec Protection for SharePoint console on the SharePoint server.

30 30 Introducing Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works About deploying Symantec Protection for SharePoint Servers in a farm environment In a SharePoint farm environment, based on the SharePoint version used, deploy Symantec Protection for SharePoint Servers on the following servers: WSS 2.0/ SPS 2003 Install the Symantec Protection for SharePoint console on each front-end web server in the farm. Symantec Scan Engine, the other component, can be installed on the same server as the Symantec Protection for SharePoint console or on a separate server. WSS 3.0/ MOSS 2007 Install the Symantec Protection for SharePoint console on each front-end web server in the farm. Note: It is important that each front-end web server must have the Central Administration service installed and started. You can install the Symantec Protection for SharePoint console on the other Application servers in the farm to run on-demand or scheduled scans on these servers, if desired. However, you can run these scans from the front-end servers as well. Symantec Scan Engine, the other component, can be installed on the same server as the Symantec Protection for SharePoint console or on a separate server. About supported platforms The Symantec Protection for SharePoint console can be installed on the following platforms: Windows Server 2003 (32-bit or 64-bit) Windows Server 2008 (32-bit) See System requirements for Symantec Protection for SharePoint console only on page 39. See About installing only the Symantec Protection for SharePoint console on page 53. Symantec Scan Engine runs on the following platforms: Sun Solaris Red Hat Linux Microsoft Windows 2000 Server Microsoft Windows Server 2003 (32-bit and 64-bit)

31 Introducing Symantec Protection for SharePoint Servers How Symantec Protection for SharePoint Servers works 31 You can deploy Symantec Scan Engine in any environment that is running any combination of these platforms. See System requirements for Symantec Scan Engine on page 40. See Installing only Symantec Scan Engine using the installation wizard on page 50. You can install both components together only on a 32-bit Windows Server 2003 platform. On a 64-bit computer, you must install the components separately. See System requirements for Symantec Protection for SharePoint Servers integrated installation on page 38. See About installing Symantec Protection for SharePoint Servers (integrated installation) on page 46. About handling large scanning volumes In a simple Symantec Protection for SharePoint Servers configuration, a single Symantec Scan Engine handles the scanning and repair services for the SharePoint server. However, larger traffic volumes can require multiple scan engines to handle virus scanning. If you are processing large traffic volumes or have multiple clients making virus scanning requests, you can install and configure multiple scan engines to handle the scanning load. If you install multiple scan engines to handle increased loads, you must register each Symantec Scan Engine with Symantec Protection for SharePoint Servers. Each Symantec Scan Engine must be installed on a separate computer on your network. See Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers on page 85. When you use multiple scan engines, you can specify how you want the scanning load to be distributed by selecting a scanning mode. The scanning modes are as follows: Cyclic mode Priority mode Scanning is distributed evenly across all registered Symantec Scan Engines using a continuous repeating sequence. Scanning is distributed to Symantec Scan Engines based on priority. When you register a Symantec Scan Engine, you specify the priority. See To register a new Symantec Scan Engine on page 87. See To edit a Symantec Scan Engine registration on page 89. If you enable both modes, the priority mode takes precedence.

32 32 Introducing Symantec Protection for SharePoint Servers How Symantec Scan Engine protects against viruses If you do not activate automatic load distribution, cyclic mode becomes active. Files are submitted to the first registered Symantec Scan Engine unless it is unavailable. If the first scan engine is not available, the second scan engine is contacted, and so on. See Specifying the scanning mode for load balancing on page 89. How Symantec Scan Engine protects against viruses Symantec Protection for SharePoint Servers sends files to Symantec Scan Engine for virus scanning and repair. Symantec Scan Engine detects viruses, worms, and Trojan horses in all major file types (for example, Windows files, DOS files, and Microsoft Word and Excel files). Symantec Scan Engine includes a decomposer that handles most compressed and archive file formats and nested levels of files. Symantec Scan Engine provides protection against container files that can cause denial of service attacks (for example, container files that are overly large, that contain large numbers of embedded compressed files, partial container files, or that have been designed to use resources maliciously and degrade performance). Symantec Scan Engine detects security risks such as adware, dialers, hacktools, joke programs, remote access programs, spyware, and trackware. The Symantec Scan Engine also detects mobile code such as Java, ActiveX, and stand-alone script-based threats. Symantec Scan Engine uses Symantec antivirus technologies, for heuristic detection of new or unknown viruses. Where to get more information In addition to this guide, Symantec Protection for SharePoint Servers includes Help topics that you can access through the Help table of contents and index. You can also search for keywords in the Help. Context-sensitive help is available on each page. You can visit the Symantec Web site for more information about your product. The following online resources for Symantec Protection for SharePoint Servers are available: Provides access to the technical support Knowledge Base, news groups, contact information, downloads, and mailing list subscriptions support/index.jsp

33 Introducing Symantec Protection for SharePoint Servers Where to get more information 33 Provides product news and updates index.jsp Provides access to the Virus Encyclopedia, which contains information about all known threats; information about hoaxes; and access to white papers about threats security_response/index.jsp

34 34 Introducing Symantec Protection for SharePoint Servers Where to get more information

35 Chapter 2 Installing Symantec Protection for SharePoint Servers Before you install System requirements About installing Symantec Protection for SharePoint Servers Post-installation tasks Uninstalling Symantec Protection for SharePoint Servers Before you install Do the following tasks before you install Symantec Protection for SharePoint Servers or its components: Provide antivirus protection for the servers on which the Symantec Protection for SharePoint Servers components run. See About protecting the servers that are running the Symantec Protection for SharePoint Servers components on page 36. Exclude certain directories from scanning by any other antivirus product that is running on the computers on which you install the components. See About preventing conflicts with other products on page 36. Plan to install the Symantec Protection for SharePoint console at a time when Microsoft Internet Information Server (IIS) can be stopped temporarily. See About stopping IIS during installation on page 37.

36 36 Installing Symantec Protection for SharePoint Servers Before you install Make sure that the computer on which you plan to install the console and Symantec Scan Engine meets the minimum system requirements. You can install both components together or on separate computers. See System requirements on page 37. About protecting the servers that are running the Symantec Protection for SharePoint Servers components Before you install Symantec Scan Engine and the Symantec Protection for SharePoint console, consider installing additional antivirus protection such as Symantec AntiVirus Corporate Edition to protect the servers on which these components run. By design, Symantec Scan Engine scans only files that are passed to it from Symantec Protection for SharePoint Servers. Symantec Protection for SharePoint Servers does not protect the operating systems of the computers on which Symantec Scan Engine and SharePoint Server run. Because both of these servers potentially handle viruses, they are vulnerable without real-time virus protection. To achieve comprehensive virus protection with Symantec Protection for SharePoint Servers, it is important to protect the Symantec Scan Engine server and the SharePoint server from virus attacks. To protect the host computers, install an antivirus program on these servers in addition to the Symantec Protection for SharePoint Servers components. About preventing conflicts with other products To prevent a conflict between the antivirus product that is running on the host computer and Symantec Protection for SharePoint Servers, configure any other antivirus product that is running on the host computer to exclude certain directories from scanning. Table 2-1 lists the directories to exclude from scanning. Table 2-1 Directories Directories to exclude from scanning Server Windows:<Installdir>\temp Linux and Solaris : <Installdir>\temp The server on which Symantec Scan Engine runs. These directories are the temporary directories that Symantec Scan Engine uses for scanning.

37 Installing Symantec Protection for SharePoint Servers System requirements 37 Table 2-1 Directories Directories to exclude from scanning Server <Installdir>\Program Files\Symantec\SharePoint\ Quarantine The server on which Symantec Protection for SharePoint console runs. This is the default quarantine directory that is used by Symantec Protection for SharePoint Servers. About stopping IIS during installation System requirements During the installation, the Microsoft Internet Information Server (IIS) must be stopped temporarily. During the time that it takes to complete the installation, no access to IIS services is available. You should plan to install the Symantec Protection for SharePoint console when Microsoft IIS can be stopped temporarily. Microsoft IIS restarts automatically after the installation is complete. You can choose to install both components of Symantec Protection for SharePoint Servers together on the same computer or on different computers. The Symantec Protection for SharePoint console and Symantec Scan Engine are supported on both 32-bit and 64-bit computers. However, you cannot do a full install of Symantec Protection for SharePoint Servers on a 64-bit computer. You must install the components separately on a 64-bit computer. See System requirements for Symantec Protection for SharePoint Servers integrated installation on page 38. See System requirements for Symantec Protection for SharePoint console only on page 39. See System requirements for Symantec Scan Engine on page 40.

38 38 Installing Symantec Protection for SharePoint Servers System requirements System requirements for Symantec Protection for SharePoint Servers integrated installation Table 2-2 describes the minimum system requirements to install the Symantec Protection for SharePoint console and Symantec Scan Engine on the same server: Table 2-2 Requirement Minimum system requirements for Symantec Protection for SharePoint console and Symantec Scan Engine Details Hardware requirements Processor: 2.5 GHz (recommended dual processors that are 3 GHz each or higher) Memory: 1 GB of RAM or higher (recommended 2 GB) Disk space: 515 MB 1 network interface card (NIC) running TCP/IP with a static IP address Internet connection to update definitions Operating System You can use any of the following editions of Windows Server 2003: Windows Server 2003 (32-bit) Standard Edition/ Windows Server 2003 R2 (32-bit) Standard Edition/ Windows Server 2003 (64-bit) Standard Edition Windows Server 2003 (32-bit) Enterprise Edition/ Windows Server 2003 R2 (32-bit) Enterprise Edition/ Windows Server 2003 (64-bit) Enterprise Edition Windows Server 2003 (32-bit) Datacenter Edition/ Windows Server 2003 R2 (32-bit) Datacenter Edition/ Windows Server 2003 (64-bit) Datacenter Edition Software requirements Any of the following Microsoft SharePoint Server editions: Windows SharePoint Services 2.0 (WSS 2.0) with Service Pack 3 (SP 3) Windows SharePoint Services 3.0 (WSS 3.0) SharePoint Portal Server 2003 (SPS 2003) with Service Pack 3 (SP 3) Microsoft Office SharePoint Server 2007 (32- bit/ 64-bit) Microsoft Internet Explorer 6.0 (with the most recent service pack that is available) or higher.

39 Installing Symantec Protection for SharePoint Servers System requirements 39 System requirements for Symantec Protection for SharePoint console only Table 2-3 describes the minimum system requirements to install the Symantec Protection for SharePoint console. Table 2-3 Requirement Minimum system requirements for the Symantec Protection for SharePoint console Details Hardware requirements Processor: 2.5 GHz (recommended dual processors that are 3 GHz each or higher) Memory: 1 GB of RAM or higher (recommended 2 GB) Disk space: 15 MB (may vary depending on how long you choose to maintain log files). Operating System The Symantec Protection for SharePoint console runs on the following platforms: Windows Server 2003 with Service Pack 2 or later Windows Server 2008 (32-bit) You can use any of the following editions of Windows Server 2003: Windows Server 2003 (32-bit) Standard Edition/ Windows Server 2003 R2 (32-bit) Standard Edition/ Windows Server 2003 (64-bit) Standard Edition Windows Server 2003 (32-bit) Enterprise Edition/ Windows Server 2003 R2 (32-bit) Enterprise Edition/ Windows Server 2003 (64-bit) Enterprise Edition Windows Server 2003 (32-bit) Datacenter Edition/ Windows Server 2003 R2 (32-bit) Datacenter Edition/ Windows Server 2003 (64-bit) Datacenter Edition Software requirements Any of the following Microsoft SharePoint Server editions: Windows SharePoint Services 2.0 (WSS 2.0) with Service Pack 3 (SP 3) Windows SharePoint Services 3.0 (WSS 3.0) SharePoint Portal Server 2003 (SPS 2003) with Service Pack 3 (SP 3) Microsoft Office SharePoint Server 2007 (32- bit/ 64-bit) Microsoft Internet Explorer 6.0 (with the most recent service pack that is available) or higher.

40 40 Installing Symantec Protection for SharePoint Servers System requirements System requirements for Symantec Scan Engine You can install Symantec Scan Engine on Windows, Linux, and Solaris. See Windows system requirements on page 40. See Solaris system requirements on page 41. See Linux system requirements on page 42. Windows system requirements The following are the system requirements to install Symantec Scan Engine on Windows: Operating system Windows 2000 Server with the most current service pack Windows Server 2003 R2 (32-bit and 64-bit) Note: Symantec Scan Engine does not support installation on Windows Server 2008 (32-bit and 64-bit). Processor Pentium 4 processor 1 GHz or higher 32-bit processor Memory Disk space 512 MB of RAM or higher 500 MB Hardware 1 network interface card (NIC) running TCP/IP with a static IP address Internet connection to update definitions 100 Mbit/s Ethernet link (1 Gbit/s recommended)

41 Installing Symantec Protection for SharePoint Servers System requirements 41 Software Java 2SE Runtime Environment (JRE) 5.0 Update 15 or later (within the version 5 platform). If you install Symantec Scan Engine through the CD installation wizard, J2SE Runtime Environment (JRE) 5.0 Update 15 is automatically installed. Any of the following Web browsers: Microsoft Internet Explorer 6.0 (with the most recent service pack that is available) Use Microsoft Internet Explorer to access the Symantec Scan Engine console from a Windows client computer. Mozilla Firefox 1.5 or later Use Mozilla Firefox to access the Symantec Scan Engine console from a Solaris or Linux client computer. The Web browser is only required for Web-based administration. The Web browser must be installed on a computer from which you want to access the Symantec Scan Engine console. The computer must have access to the server on which Symantec Scan Engine 5.1 runs. Solaris system requirements The following are the system requirements to install Symantec Scan Engine on Solaris: Operating system Solaris 9 and 10 (primary) Ensure that your operating system has the most recent patches that are available. Processor SPARC 400 MHz or higher 32-bit processor Memory Disk space 512 MB of RAM or higher 500 MB Hardware 1 network interface card (NIC) running TCP/IP with a static IP address Internet connection to update definitions 100 Mbit/s Ethernet link (1 Gbit/s recommended)

42 42 Installing Symantec Protection for SharePoint Servers System requirements Software J2SE Runtime Environment (JRE) 5.0 Update 15 or later (within the version 5 platform) installed Any of the following Web browsers: Microsoft Internet Explorer 6.0 (with the most recent service pack that is available) Use Microsoft Internet Explorer to access the Symantec Scan Engine console from a Windows client computer. Mozilla Firefox 1.5 or later Use Mozilla Firefox to access the Symantec Scan Engine console from a Solaris or Linux client computer. The Web browser is only required for Web-based administration. The Web browser must be installed on a computer from which you want to access the Symantec Scan Engine console. The computer must have access to the server on which Symantec Scan Engine runs. Linux system requirements The following are the system requirements to install Symantec Scan Engine on Linux: Operating system Red Hat Linux Enterprise Server 3 and 4 Red Hat Linux Advanced Server 3 and 4 SuSE Linux Enterprise Server 9 Processor Pentium 4 processor 1 GHZ or higher 32-bit processor Memory Disk space 512 MB of RAM or higher 500 MB Hardware 1 network interface card (NIC) running TCP/IP with a static IP address Internet connection to update definitions 100 Mbit/s Ethernet link (1 Gbit/s recommended)

43 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers 43 Software J2SE Runtime Environment (JRE) 5.0 Update 15 or later (within the version 5 platform) installed Any of the following Web browsers: Microsoft Internet Explorer 6.0 (with the most recent service pack that is available) Use Microsoft Internet Explorer to access the Symantec Scan Engine console from a Windows client computer. Mozilla Firefox 1.5 or later Use Mozilla Firefox to access the Symantec Scan Engine console from a Solaris or Linux client computer. The Web browser is only required for Web-based administration. The Web browser must be installed on a computer from which you want to access the Symantec Scan Engine console. The computer must have access to the server on which Symantec Scan Engine runs. About installing Symantec Protection for SharePoint Servers Symantec Protection for SharePoint Servers comprises of the following components: Symantec Scan Engine Symantec Protection for SharePoint console Provides the virus scanning and repair services. Provides a means for users to configure how Symantec Scan Engine and the SharePoint server communicate with each other. The console also allows users to configure how Symantec Protection for SharePoint Servers handles infected files and monitors scanning activity. You can install these components separately or together. Based on the SharePoint farm environment and SharePoint version used, you must install the Symantec Protection for SharePoint console on all front-end servers in the farm or with the Central Administration service started. See About deployment options on page 29. During installation, Symantec Protection for SharePoint Servers installs both components together or separately based on the installation option that you choose. You cannot do a full install of Symantec Protection for SharePoint

44 44 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers Servers on a 64-bit computer. However, you can install both components separately on the same 64-bit computer. See About the installation options on page 45. The Symantec Protection for SharePoint Servers installation program checks for previous versions of the product and does one of the following: No previous version is detected A previous version of either component is detected A full installation is performed. Symantec Protection for SharePoint Servers does not support an upgrade. You must uninstall the previous version and run the Symantec Protection for SharePoint Servers installation program again. If the installation program detects an older version of Symantec AntiVirus for Microsoft SharePoint, a message first prompts the user to upgrade. When you click yes, you get a message stating that installation cannot continue unless you uninstall the previous version. If the installer detects Symantec Scan Engine 4.3x, you are not allowed to proceed with the installation unless you uninstall the previous version. During installation of Symantec Scan Engine, you can enter the file path of a valid license for automatic license activation. Symantec Protection for SharePoint Servers automatically registers the Symantec Scan Engine if you enter the license file path during a full installation. When you register Symantec Scan Engine during the installation process, you eliminate the need to register it through the Symantec Protection for SharePoint console. If you install Symantec Scan Engine separately, you can still enter the license file path during installation. Automatic activation occurs if the license is valid. However, you must register Symantec Scan Engine manually with Symantec Protection for SharePoint Servers. See Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers on page 85. Symantec Scan Engine installs a virtual administrative account during installation. Do not forget the password for this account because it is the only account that you can use to manage Symantec Scan Engine. You can change the password in the console, but to do so you must have the old password. See Accessing the Symantec Scan Engine console on page 95. If you do not have the license file at the time of installation, you can activate the license later through the Symantec Scan Engine console.

45 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers 45 See About licensing Symantec Scan Engine on page 99. The installation program installs the Symantec Protection for SharePoint console using the service logon details that you enter during the installation procedure. You can change the service logon details after installation. You can also password protect the console so that unauthenticated users cannot access or modify the settings. See Accessing the console on page 64. You can use the silent installation or remote installation feature for multiple installations on your network. See Installing the Symantec Protection for SharePoint console using the silent installation feature on page 55. See About installing Symantec Protection for SharePoint Servers using remote installation on page 49. About the installation options On a Windows platform, the CD installer displays the following options: Install Symantec Protection 5.1 for SharePoint Servers (Full Install) Install only the Symantec Scan Engine 5.1 Installs both Symantec Scan Engine and the Symantec Protection for SharePoint console. See About installing Symantec Protection for SharePoint Servers (integrated installation) on page 46. Symantec Scan Engine is supported on 64-bit computers, however, the option of full install is grayed out. See Installing Symantec Scan Engine on a 64-bit computer on page 52. Installs Symantec Scan Engine only. This installation is useful if you want to move antivirus scanning off-box, thereby reducing the CPU load on the SharePoint Server. See Installing only Symantec Scan Engine using the installation wizard on page 50. Symantec Scan Engine is supported on 64-bit computers, however, this option is grayed out on a 64-bit computer. See Installing Symantec Scan Engine on a 64-bit computer on page 52.

46 46 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers Install only the Symantec Protection for SharePoint console Installs the administrative console for Symantec Protection for SharePoint Servers See About installing only the Symantec Protection for SharePoint console on page 53. On a Linux/Solaris platform, you can install Symantec Scan Engine only. This is because only Symantec Scan Engine is supported on Linux or Solaris. About installing Symantec Protection for SharePoint Servers (integrated installation) When you perform an integrated installation, you install both the Symantec Protection for SharePoint console and Symantec Scan Engine on the same server. Before you begin the installation procedure, ensure that your server meets the minimum system requirements. You should also ensure that the SharePoint server and all applicable updates are installed, configured, and working correctly before you begin installation. For more information, see the Microsoft documentation. See System requirements for Symantec Protection for SharePoint Servers integrated installation on page 38. You can do a consolidated install of Symantec Protection for SharePoint Servers or install either component separately from the distribution CD using the installation wizard. However, you cannot do an integrated install using the silent install feature. You can install the Symantec Protection for SharePoint console and Symantec Scan Engine separately using the silent install feature. See Installing Symantec Protection for SharePoint Servers using the installation wizard on page 47. See Installing the Symantec Protection for SharePoint console using the silent installation feature on page 55. Though both components are supported on a 64-bit computer, you must install the components separately as the option for a full install from the CD installer is grayed out. See About installing only the Symantec Protection for SharePoint console on page 53. See Installing Symantec Scan Engine on a 64-bit computer on page 52. For more information about how to install Symantec Scan Engine using the silent install feature, see the Symantec Scan Engine Implementation Guide.

47 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers 47 Installing Symantec Protection for SharePoint Servers using the installation wizard You can install Symantec Protection for SharePoint Servers from the distribution CD using an installation wizard. After installation is complete, the Symantec Protection for SharePoint console is installed as a Windows Server 2003 service. Symantec Protection for SharePoint console is listed as Symantec Protection 5.1 for SharePoint Servers in the Services Control Panel. Symantec Scan Engine is listed as a separate entry in the Services Control Panel. The Symantec Protection for SharePoint Servers service starts automatically when the installation is complete. Installation activities are recorded in the Windows Application Event Log and System log files at the default location C:\Program Files\Symantec\SharePoint\Logfiles. To install Symantec Protection for SharePoint Servers using the installation wizard 1 Log on to the computer on which you plan to install the product as administrator or as a user with administrator rights. 2 Insert the Symantec Protection for SharePoint Servers distribution CD into the CD drive. 3 On the main CD page, click Install. 4 In the next installer screen window, click Install Symantec Protection 5.1 for SharePoint Servers (Full Install). Symantec Scan Engine is installed first, then the Symantec Protection for SharePoint console is installed. The installer first checks to see if the computer has J2SE Runtime Environment (JRE) 5.0 Update 15 or a later version. If not, the installer installs JRE 5.0 Update 15. Symantec Scan Engine requires J2SE Runtime Environment (JRE) 5.0 Update On the Symantec Scan Engine License Setup page, click Browse to browse to select the appropriate license file. For more information on how to obtain a license file, see the Symantec Scan Engine Implementation Guide. You can also install the license at a later time through the Symantec Scan Engine console. See About licensing Symantec Scan Engine on page Click Next. Symantec Scan Engine installation begins. 7 In the Welcome panel, click Next.

48 48 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers 8 In the License Agreement panel, indicate that you agree with the terms of the Symantec Software License Agreement, and then click Next. If you do not indicate that you agree, the installation is cancelled. 9 In the Destination Folder panel, select the location to install Symantec Scan Engine, and then click Next. The default location is C:\Program Files\Symantec\Scan Engine. 10 In the Administrative UI Setup panel, configure the following options: Administrator Port SSL Port Administrator Password Confirm Administrator Password Type the port number on which the Web-based console listens. If you change the port number, use a number that is greater than 1024 that is not in use by any other program or service. The default port number is Type the Secure Socket Layer (SSL) port number on which encrypted files will be transmitted for increased security. Symantec Scan Engine uses the default SSL port (8005). If this port is in use, select a SSL port that is not in use by any other program or service. Use a port number that is greater than Type a password for the virtual administrative account that you will use to manage Symantec Scan Engine. Confirm the password by typing it again. 11 Click Next. 12 In the Ready to Install the Program panel, click Install. 13 Click Finish to complete installation of Symantec Scan Engine. Once installation of Symantec Scan Engine is complete, the installation of Symantec Protection for SharePoint console automatically begins. 14 In the Welcome panel, click Next. 15 In the License Agreement panel, indicate that you agree with the terms of the Symantec Software License Agreement, and then click Next. If you do not indicate that you agree, the installation is cancelled. 16 In the Customer Information panel, in the User Name box, type the account name under which you are installing the Symantec Protection for SharePoint console. 17 In the Organization box, type the name of your organization.

49 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers Select who will have access to the console after installation. You can limit access to the account under which the console is installed, or you can let all users access the console. 19 Click Next. 20 Specify the username and password for the account used to log on to the Symantec Service. The user account must be a member of the Local Administrators Group on the computer on which the SharePoint server is installed. If the SQL server is on a separate computer, the user account must be a member of the Local Administrators Group on that computer as well. The username must be in the format domain\username or computer\username. 21 Click Next. 22 In the SharePoint Services Stop Information panel, indicate whether you agree to stop Microsoft IIS and Microsoft SharePoint Server services. If you do not want to stop IIS, select I do not agree that the services can be stopped. This option does not allow the installation to proceed. 23 Click Next. 24 In the Ready to Install the Program panel, click Install to begin the installation. 25 Click Finish when installation is complete. About installing Symantec Protection for SharePoint Servers using remote installation Symantec Protection for SharePoint Servers supports the remote installation of the entire product or any of its components through the following system management software products: Microsoft Systems Management Server 2003 Systems Center Configuration Manager 2007 For more information, see the appropriate Microsoft documentation. Ensure that the server on which you plan to remotely install Symantec Protection for SharePoint Servers or its components meets the minimum system requirements. See System requirements on page 37.

50 50 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers Installing only Symantec Scan Engine using the installation wizard You can install Symantec Scan Engine on a 32-bit or 64-bit Windows computer that is running the SharePoint server. However, you cannot install Symantec Scan Engine on a 64-bit computer by using the installation wizard. See Installing Symantec Scan Engine on a 64-bit computer on page 52. You can also install Symantec Scan Engine on a separate server that is not running SharePoint. This lets you move antivirus scanning off-box, thereby reducing the CPU load on the SharePoint server. Install and configure Symantec Scan Engine before you configure the Symantec Protection for SharePoint console. You should ensure that the computer on which you install Symantec Scan Engine meets the system requirements. See System requirements for Symantec Scan Engine on page 40. You can install the Symantec Scan Engine from the distribution CD using the installation wizard on a Windows 2000 Server or Windows Server 2003 computer. For more information about how to install Symantec Scan Engine on a Solaris or Linux computer, see the Symantec Scan Engine Implementation Guide. For more information about how to install Symantec Scan Engine using the silent installation feature, see the Symantec Scan Engine Implementation Guide. To install only Symantec Scan Engine using the installation wizard 1 Log on to the computer on which you plan to install the product as administrator or as a user with administrator rights. 2 Insert the Symantec Protection for SharePoint Servers distribution CD into the CD drive. 3 On the main CD page, click Install. 4 In the next installer screen window, click Install only the Symantec Scan Engine 5.1. The installer first checks to see if the computer has J2SE Runtime Environment (JRE) 5.0 Update 15 or a later version. If not, the installer installs JRE 5.0 Update 15. Symantec Scan Engine requires J2SE Runtime Environment (JRE) 5.0 Update On the Symantec Scan Engine License Setup page, click Browse to browse to select the appropriate license file.

51 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers 51 For more information on how to obtain a license file, see the Symantec Scan Engine Implementation Guide. You can also install the license at a later time through the Symantec Scan Engine console. See About licensing Symantec Scan Engine on page Click Next. Symantec Scan Engine installation begins. 7 In the Welcome panel, click Next. 8 In the License Agreement panel, indicate that you agree with the terms of the Symantec Software License Agreement, and then click Next. If you do not indicate that you agree, the installation is cancelled. 9 In the Destination Folder panel, select the location to install Symantec Scan Engine, and then click Next. The default location is C:\Program Files\Symantec\Scan Engine. 10 In the Administrative UI Setup panel, configure the following options: Administrator Port SSL Port Administrator Password Confirm Administrator Password Type the port number on which the Web-based console listens. If you change the port number, use a number that is greater than 1024 that is not in use by any other program or service. The default port number is Type the Secure Socket Layer (SSL) port number on which encrypted files will be transmitted for increased security. Symantec Scan Engine uses the default SSL port (8005). If this port is in use, select a SSL port that is not in use by any other program or service. Use a port number that is greater than Type a password for the virtual administrative account that you will use to manage Symantec Scan Engine. Confirm the password by typing it again. 11 Click Next. 12 In the Ready to Install the Program panel, click Install. 13 Click Finish to complete installation of Symantec Scan Engine. Symantec Scan Engine is listed as a separate entry in the Services Control Panel.

52 52 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers Installing Symantec Scan Engine on a 64-bit computer You can install both components of Symantec Protection for SharePoint Servers separately on a Windows bit computer. To install the Symantec Protection for SharePoint console on a 64-bit computer, you can use the installation wizard or use the silent installation feature. See About installing only the Symantec Protection for SharePoint console on page 53. To install Symantec Scan Engine on a 64-bit computer, you must do the following steps: Install Java manually. If you have JRE 5.0 Update 15 or a higher version installed on your computer already, you can skip this step. See To install Java manually on page 52. Install Symantec Scan Engine manually. See To install Symantec Scan Engine manually on page 52. Activate the license. See Installing the license file on page 101. Register Symantec Scan Engine with the Symantec Protection for SharePoint console. See Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers on page 85. To install Java manually 1 Go to the folder named Java within the Scan_Engine\Tools folder in the CD contents. The location would be <CD drive>:\scan_engine\tools\java\win32. 2 Double-click jre-1_5_0_15-windows-i586-p.exe to manually install JRE 5.0 Update 15. JRE 5.0 Update 15 is a pre-requisite to install Symantec Scan Engine. 3 Follow the on-screen instructions to install JRE 5.0 Update 15. To install Symantec Scan Engine manually 1 After you install Java, go to the Scan_Engine\Win32 folder. 2 Double-click the ScanEngine.exe installer. 3 Follow the on-screen instructions to install Symantec Scan Engine. See To install only Symantec Scan Engine using the installation wizard on page 50.

53 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers 53 About installing only the Symantec Protection for SharePoint console Ensure that you install the Symantec Protection for SharePoint console on a server that meets the system requirements. The Symantec Protection for SharePoint console supports both 32-bit and 64-bit SharePoint environments. See System requirements for Symantec Protection for SharePoint console only on page 39. Based on the SharePoint farm environment and SharePoint version used, you must install the Symantec Protection for SharePoint console on all front-end servers in the farm or with the Central Administration service started. See About deployment options on page 29. You should ensure that the SharePoint server and all applicable updates are installed, configured, and working correctly before you install the Symantec Protection for SharePoint console. For more information, see the Microsoft documentation. You can install the Symantec Protection for SharePoint console from the distribution CD using the installation wizard or you can use the silent install feature. See Installing the Symantec Protection for SharePoint console using the installation wizard on page 53. See Installing the Symantec Protection for SharePoint console using the silent installation feature on page 55. You can use the remote installation feature for multiple installations of Symantec Protection for SharePoint console or Symantec Scan Engine on your network. See About installing Symantec Protection for SharePoint Servers using remote installation on page 49. Installing the Symantec Protection for SharePoint console using the installation wizard You can install Symantec Protection for SharePoint console from the distribution CD. When the installation is complete, the Symantec Protection for SharePoint console is installed as a Windows Server 2003 service (or Windows Server 2008 service) and is listed as Symantec Protection 5.1 for SharePoint Servers in the Services Control Panel. The Symantec Protection for SharePoint Servers service starts automatically when the installation is complete. Installation activities are recorded in the Windows Application Event Log and System log files at the default location C:\Program Files\Symantec\SharePoint\Logfiles.

54 54 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers To install the Symantec Protection for SharePoint console using the installation wizard 1 Log on to the computer on which you plan to install the console as administrator or as a user with administrator rights. 2 Insert the Symantec Protection for SharePoint Servers distribution CD into the CD drive. 3 On the main CD page, click Install. 4 In the next installer screen window, click Install only the Symantec Protection for SharePoint console. 5 In the Welcome panel, click Next. 6 In the License Agreement panel, indicate that you agree with the terms of the Symantec Software License Agreement, and then click Next. If you do not indicate that you agree, the installation is cancelled. 7 In the Customer Information panel, in the User Name box, type the account name under which you are installing the Symantec Protection for SharePoint console. 8 In the Organization box, type the name of your organization. 9 Select who will have access to the console after installation. You can limit access to only the account under which the console is installed, or you can let all users access the console. 10 Click Next. 11 Specify the username and password for the account used to log on to the Symantec Service. The user account must be a member of the Local Administrators Group on the computer on which the SharePoint server is installed. If the SQL server is on a separate computer, the user account must be a member of the Local Administrators Group on that computer as well. The username must be in the format domain\username or computer\username. 12 Click Next. 13 In the SharePoint Services Stop Information panel, indicate whether you agree to stop Microsoft IIS and Microsoft SharePoint Server services. If you do not want to stop IIS, select I do not agree that the services can be stopped. This option does not allow the installation to proceed. 14 Click Next. 15 In the Ready to Install the Program panel, click Install to begin the installation.

55 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers Click Finish when the installation is complete. Installing the Symantec Protection for SharePoint console using the silent installation feature The silent installation feature lets you automate the installation of Symantec Protection for SharePoint console. You can use the silent installation feature when you are installing multiple applications of Symantec Protection for SharePoint console and Symantec Scan Engine with identical input values. For more information about how to install Symantec Scan Engine using the silent install feature, see the Symantec Scan Engine Implementation Guide. Performing silent installations using default configuration values The Symantec Protection for SharePoint Servers CD includes pre-configured silent installation. You can use these scripts to install the application with the default configuration values. You can also generate a log of the installation events. You must change directories to the location of the Symantec Protection for SharePoint console installation program file, setup.exe, on the distribution CD, which is in following folder: SharePoint/setup.exe (for a 32-bit system) SharePoint X64/setup.exe (for a 64-bit system) To install the Symantec Protection for SharePoint console At the command line, type the following: setup.exe /s /v /qn This installs the console with the default Local System Account as the service logon user. To install the Symantec Protection for SharePoint console with service logon user input values At the command line, type the following: setup.exe /s /v /qn IS_NET_API_LOGON_USERNAME=Domain\user IS_NET_API_LOGON_PASSWORD=password Specify the service logon user as Server\user or Domain\user with the IS_NET_API_LOGON_USERNAME parameter. Specify the service logon password after the parameter IS_NET_API_LOGON_PASSWORD. The default Local System Account is taken as the service logon user if the specified password is not correct.

56 56 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers To install Symantec Protection for SharePoint console and log installation events At the command line, type the following: setup.exe /s /v"/qn /L* C:\<filename>.log" Specify the installation log file name in <filename>.log. The location of the installation log is C:\<filename>.log. You can modify the location of the log by changing the file location in the command line entry. About repairing or modifying Symantec Protection for SharePoint Servers or its components If you have the Symantec Protection for SharePoint console and Symantec Scan Engine or either component installed on the computer, you can use the product distribution CD to modify, repair, or remove both or either program. When you click a CD installation option, the Symantec Protection for SharePoint Servers installation program checks for current installations. If you have the previous version of either Symantec Protection for SharePoint Servers (Symantec AntiVirus 4.3 for Microsoft SharePoint) or Symantec AntiVirus Scan Engine, you must manually uninstall the older version before installing Symantec Protection for SharePoint Servers. See About installing Symantec Protection for SharePoint Servers on page 43. If the current version of Symantec Protection for SharePoint Servers is installed on the computer, the installation program displays a modify, repair or remove screen based on the component present on the computer. The installation program does one of the following when you select the modify, repair or remove option: Modify Repair Remove Reinstalls the component. Repairs any installation errors. Uninstalls the component of Symantec Protection for SharePoint Servers.

57 Installing Symantec Protection for SharePoint Servers About installing Symantec Protection for SharePoint Servers 57 Table 2-4 describes the action taken by the Symantec Protection for SharePoint Servers installation program when the current version of the product is installed on the computer. Table 2-4 Action taken on clicking a CD installation option CD installation option Install Symantec Protection 5.1 for SharePoint Servers (Full Install) Install only the Symantec Scan Engine 5.1 Currently installed on the server Symantec Protection for SharePoint console and Symantec Scan Engine 5.1 Symantec Scan Engine 5.1 Symantec Protection for SharePoint console Symantec Protection for SharePoint console and Symantec Scan Engine 5.1 Symantec Scan Engine 5.1 Symantec Protection for SharePoint console Action The modify/repair/remove panel for Symantec Scan Engine appears first. If you click Cancel, the modify/ repair/remove panel for Symantec Protection for SharePoint console appears. The modify/repair/remove panel for Symantec Scan Engine appears first. If you click Cancel, installation of Symantec Protection for SharePoint console begins. Installation of Symantec Scan Engine begins. If you click Cancel or finish installation of Symantec Scan Engine, the modify/repair/remove panel of Symantec Protection for SharePoint console appears. The modify/repair/remove panel for Symantec Scan Engine appears. The modify/repair/remove panel for Symantec Scan Engine appears. Installation of Symantec Scan Engine begins.

58 58 Installing Symantec Protection for SharePoint Servers Post-installation tasks Table 2-4 Action taken on clicking a CD installation option CD installation option Currently installed on the server Action Install only the Symantec Protection for SharePoint console Symantec Protection for SharePoint console and Symantec Scan Engine 5.1 Symantec Scan Engine 5.1 Symantec Protection for SharePoint console The modify/repair/remove panel for Symantec Protection for SharePoint console appears. Installation of Symantec Protection for SharePoint console begins. The modify/repair/remove panel for Symantec Protection for SharePoint console appears. Post-installation tasks The post-installation tasks are as follows: Access the Symantec Protection for SharePoint console See Accessing the console on page 64. Enable real-time scanning See Configuring real-time scanning on page 73. Install the license for Symantec Scan Engine This step is required if you did not install the license during installation. See Installing the license file on page 101. Register the Symantec Scan Engine with the Symantec Protection for SharePoint console See Scheduling scans on page 83.

59 Installing Symantec Protection for SharePoint Servers Uninstalling Symantec Protection for SharePoint Servers 59 Configure Symantec Scan Engine See Configuring Symantec Scan Engine on page 95. Enable security risk detection See About enabling security risk detection on page 104. Configure Symantec Protection for SharePoint Servers See About configuring Symantec Protection for SharePoint Servers on page 71. Uninstalling Symantec Protection for SharePoint Servers You can uninstall both components of Symantec Protection for SharePoint Servers from the Windows Control Panel or using the product CD. You can also silently uninstall the Symantec Protection for SharePoint console from the command line. See Uninstalling the Symantec Protection for SharePoint console on page 59. See Uninstalling Symantec Scan Engine on page 61. Uninstalling the Symantec Protection for SharePoint console When you uninstall Symantec Protection for SharePoint console, the quarantine folder remains.you can uninstall the console from the Windows Control Panel, the product CD, or do a silent uninstall from the command line. To uninstall the Symantec Protection for SharePoint console from the Windows Control Panel 1 Log on to the computer as administrator or as a user with administrator rights. 2 In the Add/Remove Programs Control Panel, click Symantec Protection 5.1 for SharePoint Servers. 3 Click Change/Remove. 4 Follow the on-screen instructions to complete the uninstallation. To uninstall the Symantec Protection for SharePoint console by using the product CD 1 Insert the Symantec Protection for SharePoint Servers distribution CD into the CD drive. 2 On the main CD page, click Install.

60 60 Installing Symantec Protection for SharePoint Servers Uninstalling Symantec Protection for SharePoint Servers 3 In the next installer screen window, click Install only the Symantec Protection for SharePoint console. 4 In the Welcome panel, click Next. The modify/repair/remove panel for Symantec Protection for SharePoint console appears. 5 Select Remove and click Next. 6 In the Remove the Program panel, click Remove. The Symantec Protection for SharePoint console uninstallation begins. 7 Click Finish. You can uninstall the Symantec Protection for SharePoint console by clicking the Install Symantec Protection 5.1 for SharePoint Servers (Full Install) option also. The modify/repair/remove panel for Symantec Scan Engine appears first. If you click Cancel, the modify/repair/remove panel for Symantec Protection for SharePoint console appears. To silently uninstall the Symantec Protection for SharePoint console 1 Change the directory to the location of the Symantec Protection for SharePoint console installation program file, setup.exe, on the distribution CD. For a 32-bit system, the location is SharePoint/setup.exe and for a 64-bit system, the location is SharePoint X64/setup.exe. 2 At the command line, type the following: setup.exe /x /s /v /qn This command silently uninstalls the Symantec Protection for SharePoint console. To silently uninstall the Symantec Protection for SharePoint console and log uninstallation events 1 Change the directory to the location of the Symantec Protection for SharePoint console installation program file, setup.exe, on the distribution CD. For a 32-bit system, the location is SharePoint/setup.exe and for a 64-bit system, the location is SharePoint X64/setup.exe. 2 At the command line, type the following: setup.exe /x /s /v /qn /L* C:\<filename>.log The location of the uninstallation log is C:\<filename>.log. You can modify the location of the log by changing the file location in the command line entry.

61 Installing Symantec Protection for SharePoint Servers Uninstalling Symantec Protection for SharePoint Servers 61 Uninstalling Symantec Scan Engine When you uninstall Symantec Scan Engine, the license keys remain. If you want to permanently uninstall Symantec Scan Engine, you must manually uninstall the license keys. The default license directories are as follows: Windows Linux and Solaris C:\Program Files\Common Files\Symantec Shared\Licenses /opt/symantec/licenses You can uninstall Symantec Scan Engine from the Windows Control Panel, or the product CD. To uninstall Symantec Scan Engine on Windows 2000 Server/Server Log on to the computer as an administrator or as a user with administrator rights. 2 In the Add/Remove Programs Control Panel, click Symantec Scan Engine Click Remove. 4 Follow the on-screen instructions to complete the uninstallation. For more information about how to uninstall Symantec Scan Engine on a Solaris or Linux computer, see the Symantec Scan Engine Implementation Guide. To uninstall Symantec Scan Engine by using the product CD 1 Insert the Symantec Protection for SharePoint Servers distribution CD into the CD drive. 2 On the main CD page, click Install. 3 In the next installer screen window, click Install only the Symantec Scan Engine. 4 In the Welcome panel, click Next. The modify/repair/remove panel for Symantec Scan Engine appears. 5 Select Remove and click Next. 6 In the Remove the Program panel, click Remove. Symantec Scan Engine uninstallation begins. 7 Click Finish. 8 You can uninstall the Symantec Scan Engine by clicking the Install Symantec Protection 5.1 for SharePoint Servers (Full Install) option also. The modify/repair/remove panel for Symantec Scan Engine appears first. If

62 62 Installing Symantec Protection for SharePoint Servers Uninstalling Symantec Protection for SharePoint Servers you click Cancel, the modify/repair/remove panel for Symantec Protection for SharePoint console appears. See About repairing or modifying Symantec Protection for SharePoint Servers or its components on page 56.

63 Chapter 3 Using the Symantec Protection for SharePoint console About the Symantec Protection for SharePoint console About the console home page About the Symantec Protection for SharePoint console The Symantec Protection for SharePoint console refers to the administrative interface for Symantec Protection for SharePoint Servers. You can access the Symantec Protection for SharePoint console through the SharePoint administrative interface. The integration of the Symantec Protection for SharePoint console into the SharePoint administrative interface makes it easy for regular SharePoint users to navigate. You can access the Symantec Protection for SharePoint console from any computer on your network that can access the server on which the Symantec Protection for SharePoint console is installed. However, you must have the permissions to access the SharePoint Central Administration page. Once you open the SharePoint Central Administration page, access to the Symantec Protection for SharePoint console is limited to only domain administrators or members of the Local Administrators group.

64 64 Using the Symantec Protection for SharePoint console About the Symantec Protection for SharePoint console Accessing the console You can ensure that only authenticated users can access and modify Symantec Protection for SharePoint Servers settings. Set a password so that only users who are aware of this password can gain access to the Symantec Protection for SharePoint console. See Configuring a password for the console on page 72. You can access the Symantec Protection for SharePoint console through the following ways: SharePoint Central Administration page See To access the console through the SharePoint Central Administration page on page 64. Internet Information Services (IIS) Manager See To access the console through Internet Information Services (IIS) Manager on page 65. Internet Explorer See To access the console through Internet Information Services (IIS) Manager on page 65. Access the console from the system on which the Symantec Protection for SharePoint console is installed. You can also access the console from other computers on the network, but you must be a member of the domain administrator group or the Local Administrators group. You can change the service logon username and password for the Symantec Protection for SharePoint Servers after you log on. To access the console through the SharePoint Central Administration page 1 Click the Start button, and then point to Programs. Point to Administrative Tools, and then do the following tasks: For MOSS 2007 For SPS 2003 Click SharePoint 3.0 Central Administration Click SharePoint Central Administration 2 Type the username and password of an account that has domain administrator or local administrator rights. 3 On the Central Administration page, click Operations to go to the operations page. By default, Operations can be seen in the left menu under Central Administration.

65 Using the Symantec Protection for SharePoint console About the Symantec Protection for SharePoint console 65 4 Click the Symantec Protection 5.1 for SharePoint Servers link to access the Symantec Protection for SharePoint console. See Symantec Protection for SharePoint Servers link is missing from the SharePoint Central Administration site on page 136. To access the console through Internet Information Services (IIS) Manager 1 Click the Start button, and then point to Programs. Point to Administrative Tools, and then click Internet Information Services (IIS)Manager. 2 In the left pane, expand your server name. 3 In the list, expand Web Sites. 4 Under Web Sites, right-click SharePoint Central Administration v3. 5 In the menu, click Properties. You can see the TCP port number in the TCP port box under the Web Site tab. 6 Click Cancel. 7 Right-click SharePoint Central Administration v3. In the menu, click Browse. 8 Type the username and password of the user account with local administrator or domain administrator rights. The SharePoint Central Administration page appears in the right pane of the IIS Manager. 9 On the Central Administration page, click Operations to go to the operations page. By default, Operations can be seen in the left menu under Central Administration. 10 Click the Symantec Protection 5.1 for SharePoint Servers link to access the Symantec Protection for SharePoint console. See Symantec Protection for SharePoint Servers link is missing from the SharePoint Central Administration site on page 136. To access the console through Internet Explorer Do the following to access the Symantec Protection for SharePoint console through the Internet Explorer: Determine the port number of the Central Administration page on the server that is running the Symantec Protection for SharePoint console. Launch the Central Administration page through the Internet Explorer.

66 66 Using the Symantec Protection for SharePoint console About the Symantec Protection for SharePoint console Access the console through the Central Administration page See To access the console through the SharePoint Central Administration page on page 64. To determine the port number of the Central Administration page 1 Click the Start button, and then point to Programs. Point to Administrative Tools, and then click Internet Information Services (IIS) Manager. 2 In the left pane, expand your server name. 3 In the list, expand Web Sites. 4 Under Web Sites, right-click SharePoint Central Administration v3. 5 In the menu, click Properties. You can see the TCP port number in the TCP port box under the Web Site tab. To launch the Central Administration page through Internet Explorer 1 Launch a Web browser on any computer on your network that can access the server that is running the Symantec Protection for SharePoint console. 2 Go to the following URL: where <servername> is the host name or IP address of the server that is running the Symantec Protection for SharePoint console and <port> is the TCP port number that is assigned during installation to the Central Administration page. The Central Administration page appears. See To access the console through the SharePoint Central Administration page on page 64.

67 Using the Symantec Protection for SharePoint console About the Symantec Protection for SharePoint console 67 Changing the service logon account information The components of Symantec Protection for SharePoint Servers have the following separate entries in the Services Control Panel: Symantec Protection for SharePoint console Symantec Scan Engine Symantec Protection for SharePoint console is listed as Symantec Protection 5.1 for SharePoint Servers in the Services Control Panel. During the installation, you must type a service logon username and password. The user account must be a member of the Local Administrators Group on the computer on which the SharePoint server is installed. If the SQL server is on a separate computer, the user account must also be a member of the Local Administrators Group on that computer. The username should be in the following format: domain\username or computer\username. See To change the service logon account information on page 67. Symantec Scan Engine is installed with the local system account as the logon service account by default. To access the Symantec Scan Engine console, you need the virtual administrative account password. See Accessing the Symantec Scan Engine console on page 95. You can change the service logon account for Symantec Protection for SharePoint Servers through the Services Control Panel any time after installation. To change the service logon account information 1 In the Windows Control Panel, double-click Administrative Tools. 2 In the Administrative Tools window, double-click Services. 3 In the list of services, right-click Symantec Protection 5.1 for SharePoint Servers and click Properties. 4 Under the Log On tab, select This account. Type the user name and password. The username must be in the format domain\username or computer\username. The user account must be a member of the Local Administrators Group on the computer on which the SharePoint server is installed. If the SQL server is on a separate computer, the user account must be a member of the Local Administrators Group on that computer as well

68 68 Using the Symantec Protection for SharePoint console About the console home page 5 Confirm the password by typing it again. 6 Click Ok. About the console home page Figure 3-1 shows the Symantec Protection for SharePoint Servers home page. Navigation links Figure 3-1 Symantec Protection for SharePoint Servers home page Feature links Status pane [MM Navigation links Click the navigation links at the top of the page to return to the console home page or to go back to the previous page from anywhere in the Symantec Protection for SharePoint console.

69 Using the Symantec Protection for SharePoint console About the console home page 69 Feature links Use the feature links to navigate to the main features for Symantec Protection for SharePoint Servers. When you click a link, the page that contains that feature s options appears. Table 3-1 provides information about the feature links. Table 3-1 Link Global Settings Symantec Scan Engines Feature links functions Description Global Settings has the following links: Real-time scan settings: Lets you configure the real-time scan settings for upload and download of documents from the SharePoint server. See Configuring real-time scanning on page 73. Manual scan and scheduled scan: Lets you run an immediate (manual) scan, schedule scans of documents that are stored on the SharePoint server, and configure settings for manual scans and scheduled scans of the SharePoint server content. See About manual scans and scheduled scans on page 75. Console settings: Lets you configure password protection for the console. See Configuring a password for the console on page 72. Symantec Scan Engines has the following links: Register a new Symantec Scan Engine: Lets you register a Symantec Scan Engine. See Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers on page 85. List and edit all registered Symantec Scan Engines: Lets you add, delete, and edit registered Symantec Scan Engines. See About adding, removing, editing, and viewing registered Symantec Scan Engines on page 87. Global Symantec Scan Engine settings: Lets you configure the auto-check interval for the status of registered Symantec Scan Engines, and other settings relevant to all registered Symantec Scan Engines. See Specifying the scanning mode for load balancing on page 89. See Checking for the latest virus definitions on page 90.

70 70 Using the Symantec Protection for SharePoint console About the console home page Table 3-1 Link Logging and Notifications Reports Feature links functions (Continued) Description Logging and Notifications has the following links: Log file settings: Lets you set the event logging level and log file location. See About SMTP logging on page notification settings: Lets you specify and customize notifications. See Configuring SMTP logging on page 114. Reports has the following links: On-demand reports: Lets you examine system, scan process, and Symantec Scan Engine data in either a report or piechart format. See Generating an on-demand report on page 129. Schedule reports: Lets you schedule an hourly, daily, weekly, or monthly report that is generated and distributed by to the users that you specify. See Scheduling a report on page 130. Status pane The status pane on the console home page provides an overview of the current status of the Symantec Scan Engines. You also can view a graphic overview of the maximum and currently used scanning threads for all active online Symantec Scan Engines. See About the status pane on page 109.

71 Chapter 4 Configuring Symantec Protection for SharePoint Servers About configuring Symantec Protection for SharePoint Servers Configuring real-time scanning About manual scans and scheduled scans Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers About configuring Symantec Protection for SharePoint Servers Symantec Protection for SharePoint Servers lets the SharePoint server communicate with Symantec Scan Engine to request virus scanning. Symantec Protection for SharePoint Servers interprets the results that are returned from Symantec Scan Engine after scanning. You configure Symantec Protection for SharePoint Servers through the Symantec Protection for SharePoint console.you can access the console from the SharePoint server administrative interface. See Accessing the console on page 64.

72 72 Configuring Symantec Protection for SharePoint Servers About configuring Symantec Protection for SharePoint Servers You can configure the following options through the Symantec Protection for SharePoint console: Configuring a password for the console See Configuring a password for the console on page 72. Configuring real-time scanning See Configuring real-time scanning on page 73. About configuring global manual and scheduled scanning options See About manual scans and scheduled scans on page 75. Scheduling scans See Scheduling scans on page 83. Performing a manual scan See Performing manual scans on page 85. Specifying file handling rules See Specifying file handling rules on page 80. Excluding files with specific extensions from being scanned See Excluding files with specific extensions from being scanned on page 76. Excluding folders from being scanned See Excluding folders from being scanned on page 77. Specifying the location for quarantined documents See Specifying the location for quarantined documents on page 79. Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers See Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers on page 85. Specifying the scanning mode for load balancing See Specifying the scanning mode for load balancing on page 89. Checking for the latest virus definitions See Checking for the latest virus definitions on page 90. Configuring a password for the console You can ensure that only authenticated users can access and modify Symantec Protection for SharePoint Servers settings by securing the console with a password.when you initially install Symantec Protection for SharePoint Servers, no password is set. You set the password through the console after installation.

73 Configuring Symantec Protection for SharePoint Servers Configuring real-time scanning 73 You can also configure a time-out setting. The time-out setting locks the console if there is no activity for the amount of time that you specify. Users can only unlock the console with the password. For added security, the console contains a lockout feature. The lockout feature lets users lock the console when they step away from the computer. The console can only be unlocked with the password. The lockout link appears at the top-right of the console. Note: You must set and save the console password for the Lockout link to appear on the console. To configure a password for the console 1 On the home page of the Symantec Protection for SharePoint console, under Global Settings, click Console settings. 2 Check Password protect the Symantec Protection for SharePoint console. 3 In the password field, type the password. Note: Blank passwords are not supported. 4 Check Show password to see the password. The password text is hidden by default. 5 In the Timeout box, type the number of minutes of inactivity at which the console locks. 6 Click Save. Configuring real-time scanning Real-time scanning means that you can specify whether you want files scanned as they are being uploaded to and downloaded from the SharePoint server. All uploaded files and downloaded files are submitted for scanning, unless the file type is listed as a default blocked type under Security configuration in the SharePoint Central Administration page. When a user attempts to upload a file that contains an unrepairable virus, the user receives a notification that the file is infected. The file is not stored on the SharePoint server. When a user attempts to download a file from the SharePoint server that is infected and unrepairable, the file is not passed to the user. The user receives a notification that access to the file is denied.

74 74 Configuring Symantec Protection for SharePoint Servers Configuring real-time scanning See How caching works on the SharePoint server on page 22. See What happens when a file is uploaded on page 22. See What happens when a file is downloaded on page 22. To configure real-time scan scanning 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Real-time scan settings. 2 On the Real-time scan settings page, under Number of Threads, click Edit Settings. 3 On the AntiVirus page, in the AntiVirus Settings section, check any of the following options to enable its features: Scan documents on upload Scan files before they are uploaded (stored) on the SharePoint server. Infected files that cannot be repaired are not uploaded to the SharePoint server. This option is disabled by default. Scan documents on download Allow users to download infected documents Scan files that have already been stored on the SharePoint server before they are downloaded to a requesting user. This option is disabled by default. Lets users download infected files that cannot be repaired. Do not select this option unless you want to resolve a virus infection. Caution: If you permit users to download infected files, you may expose your network to virus attacks. Your network is particularly vulnerable if you are not using real-time virus protection on other areas of your network. See About protecting the servers that are running the Symantec Protection for SharePoint Servers components on page 36. Attempt to clean infected documents Attempts to repair files that contain viruses. This option is disabled by default.

75 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans 75 4 In the Time out duration box, type the amount of time that the virus scanner runs before the scanning process times out. The default setting is 300 seconds (5 minutes). You can adjust this duration based on the performance. 5 In the number of threads box, type the number of threads that real-time scanning processes will use. The default setting is 5. You can adjust this value based on the performance. 6 Click Ok. 7 On the Symantec Protection for SharePoint console home page, under Global Settings, click Real-time scan settings. 8 Check Bypass scanning when all Symantec Scan Engines are offline or disabled to permit users to continue to access files even if no registered Symantec Scan Engine is available to scan the file. This option is disabled by default. 9 Select one of the following: Save Restore Saves your settings. Reverts your settings to the last saved settings. About manual scans and scheduled scans Schedule periodic scans of the document library to ensure that all files have been scanned for viruses. Scheduled scans occur at the time and frequency that you specify. Scheduled scanning occurs in the background and does not affect real-time scanning of uploaded and downloaded files. You can also force an immediate (manual) scan of the documents in the document library. The options that you configure for scheduled scans also apply to manual scans. You should perform a manual scan whenever you make configuration changes to Symantec Scan Engine such as changes to mail filter policy settings, container processing limits, or other processing limits. You can improve scanning performance by excluding certain directories or folders from being scanned. You can also specify which file types to omit from scanning. During a manual or scheduled scan, all files are submitted for scanning except the files and folders contained in exclusion lists. You can also limit scanning to only those files that have been added or modified since the last manual scan or scheduled scan. Symantec Protection for SharePoint Servers can compare the time a file was modified or added with the time of the last scan. This feature lets you conserve scanning resources by

76 76 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans omitting files from scanning that have not been modified or added since the last scan. When this feature is disabled, all files are scanned during manual scans and scheduled scans. About configuring global manual and scheduled scanning options You can configure the following options for both scheduled scans and manual scans: Excluding files with specific extensions from being scanned See Excluding files with specific extensions from being scanned on page 76. Excluding folders from being scanned See To exclude document libraries from manual and scheduled scans on page 77. Specifying the number of threads for scanning See To specify the number of threads for scanning on page 77. Scanning all file versions in the document library See To scan all file versions in the document library on page 78. Scanning only those files that were added or modified from the last scan See To scan only those files that have been added or modified since the last completed scan on page 78. Specifying the location for quarantined documents See Specifying the location for quarantined documents on page 79. Specifying file handling rules See Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers on page 85. Reviewing scan statistics See Reviewing scan statistics on page 82. Excluding files with specific extensions from being scanned Viruses are found only in file types that contain executable code. You can save bandwidth and time by excluding those files types that are not likely to contain viruses from scanning. The default file extension exclude list is prepopulated with extensions for those file types that are not likely to contain viruses and can be excluded from scanning. You can customize this list.

77 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans 77 To exclude files with specific extensions from being scanned 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and scheduled scan. 2 Under Exclusion List, on the right pane, in the File extension exclude list, add extensions that you do not want to scan or delete extensions that you do want to scan. Use a period with each extension in the list. Separate each extension with a semicolon (for example,.com;.doc;.bat). 3 Click Save. Excluding folders from being scanned You can exclude directories or folders from manual scans or scheduled scans. To exclude document libraries from manual and scheduled scans 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and scheduled scan. 2 In the Exclusion List section, the Number of excluded paths gives the number of selected paths that are excluded from a manual or scheduled scan. 3 Click Add exclude path. In the Exclude folder page, the Exclude Path section under Exclude folders gives the current excluded paths. There are no exclude folders or paths defined by default. 4 In the Microsoft SharePoint Server Folder section, select the folder, directory, or path that you want to exclude from a scan. 5 Scroll down to the bottom of the page and click Add. You can view the added folder or path in the Exclude Path section. 6 To include a folder or path back into a scan, click the Remove icon against the path. Specifying the number of threads for scanning Symantec Protection for SharePoint Servers sends several documents in parallel for scanning based on the number of threads that you specify. This process improves the performance significantly. To specify the number of threads for scanning 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and scheduled scan.

78 78 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans 2 Under the Optional Settings feature, in the Number of threads box, specify the number of threads that you want Symantec Protection for SharePoint Servers to use during scanning. The default number of threads is 4. You can specify any value between 1 and 25. The number of threads that you specify here is only for manual scans and scheduled scans. See Configuring real-time scanning on page Click Save. Scanning all file versions in the document library Microsoft Windows SharePoint Services lets users keep multiple versions of a document. This option also lets users revert back to a previous version. To scan all file versions in the document library 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and scheduled scan. 2 Under the Optional Settings feature, in the right pane, check Scan all file versions in the document library. If you enable the option Scan all file versions in the document library, Symantec Scan Engine scans all versions of a document. 3 Click Save. Scanning those files that have been added or modified since the last completed scan You can limit scanning to only those files that have been added or modified since the last completed manual scan or scheduled scan. Symantec Protection for SharePoint Servers compares the time a file was modified or added with the time of the last completed scan. This feature lets you conserve scanning resources by omitting files from scanning that have not been modified or added since the last scan. When this feature is disabled, all files are scanned during manual scans and scheduled scans. To scan only those files that have been added or modified since the last completed scan 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and scheduled scan.

79 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans 79 2 Under the Optional Settings feature, in the right pane, check Scan only modified or new files since last completed scan:. If no manual or scheduled scan has been completed, then this option is inactive. If a previous scan has been completed, the end time appears. 3 Click Save. Specifying the location for quarantined documents You can quarantine any of the file types that are detected during a manual scan or scheduled scan. When you specify the option to Copy to Quarantine and Delete, Symantec Protection for SharePoint Servers puts a copy of the file in the quarantine folder. Then it deletes the file. You can access and remove files directly from the quarantine folder. See Specifying file handling rules on page 80. You can specify the location of the quarantine folder. The default location is as follows: C:\Program Files\Symantec\SharePoint\Quarantine. Whatever location you choose for the quarantine folder, ensure that you omit this folder from being scanned by any antivirus scanning program. To specify the location for quarantined documents 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and scheduled scan. 2 Under Optional Settings, in the Quarantine folder box, type the path to the quarantine folder. Symantec Protection for SharePoint Servers stores infected files that are found during a scheduled or a manual scan in this folder. The default location is C:\Program Files\Symantec\SharePoint\Quarantine\. 3 Click Save.

80 80 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans Specifying file handling rules You can specify how you want Symantec Protection for SharePoint Servers to process the following types of files that are detected during a manual scan or scheduled scan: Infected files Unrepairable virus files Unscannable files Encrypted files Infected files are files that are infected with one or more viruses. You can configure Symantec Protection for SharePoint Servers to attempt to repair the file, delete it, or copy it to quarantine and then delete the infected file under Basic Virus Rule. See Specifying the location for quarantined documents on page 79. If you configure Symantec Protection for SharePoint Servers to attempt to repair infected files, you can also specify how you want to process an unrepairable, infected file. You can configure Symantec Protection for SharePoint Servers to delete an unrepairable, infected file or copy it to the quarantine and then delete the unrepairable, infected file. See Specifying the location for quarantined documents on page 79. Unscannable files include partial container files, malformed container files, and encrypted container files. You can configure Symantec Protection for SharePoint Servers to delete an unscannable file or copy it to the quarantine and then delete the unscannable file. See Specifying the location for quarantined documents on page 79. Infected file are often encrypted to deflect scanning attempts. Encrypted files cannot be decrypted and scanned without the appropriate decryption tool. You can configure Symantec Protection for SharePoint Servers to log the detection of encrypted files (but take no action with the file), delete the encrypted file, copy it to the quarantine and then delete the encrypted file. See Specifying the location for quarantined documents on page 79.

81 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans 81 Files containing security risks Symantec Protection 5.1 for SharePoint Servers detects files with security risks like spyware, adware, hack tools, dialers, joke programs etc. You can configure Symantec Protection for SharePoint Servers to delete the file that contains the security risk, copy it to the quarantine and then delete the file, or log the detection of a security risk, but take no action with the file. You must also enable security risk detection on Symantec Scan Engine. See About enabling security risk detection on page 104. See Specifying the location for quarantined documents on page 79. Note: Symantec Scan Engine contains a decomposer that extracts the contents of a container file and scans the contents for risks. If the container file includes an unrepairable virus, an encrypted file, an unscannable file, or a file that contains a security risk, that specific file is handled according to its file detection rules. The decomposer then re-assembles the container file and sends it back to Symantec Protection for SharePoint Servers. Symantec Protection for SharePoint Servers considers the file repaired and handles it according to how you have configured the Basic Virus Rule. You can minimize the likelihood that infected files will be stored on the SharePoint server by choosing to scan files before they are uploaded. If the files are found to be infected, they are not uploaded. If the SharePoint server was in operation before you added antivirus scanning, you may have infected files already stored on the SharePoint server. Scheduled scans of the SharePoint server should identify any infected files that have been stored on the server. See Scheduling scans on page 83. To specify file handling rules 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and scheduled scan. 2 In the Infected File Detection Rules section, select the actions that you want Symantec Protection for SharePoint Servers to take for files that are detected during a scan. 3 Click Save.

82 82 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans Reviewing scan statistics You can view the statistics of an ongoing or completed scan under Scan Statistics in the manual and scheduled scan page. Table 4-1 describes each entry in the scan statistics section. Table 4-1 Scan statistic Last start time Scan Statistics Description Displays the date and time when the scan started. Ends at/ Is running Last completed scan Files collected Files processed Exclude by folder Exclude by extension Clean files Infected files Repairable files Encrypted files Files containing security risks Unscannable files Displays the date and time when the scan ended. If its an ongoing scan, this field is renamed as Is running and displays the time interval that the scan has been running. Displays the date and time of the last complete scan of the entire document library. Displays the total number of files in the document library. Displays the current number of files that Symantec Protection for SharePoint Servers is processing out of Files collected. Symantec Protection for SharePoint Servers checks each file for any exclusions (folder or extension) and sends it for scanning. Once a scan is complete, the files processed will be equal to the files collected. Displays the number of files that have been excluded by folder. Displays the number of files that are excluded by extension. Displays the number of clean files. Displays the number of infected files. Displays the number of files with repairable viruses. Displays the number of files with encrypted content. Displays the number of files that contain security risks. See About enabling security risk detection on page 104. Displays the number of files that have unscannable content.

83 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans 83 Table 4-1 Scan statistic Access denied files Files repaired and replaced Scan Statistics Description Displays the number of files that come under the following categories: System files with no access permission Files that have been checked out for editing Files that are not readable and cannot be scanned by Symantec Scan Engine Displays the number of files that have been repaired and replaced in the document library. You must specify the file handling rules accordingly. See Specifying file handling rules on page 80. Files quarantined Displays the number of files that have been quarantined to the quarantine folder. You must specify the file handling rules accordingly. See Specifying file handling rules on page 80. See Specifying the location for quarantined documents on page 79. Files deleted Displays the number of files that have been deleted from the document library. You must specify the file handling rules accordingly. See Specifying file handling rules on page 80. Scheduling scans You can choose how frequently scheduled scans occur, and you can choose the time of day that the scheduled scan starts. Before you configure a scheduled scan, ensure that you have configured the global manual and scheduled scanning options. See About configuring global manual and scheduled scanning options on page 76. You can configure the following scanning options before you enable scheduled scanning: Exclude file types from scans See Excluding files with specific extensions from being scanned on page 76.

84 84 Configuring Symantec Protection for SharePoint Servers About manual scans and scheduled scans Exclude the libraries on the SharePoint server that you do not want scanned during scheduled scans. The remaining document libraries on SharePoint server will be scanned during scheduled scans. If you do not exclude any document library, Symantec Scan Engine will scan all document libraries on the SharePoint server. See Excluding folders from being scanned on page 77. Specify the number of threads for manual and scheduled scans See Specifying the number of threads for scanning on page 77. Scan all versions of the document If you enable document versioning on your SharePoint server, multiple versions of a document exists as users can check documents in and out. Symantec Scan Engine will scan all versions of the same document. See Scanning all file versions in the document library on page 78. Scan only those files that were added or modified from the last completed scan This option preserves bandwidth and time during a manual or scheduled scan. Symantec Protection for SharePoint Servers compares the last modified time with the last scan time. This comparison ensures that only those files whose last modified time is after the last scan time are sent for scanning. See Scanning those files that have been added or modified since the last completed scan on page 78. Enable scheduled scanning by selecting the frequency and time that the scans will occur. To enable or disable scheduled scanning 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and scheduled scan. 2 Under Scheduled Scan, select one of the following options: Off Daily Weekly The default setting is Off. 3 Type the time (hr:mm) of the day in the 24-hour format to start the scheduled scan. The default setting is 00:00 A.M. 4 If you select Weekly, check the day or days of the week on which you want the scheduled scan to occur.

85 Configuring Symantec Protection for SharePoint Servers Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers 85 5 Click Save. Performing manual scans 6 The Next run time displays the date and time of the next scheduled scan. You can force an immediate scan of the SharePoint server. All files are sent for scanning irrespective of whether they were previously scanned or not.before you perform a manual scan, ensure that you have configured the global manual and scheduled scanning options. See About configuring global manual and scheduled scanning options on page 76. To perform a manual scan 1 On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and scheduled scan. 2 Under Manual Scan, on the right pane, click Scan Now. You can view the date, time, and other statistics like the number of infected files, during and after a manual scan under Scan Statistics. See Reviewing scan statistics on page 82. Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers Symantec Scan Engine provides the scanning and repair services for Symantec Protection for SharePoint Servers. You can install Symantec Scan Engine on the SharePoint server. You can also install Symantec Scan Engine on a separate server that is not running SharePoint. This lets you move antivirus scanning off-box, thereby reducing the CPU load on the SharePoint server. If you install Symantec Protection for SharePoint console and Symantec Scan Engine on the same computer and you have a valid Symantec Scan Engine license file, Symantec Scan Engine is automatically registered with Symantec Protection for SharePoint Servers. If you do not have the license file during installation, you can install the license later through the Symantec Scan Engine console. Once you install a valid license file, you must register Symantec Scan Engine with the Symantec Protection for SharePoint Servers. See About licensing Symantec Scan Engine on page 99. See To register a new Symantec Scan Engine on page 87.

86 86 Configuring Symantec Protection for SharePoint Servers Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers You configure Symantec Scan Engine separately from the Symantec Protection for SharePoint console through its own Web-based administrative interface. See Configuring Symantec Scan Engine on page 95. Install and configure Symantec Scan Engine before you register it with Symantec Protection for SharePoint Servers. Table 4-2 describes the information that you must provide for each Symantec Scan Engine so that Symantec Protection for SharePoint Servers can pass files for scanning. Table 4-2 Option Host or IP address TCP/IP port Description Enable this Symantec Scan Engine Symantec Scan Engine registration fields Description Specify a host name or IP address for each Symantec Scan Engine that will provide scanning services for the SharePoint server. You can install Symantec Scan Engine on the SharePoint server. You can also install Symantec Scan Engine on a separate server that is not running SharePoint. This lets you move antivirus scanning off-box, thereby reducing the CPU load on the SharePoint server. For more information, see the Symantec Scan Engine Implementation Guide. Specify a TCP/IP port number through which files are passed to Symantec Scan Engine for scanning. The port number must be exclusive to Symantec Scan Engine. This is the port number that you specified during the Symantec Scan Engine installation. The default port is You can add a description (up to 50 characters) for each Symantec Scan Engine. During the registration process, you can choose to enable Symantec Scan Engine. A disabled Symantec Scan Engine is dropped from rotation and is not available for scanning. You can still view the disabled Symantec Scan Engine in the list of registered scan engines. You can enable or disable a registered scan engine after the registration process. See To edit a Symantec Scan Engine registration on page 89.

87 Configuring Symantec Protection for SharePoint Servers Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers 87 Table 4-2 Option Priority Symantec Scan Engine registration fields Description Specify a priority for the registered Symantec Scan Engine. The priority determines the volume of files that are sent to the scan engine during a scanning process. You can select any one of the following priorities for the scan engine: Lowest Below normal Normal Above normal Highest Note: The priority setting is applicable only when multiple scan engines are registered. You can change the priority at any time after the Symantec Scan Engine is registered. After you register a Symantec Scan Engine, Symantec Protection for SharePoint Servers periodically polls the Symantec Scan Engine for its status and virus definition information. You can set the time interval at which Symantec Protection for SharePoint Servers periodically polls each registered Symantec Scan Engine. You can view the status and virus definition information on the Symantec Protection for SharePoint console. See To view the list of registered Symantec Scan Engines on page 89. You can add a Symantec Scan Engine, remove a Symantec Scan Engine, edit an entry or view the list of registered Symantec Scan Engines. About adding, removing, editing, and viewing registered Symantec Scan Engines You can register a scan engine, remove an existing scan engine, edit an entry, and view the list of registered Symantec Scan Engines. To register a new Symantec Scan Engine 1 On the Symantec Protection for SharePoint console home page, under Symantec Scan Engines, click Register a new Symantec Scan Engine.

88 88 Configuring Symantec Protection for SharePoint Servers Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers 2 In the Step 1 : Start Registration page, specify the following details about Symantec Scan Engine that you want to register: Host or IP address TCP/IP Port Description Type the host name or IP address of the computer on which Symantec Scan Engine is running. If the computer on which Symantec Scan Engine is running is configured to have multiple IP addresses, specify the address on which Symantec Scan Engine listens. Type the port number on which Symantec Scan Engine listens. The port number that you specify here must match the port number that you specified during Symantec Scan Engine installation. The default port number for Symantec Scan Engine is 1344 when ICAP is used as the communication protocol. Type a description that can be used to identify Symantec Scan Engine. You can type a maximum of 50 number of characters. 3 Click Next. 4 In the Step 2: Complete Registration page, verify the Symantec Scan Engine details. Click Back to make any modifications. 5 After you verify the details, check Enable this Symantec Scan Engine to activate this Symantec Scan Engine. 6 Click the drop-down menu to select the scanning priority that you want to assign to this Symantec Scan Engine. See Specifying the scanning mode for load balancing on page Click Register. The registered Symantec Scan Engine appears in the Registered Symantec Scan Engines list. To remove a registered Symantec Scan Engine 1 On the Symantec Protection for SharePoint console home page, under Symantec Scan Engines, click List and Edit all registered Symantec Scan Engines.

89 Configuring Symantec Protection for SharePoint Servers Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers 89 2 In the Details column beside the Symantec Scan Engine that you want to remove, click Show. Details, response data, and statistics of the selected Symantec Scan Engine appear. 3 Click Delete. To edit a Symantec Scan Engine registration 1 On the Symantec Protection for SharePoint console home page, under Symantec Scan Engines, click List and Edit all registered Symantec Scan Engines. 2 In the Details column beside the Symantec Scan Engine that you want to modify, click Show. Details, response data, and statistics of the selected Symantec Scan Engine appear. 3 Modify any of the Symantec Scan Engine details. 4 Click Save. To view the list of registered Symantec Scan Engines 1 On the Symantec Protection for SharePoint console home page, under Symantec Scan Engines, click List and Edit all registered Symantec Scan Engines. You can view a list of all registered Symantec Scan Engines with the priority, host name, virus definition date, description, and status. 2 In the Details column beside the Symantec Scan Engine whose details that you want to view, click Show. Details, response data, and statistics of the selected Symantec Scan Engine appears. Specifying the scanning mode for load balancing Symantec Scan Engine performance depends on scan volume, the number of client SharePoint servers making requests to Symantec Scan Engine, and memory and disk space requirements. If you are processing large traffic volumes or have multiple clients making virus scanning requests, you can install and configure multiple Symantec Scan Engines to handle the virus scanning load.

90 90 Configuring Symantec Protection for SharePoint Servers Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers You can specify how you want the scanning load to be distributed by selecting a scanning mode. The scanning modes are as follows: Cyclic mode Priority mode Scanning is distributed evenly across all registered Symantec Scan Engines using a continuous repeating sequence. Scanning is distributed to Symantec Scan Engines based on priority. When you register a Symantec Scan Engine, you specify the priority. See Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers on page 85. If you enable both modes, the priority mode takes precedence. You can allocate a priority level to a registered Symantec Scan Engine based on its performance. Symantec Protection for SharePoint Servers sends files for scanning based on the allocated priority levels if you have enabled the priority mode. To specify the scanning mode for load balancing 1 On the Symantec Protection for SharePoint console home page, under Symantec Scan Engines, click Global Symantec Scan Engine settings. 2 Under Select Modes, on the right pane, select the mode that you want to use for scanning load balancing. See To register a new Symantec Scan Engine on page 87. See To edit a Symantec Scan Engine registration on page 89. Note: You can enable this option only if multiple scan engines are registered. If there is only one registered Symantec Scan Engine, these modes are inactive. 3 Click Save. Checking for the latest virus definitions Virus definition files contain the necessary information for Symantec Scan Engine to detect and eliminate viruses. Updated virus definitions files are supplied by Symantec regularly and whenever a new virus threat is discovered. Virus definition files are dated and have a version number so that when virus definitions change, Symantec software can determine the most current set of definitions. When new virus definition files are available, Symantec LiveUpdate technology automatically downloads the files and installs them in the proper location on

91 Configuring Symantec Protection for SharePoint Servers Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers 91 the computer that is running Symantec Scan Engine. If an error occurs during this process or there is a problem with the new virus definition files, Symantec Scan Engine attempts to roll back to the previous virus definitions and continue scanning. Occasionally, if you are running more than one Symantec Scan Engine, the versions of the virus definition files that are in use may temporarily differ until LiveUpdate has had a chance to update definitions for all of the scan engines. For more information, see the Symantec Scan Engine Implementation Guide. When you enable the auto-check feature, Symantec Protection for SharePoint Servers regularly polls the registered scan engines to verify that they are online. Symantec Protection for SharePoint Servers also determines whether the registered Symantec Scan Engines have the latest definitions. You can specify how often you want Symantec Protection for SharePoint Servers to perform an auto-check. Symantec Protection for SharePoint Servers also has a feature that you can use to perform an on-demand check of definitions. The latest virus definition version and date number among the Symantec Scan Engines is registered with Symantec Protection for SharePoint Servers. View the virus definition version and date number that is registered with Symantec Protection for SharePoint Servers under Latest Virus Definitions. You can configure Symantec Protection for SharePoint Servers to remove a Symantec Scan Engine if its virus definition files is older than the registered virus definition files. You must specify a threshold time within which the virus definition files must be made the latest. For a Symantec Scan Engine with an old virus definition version and date, Symantec Protection for SharePoint Servers first generates a warning message on the console page. Symantec Protection for SharePoint Servers logs this warning message and sends out an notification. If the virus definition files are not updated within the threshold time, the Symantec Scan Engine is taken offline.

92 92 Configuring Symantec Protection for SharePoint Servers Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers Table 4-3 describes the options to check the status of registered scan engines and their virus definition versions. Table 4-3 Option Refresh Virus definitions checking options Description Immediately polls all registered Symantec Scan Engines for the latest virus definition among them. Symantec Protection for SharePoint Servers registers the latest virus definition date and version number and displays this information. Symantec Scan Engine auto check Auto check interval (in seconds) Take a Symantec Scan Engine offline if its virus definitions is not the latest Threshold time before taken offline (hours) Polls all registered scan engines automatically at the specified auto check interval for the online or offline status, latest virus definition date, and version. The interval (in seconds) that Symantec Protection for SharePoint Servers polls the registered scan engines for their status and virus definition dates. The default value is 60 seconds. Takes a scan engine offline if the virus definition on the Symantec Scan Engine is older than the registered virus definition with Symantec Protection for SharePoint Servers. The time interval (hours) within which the virus definition files on the Symantec Scan Engine must be updated. Symantec Protection for SharePoint Servers takes the Symantec Scan Engine offline if the virus definition files are not updated within the threshold time. To manually check for the latest virus definitions 1 On the Symantec Protection for SharePoint console home page, under Symantec Scan Engines, click Global Symantec Scan Engine settings. 2 Under Latest Virus Definitions, on the right pane, click Refresh. Symantec Protection for SharePoint Servers polls the registered scan engines for the latest virus definition among them. This value is then displayed above the Refresh button. To automatically check for the latest virus definitions 1 On the Symantec Protection for SharePoint console home page, under Symantec Scan Engines, click Global Symantec Scan Engine settings.

93 Configuring Symantec Protection for SharePoint Servers Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers 93 2 Under Auto-Check Options, on the right pane, check Symantec Scan Engine auto check. 3 In the Auto-check interval (in seconds) box, type the interval (in seconds) in which you want the auto-check process to occur. Symantec Protection for SharePoint Servers polls the registered scan engines at the interval that you specify for their statuses, and their virus definition versions. The default setting is 60 seconds. You can enter a value between 20 and Check Take a Symantec Scan Engine offline if its virus definition is not the latest to take a Symantec Scan Engine that does not have the latest definitions out of rotation. Symantec Protection for SharePoint Servers compares its virus definition version with the version on each registered Symantec Scan Engine. If any Symantec Scan Engine has a virus definition older than the registered virus definition, that scan engine is taken offline. 5 Click Save.

94 94 Configuring Symantec Protection for SharePoint Servers Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers

95 Chapter 5 Configuring Symantec Scan Engine This chapter includes the following topics: Accessing the Symantec Scan Engine console About communication protocol settings Ways to control which file types are scanned About licensing Symantec Scan Engine About keeping your product and protection up-to-date Accessing the Symantec Scan Engine console The Symantec Scan Engine console is a Web-based interface that lets you manage Symantec Scan Engine. The interface is provided through a built-in HTTPS server. You access the interface by using a virtual administrative account that you set up at installation. You can access the Symantec Scan Engine console by using a Web browser on any computer on your network that can access the server that is running Symantec Scan Engine. If you did not install the license file at the time of installation, the License page automatically appears the first time that you access the Symantec Scan Engine console. This License page is the only page that is active. If at least one valid scanning license is installed, the Home page automatically appears. Each time that you start a new browser session and open the console, the Home page appears. As long as the browser session continues to run, each time that you open the Symantec Scan Engine console, you return to the page that you were on when you logged out or when the session times-out. For more information, see the Symantec Scan Engine Implementation Guide.

96 96 Configuring Symantec Scan Engine About communication protocol settings To access the console 1 Launch a Web browser on any computer on your network that can access the server that is running Symantec Scan Engine. 2 Go to the following URL: where <servername> is the host name or IP address of the server that is running Symantec Scan Engine and <port> is the port number that you selected during installation for the built-in Web server. The default port number is If a Warning - Security dialog box appears, click Yes to confirm that you trust the integrity of the applet. 4 In the Enter Password box, type the password for the administrative account. 5 Press Enter. About communication protocol settings You must configure Symantec Scan Engine to use ICAP as the communication protocol. At installation, ICAP is the default communication protocol. For more information, see the Symantec Scan Engine Implementation Guide. Configuring ICAP-specific settings After installation, you must configure several ICAP-specific options. Table 5-1 describes the configuration options for ICAP. Table 5-1 Option Bind address Configuration options for ICAP Description By default, Symantec Scan Engine binds to all interfaces. You can restrict access to a specific interface by entering the appropriate bind address. In cases where multiple Symantec Scan Engines are used, specifying a bind address allows the easier identification of Symantec Scan Engine reports.

97 Configuring Symantec Scan Engine About communication protocol settings 97 Table 5-1 Option Port number Configuration options for ICAP (Continued) Description The port number must be exclusive to Symantec Scan Engine. For ICAP, the default port number is If you change the port number, use a number that is greater than 1024 that is not in use by any other program or service. Note: This setting must match the port number you enter for the Symantec Scan Engine when you register it with Symantec Protection for SharePoint Servers. See Scheduling scans on page 83. Scan policy The scan policy is controlled by Symantec Protection for SharePoint Servers. Use the default settings. When an infected file is found, Symantec Scan Engine attempts to repair infected files and delete unrepairable files from archive or container files. Data trickle This setting is not applicable for the SharePoint server and should be left at the default setting. Note: Symantec Protection for SharePoint Servers will not function properly if you activate data trickling. To configure ICAP-specific options 1 On the Symantec Scan Engine console, in the left pane, click Configuration. 2 Under Views, click Protocol. 3 In the right pane, under Select Communication Protocol, click ICAP. The configuration settings are displayed for the selected protocol. You must manually stop and start the service if you change the protocol setting through the Symantec Scan Engine console. 4 Under ICAP Protocol Configuration, in the Bind address box, type a bind address, if necessary. By default, Symantec Scan Engine binds to all interfaces. You can restrict access to a specific interface by typing the appropriate bind address. 5 In the Port number box, type the TCP/IP port number that Symantec Protection for SharePoint Servers uses to pass files to Symantec Scan Engine for scanning. The default setting for ICAP is port Use the default Scan policy setting. The default setting is Scan and repair or delete.

98 98 Configuring Symantec Scan Engine Ways to control which file types are scanned 7 On the toolbar, select one of the following: Save Apply Saves your changes. You can continue to make changes in the administrative interface until you are ready to apply them. Applies your changes. Your changes are not implemented until you apply them. Ways to control which file types are scanned Symantec Protection for SharePoint Servers lets you save bandwidth and time by specifying the file types that are passed to Symantec Scan Engine for scanning during manual scans and scheduled scans. You can configure the Symantec Protection for SharePoint console to exclude certain file types from scanning using an exclusion list. Symantec Protection for SharePoint Servers makes this initial determination of whether to send the file for scanning based on the file extension of the top-level file. Note: The exclusion list on the Symantec Protection for SharePoint console applies only to files that are scanned during manual scans and scheduled scans. All files that are downloaded or uploaded to the SharePoint server are submitted for scanning regardless of file type. (You must configure Symantec Protection for SharePoint Servers to submit files for scanning on download and upload.) See Excluding files with specific extensions from being scanned on page 76. All top-level files that are sent to Symantec Scan Engine are scanned regardless of file extension. Symantec Scan Engine is configured by default to scan all files. There is a file extension exclude list and a file type exclude list on the Symantec Scan Engine as well. However, priority is given to the extension exclude list that you configure through the Symantec Protection for SharePoint console. All files that are sent to Symantec Scan Engine are scanned regardless of file extension. It is recommended that you let Symantec Scan Engine scan all files regardless of file extension. To scan all files regardless of extension 1 In the console on the primary navigation bar, click Policies. 2 In the sidebar under Views, click Scanning. 3 In the content area under Files to Scan, click Scan all files.

99 Configuring Symantec Scan Engine About licensing Symantec Scan Engine 99 4 On the toolbar, select one of the following: Save Apply Saves your changes. This option lets you continue making changes in the console until you are ready to apply them. Applies your changes. Your changes are not implemented until you apply them. About licensing Symantec Scan Engine You activate key features for Symantec Scan Engine, including scanning for threats and security risks, by installing the appropriate license. You must install the licenses through the Symantec Scan Engine console if you did not install it during installation. Note: If you have multiple Symantec Scan Engines, you must install the license for each scan engine through its console. For complete scanning functionality and definition updates, you need the following licenses: Product licenses Content licenses Product licenses activate scanning functionality. The AV Scanning license activates the threat and security risk scanning features. Content licenses let you receive product updates. The AV Content license lets you receive updated threat and security risk definitions. Updated definitions ensure that your server is protected from risks. About license activation The first time that you open the console after installation, only the License view is active. You must install the AV Scanning license to access the Configuration, Reports, Monitors, and System pages in the console. The scanning features and definitions updates for Symantec Scan Engine are activated by licenses. A separate license must be installed for each feature. If you purchase additional product features from Symantec as they become available for Symantec Scan Engine, these features will require a new license.

100 100 Configuring Symantec Scan Engine About licensing Symantec Scan Engine Symantec issues a serial number for each type of license that you purchase. This serial number is required to register your product and your maintenance agreement. The serial number is provided on a license certificate, which is mailed separately and arrives in the same time frame as your software. For security reasons, the license certificate is not included in the Symantec Scan Engine software distribution package. See If you do not have a serial number on page 100. License activation involves the following process: Obtain a license file from Symantec. Install the license file. To request a license file, you must have the license serial number for each license that you want to activate. After you complete the registration process, Symantec sends you the appropriate license file by . See Obtaining a license file on page 100. You must install the content and product licenses on each server on which you run Symantec Scan Engine. This enables the scanning processes and lets you update your product and its associated content using LiveUpdate. See Installing the license file on page 101. If you do not have a serial number Obtaining a license file Your license certificate, which contains the serial numbers for the licenses that you have purchased, should arrive within three to five business days of when you receive your software. If you do not receive the license certificate, contact Symantec Customer Service at or your reseller to check the status of your order. If you have lost your license certificate, contact Symantec License Administration. See Where to get more information on page 32. To request a license file, you must have the serial number that is required for activation. (Each license has a separate serial number.) The serial number is used to request a license file and to register for support. The serial number is printed on the license certificate that is mailed to you. The format of a serial number is a letter followed by 10 digits, for example, F If you purchased multiple types of licenses but register them separately, Symantec sends you a separate license file for each license. You must install

101 Configuring Symantec Scan Engine About licensing Symantec Scan Engine 101 each license file separately. If you register multiple licenses at the same time, Symantec sends you a single license file that contains all of your licences. The license file that Symantec sends to you is contained within a.zip file. The.slf file that is contained within the.zip file is the actual license file. Ensure that your inbound environment permits.zip message attachments. Warning: License files are digitally signed. If you attempt to edit a license file, you will corrupt the file and render it invalid. Installing the license file To obtain a license file 1 In a Web browser, type the following address: Your Web browser must use 128-bit encryption to view the site. 2 If a Security Alert dialog box appears, click OK. 3 Follow the procedures on the Symantec Licensing Portal to register your license and request your license file. Symantec sends you an message that contains the license file in an attachment. If the message does not arrive within two hours, an error might have occurred. Try again to obtain the license file through the Symantec Web site. If the problem continues, contact Symantec Technical Support. See Where to get more information on page 32. A license file contains the information that is required to activate one or more features in a product. A license file is also required to update the product and its associated content. A license file might contain one or more types of licenses. The number of licenses it contains depends on whether you registered the license serial numbers separately or at the same time. See Obtaining a license file on page 100. You can install the license file through the console. If you disabled the console, you can install the license file by copying it to a specific directory location. To install the license file through the console 1 When you receive the message from Symantec that contains the license file, save the file that is attached to the message to the computer from which you will access the Symantec Scan Engine console.

102 102 Configuring Symantec Scan Engine About keeping your product and protection up-to-date 2 Access the Symantec Scan Engine console. See Accessing the Symantec Scan Engine console on page In the console on the primary navigation bar, click System. If no license has been installed, when you open the console, the System tab is selected by default. 4 In the sidebar under Views, click License. 5 Under Tasks, click Install License. 6 In the Install License window, click Browse. 7 In the Load File window, browse to the folder location where you saved the license file, select it, and then click Open. 8 In the Install License window, click Install. A status message indicates that the license was successfully installed. To install the license file without using the console When you receive the message from Symantec that contains the license file, do one of the following: In Windows, save the license file in the following location: C:\Program Files\Common Files\Symantec Shared\Licenses In Solaris or Linux, save the license file in the following location: /opt/symantec/licenses About keeping your product and protection up-todate About product updates You can update the Symantec Scan Engine product software and content. The product updates ensure that you have the most current updates to the Symantec Scan Engine product. The content updates ensure that your network is up-todate with the most current antivirus and DDR/URL definitions. You can update Symantec Scan Engine with the latest definitions without any interruption in scanning. You can use LiveUpdate to determine if any product updates are available. If a product update is available, you can use LiveUpdate to download the product update installer file. This file lets you install the product update at your convenience.

103 Configuring Symantec Scan Engine About LiveUpdate 103 About definition updates About LiveUpdate Definition files contain the necessary information to detect and eliminate risks, such as viruses and adware. Symantec supplies updated definition files at least every week and whenever a new risk is discovered. You can update risk definitions using LiveUpdate or Intelligent Updater. When you install or upgrade Symantec Scan Engine, LiveUpdate is enabled by default to run every two hours. You can modify this schedule, or you can run LiveUpdate manually. See Configuring LiveUpdate to occur automatically on page 103. See Performing LiveUpdate on demand on page 104. When Symantec Scan Engine performs a content LiveUpdate, the definitions that are downloaded are automatically selected as the active definitions. However, you can revert to the previous version of the antivirus definitions. The definition set that you choose remains active until the next LiveUpdate runs. The definition set that is downloaded by LiveUpdate then becomes the active definition set. For more information, see the Symantec Scan Engine Implementation Guide. Symantec Scan Engine uses Symantec Java LiveUpdate technology. To run LiveUpdate, you must have the Java 2SE Runtime Environment (JRE) 5.0 Update 6 or later (within the version 5 platform) installed. Configuring LiveUpdate to occur automatically You can schedule LiveUpdate to occur automatically at a specified time interval to ensure that Symantec Scan Engine always has the most current definitions. When you install a valid AV Content license, Symantec Scan Engine automatically attempts to perform a LiveUpdate. To continue receiving automatic updates, you must schedule LiveUpdate. When LiveUpdate is scheduled, LiveUpdate runs at the specified time interval that is relative to the LiveUpdate base time. The default LiveUpdate base time is the time that Symantec Scan Engine was installed. If you change the scheduled LiveUpdate interval, the interval adjusts based on the LiveUpdate base time. To configure LiveUpdate to occur automatically 1 In the console on the primary navigation bar, click System. 2 In the sidebar under Views, click LiveUpdate Content.

104 104 Configuring Symantec Scan Engine About enabling security risk detection 3 In the content area under LiveUpdate Content, check Enable scheduled LiveUpdate. The default setting is enabled. 4 In the LiveUpdate interval drop-down list, select the interval. You can choose from 2, 4, 8, 10, 12, or 24-hour intervals. The default setting is 2 hours. 5 On the toolbar, select one of the following: Save Apply Saves your changes. This option lets you continue making changes in the console until you are ready to apply them. Applies your changes. Your changes are not implemented until you apply them. Performing LiveUpdate on demand You can run LiveUpdate on demand to force an immediate update of definitions. If you have scheduled LiveUpdate, the next scheduled LiveUpdate attempt occurs at its scheduled time. To perform LiveUpdate on demand 1 In the console on the primary navigation bar, click System. 2 In the sidebar under Views, click LiveUpdate Content. 3 Under Tasks, click LiveUpdate Content. About enabling security risk detection Symantec Scan Engine can detect security risks. Security risks are programs that do any of the following: Provide unauthorized access to computer systems Compromise data integrity, privacy, confidentiality, or security Present some type of disruption or nuisance These programs can put your employees and your organization at risk for identity theft or fraud if they: log keystrokes; capture and instant messaging traffic; and harvest personal information, such as passwords and login identifications. Security risks can be introduced into your system unknowingly when users: visit a Web site; download shareware or freeware software programs; click links or

105 Configuring Symantec Scan Engine About enabling security risk detection 105 attachments in messages; or through instant messaging clients. Security risks can also be installed after or as a by-product when a user agrees to an end user license agreement from another software program. Table 5-2 lists the categories of security risks that Symantec Scan Engine detects. Table 5-2 Category Spyware Adware Security risk categories Description Stand-alone programs that can secretly monitor system activity and detect passwords and other confidential information and then relay the information back to a remote computer. Stand-alone or appended programs that gather personal information through the Internet and relay it back to a remote computer without the user s knowledge. Adware might monitor browsing habits for advertising purposes. It can also deliver advertising content. Other risks Other risks include the following: Hacking tools Programs that are used to gain unauthorized access to a user s computer. For example, a keystroke logger tracks and records individual keystrokes and sends this information to a remote computer. The remote user can perform port scans or vulnerability scans. Hack tools might also be used to create viruses. Dialers Programs that use a computer, without the user s permission or knowledge, to dial out through the Internet to a 900 number or FTP site, typically to accrue charges. Joke programs Programs that alter or interrupt the operation of a computer in a way that is intended to be humorous or bothersome. For example, a joke program might move the Recycling Bin away from the mouse when the user attempts to click on it. Remote access programs Programs that allow a remote user to gain access to a computer over the Internet to gain information, attack, or alter the host computer. Trackware Stand-alone or appended applications that trace a user s path on the Internet and relay the information to a remote computer.

106 106 Configuring Symantec Scan Engine About enabling security risk detection If a security risk is detected, Symantec Scan Engine applies the Infected files detection rule that you configured on the Symantec Protection for SharePoint console; however, security risks cannot be repaired. See Specifying file handling rules on page 80. To enable security risk detection 1 In the console on the primary navigation bar, click Policies. 2 In the sidebar under Views, click Scanning. 3 In the content area under Security Risk Scanning, check the security risks that you want Symantec Scan Engine to detect. 4 On the toolbar, select one of the following: Save Apply Saves your changes. This option lets you continue making changes in the console until you are ready to apply them. Applies your changes. Your changes are not implemented until you apply them. 5 On a Windows server, go to the configuration.xml file in the default location of C:\Program Files\Symantec\Scan Engine\. In Solaris and Linux, the default location for the XML file is /opt/ SYMCScan/bin/. 6 Set the EnableNonViralThreatCategoryResp parameter in the configuration.xml file to true. 7 Stop and start the Symantec Scan Engine for changes to be implemented. For more information, see the Symantec Scan Engine Implementation Guide.

107 Chapter 6 Monitoring Symantec Protection for SharePoint Servers activity This chapter includes the following topics: Ways to monitor Symantec Protection for SharePoint Servers activity About the status pane About SMTP logging About monitoring scanning activity

108 108 Monitoring Symantec Protection for SharePoint Servers activity Ways to monitor Symantec Protection for SharePoint Servers activity Ways to monitor Symantec Protection for SharePoint Servers activity You can obtain information about Symantec Protection for SharePoint Servers activity in the following ways: Examine the Symantec Protection for SharePoint console home page You can obtain the current status of registered Symantec Scan Engines, the current number of available scanning threads, and the status of the threads. See About the status pane on page 109. Activate SMTP logging You can activate Simple Mail Transfer Protocol (SMTP) logging capabilities so that notification messages are sent to specified recipients for chosen events. See About SMTP logging on page 110. Examine the Symantec Scan Engine response data View the logs You can view the scan statistics for each registered Symantec Scan Engine. See To view the list of registered Symantec Scan Engines on page 89. You can view log entries for selected types of events. See About monitoring scanning activity on page 126. Generate reports and schedule reports by mail Examine the scan statistics Examine the Symantec Scan Engine logs and reports You can manually generate log reports for scan engines, scan processes, or the system for any date range. You can also schedule the generation of these reports by to specified recipients. See Generating an on-demand report on page 129. See Scheduling a report on page 130. You can see the scan statistics after every manual scan or scheduled scan. See Reviewing scan statistics on page 82. Symantec Scan Engine has its own monitoring tools as well. You can activate logging and alerting options in the Symantec Scan Engine to supplement those that are available through the Symantec Protection for SharePoint console. See the Symantec Scan Engine Implementation Guide for more information. A number of options are available for managing the logs and statistics. You can

109 Monitoring Symantec Protection for SharePoint Servers activity About the status pane 109 specify the log level for each logging source, specify how long log entries are maintained on the system, and specify the logging destination path. See About monitoring scanning activity on page 126. Note: The monitoring and logging options that you configure in the Symantec Protection for SharePoint console are separate from the options that are available through the Symantec Scan Engine console. Activate logging and monitoring options for Symantec Protection for SharePoint Servers and Symantec Scan Engine based on your organization needs. For more information, see the Symantec Scan Engine Implementation Guide. About the status pane The status pane at the bottom of the home page lets you monitor up-to-date metrics on the registered Symantec Scan Engines. You can also examine the number of scanning threads in use at any time. The status pane updates itself automatically every 10 seconds when you visit the Symantec Protection for SharePoint console home page. Figure 6-1 Status pane

110 110 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging Table 6-1 describes the information that is displayed in the status pane. Table 6-1 Information Symantec Scan Engines Status Status pane information Description Displays the current status of all registered Symantec Scan Engines. The scan overview includes the following information: Total number of registered Symantec Scan Engines (online, offline and disabled) Total number of disabled Symantec Scan Engines You can manually disable a registered Symantec Scan Engine. The Symantec Scan Engine is dropped out of rotation but you can enable it at any point of time. See To edit a Symantec Scan Engine registration on page 89. Total number of active online Symantec Scan Engines Total number of offline Symantec Scan Engines Connections Gives a graphic overview of the maximum and currently used scanning threads for all active online Symantec Scan Engines. The vertical bar displays the following information: Maximum number of threads available for scanning The number that appears at the end of the vertical bar specifies the total number of available threads for all active online scan engines. Number of threads currently available for scanning The green portion of the vertical bar displays the number of threads currently available out of the total number of scanning threads. Number of threads currently being used for scanning The red section of the vertical bar displays how many available threads are currently being used for an ongoing scan. Note: If you are running more than one Symantec Scan Engine, these values are the cumulative total. About SMTP logging Symantec Protection for SharePoint Servers provides Simple Mail Transfer Protocol (SMTP) logging capabilities. When SMTP logging is configured, an notification is sent to a specified recipient for chosen events. You can

111 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging 111 select the logging level for events related to system, scan process, and Symantec Scan Engine. See About monitoring scanning activity on page 126. You can also select the notification level so that Symantec Protection for SharePoint Servers sends an notification only for the events whose level you specify. You can provide separate destination information for each type of message. Default message text is included, but you can customize individual messages. See Customizing SMTP messages on page 117. Note: The SMTP logging that you configure for the Symantec Protection for SharePoint Servers is separate from the SMTP logging that is available through the Symantec Scan Engine console. You can activate either or both of these features to meet the needs of your organization. For more information, see the Symantec Scan Engine Implementation Guide. Symantec Protection for SharePoint Servers logs events from the following event sources: Scan Process Symantec Scan Engines System You can set the logging level to None, Error, Warning, Information, or Verbose for each event source.

112 112 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging Table 6-2 lists the types of events for which notification messages are generated. Table 6-2 Types of events for SMTP logging Event source Logging level Description Scan Process Verbose Logs verbose information related to virus scanning (for example, a scan has started or ended). This level also includes all of the events that are logged at the Information, Warning, and Error levels. Information Warning Error None Logs information that is related to virus scanning (for example, a file was scanned and no virus was found, scan statistics information). This level also includes all of the events that are logged at the Warning and Error levels. Logs warnings that are related to virus scanning (for example, a virus was found and the file was repaired or was unable to be repaired, unscannable content, encrypted content, and files containing security risks). This level also includes all of the events that are logged at the Error level. Logs errors that are related to virus scanning (for example, an error occurred while a file was being scanned). Does not log any event.

113 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging 113 Table 6-2 Types of events for SMTP logging Event source Logging level Description Symantec Scan Engine Verbose Logs verbose information that is related to the Symantec Scan Engine (for example, the scan engine check starts, and the scan engine check ends). This level also includes all of the events that are logged at the Information, Warning, and Error levels. Information Warning Error None Logs information that is related to the Symantec Scan Engine (for example, the scan engine check is successful). This level also includes all of the events that are logged at the Warning and Error levels. Logs warnings that are related to the Symantec Scan Engine (for example, the scan engine is offline, the virus definitions are too old, or the scan engine check failed). This level also includes all of the events that are logged at the Error level. Logs errors that are related to the Symantec Scan Engine (for example, a scan engine handling error). No events are logged.

114 114 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging Table 6-2 Types of events for SMTP logging Event source Logging level Description System Verbose Any settings change made on the Symantec Protection for SharePoint console is logged when you click Enter on the page. Information Warning Error None Information that is related to system functionality (for example, Symantec Protection for SharePoint Servers has started or stopped) and any settings change made on the Symantec Protection for SharePoint console are logged. This level also includes all of the events that are logged at the Error level. There are no warning events for the system event source. Any settings change made on the Symantec Protection for SharePoint console is logged when you click Enter on the page. Errors that are related to system functionality (for example, an internal runtime error occurred, or an error while checking the IP or host name of the Symantec Scan Engine) and any settings change made on the Symantec Protection for SharePoint console arelogged. Any settings change made on the Symantec Protection for SharePoint console is logged when you click Enter on the page. Configuring SMTP logging To configure SMTP logging, you must do the following tasks, in this order: Enable the notification system. Identify an SMTP server and port number for forwarding the log messages. Provide the default origin and destination information for the SMTP messages. Select the event categories for which SMTP messages should be generated. You can choose separate sender and recipient addresses for each event category.

115 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging 115 You can also customize the message for each type of event. See Customizing SMTP messages on page 117. To enable or disable the notification system 1 On the Symantec Protection for SharePoint console, under Logging and Notifications, click notification settings. 2 Under Global Settings, check Enable notification system. If this option is not enabled, no notifications are sent for logged events. To identify an SMTP server and port number 1 On the Symantec Protection for SharePoint console, under Logging and Notifications, click notification settings. 2 Under Global Settings, in the SMTP Server Host or IP Address box, type the IP address or the host name of the SMTP server that will forward the SMTP messages. In the SMTP Server Port box, type the port number on which the SMTP server listens. It can be any number between 1 and The default setting is If the server requires authentication, do all of the following: User Name Password Type the user name. Type the password. To provide the default origin and destination information for SMTP messages 1 On the Symantec Protection for SharePoint console, under Logging and Notifications, click notification settings. 2 Under Global Settings, in the From Address box, type the default originating address. Format the address according to your company policies. For example: <username>@<domainname> where <username> is the sender s user name, and <domainname> is the appropriate domain name. 3 In the Server Display Name box, type the server name that you want to appear in the SMTP messages that are generated by the Symantec Protection for SharePoint Servers. The name should be one that is easily identified by the recipient as relating to Symantec Protection for SharePoint Servers.

116 116 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging If you do not specify an Server Display Name, the From Address appears in the From field for SMTP messages by default. 4 In the To Address box, type the address of the default recipient to whom the notifications are sent. Type multiple recipient addresses on separate lines. You can specify a maximum of 20 recipient addresses. 5 Click Save. To select the events for which SMTP messages should be generated 1 On the Symantec Protection for SharePoint console, under Logging and Notifications, click notification settings. 2 Enable the notification system. See To enable or disable the notification system on page 115. This option enables SMTP logging for all event categories by default. 3 Under Virus Found Notification Settings, check Enable Notification. Uncheck the option to disable this feature. This option is enabled by default. 4 Do one of the following: To use the default Check Use default sender and recipient. sender and recipient address To specify a different sender and recipient Do all of the following: Uncheck Use default sender and recipient. In the From Address box, type the address that you want to appear in the From field in the message. In the Address Display Name box, type the address display name. In the To Address box, type the recipient address. You can specify a maximum of 20 recipients. Separate multiple entries with a line space. 5 Click Edit Template to customize the SMTP message. See Customizing SMTP messages on page Click Save. 7 Repeat steps 3 through 6 for the following event categories: Symantec Scan Engine Notification Settings

117 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging 117 Manual/Scheduled Scan Notification Settings Information Notification Settings Scanning Process Notification Settings Error Notification Settings. 8 Under Level of Notification, click the drop-down menu and select the notification level for this notification. This option applies to all of the notification settings except Virus Found Notification Settings. Symantec Protection for SharePoint Servers sends notifications of the selected type for each event category. 9 Click Save. Customizing SMTP messages When you configure SMTP logging, notifications are sent for the event categories that you enabled. Default message text is included for each type of event, but you can customize individual messages. You can use keywords to customize the messages. Each event category has the following default SMTP templates and trigger events: Table 6-3 Event categories and their default SMTP templates and events Event category Virus found notification Default SMTP template Virus Found Mail Event that triggers a notification A virus is found during a real-time scan, manual scan, or scheduled scan (Warning). Symantec Scan Engine notification Scan Engine Notify Mail The virus definition is older than the registered virus definitions with Symantec Protection for SharePoint Servers. (Warning) Symantec Scan Engine has gone offline (Warning) The check of Symantec Scan Engine is OK. (Information) Symantec Scan Engine is online. (Information) Start checking Symantec Scan Engine (Verbose) The check of Symantec Scan Engine is complete.(verbose)

118 118 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging Table 6-3 Event categories and their default SMTP templates and events Event category Manual/Scheduled Scan notification Default SMTP template Manual/Schedule Scan Summary Mail Event that triggers a notification At the end of a manual scan or scheduled scan, a mail that contains the scan summary is sent. (Information) Information notification System Notify Mail Start and stop of Symantec Protection for SharePoint Servers (Information) Start of SharePoint 2003/2007 Administration system (Information) Symantec Protection for SharePoint console as a SharePoint sub-system is being loaded.(information) Information notification Schedule Report Send Mail If you configure a scheduled generation and distribution of reports by mail, Symantec Protection for SharePoint Servers sends the report by mail. Scanning Process notification Scan Process Notify Mail An error has occurred during a scan process. (Error) A scan process is aborted. (Warning) Unscannable content is found. (Warning) Encrypted content is found. (Warning) Files containing security risk is found. (Warning) A scan process has started. (Verbose) A scan process has ended. (Verbose) Error notification Error Notify Mail An undefined error was found (Error)

119 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging 119 About keywords Each default SMTP template has default text in the message body. You can customize the template by adding or deleting keywords. Table 6-4 lists the keywords that are available in the Virus Found Mail template. Table 6-4 Keywords Keywords to customize the Virus Found Mail template Description Date (%DataTimeStamp%) Description (%Description%) File size (%FileSize%) Infection count (%InfectCount%) Mail Server (%SendServer%) Mail Server Port (%SendServerPort%) Mail address Recipient (%SendTo%) Mail address Sender (%SendFrom%) Request Mode (%RequestMode%) Scan mode (%Mode%) Scan result (%Result%) Scan time (%ScanTime%) Source of notify (%Source%) Type of notify (%Notifytype%) URL/File Name (%URL%) Displays the date and time that the event occurred. Describes the status of the file after a scan. Displays the size of the file. Gives the number of infections within the file. In container files, there can be more than one infected file. Displays the host name or IP address of the mail server. Displays the port number of the mail server. Displays the recipient address that is entered in the To Address address box for the selected event. Displays the originating address that is entered in the From Address address box for the selected event Describes the type of request that is sent to Symantec Scan Engine. For any file, the first request type is a scan. Based on the results, a second clean request is sent. Displays whether the scan is a real-time scan, manual scan, or a scheduled scan. Describes the action taken on the file (for example, infected but cleaned, deleted). Displays the amount of time that Symantec Scan Engine took to scan the file. Displays the server (host name or IP address) that is the subject of the event. Displays the type of event (information, warning, or error). Displays the path name of the file.

120 120 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging Table 6-4 Keywords Virus information (%VirusString%) Keywords to customize the Virus Found Mail template Description Displays details about the selected event (for example, virus details, action taken). Table 6-5 lists the keywords that are available in the Scan Engine Notify Mail. Table 6-5 Keywords Keywords to customize the Scan Engine Notify Mail template Description Date (%DataTimeStamp%) Mail Server (%SendServer%) Mail Server Port (%SendServerPort%) Mail address Recipient (%SendTo%) Mail address Sender (%SendFrom%) Scan engine host (%Host%) Scan engine information (%EngineInfo%) Scan engine port (%Port%) Scan engine State (%State%) Scan result (%Result%) Source of notify (%Source%) Type of command (%Commandtype%) Type of notify (%Notifytype%) Displays the date and time that the event occurred. Displays the host name or IP address of the mail server. Displays the port number of the mail server. Displays the recipient address that is entered in the To Address address box for the selected event. Displays the originating address that is entered in the From Address address box for the selected event. Displays the host name or IP address of the Symantec Scan Engine. Displays the Symantec Scan Engine statistics including its software version, virus definition date, and revision number. Displays the port number of the Symantec Scan Engine. Displays the current state of the Symantec Scan Engine (online, offline, or disabled). Gives the result of the event. An example is Symantec Scan Engine check was successful. Displays the server (host name or IP address) that is the subject of the event. Displays the type of command. An example is Checking when it is checking the status of the Symantec Scan Engine. Displays the type of event (information, warning, or error).

121 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging 121 Table 6-6 lists the keywords that are available in Manual/Schedule Scan Mail. Table 6-6 Keywords Keywords to customize the Manual/Schedule Scan Notify Mail template Description Clean Files (%CleanFilesCount%) Date (%DataTimeStamp%) Deleted Files (%DeletedFilesCount%) Encrypt Files (%EncryptFilesCount%) End Time Manual Scan (%EndTime%) Errors Files (%ErrorsFilesCount%) Exclude by extension (%ExcludeExtFilesCount% ) Exclude by folder (%ExcludeFolderCount%) Files found (%CollectedFilesCount%) Infected Files (%InfectedFilesCount%) Item Text (%ItemText%) Mail Server (%SendServer%) Mail Server Port (%SendServerPort%) Mail address Recipient (%SendTo%) Mail address Sender (%SendFrom%) Processed Files (%ProcessedFilesCount%) Displays the number of clean files after the manual or scheduled scan. Displays the date and time that the event occurred. Displays the number of files that were deleted after the manual or scheduled scan. Displays the number of encrypted files found during the manual or scheduled scan. Displays the time at which the scan was completed. Displays the number of files with errors found during the manual or scheduled scan. Shows how many files were excluded from the scan because their file extension was in the file extension exclusion list. Displays how many paths or directories were excluded from the scan. Displays the number of files that were found in the SharePoint document libraries. Displays the number of infected files found during the manual or scheduled scan. Gives the result of the event. Displays the host name or IP address of the mail server. Displays the port number of the mail server. Displays the recipient address that is entered in the To Address address box for the selected event. Displays the originating address that is entered in the From Address address box for the selected event Displays the number of files that were processed from the collected files.

122 122 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging Table 6-6 Keywords Keywords to customize the Manual/Schedule Scan Notify Mail template Description Quarantined Files (%QuarantinedFilesCount %) Displays the number of files that were quarantined as a result of a manual scan or scheduled scan. Repairable Files (%RepairableFilesCount%) Displays the number of repairable files found during the manual scan or scheduled scan. Repaired Files (%RepairedFilesCount%) Security Risk Files (%SecurityFilesCount%) Source of notify (%Source%) Start Time Manual Scan (%StartTime%) Type of Scan Schedule/ Manual (%ScanRuntype%) Unscannable Files (%UnscannableFilesCount %) Displays the number of files that were repaired during the manual scan or scheduled scan. Displays the number of files containing security risks found during the manual scan or scheduled scan. Displays the server (host name or IP address) that is the subject of the event. Shows the start time of the manual scan. Displays the scan type (manual scan or scheduled scan). Displays the number of unscannable files found during the manual or scheduled scan. Table 6-7 lists the keywords that are available in the System Notify Mail template. Table 6-7 Keywords Keywords to customize the System Notify Mail template Description Date (%DataTimeStamp%) Item ID (%ItemID%) Item Text (%ItemText%) Item Type (%ItemType%) Mail Server (%SendServer%) Mail Server Port (%SendServerPort%) Displays the date and time that the event occurred. Unique ID given to the event. Displays a description of the event. An example is Symantec Protection for SharePoint Servers is started. Displays the type of event (information, warning, or error). Displays the host name or IP address of the mail server. Displays the port number of the mail server.

123 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging 123 Table 6-7 Keywords Keywords to customize the System Notify Mail template Description Mail address Recipient (%SendTo%) Mail address Sender (%SendFrom%) Source of notify (%Source%) Displays the recipient address that is entered in the To Address address box for the selected event. Displays the originating address that is entered in the From Address address box for the selected event. Displays the server (host name or IP address) that is the subject of the event. Table 6-8 lists the keywords that are available in the Schedule Report send mail template. Table 6-8 Keywords Keywords to customize the Schedule Report send mail template Description Date (%DataTimeStamp%) End Time Manual Scan (%EndTime%) Job Name (%JobName%) Mail Server (%SendServer%) Mail Server Port (%SendServerPort%) Mail address Recipient (%SendTo%) Mail address Sender (%SendFrom%) Report Status (%ReportStatus%) Report name (%Reportname%) Source of notify (%Source%) Start Time Manual Scan (%StartTime%) Displays the date and time that the event occurred. Displays the end date for the report data range. Displays the report name. Displays the host name or IP address of the mail server. Displays the port number of the mail server. Displays the recipient address that is entered in the To Address address box for the selected event. Displays the originating address that is entered in the From Address address box for the selected event. Displays whether the report has been generated or not. If there is no data in the specified date range, then the appropriate message appears here. Displays the selected report source and report definition for the report. For example, Scan Engines-All Log Items. Displays the server (host name or IP address) that is the subject of the event. Displays the start date for the report data range.

124 124 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging Table 6-9 lists the keywords that are available in the Scan Process Mail template. Table 6-9 Keywords Keywords for customizing the Scan Process Mail template Description Date (%DataTimeStamp%) Description (%Description%) File size (%FileSize%) Mail Server (%SendServer%) Mail Server Port (%SendServerPort%) Mail address Recipient (%SendTo%) Mail address Sender (%SendFrom%) Request Mode (%RequestMode%) Scan mode (%Mode%) Scan result (%Result%) Scan time (%ScanTime%) Source of notify (%Source%) Type of notify (%Notifytype%) URL/File Name (%URL%) Displays the date and time that the event occurred. Describes the status of the file after a scan. Displays the size of the file. Displays the host name or IP address of the mail server. Displays the port number of the mail server. Displays the recipient address that is entered in the To Address address box for the selected event. Displays the originating address that is entered in the From Address address box for the selected event. Describes the type of request that is sent to the Symantec Scan Engine. For any file, the first request type is a scan. Based on the results, a second clean request is sent. Displays whether the scan is a real-time scan, manual scan, or a scheduled scan. Describes the action taken on the file (for example, infected but cleaned, deleted). Displays the amount of time that Symantec Scan Engine took to scan the file. Displays the server (host name or IP address) that is the subject of the event. Displays the type of event (information, warning, or error). Displays the path name of the file.

125 Monitoring Symantec Protection for SharePoint Servers activity About SMTP logging 125 Table 6-10 lists the keywords that are available in the Error Notify Mail template. Table 6-10 Keywords Keywords for customizing the Error Notify Mail template Description Date (%DataTimeStamp%) Error ID (%ErrorID%) Error Module (%ErrorModule%) Error Source (%ErrorSource%) Error Stack (%ErrorStack%) Error Text (%ErrorText%) Mail Server (%SendServer%) Mail Server Port (%SendServerPort%) Mail address Recipient (%SendTo%) Mail address Sender (%SendFrom%) Source of notify (%Source%) Scan time (%ScanTime%) Source of notify (%Source%) Displays the date and time that the event occurred. Displays the error code number. Displays the exact program module where the error has occurred. This information is meant for debugging purposes. You can view this information in the Windows Event Viewer as well. Displays the source of the error. This information is meant for debugging purposes. You can view this information in the Windows Event Viewer as well. Displays the error stack information. This information is meant for debugging purposes. You can view this information in the Windows Event Viewer as well. Displays the error message. Displays the host name or IP address of the mail server. Displays the port number of the mail server. Displays the recipient address that is entered in the To Address address box for the selected event. Displays the originating address that is entered in the From Address address box for the selected event. Displays the server (host name or IP address) that is the subject of the event. Displays the amount of time that Symantec Scan Engine took to scan the file. Displays the server (host name or IP address) that is the subject of the event.

126 126 Monitoring Symantec Protection for SharePoint Servers activity About monitoring scanning activity To customize SMTP messages 1 On the Symantec Protection for SharePoint console, under Logging and Notifications, click notification settings. 2 Under any event category, click Edit Template. The Modify Template page appears. 3 In the Modify Template page, modify the subject text. 4 To add a variable, in the Value Keyword list, click the drop-down menu, select the keyword that you want to insert, and then click Add. The variable is appended to the end of the subject. Cut and paste the variable to the desired location in the subject. 5 In the message body text, modify the existing text. 6 To add a variable from the Value Keyword list to the message body, click the drop-down menu, select the keyword that you want to insert, and then click Add. The variable is appended to the bottom of the message. Cut and paste the variable to the desired location in the message body. You can add text to identify the variable in the message. 7 Click Save. Clicking Cancel discards changes and displays the notifications page. 8 Repeat steps 2 through 7 for each type of event category for which you want to customize the message. About monitoring scanning activity The Symantec Protection for SharePoint Servers log files contain all log entries for all types of events. You can configure the location of the log file folder. The monitoring tools that are available through the Symantec Protection for SharePoint console let you organize and view only the log entries that you want to see.

127 Monitoring Symantec Protection for SharePoint Servers activity About monitoring scanning activity 127 Table 6-11 describes how log entries are first organized by the types of event sources: Table 6-11 Event sources and logs Event source Scanning Process log Symantec Scan Engine log System log Description of logs Displays logs related to virus scanning Displays logs related to the registered Symantec Scan Engines Displays logs related to system functionality You can specify a logging level (None, Error, Warning, Information, and Verbose) for each event source and a maximum storage time for the logs. You can further limit the display to only certain types of entries, or you can choose to display all logs for the selected event. Symantec Protection for SharePoint Servers displays the event source log data in a detailed report format or as a pie-chart. You can also export and save the displayed log entries to a file. You can schedule the generation of reports to specified recipients. Configuring the log file folder location You can configure the location where Symantec Protection for SharePoint Servers logs the Scanning Process, Symantec Scan Engine, and System events. To configure the log file folder location 1 On the Symantec Protection for SharePoint console, under Logging and Notifications, click Log File settings. 2 Under Global Log File Settings, on the right pane, specify the path for the log file folder in the Log file location box. The default log file location is <Installdir>:\Program Files\Symantec\SharePoint\Logfiles. 3 Click Save. Setting the logging level for each event source Events related to each event source (Scanning Process, Symantec Scan Engine, and System) are logged to the log file folder. You can configure the logging level for each event source so that events of only the specified type are logged.

128 128 Monitoring Symantec Protection for SharePoint Servers activity About monitoring scanning activity Table 6-2 gives you a detailed description of the various events logged based on the selected logging level. To set the logging level for each event source 1 On the Symantec Protection for SharePoint console, under Logging and Notifications, click Log File settings. 2 Under Scanning Process Log File Settings, on the right pane, under Log file level, in the drop-down list, select the event logging level. By default, the logging level is Information for Scanning Process Log File Settings. 3 Click Save. 4 Repeat steps 2 through 3 for Symantec Scan Engine Log File Settings and System Log File Settings. By default, the logging level is Warning for Symantec Scan Engine Log File Settings and Information for System Log File Settings. Setting the maximum storage time for log files You can specify how long the log files are stored on the server. The default storage time is one month for each event source (Scanning Process, Symantec Scan Engine, and System). After the threshold is met, log files are over-written with new logs. If no new logs are created after the threshold is met, the old log files remain. To set the maximum storage time for the log files 1 On the Symantec Protection for SharePoint console, under Logging and Notifications, click Log File settings. 2 Under Scanning Process Log File Settings, on the right pane, under Maximum storage time, in the drop-down list, select the time frame threshold to store log files. The default setting is one month. 3 Click Save. 4 Repeat steps 2 through 3 for Symantec Scan Engine Log File Settings and System Log File Settings.

129 Monitoring Symantec Protection for SharePoint Servers activity About monitoring scanning activity 129 Generating an on-demand report You can manually generate and analyze reports for a specified date range. You must select a report source (Scan Engines, Scan Processes, and System) and define the log data you want displayed. Symantec Protection for SharePoint Servers generates only detailed reports of all logs for Scan Engines and System. With the Scan Processes report source, you can generate a report of any of the following: Pie-chart report of real-time statistics (Scan Statistic (Real-time)) Pie-chart report of manual scan and scheduled scan statistics (Scan Statistic (Manual + Schedule)) Pie-chart report of real-time scan, manual scan, and scheduled scan statistics (Scan Statistic (All)) Detailed report of all logs (All log) The color legend explains what each color in the pie-chart represents. Symantec Protection for SharePoint Servers displays a numerical statistical report beneath the pie-chart. To generate an on-demand report 1 On the Symantec Protection for SharePoint console, under Report, click Ondemand reports. 2 In the right pane, under Report Date Range, select the From and To date range for the report that you want to generate. 3 In the Report Source drop-down list, select a report source. 4 Select a Report Definition based on the data that you want to view. For Scan Engines, and System, Symantec Protection for SharePoint Servers generates detailed reports of All Logs data only. For Scan Processes, select Scan Statistic (Real-time), Scan Statistic (Manual + Schedule), Scan Statistic (All), or All Log. 5 Click Show Report. You can save the report in a.pdf,.xls,.rtf, or.txt format. 6 In the report display, in the Format drop-down list, select a format. 7 Click the icon with a floppy disk graphic to save the report. 8 Click the printer icon to print the report.

130 130 Monitoring Symantec Protection for SharePoint Servers activity About monitoring scanning activity Scheduling a report You can schedule regular generation of reports and have them automatically ed to you. This feature makes remote monitoring of your SharePoint document library possible. You must first configure notifications before you try to schedule a report by . See Configuring SMTP logging on page 114. To schedule reports, you must do the following tasks, in this order: Select a schedule. Choose from the default schedules or create a new schedule. Select a report data range. Symantec Protection for SharePoint Servers pulls up data from within this specified date range. Choose a report source (Scan Engines, Scan Processes, or System) and report definition. These options determine the content of your scheduled report. Select a report format. Activate report generation by mail. Specify the sender and recipient s address. Edit the default schedule report template. To select a schedule 1 On the Symantec Protection for SharePoint console, under Report, click Schedule reports. 2 On the right pane, click Create schedule report. 3 In the Name box, type the name that you want to identify this schedule report. 4 In the Schedule drop-down list, you can select one of the following default schedules: Daily (Every night at midnight) Monthly (Last day of the month at midnight) Weekly (Every Friday at midnight) 5 Click Edit to make changes to the default schedules. Note: If you edit any schedule, it will affect all reports that use the schedule. If you click Delete, the entire schedule will be deleted.

131 Monitoring Symantec Protection for SharePoint Servers activity About monitoring scanning activity Click New to create a new schedule. Specify the following information for a new schedule: New Schedule name Schedule Type Start Time (hh:mm) Type a scheduler name that will easily identify this schedule. Select one of the following schedule types: Hourly: In the Run the schedule every drop-down list, select the hourly interval. Daily: In the Repeat after this number of days box, type the daily interval. Weekly: Under On the following days, check the days of the week on which you want to generate the report. Day of Month: Under Months and On day of month, select the month and the day of the month that you want to generate the report. Select the option Last Day under On day of month to schedule the report on the last day of the selected months. Once: There are no extra options to select for this schedule type. Specify the time that Symantec Protection for SharePoint Servers starts generating the report. Start Date (mm/dd/yyy) Select the date that Symantec Protection for SharePoint Servers begins generating the report. End Date (mm/dd/yyy) Select the date after which Symantec Protection for SharePoint Servers should not generate reports. If you check Never ends, the report generation will not end. If you select Once as the schedule type, the end date is not applicable. Click Save to save the schedule you created. You can view this schedule in the Schedule drop-down list along with other default schedules. Note: If you click Delete, the entire schedule will be deleted.

132 132 Monitoring Symantec Protection for SharePoint Servers activity About monitoring scanning activity To select a report data range, report source, and report format 1 Once you have selected a schedule, under Report data range, select a report data range from the drop-down list. Symantec Protection for SharePoint Servers collects data from within the specified data range and generates a report. 2 Under Report Source, in the drop-down list, select one of the following: Scan Engines Scan Processes System 3 Under Report Definition, select an entry based on the data you want in the report. For Scan Engines, and System, Symantec Protection for SharePoint Servers generates detailed reports of All Logs data only. For Scan Processes, select from Scan Statistic (Real-time), Scan Statistic (Manual + Schedule), Scan Statistic (All), and All Log. 4 Under Report format, click the drop-down list and select one of the following report types: Adobe (pdf) Excel (xls) Word (rtf) Text (txt) To activate report generation by 1 Check Activate this report generation to have the report generated and distributed by . If this option is not enabled, generated reports are not distributed by . 2 Check Use default sender and recipient if you want to use the default sender and recipient addresses as was specified in Global Settings under notification settings. 3 Uncheck Use default sender and recipient if you want to specify different sender and recipient addresses. 4 In the From Address box, type the default originating address. Format the address according to your company policies. For example: <username>@<domainname> where <username> is the sender s user name, and <domainname> is the appropriate domain name.

133 Monitoring Symantec Protection for SharePoint Servers activity About monitoring scanning activity In the Address Display Name box, type the server name that you want to appear in the SMTP messages that are generated by the Symantec Protection for SharePoint Servers. The name should be one that is easily identified by the recipient as relating to Symantec Protection for SharePoint Servers. 6 In the To Address box, type the address of the default recipient to whom the notifications are sent. Type multiple recipient addresses on separate lines. You can specify a maximum of 20 recipient addresses. 7 Click Save. If you click Delete, the entire schedule report is deleted. To edit the default scheduled report mail template 1 On the Symantec Protection for SharePoint console, under Logging and Notifications, click notification settings. 2 Under Information Notification Settings, click Edit Template to customize the SMTP message. The Modify Template page appears. 3 Under Template, click the drop-down menu and select Schedule Report Send Mail. 4 In the Modify Template page, modify the subject text. 5 To add a variable, in the Value Keyword list, click the drop-down menu, select the keyword that you want to insert, and then click Add. The variable is appended to the end of the subject. Cut and paste the variable to the desired location in the subject. Table 6-8 gives the list of keywords that you can add to the default schedule report send mail. 6 In the message body text, modify the existing text. 7 Click Save. Clicking Cancel discards changes and displays the notifications page.

134 134 Monitoring Symantec Protection for SharePoint Servers activity About monitoring scanning activity

135 Chapter 7 Troubleshooting Symantec Protection for SharePoint Servers This chapter includes the following topics: About troubleshooting common issues About troubleshooting common issues You can troubleshoot the following list of common issues seen in Symantec Protection for SharePoint Servers: Symantec Protection for SharePoint Servers link is missing from the SharePoint Central Administration site Unable to access the Symantec Scan Engine console Symantec Scan Engine registration fails Slow server response or high server load No reports are generated Failure sending mail error message The connection to the Symantec SharePoint Security Service cannot be established. Code 8000 Virus Found: There is no Symantec Scan Engine available. The file was not saved. Code: 8002 Unable to remember the console password Error 1722 when installing Symantec Scan Engine

136 136 Troubleshooting Symantec Protection for SharePoint Servers About troubleshooting common issues Symantec Protection for SharePoint Servers link is missing from the SharePoint Central Administration site After the first installation of the product or after a Microsoft SharePoint upgrade, the link to Symantec Protection for SharePoint Servers might not appear. If this issue occurs, try the following steps: Determine if you have installed the Symantec Protection for SharePoint console on the correct server in a farm environment. See About deployment options on page 29. Access the console through the Internet Explorer and ensure that you have the correct server name and port number in the URL. See To access the console through Internet Explorer on page 65. Determine whether the Symantec Protection for SharePoint Servers service is installed and started. See To determine whether the Symantec Protection for SharePoint Servers service is installed and started on page 136. Reload Symantec Protection for SharePoint Servers. See To reload Symantec Protection for SharePoint Servers on page 136. Restart the SharePoint server. To determine whether the Symantec Protection for SharePoint Servers service is installed and started 1 Click the Start button, point to Programs, then Administrative Tools, and then point to Computer Management. 2 In the Computer Management window, in the left pane, expand Services and Applications, and then click Services. 3 In the right pane, scroll down to Symantec Protection for SharePoint Servers. The status of the Symantec Protection for SharePoint Servers service appears in the Status column. If the Symantec Protection for SharePoint Servers service is stopped, nothing appears in the Status column. Right-click on Symantec Protection for SharePoint Servers and select Start to restart the service. To reload Symantec Protection for SharePoint Servers 1 At the command prompt, change the current directory to the installation directory of the Symantec Protection for SharePoint console. The default installation directory is <installdir>:\program Files\Symantec\SharePoint.

137 Troubleshooting Symantec Protection for SharePoint Servers About troubleshooting common issues Based on whether you have tried a fresh installation or a Microsoft SharePoint upgrade with Symantec Protection for SharePoint Servers installed, do the following: Fresh installation If you do not see the Symantec Protection for SharePoint Servers link in a fresh installation, do the following: Type InstallSystem.exe uninstall and press Enter. This command uninstalls the Symantec Protection for SharePoint console. Wait for some time and type InstallSystem.exe install and press Enter. This command installs the Symantec Protection for SharePoint console once again. Microsoft SharePoint upgrade with Symantec Protection for SharePoint Servers already installed on the server Type InstallSystem.exe upgrade and press Enter. 3 Check to see whether the Symantec Protection for SharePoint Servers service is installed and started. See To determine whether the Symantec Protection for SharePoint Servers service is installed and started on page 136. Restart the Symantec Protection for SharePoint Servers service. 4 If the link is still not visible, restart the server. Unable to access the Symantec Scan Engine console To access the Symantec Scan Engine console, launch a Web browser on any computer on your network that can access the server that is running Symantec Scan Engine. See Accessing the Symantec Scan Engine console on page 95. Ensure that you type https instead of http. The default port number is However, ensure that you enter the same port number that you configured while installing Symantec Scan Engine. See Installing only Symantec Scan Engine using the installation wizard on page 50.

138 138 Troubleshooting Symantec Protection for SharePoint Servers About troubleshooting common issues Symantec Scan Engine registration fails If you receive an error message Cannot connect to host or IP address when you try to register a Symantec Scan Engine, do the following steps: Determine whether the Symantec Scan Engine service is started See To determine whether the Symantec Scan Engine service is started on page 138. Determine whether a valid license is installed See To determine whether a valid Symantec Scan Engine license is installed on page 138. To determine whether the Symantec Scan Engine service is started 1 Click the Start button, point to Programs, then Administrative Tools, and then point to Computer Management. 2 In the Computer Management window, in the left pane, expand Services and Applications, and then click Services. 3 In the right pane, scroll down to Symantec Scan Engine. The status of the Symantec Scan Engine service appears in the Status column. If the Symantec Scan Engine service status is stopped, nothing appears in the Status column. 4 Right-click on Symantec Scan Engine and select Start to restart the service. To determine whether a valid Symantec Scan Engine license is installed 1 Open the Symantec Scan Engine console. See Accessing the Symantec Scan Engine console on page On the primary navigation bar, click System. If no license has been installed, when you open the console, the System tab appears by default. See Installing the license file on page Once you install a valid license, access the Symantec Protection for SharePoint console and try to register the Symantec Scan Engine again. See Registering Symantec Scan Engine with Symantec Protection for SharePoint Servers on page 85. Slow server response or high server load Symantec Protection for SharePoint Servers allocates a specified number of threads for concurrent scans. Scan requests are processed concurrently during manual scans or scheduled scans which causes scans to complete faster.for example, if you specify five threads, then five documents are scanned

139 Troubleshooting Symantec Protection for SharePoint Servers About troubleshooting common issues 139 simultaneously. When the number of threads exceeds 25, you will notice a slow server response or a higher server load. To reduce the number of threads 1 From the Symantec Protection for SharePoint console home page, under Global Settings, click Manual and scheduled scan. 2 Under Optional Settings, reduce the number entered in the box Number of threads. 3 The recommended number of threads for an optimal performance is 4. 4 Click Save. No reports are generated Symantec Protection for SharePoint Servers does not generate reports (ondemand reports or scheduled reports) when there is no data in the log files for the specified report type and data range. The absence of data in the log files can be due to any of the following reasons: Failure sending mail error message No significant event has occurred for the report source, report definition, and data range that you specified Check the log files folder to verify if events are logged for the date range, and report source you specified. See About SMTP logging on page 110. The log file level is set at a higher logging level If the scanning process log file level is set at Warning but only events that come under Information or Verbose have occurred, then the log file will contain no data. Try lowering the log file level to Verbose and generate a report again. See Setting the logging level for each event source on page 127. The log files have been deleted after the maximum storage duration The maximum storage duration for log files is one month by default. The log files are over-written with new event logs after the maximum storage duration. You can increase the maximum storage duration limit also. See Setting the maximum storage time for log files on page 128. If an error message Error in System: Failure sending mail appears in the notification settings page, try the following steps: Verify the accuracy of the Global Settings details in the notification settings page.

140 140 Troubleshooting Symantec Protection for SharePoint Servers About troubleshooting common issues See Configuring SMTP logging on page 114. Read the System logs to determine the cause of the error. The default location is <installdir>:\program Files\Symantec\SharePoint\Logfiles\system. Read the entries in Symantec AntiVirus in the Event Viewer. The connection to the Symantec SharePoint Security Service cannot be established. Code 8000 If you see the error message The connection to the Symantec SharePoint Security Service cannot be established. Please check the status of the Symantec SharePoint Security Service or contact your administrator for more information, try the following steps: Determine if the Symantec Protection for SharePoint Servers service is started Determine if the service logon user account has the necessary permissions. Reset the Internet Information Services (IIS) Manager. To determine whether the Symantec Protection for SharePoint Servers service is started 1 Click the Start button, point to Programs, then Administrative Tools, and then point to Computer Management. 2 In the Computer Management window, in the left pane, expand Services and Applications, and then click Services. 3 In the right pane, scroll down to Symantec Protection for SharePoint Servers. The status of the Symantec Protection for SharePoint Servers service appears in the Status column. If the Symantec Protection for SharePoint Servers service status is stopped, nothing appears in the Status column. Right-click on Symantec Protection for SharePoint Servers and select Start to restart the service. To determine whether the service logon user account has the necessary permissions 1 Click the Start button, point to Programs, then Administrative Tools, and then point to Computer Management. 2 In the Computer Management window, in the left pane, expand Services and Applications, and then click Services.

141 Troubleshooting Symantec Protection for SharePoint Servers About troubleshooting common issues In the right pane, scroll down to Symantec Protection for SharePoint Servers. 4 Right-click on Symantec Protection for SharePoint Servers and select Properties. 5 Click the Log on tab. The current log on user account is selected under Log on as. If Local System account is selected, the user account will not have the necessary permissions to access the SQL database and Symantec Scan Engine installed on other servers. 6 Select This account and specify the username and password for the account used to log on to the Symantec Service. The user account must be a member of the Local Administrators Group on the computer on which the SharePoint server is installed. If the SQL server is on a separate computer, the user account must be a member of the Local Administrators Group on that computer as well. The username must be in the format domain\username or computer\username. 7 Type the password again in the Confirm password box. 8 Click Ok. To reset the Internet Information Services (IIS) Manager From the command prompt, run IISRESET. Access the Symantec Protection for SharePoint console again. Virus Found: There is no Symantec Scan Engine available. The file was not saved. Code: 8002 The error message <filename> contains the following virus: There is no Symantec Scan Engine available. The file was not saved. Please contact your administrator for more information. Code: 8002, appears when there is no online registered Symantec Scan Engine to scan files. Troubleshoot the error message: There is no Symantec Scan Engine available. The file was not saved. Code 8002 You must determine if atleast one Symantec Scan Engine is installed, registered, and online in order to troubleshoot this error. To troubleshoot the error message, do the following: Check if a Symantec Scan Engine is installed and running.

142 142 Troubleshooting Symantec Protection for SharePoint Servers About troubleshooting common issues If Symantec Scan Engine is installed, check if it is registered with Symantec Protection for SharePoint Servers. See To view the list of registered Symantec Scan Engines on page 89. See To register a new Symantec Scan Engine on page 87. Check if Symantec Scan Engine has gone offline if it is already registered. See To view the list of registered Symantec Scan Engines on page 89. Symantec Scan Engine goes offline if its virus definition is older than the registered virus definition with Symantec Protection for SharePoint Servers. Symantec Scan Engine also goes offline if Symantec Protection for SharePoint Servers fails to connect to Symantec Scan Engine in the specified time interval. See Checking for the latest virus definitions on page 90. Check if the registered Symantec Scan Engine has been disabled. You can manually enable or disable a Symantec Scan Engine during registration or when you edit the Symantec Scan Engine details. A Symantec Scan Engine must be enabled and online to be in rotation for scanning files. See To edit a Symantec Scan Engine registration on page 89. To check if Symantec Scan Engine is installed and running 1 Click the Start button, point to Settings, and then point to Control Panel. 2 In the Control Panel window, double-click Add or Remove Programs. 3 In the Add or Remove Programs window, scroll down to Symantec Scan Engine. If you can view Symantec Scan Engine in the Add or Remove Programs window, Symantec Scan Engine is installed completely on the server. 4 Now click the Start button, point to Programs, then Administrative Tools, and then point to Computer Management. 5 In the Computer Management window, in the left pane, expand Services and Applications, and then click Services. 6 In the right pane, scroll down to Symantec Scan Engine. The status of the Symantec Scan Engine service appears in the Status column. If the Symantec Scan Engine service status is stopped, nothing appears in the Status column. 7 Right-click on Symantec Scan Engine and select Start to restart the service. To check if Symantec Scan Engine is registered 1 Click the Start button, point to Settings, and then point to Control Panel.

143 Troubleshooting Symantec Protection for SharePoint Servers About troubleshooting common issues In the Control Panel window, double-click Add or Remove Programs. 3 In the Add or Remove Programs window, scroll down to Symantec Scan Engine. If you can view Symantec Scan Engine in the Add or Remove Programs window, Symantec Scan Engine is installed completely on the server. Unable to remember the console password If you forget the console password, you can reset the password by doing the following steps: Stop the Symantec Protection for SharePoint Servers service in Windows services. Delete all files with a.dat file extension in C:\Program Files\Common Files\Symantec Shared\SharePointEngine. Go to Windows services and start Symantec Protection for SharePoint Servers. Reset the Internet Information Services (IIS) Manager. From the command prompt, run IISRESET. You will not be prompted for a password now. Error 1722 when installing Symantec Scan Engine This error is observed when J2SE Runtime Environment (JRE) 5.0 Update 15 is not completely installed on the server or when the Java file is corrupted. To troubleshoot this error message, try the following steps: Uninstall the existing Java package from the server. Restart the server. Run the Symantec Protection for SharePoint Servers installation program again. Select the option Install only the Symantec Scan Engine 5.1 from the CD installation menu. This option automatically installs J2SE Runtime Environment (JRE) 5.0 Update 15.

144 144 Troubleshooting Symantec Protection for SharePoint Servers About troubleshooting common issues

145 Appendix A Error codes This chapter includes the following topics: About error codes and messages About error codes and messages Symantec Protection for SharePoint Servers has several error codes and messages that are logged into the Event log, displayed on the console, and sent by . Table A-1 describes the error codes, its type, the action taken by Symantec Protection for SharePoint Servers, and the message shown on the console. Table A-1 Error Code Possible errors, codes, and their description Action Message Comments/Solution None Displayed on SharePoint page Undefined error code {number}. Please ask your administrator for more information. Type: Error An undefined error has occurred in the communication between the SharePoint server and Symantec Protection for SharePoint Servers. None Displayed on SharePoint page. By scanning the file, an error was detected. Error: {number}. Please contact your administrator. Symantec Scan Engine has returned an error code. Check the log files of Symantec Scan Engine to determine the error. Type: Error

146 146 Error codes About error codes and messages Table A-1 Error Code Possible errors, codes, and their description Action Message Comments/Solution 1000 GUI message, mail and Event Log entry 2041 Mail and Event Log entry Cannot create any scanning session. The file is not saved in the library. Please ask your administrator. Type: Error Symantec Protection 5.1 for SharePoint Servers is stopping. Type: Information No session to Symantec Scan Engine is possible. A possible reason is that all Symantec Scan Engines are offline. See To view the list of registered Symantec Scan Engines on page 89. The Symantec Protection for SharePoint Servers service is stopping Mail and Event Log entry Symantec Protection 5.1 for SharePoint Servers has stopped. Type: Information The Symantec Protection for SharePoint Servers service has stopped Mail and Event Log entry 2044 Mail and Event Log entry 2045 Mail and Event Log entry 2046 Mail and Event Log entry 2047 Mail and Event Log entry Symantec Protection 5.1 for SharePoint Servers is starting. Type: Information Symantec Protection 5.1 for SharePoint Servers has started. Type: Information Start SharePoint 2007 Admin System Type: Information Install SharePoint 2007 Admin System Or Install SharePoint 2007 Admin System Finish Type: Information Start SharePoint 2003 Admin System Type: Information The Symantec Protection for SharePoint Servers service is starting. The Symantec Protection for SharePoint Servers service has started. The SharePoint Central Administration page for Microsoft Office SharePoint Server 2007 (MOSS 2007) has been launched. Start or finish the installation of Symantec Protection for SharePoint console (for MOSS 2007). The SharePoint Central Administration page for SharePoint Portal Server 2003 has been launched.

147 Error codes About error codes and messages 147 Table A-1 Error Code Possible errors, codes, and their description Action Message Comments/Solution 2048 Mail and Event Log entry 2049 Mail and Event Log entry 2055 Mail and Event Log entry 4066 Mail, Event Log entry and GUI message 4067 Mail, Event Log entry and GUI message Install SharePoint 2003 Admin System Type: Information Install SharePoint 2003 Admin System Finish Type: Information Loading SharePoint Sub system Type: Information Check for scan engine failed. Error: Error Text Type: Error Check for scan engine failed. Result: No Network Type: Error Check or scan engine failed. Web Error: Error text. Type: Error Check for scan engine failed. Please check User Security on Central Administration website. Type: Error Start the installation of Symantec Protection for SharePoint console (for SharePoint Portal Server 2003). Finish the installation of Symantec Protection for SharePoint console (for SharePoint Portal Server 2003). The correct version of the SharePoint runtime system (2003/2007) is being loaded. Undefined error while checking for Symantec Scan Engine. The connection between the SharePoint server and Symantec Protection for SharePoint Servers is broken. Check the services. Restart the services if they have stopped. The error is displayed in the Web page. Check the user permissions.

148 148 Error codes About error codes and messages Table A-1 Error Code Possible errors, codes, and their description Action Message Comments/Solution 4956 GUI message 5001 Mail, and Event Log entry 5003 Mail and Event Log entry 8000 Mail, Event Log entry and GUI message 8001 Mail, Event Log entry and GUI message Please check that the Symantec Protection 5.1 for SharePoint Servers service is started or contact your administrator. Type: Information Function check scan engine state, error text Type: Error Cannot update registry, please check service rights. Type: Error The connection to the Symantec SharePoint Security Service cannot be established. Please check the status of the Symantec SharePoint Security Service or contact your administrator for more information. Type: Error The file size is greater than the maximum file size {number}. The file cannot be saved. Please contact your administrator for more information. Type: Error The connection between the SharePoint server and Symantec Protection for SharePoint console cannot be established. Check the services. Restart the services if they have stopped. An undefined error has occurred while checking the Symantec Scan Engine status. There is no write access to the registry of Symantec Protection for SharePoint Servers. Check the user rights for the service logon account. No connection can be established to the Symantec Protection for SharePoint Servers service. See The connection to the Symantec SharePoint Security Service cannot be established. Code 8000 on page 140. The upload file size is greater than the maximum allowed file size. Change the maximum upload size by clicking Central Administration>Application Management>Web Application General Settings.

149 Error codes About error codes and messages 149 Table A-1 Error Code Possible errors, codes, and their description Action Message Comments/Solution 8002 Mail, Event Log entry and GUI message There is no Symantec Scan Engine available. The file was not saved. Please contact your administrator for more information. Type: Error You have not registered any Symantec Scan Engines. See Virus Found: There is no Symantec Scan Engine available. The file was not saved. Code: 8002 on page Mail, Event Log entry and GUI message All virus scanners are at maximum load. Please try again later. The file has not been saved. Please contact your administrator for more information. Type: Error All registered Symantec Scan Engines are at their maximum load. Symantec Scan Engine has 128 threads for scanning by default. Modify the maximum number of available threads through the Symantec Scan Engine console. For more information, see the Symantec Scan Engine Implementation Guide Mail, Event Log entry and GUI message 9999 Mail and Event Log entry Error by processing rendering report job. Error: Error text. Type: Error General Error. Error: Error text Type: Error An undefined error has occurred while generating reports. An undefined error has occurred.

150 150 Error codes About error codes and messages

151 Index A adware. See security risks Allow users to download infected documents 74 AntiVirus Settings 74 Attempt to clean infected documents 74 auto check interval 92 B byte-by-byte scanning 19 C Central Administration page determine port number 66 launch through Internet Explorer 66 configuration file, editing 145 configuration options, connector, registering scan engine 85 configuration options, console list 71 manual and scheduled scans 75 configuration options,console, real-time scanning 73 container file 26 content license 99 cyclic mode 31 D decomposer 27 default quarantine location 25 definitions, updating, using LiveUpdate 103 deleting unrepairable files 80 denial of service attacks 32 deployment options 29 downloading, files from SharePoint, description 22 E error codes and messages 145 Error notification 118 event source, logging level 127 exclude file extensions 76 exclude folders from scans 77 F feature links 69 file handling rules 80 file types to scan, scan engine 98 G global manual and scheduled scan options, configure 76 global settings 69 H home page, administration, obtaining status information 109 I ICAP configure options 97 default protocol 96 ICAP-specific settings bind address 96 configure 96 data trickle 97 port number 97 scan policy 97 Information notification 118 install only the Symantec Protection for SharePoint console 46 install only the Symantec Scan Engine install Symantec Protection 5.1 for SharePoint Servers (Full Install) 45 installation options about 45 install only the Symantec Protection for SharePoint console 46 install only the Symantec Scan Engine

152 152 Index installation options (continued) install Symantec Protection 5.1 for SharePoint Servers (Full Install) 45 installation wizard install only Symantec Scan Engine 50 Symantec Protection for SharePoint console 53 Symantec Protection for SharePoint Servers 47 installing Symantec Protection for SharePoint console 53 J J2SE Runtime Environment (JRE) 5.0 Update K keywords about 119 error notify mail template 125 manual/schedule scan notify mail template 121 scan engine notify mail template 120 scan process mail template 124 schedule report send mail template 123 system notify mail template 122 virus found mail template 119 L license content license 99 locating the serial number 100 product license 99 license activation 99 licensing installing 101 license file installing 101 obtaining 100 obtaining a license file 100 serial number 100 types of licenses 99 LiveUpdate about 103 automatic 103 licensing requirement 99 on demand 104 LiveUpdate (continued) updating definitions automatically 103 on demand 104 load balancing 89 lockout feature 73 log file folder location, configure 127 log files, default location 27 logging configure SMTP logging 28 event source 127 event sources 111 report sources 27 SMTP 27, 110 standard, about 126 logging and notifications 70 logging level 111 M manual scans about 23 deleting unrepairable files 80 perform 85 starting a scan 85 manual scans and scheduled scans, about 75 Manual/Scheduled Scan notification 118 maximum storage time 128 Microsoft Internet Information Server (IIS) 35 Microsoft Office SharePoint Server Microsoft Systems Management Server , 49 Microsoft Windows 2000 Server/ Server MIME-encoded messages 27 MOSS Multi-threaded scanning 19 N navigation links 68 number of scan threads 77 O on-demand report, generate 129 P password configuration, lockout 73 post-installation tasks 58 priority mode 31 product, license 99

153 Index 153 Product licenses 99 protection, updating, using LiveUpdate 103 Q quarantine, location 79 R real-time scanning configure 73 options 21 real-time scans about 21 configuring 73 Red Hat Linux 30 registering scan engine adding scan engines 87 deleting a scan engine 88 description 85 editing a scan engine entry 89 remote installation about 49 Microsoft Systems Management Server , 49 Systems Center Configuration Manager systems Center Configuration Manager report on-demand 129 schedule 130 Reports 70 S Scan documents on download 74 Scan documents on upload 74 scan statistics 82, 108 scanning activity, monitoring 126 scanning all file versions 78 scanning mode 89 scanning modes 31 Scanning Process notification 118 scans, licensing requirements 99 schedule report activate 132 how 28, 130 scheduled scans about 23 scheduled scans (continued) configuring 83 deleting unrepairable files 80 scheduled scans and manual scans about 23 preserve bandwidth and time 24 quarantine 25 scheduling scans 83 security risks categories of 105 configuration.xml 106 detecting 104 serial numbers, licensing 100 service logon account, change 67 SharePoint Central Administration 19 SharePoint Portal Server silent installation default configuration values 55 Symantec Protection for SharePoint console 55 Simple Mail Transfer Protocol (SMTP) 27 SMTP events 112 SMTP logging about 108, 110 configure 114 configuring 110 customizing messages 117 default origin and destination information 115 identifying SMTP server 115 providing origination and destination information 115 server and port number 115 types of events 114 SMTP messages customizing 117 default SMTP template 117 error notify mail 118 event category 117 manual/schedule scan summary mail 118 scan engine notify mail 117 scan process notify mail 118 schedule report send mail 118 system notify mail 118 virus found mail 117 SPS spyware. See security risks status pane about 70, 109 connections 110

154 154 Index status pane (continued) Symantec Scan Engines Status 110 Sun Solaris 30 Symantec AntiVirus 4.3 for Microsoft SharePoint 18, 56 Symantec AntiVirus Corporate Edition 36 Symantec Protection for SharePoint console about 20, 63 configure password 72 hardware requirements 39 how to access 64 installing 53 operating system requirements 39 options to configure 72 password configuration 72 password protection 19 platforms 30 silent installation 55 silent uninstall 60 silently uninstall and log uninstallation events 60 software requirements 39 system requirements 39 uninstalling 59 Symantec Protection for SharePoint console home page about 68 feature links 69 global settings 69 logging and notifications 70 navigation links 68 reports 70 status pane 70 Symantec Scan Engines 69 Symantec Protection for SharePoint Server, link missing 136 Symantec Protection for SharePoint Servers about 18 before you install 35 caching 22 components 20 configuring 71 deployment options 29, 31 download a file 22 error codes 145 handle large scanning volumes 31 how it works 20 installation options 45 installation wizard 47 Symantec Protection for SharePoint Servers (continued) installing 43 keep product up-to-date 102 log files 126 logging and notifications 27 Microsoft Search Server 2008 Express support 19 monitoring 21, 108 more information 32 on-demand reports 28 post-installation tasks 58 real-time scanning of files 20 remote installation 19, 49 repair or modify 56 reporting 21 scanning modes 31 scheduled reports 28 scheduled scans and manual scans 21 SharePoint versions supported 18 software components 20 status pane 109 system requirements 37 troubleshoot common issues 135 uninstalling 59 upgrade 44 upload a file 22 What s new 18 when a file is scanned 25 working 20 Symantec Protection for SharePoint Servers integrated installation about installing 46 hardware requirements 38 operating system 38 software requirements 38 system requirements 38 Symantec Scan Engine access console 95 add,remove,edit,view 87 adding a scan engine 87 communication protocol settings 96 configuring ICAP 96 container files 32 cyclic mode 90 deleting a scan engine 88 description 86 editing an entry 89 enable 86

155 Index 155 Symantec Scan Engine (continued) file types 98 host or IP address 86 ICAP 96 installation wizard 50 installing 50 installing Java manually 52 installing on a 64-bit computer 52 license activation 99 licensing 99 Linux system requirements 42 load balancing 89 platforms 30 priority 87 priority mode 90 register 85 registering with connector 85 scan policies 26 Solaris system requirements 41 specifying which file types to scan 98 system requirements 40 TCP/IP port 86 uninstall 61 uninstall on Windows 2000 Server/Server uninstall using product CD 61 virus protection 32 Windows system requirements 40 Symantec Scan Engine auto check 92 Symantec Scan Engine console 95 Symantec Scan Engine notification 117 Symantec Scan Engines, link on the console 69 System log files 47 system requirements 37 Systems Center Configuration Manager , 49 V virus definition automatically check 92 check 90 manually check 92 virus definitions files 90 Virus found notification 117 virus protection 32 virus scanning how scanning works 25 manual 23 real-time 21 scheduled 23 W Windows Application Event Log 47 Windows Server Windows SharePoint Services Windows SharePoint Services worm 32 WSS WSS T Take a Symantec Scan Engine offline 92 Threshold time 92 Trojan horses 32 U uninstalling Symantec Protection for SharePoint Servers 59 uploading files to SharePoint, description 22

156 156 Index