Symantec.com
VERITAS.com
Partners
About Symantec
WelcomeProducts & ServicesSecurity ResponseSupportSolutions & IndustriesLicensingTraining
Enterprise
Symantec.com > Enterprise > Support > Knowledge Base

PRINT THIS PAGE PRINT THIS PAGE

RATE THIS PAGE RATE THIS PAGE

Symantec AntiVirus 10.0 installation walk-through for administrators

Question/Issue:
This document discusses the process of installing Symantec AntiVirus 10.0 when no previous versions of Symantec AntiVirus Corporate Edition or Norton AntiVirus Corporate Edition exist on the network.


Solution:

Before you begin:
This document is only meant for installations when there is no previous version of Symantec AntiVirus, Symantec Client Security, or Norton AntiVirus on the network or individual computers. If previous versions of Symantec antivirus products are already installed, instead read Migrating to Symantec AntiVirus Corporate Edition 10.0.

If you use Symantec AntiVirus 10.0 Business Pack, read Symantec AntiVirus 10.0 installation walk-through for small-business administrators.



Installing Symantec AntiVirus Corporate Edition on a network involves a number of steps, which must be completed in a specific order. These steps are:

Plan the network
The best layout of the Symantec Client Security architecture depends on the topology of your network. Plan the layout geographically, with servers at each physical location, to reduce traffic over wide area connections. To draw logical rather than physical distinctions, such as different rules for different departments, use client groups rather than server groups. Note that a Symantec AntiVirus server does not need to be a network server; it can be a Windows 2000 or XP Professional workstation.

On servers such as database servers, Web servers, and file servers, it is usually best to install the client version of Symantec AntiVirus. By placing Symantec AntiVirus clients on these heavier traffic computers, you eliminate bandwidth overhead, system resources, and potential downtime in the event of problems. The Symantec AntiVirus client installation is supported on a Windows Server only when the Internet Email Tools or email plug-ins are not installed. If you install Symantec AntiVirus client with Internet Email Tools or email plug-ins on a Windows server, high-memory usage or other unpredictable behavior may occur.
For details, read Compatibility of Symantec AntiVirus email plug-ins with Microsoft Windows Server operating systems.

Mail servers require special consideration in order to prevent data loss. For more information, read Installing Symantec or Norton AntiVirus Corporate Edition on mail servers.

Symantec recommends that you install a secondary management server in your server group for disaster recovery purposes. If you do not and your primary management server fails, you will not be able to access the server group from Symantec System Center. If you do not create a secondary management server in your server group, back up the PKI folder and all subfolders. If your primary server becomes corrupted, you can re-create it if you have the backup files to restore.

A typical architecture includes primary management servers in each server group receiving virus definitions from Symantec Security Response using LiveUpdate. Secondary servers would receive the definitions from the primary, and clients would receive virus definitions from the secondary servers, using the Virus Definition Transport Method.

Symantec System Center, which is the console from which you can control all of Symantec AntiVirus, can be placed on any supported Windows computer on the network. Consider placing it on a convenient workstation rather than on a server, in order to minimize server traffic.


Additional considerations
The following is a list of critical information that you will need to know in order for installation to be successful.
Install Symantec System CenterAfter you know where each component of Symantec AntiVirus will be installed, the first step is to install Symantec System Center.


Note: Before you install Symantec System Center on a Windows Terminal Server, the Terminal Server must be in Remote Administration mode. After you install Symantec System Center and restart the computer, you can put the Terminal Server in Application mode. When Symantec System Center is installed on a Terminal Server, open Symantec System Center locally. Do not connect to Symantec System Center by using a terminal session.

In addition to Symantec System Center, the following management components are installed by default:
If you elect not to install any of these management components with Symantec System Center, you can run the Symantec System Center installation later and select them.

To install Symantec System CenterDo one of the following:

  1. In the Symantec AntiVirus panel, click Install Administrator Tools > Install Symantec System Center.
  2. In the Welcome panel, click Next.
  3. In the License Agreement panel, click I accept the terms in the license agreement, and then click Next.
    If Microsoft Management Console 1.2 or later is not installed on the computer, a message indicates that you must allow it to install.
  4. In the Select Components panel, check any of the following components that you want to install:
    • Alert Management System Console
    • Symantec AntiVirus Snap-In
    • Symantec Client Firewall Snap-In
    • AV Server Rollout Tool
    • ClientRemote Install Tool
      If these components are not present on the computer, all of them except Alert Management System Console are checked automatically.
  5. Click Next.
  6. In the Destination Folder panel, do one of the following:
    • To accept the default destination folder, click Next.
    • Click Change, locate and select a destination folder, click OK, and then click Next.
  7. In the Ready to Install the Program panel, click Install.
  8. In the InstallShield Wizard Completed panel, to close the wizard, click Finish.
  9. When you are prompted to restart the computer, click Yes.


Install the primary management server
After you install Symantec System Center and restart the computer, install the primary management server

To install the primary management server
  1. From the Symantec AntiVirus CD, run Setup.exe.
  2. In the Symantec AntiVirus panel, click Install Symantec AntiVirus > Install Symantec AntiVirus.
  3. Follow and complete the prompts until you are asked to enter a user name.
  4. In the Create Server Group User panel, in the Username box, accept or change the user name that will be used to administer the existing server group, and then click Next.
  5. Follow the prompts until installation completes.
  6. When installation completes, restart the computer.


Unlock the server group and designate the primary server
Interactive tutorial
After installing Symantec System Center, designate the first server in the server group as the primary server. This allows you to deploy other servers and clients from Symantec System Center.

When you unlock a server group for the first time, a message appears that prompts you to copy the server group root certificate. This certificate is copied to the pki directory structure that supports Symantec System Center.

To unlock the new server group
  1. Start Symantec System Center.
  2. In the left pane, right-click the new server group, and then click Unlock.
  3. In the "Server group root certificate not found" dialog box, select either option, and then click OK.
  4. In the Logon dialog box, type the user name that you entered when you installed the primary management server, type the password that you used to unlock the server group in the legacy version of Symantec System Center, and then click OK.

Back up the server group root certificate
This is a quick but vital step. You must back up the server group root certificate after unlocking the server group for the first time, or the server group and its settings will be irrecoverable in the event of a critical failure on the primary management server.

To back up the certificate
  1. In Windows Explorer, navigate to the Symantec AntiVirus program folder.
    By default, this is C:\Program Files\SAV\Symantec AntiVirus\.
  2. Copy the Pki folder to removable media.
    The contents of the Pki folder should be only a few Kb in size.
  3. Store the Pki folder in a safe location.
    In the event of a catastrophic server failure, these files will be necessary in order to recover client/server communication. For more information, read Steps to minimize recovery time in the event of a server failure.

Install management servers from Symantec System Center
You can install management servers for the rest of the network from Symantec System Center, which is the easiest installation method. You can also install servers from the CD.

To install a management server from Symantec System Center
  1. In the Symantec System Center console, in the left pane, expand Symantec System Center.
  2. On the Tools menu, click AV Server Rollout.
    AV Server Rollout is available only if you selected the Server Rollout component when you installed Symantec System Center. This component is selected for installation by default.
  3. In the Welcome panel, click Install Symantec AntiVirus server, and then click Next.
  4. In the License Agreement panel, click I agree, and then click Next.
  5. In the Select Items panel, ensure that Server program is checked, and then click Next.
  6. In the Select Computers panel, under Network, select the computer on which you installed Symantec System Center, and then click Add.
  7. Click Next.
  8. In the Server Summary panel, do one of the following:
    • To accept the default Symantec AntiVirus installation path, click Next.
    • To change the path, select a computer, and then click Change Destination. In the Change Destination dialog box, select a destination, click OK, and then click Next.
  9. In the Select Symantec AntiVirus Server Group panel, under Symantec AntiVirus Server Group, type a name for a new server group, and then click Next.
  10. In the Setup Message panel, click Yes.
  11. In the Enter Password for the Server Group panel, type a user name, type and retype a password for the user name, and then click OK.
    The user name that you type is the user name that administers the server group.
  12. In the Server Startup Options panel, click Automatic startup, and then click Next.
  13. In the "Using the Symantec System Center Program" panel, click Next.
  14. In the Setup Summary panel, read the message, and then click Finish.
  15. In the Setup Progress panel, view the status of the server installation, and then click Close when the installation is finished.
  16. Close Symantec System Center, save settings when you are prompted, and then restart the computer.

To install a management server to Novell NetWare servers
  1. In the Symantec System Center console, in the left pane, expand Symantec System Center.
  2. On the Tools menu, click AV Server Rollout.
    AV Server Rollout is available only if you selected the Server Rollout component when you installed Symantec System Center. This component is selected for installation by default.
  3. In the Welcome panel, click Install Symantec AntiVirus server, and then click Next.
  4. In the License Agreement panel, click I agree, and then click Next.
  5. In the Select Items panel, ensure that Server program is checked, and then click Next.
  6. In the Select Computers window, double-click NetWare services.
  7. Browse "Novell directory services" until you are at the SYS: volume object level.
    If the Novell Client is not installed on the Windows computer, this option does not appear. You must have the Novell Client installed in order to install a management server to NDS.
  8. Select the server's SYS: volume object, and then click Add.
    You are prompted to enter a tree name, user name, and password.
    The default user name supplied is "Administrator" instead of "Admin." Typically, you must change this in order to log in correctly.
    For further instructions on finding and selecting the server's SYS volume object, read How to "walk the tree" when installing Symantec AntiVirus Corporate Edition to NetWare servers.
  9. Click Next.
  10. In the Server Summary panel, do one of the following:
    • To accept the default Symantec Client Security installation path, click Next.
    • To change the path, select a computer, and then click Change Destination. In the Change Destination dialog box, select a destination, click OK, and then click Next.
  11. In the Select Symantec AntiVirus Server Group panel, under Symantec AntiVirus Server Group, type a name for a new server group, and then click Next.
  12. In the Enter Password for the Server Group panel, type a user name, type and retype a password for the user name, and then click OK.
    The user name that you type is the user name that administers the server group.
  13. In the Server Startup Options panel, click Automatic startup, and then click Next.
  14. In the Using the Symantec System Center Program panel, click Next.
  15. In the Setup Summary panel, read the message, and then click Finish.
  16. In the Setup Progress panel, view the status of the server installation, and then click Close when the installation finishes.

    WARNING: Do not skip the next step. Skipping this step causes problems when attempting to perform client login installations, and Symantec AntiVirus will not be loaded automatically.
  17. Load the Symantec AntiVirus NLM with the /install command switch to complete the installation.
    At the NetWare console, type one of the following commands to load the Symantec AntiVirus NLMs:
    • If you use Symantec AntiVirus 10.0.0, type the following command:

      load sys:sav\vpstart.nlm /install
    • If you use Symantec AntiVirus 10.0.1 or later, type the following command:

      load sys:sav\deploy0\vpstart.nlm /install

Configure your server group

If you configure your server group before you install new clients, the clients are automatically configured to include virus definitions update and scanning schedules when you install them.

Configuring updates and protection involves the following tasks:


Configuring VDTM for a server group
The easiest way to keep servers and clients updated with the latest virus definitions is to use the Virus Definition Transport Method (VDTM). To use VDTM, you configure the primary management server in a server group to retrieve the latest virus definitions from either Symantec or an internal LiveUpdate server, and the definitions automatically propagate to all other servers and clients in the group.

Note: After you create a server group, VDTM by default is configured on the primary management server to randomly distribute virus definitions to clients every week between Thursday and Friday, within 480 minutes of 8:00 PM. If this schedule is satisfactory, you do not need to configure VDTM.

With VDTM, the other servers and clients in the group do not access the Internet, which preserves Internet gateway bandwidth. Typically, the internal LiveUpdate server is used only in very large networks to preserve additional Internet gateway bandwidth when you have a large number of primary servers that access the Internet.

To configure VDTM for a server group
  1. In the Symantec System Center console, right-click a server, and then click All Tasks > Symantec AntiVirus > Virus Definition Manager.
  2. In the Virus Definition Manager dialog box, do the following:
    • Under How Servers Retrieve Virus Definitions Updates, click Update the Primary Server of this Server Group only.
    • Under How Clients Retrieve Virus Definitions Updates, click Update virus definitions from parent server.
  3. Click Configure.
  4. In the Configure Primary Server Updates dialog box, click Source.
  5. In the Setup Connection dialog box, in the Update definition file via list, click LiveUpdate (Win32)/FTP(NetWare), and then click OK.
  6. In the Configure Primary Server Updates dialog box, do both of the following:
    • Click Update Now to retrieve the virus definitions files from the primary management server immediately.
    • Click Schedule For Automatic Updates, click Schedule, and then specify a frequency and time when the server will check for updates on the primary management server.
  7. Click OK until you return to the Symantec System Center main window.
  8. Right-click System Hierarchy, and then click Refresh.

Configuring scan schedules
A scan schedule defines when all clients and servers in a server group scan hard disks for viruses and other threats. You should schedule these scans to run during off hours, when employees are least likely to work.

To configure scan schedules
  1. In the Symantec System Center console, right-click a server group.
  2. Click All Tasks > Symantec AntiVirus > Server Scheduled Scans.
  3. In the Scheduled Scans dialog box, on the Server Group Scans tab, click New.
  4. In the Scheduled Scan dialog box, under Name, type a name for the scan.
  5. Explore and configure other settings that are available with the Scan Settings and Advanced buttons.
  6. Click OK until you return to the main window in the Symantec System Center console.

Configuring Auto-Protect scans
Auto-Protect scans files as you open them, and scans email attachments as they are sent and received. Servers support scanning the file system only. Clients support scanning the file system and email attachments. You can also set Threat Tracer for clients to identify computers that spread viruses to network shares.

To configure Auto-Protect scans for server file systems

  1. In the Symantec System Center console, right-click the server group that you want to configure, and then click All Tasks > Symantec AntiVirus > Server Auto-Protect Options.
  2. In the Server Auto-Protect Options dialog box, on the File System tab, check Enable Auto-Protect, and then click Advanced.
  3. In the Server Auto-Protect Advanced dialog box, verify that the options under Threat Tracer are checked.
  4. Click OK.
  5. In the Server Auto-Protect Options dialog box, click OK.

To configure Auto-Protect scans for client file systems and email attachments
  1. In the Symantec System Center console, right-click the server group that you want to configure, and then click All Tasks > Symantec AntiVirus > Client Auto-Protect Options.
  2. In the Client Auto-Protect Options dialog box, on the File System tab, check Enable Auto-Protect, click the lock icon so that it is locked, and then click Advanced.
  3. In the Auto-Protect Advanced Options dialog box, familiarize yourself with the various settings, and verify that the options under Threat Tracer are checked.
  4. Click OK.
  5. On the tab that corresponds with your email system, check Enable Auto-Protect. Your tab options are:
    • Internet E-mail
    • Lotus Notes®
    • Microsoft® Exchange
  6. Click OK.

Install clients

You have two primary options for installing client software. You can install the software from Symantec System Center, or you can install the software from the installation CD. For additional methods of installing clients, see the Installation Guide.

About disabling the Windows XP firewall
Windows XP, including Service Packs 1 and 2, includes firewalls that can interfere with Symantec AntiVirus installation communications between servers and clients. If any of your servers or clients run Windows XP, you must disable the Windows XP firewall on them before you install Symantec AntiVirus client software.
See the following Microsoft Knowledge Base articles for more information:


Installing client software by using Symantec System Center
When you install clients from Symantec System Center, the clients are automatically managed.

To install client software by using Symantec System Center
  1. In the Symantec System Center console, in the left pane, right-click the server group that you created when you installed the antivirus server.
  2. If necessary, click Unlock Server Group, and then unlock the server group.
  3. In the left pane, click the primary management server so that it remains highlighted.
  4. On the Tools menu, click ClientRemote Install.
    ClientRemote Install is available only if you selected the ClientRemote Install tool when you installed Symantec System Center. This component is selected for installation by default.
  5. In the Welcome panel, click Next.
  6. In the Select Install Source Location panel, click Default Location, and then click Next.
  7. In the Select Computers panel, under AntiVirus Servers on the right side, select a computer to act as the parent server (your primary management server).
  8. Under Available Computers on the left side, expand Microsoft windows network, expand a group, and then select a client computer.
  9. Click Add.
    The client computer moves under the AntiVirus parent server in the right pane.
  10. Continue selecting and adding client computers until all of the clients that you want to manage are added, and then click Finish.
  11. In the Status of Remote Client Installation(s) panel, when the remote installation is finished, click Done.
  12. Restart the client computers.
  13. After a few minutes, in the Symantec System Center console, on the main menu bar, click Actions > Refresh.
    The client computer appears in the right pane when the client software is fully installed, which may take up to a minute.
  14. On the main menu bar, click Console > Save.

Installing client software from the CD
You can install the client software from the Symantec AntiVirus CD. The following procedure shows how to install the software on one client. You can install software on single computers, and you can deploy the software on multiple clients from the CD.

To install client software from the CD
  1. Insert the Symantec AntiVirus CD into the CD-ROM drive.
    If Autorun is disabled on the computer, in the root folder of the CD, double-click Setup.exe.
  2. In the Symantec AntiVirus panel, click Install Symantec AntiVirus, and then in the next panel click Install Symantec AntiVirus.
  3. In the Welcome panel, click Next.
  4. In the License Agreement panel, click I accept the terms in the license agreement, and then click Next.
  5. In the Client Server Options panel, click Client Install, and then click Next.
  6. In the Setup Type panel, click Complete, and then click Next.
  7. In the Network Setup Type panel, click Managed, and then click Next.
  8. In the Select Server panel, do one of the following:
    • Next to Server Name, type the host name of the primary antivirus server that you installed and configured.
    • Click Browse, select the primary antivirus server that you installed and configured, and then click OK.
  9. Click Next.
  10. In the Ready to Install the Program panel, click Install.
  11. In the Installing Symantec AntiVirus panel, when the installation is finished, click Finish.
  12. Click Yes to restart the client computer.



 

Available Translations:


RATE THIS SOLUTION
Was this solution helpful to you?
Yes
No
If any information was unclear, or the information you were seeking was not provided, please let us know. Your feedback will help us improve this service.

NOTE: Comments entered here will NOT recieve a personal email response.


Document ID: 2005041514162248
Last Modified: 03/02/2006
Date Created: 04/15/2005
Operating System(s): Windows 2000, Windows XP Home, Windows XP Professional Edition, Windows XP Tablet PC, NetWare 5.1, NetWare 6.0, NetWare 6.5, Windows XP 64-Bit Edition 2003, Windows Server 2003 32-bit Edition, Windows Server 2003 64-bit Edition, Windows XP Media Center Edition 2005
Product(s): Symantec AntiVirus Corporate Edition 10.0
Release(s): SAV 10.0 [All Releases]



Site Index · Legal Notices · Privacy Policy · Contact Us · Global Sites
©1995 - 2009 Symantec Corporation