How to use the Virus Definitions Transport Method (VDTM) in Symantec AntiVirus Corporate Edition

Article:TECH100102  |  Created: 2002-01-19  |  Updated: 2006-01-29  |  Article URL http://www.symantec.com/docs/TECH100102
Article Type
Technical Solution

Product(s)

Environment

Issue



You need to know how to use the Virus Definitions Transport Method (VDTM) in Symantec AntiVirus Corporate Edition.


Solution



Virus Definitions Transport Method versus LiveUpdate
An important part of setting up an antivirus policy is determining how to update virus definitions. With Symantec AntiVirus, there are two methods to choose from:
  • Virus Definitions Transport Method
  • LiveUpdate
There are advantages to both methods.

Virus Definitions Transport Method
Advantages
  • Fully automated. It is only necessary to update one server to update all machines in the network.
  • Minimal configuration required.
  • Only the portion of the file that contains new data (microdefs) is retrieved by the computer. In previous versions, this was a feature that only LiveUpdate had. With Symantec AntiVirus 8.0 and later, the VDTM can distribute microdefs as well.

LiveUpdate
Advantages
  • Only the portion of the file that contains new data (microdefs) is retrieved by the computer.
  • Scheduled LiveUpdate. You can schedule LiveUpdate to take place at times when there is less network traffic.
  • LiveUpdate can apply program updates to Symantec programs that allow inline updates.
Disadvantages
    More configuration is required.

Configuring the Virus Definition Transport Method
You can use the Virus Definition Transport Method to automate the task of distributing a new virus definitions file to each computer on your network. You need to configure just one computer on your network to retrieve the definitions file from the Symantec FTP site. You can then configure all other computers on the network to share this virus definitions set.

Scenario
Assume that you have a network of six servers, divided into two Symantec AntiVirus Server Groups: Server Group A and Server Group B. This means that you must assign a primary server to each group, Primary Server 1, and Primary Server 2, for groups A and B respectively. Assume also that you want all servers to update from their primary servers. However, you want only one server (Primary Server 1) to visit the Symantec site for updates. This is so you can limit your company's exposure to the Internet. All clients will receive updates from their respective primary servers.

Following is a chart of the configuration described:



Overview
  1. Configure Primary Server 1 to retrieve virus definitions files from the Symantec FTP site.
  2. Configure its secondary servers to retrieve virus definitions from Primary Server 1 (no action required).
  3. Configure clients to receive virus definitions updates from their parent servers.
  4. Configure Primary Server 2 to retrieve virus definitions from Primary Server 1.
  5. Configure its secondary servers to retrieve virus definitions from itself (Primary Server 2) (no action required).
  6. Configure clients to receive virus definitions updates from their parent servers.

Executing the plan
  1. Configure Primary Server 1 to retrieve the virus definitions files from the Symantec FTP site.
    • Right-click Server Group A in the Symantec System Center console, and then click All Tasks > Symantec AntiVirus > Virus Definition Manager.
    • Check "Update the Primary Server of this Server Group only", and click Configure.
    • Click the source and choose "LiveUpdate (Win32)/FTP (NetWare)". You can then choose to schedule the download or Update Now.
  2. Configure its secondary servers to retrieve virus definitions from Primary Server 1 (no action required).
    • By default, all Symantec AntiVirus Servers in Server Group A will now automatically get their virus definitions updates from Primary Server 1.




  3. Configure clients to receive virus definitions updates from their parent servers.
    • In the Virus Definition Manager screen for Server Group A, under the section "How Clients Retrieve Virus Definitions Updates", ensure that "Update virus definitions from parent server" is checked. Clients will automatically receive virus definitions updates from their parent server.
    • Click Settings, and verify that the interval at which the client should poll its parent server for changes and updates is set to 60 minutes.



  4. Configure Primary Server 2 to retrieve virus definitions from Primary Server 1, which now becomes the Master Primary Server simply by making this choice.
  5. Configure its secondary servers to retrieve virus definitions from itself (Primary Server 2) (no action required).
    • As with Primary Server 1, this step requires no action on your part. Simply making the selection above sets this as the default.
  6. Configure clients to receive virus definitions updates from their parent servers.
    • Still within the Virus Definition Manager screen for Server Group B, under the section "How Clients Retrieve Virus Definitions Updates", ensure that "Update virus definitions from parent server" is checked. Clients will automatically receive virus definitions updates from their parent server.
    • Click Settings. Choose the intervals at which the client should poll its parent server for new virus definitions updates.


      Note: The Master Primary Server is defined as the primary server which you designate to retrieve virus definition updates. Also, it is the one from which other primary servers in other server groups retrieve virus definition files (if configured to retrieve from "another protected server"). For definition files to flow to primary servers in other server groups from the master primary, you must specifically schedule that operation, or you must enter the console and click "update now" in the virus definition manager page for each of the server groups that you want updated.


Updating NetWare servers
For a NetWare environment, designate a Windows computer to which you have installed Symantec AntiVirus as your primary server. You can then set up the NetWare servers to pull the virus definitions updates from the primary server.

NetWare servers not running TCP/IP cannot get updates from a Windows server in another server group
If your NetWare server is not running TCP/IP and is not using a DNS server, you may have difficulty updating a NetWare server from a Windows server that resides in a different server group. This is because the NetWare server does not store the address of the Windows server in its address cache.

If you choose not to run TCP/IP on your NetWare server and still want to update it from a Windows server in another server group, you can work around this problem by temporarily moving the NetWare server into a server group that has a Windows server in it. After one day, you can then move the NetWare server back to its original server group. This action adds the Windows server address to NetWare server's address cache, and the NetWare server can locate the Windows server to obtain the updated virus definitions file in the future with no further action required on your part.







Legacy ID



2002111915202948


Article URL http://www.symantec.com/docs/TECH100102


Terms of use for this information are found in Legal Notices