Setting up Symantec Central Quarantine for Symantec Client Security 3.x or Symantec AntiVirus Corporate Edition 10.x

Article:TECH101177  |  Created: 2005-01-31  |  Updated: 2006-01-08  |  Article URL http://www.symantec.com/docs/TECH101177
Article Type
Technical Solution

Product(s)

Environment

Issue



This document describes the installation of Symantec Central Quarantine 3.4 under Windows 2000/XP/2003 for Symantec AntiVirus Corporate Edition 10.x. It also shows how to configure clients to forward infected files to Central Quarantine.


Solution



Setting up Symantec Central Quarantine 3.4

Symantec Central Quarantine can be used as a centralized notification tool and as a repository for infected files that could not be repaired by Symantec AntiVirus Corporate Edition on clients. The original infected file remains safely isolated in the client's local Quarantine. A copy of the infected file is sent to the Symantec Central Quarantine for the administrator to take further actions. For additional information, see the Symantec Central Quarantine Administrator's Guide (CentQuar.pdf) located in the Docs folder of CD 1.

Setting up Central Quarantine involves the following steps:
  • Install Symantec AntiVirus Quarantine Console Snap-in.
  • Install Symantec Central Quarantine.
  • Set up Symantec Central Quarantine to accept forwarded files.
  • Set up clients and servers to forward quarantined files to Symantec Central Quarantine.


Before you begin: You must uninstall any previous versions of Symantec Central Quarantine and the Symantec AntiVirus Quarantine Console Snap-in before installing Symantec Central Quarantine 3.4. If you are migrating from a previous version of Symantec Client Security or Symantec AntiVirus, read the document for your product version:

To install Symantec AntiVirus Quarantine Console Snap-in
The Symantec AntiVirus Quarantine Console Snap-in lets you manage the Symantec Central Quarantine from Symantec System Center. This component must be installed on the computer running Symantec System Center.
  1. From CD 1, double-click the Setup.exe file, and then click Install Administrator Tools.
  2. Click Install Quarantine Console.
  3. Click Next.
  4. In the License Agreement dialog box, select I accept the terms in the license agreement, and then click Next.
  5. In the Destination Folder dialog box, click one of the following:
    • Next: To install to the default folder.
    • Change: To select a different folder.
      Do not install the Quarantine Console on a network drive.
  6. Click Install.
  7. When the installation completes, click Finish.

To install Symantec Central Quarantine
  1. From CD 1, double-click the Setup.exe file, and then click Install Administrator Tools.
  2. Click Install Central Quarantine.
  3. Click Next.
  4. In the License Agreement dialog box, select I accept the terms in the license agreement, and then click Next.
  5. In the Destination Folder dialog box, click one of the following:
    • Next: To install to the default folder.
    • Change: To select a different folder.
      Do not install Central Quarantine on a network drive.
  6. In the Setup Type dialog box, select one of the following:
    • Internet based (Recommended)
    • E-mail based
  7. Click Next.
  8. In the Maximum Disk Space dialog box, either accept the default disk space of 500 megabytes, or type a new value in the Disk space (megabytes) box, and then click Next.
  9. In the Contact Information dialog box, fill in all the fields.
    Your account number is your Symantec Technical Support Contact ID Number.
  10. In the Web Communication dialog box, click Next.
    Do not change the Gateway Name unless directed by Symantec Technical Support.
  11. In the Alerts Configuration dialog box, click Enable Alerts if you are using Alert Management Server (AMS), and then type the name of your AMS server.
  12. Click Next.
  13. Click Install.
  14. When the installation completes, click Finish, and restart the computer.

To set up Symantec Central Quarantine to accept forwarded files
  1. In the left pane of Symantec System Center, right-click Symantec Central Quarantine, and then click Attach to server.
  2. In the Select Computer dialog box, select This Computer.
  3. In the Attach to Quarantine Server dialog box, type the server name, user name, password, and domain for the Quarantine Server.
    The user account specified must have rights to copy files to a Quarantine directory.
  4. Click OK.
  5. Right-click Symantec Central Quarantine, and then click Properties.
  6. Check Listen on IP, and then type 10101 in the Port box.
    If another application is using port 10101, select any number between 1025 and 65536. Be careful not to use another application's reserved port.
  7. If you want the Quarantine Server to listen on IPX, check Listen on IPX, and then type the port number.
    IPX communication is only supported for communication with legacy clients and servers running Symantec AntiVirus 9.x or earlier.
  8. Click OK.
Symantec Central Quarantine is now configured to accept forwarded files.

To set up clients and servers to forward quarantined files to Symantec Central Quarantine
  1. In the left pane of Symantec System Center, unlock the server group that you want to configure.
  2. Right-click a parent server or server group, and then click All Tasks > Symantec AntiVirus > Quarantine Options.
  3. Check Enable Quarantine or Scan and Deliver.
  4. Select Allow forwarding to Quarantine server.
  5. In the Server Name box, type the name of the Quarantine Server.
  6. In the Port box, type the port number that the Quarantine Server is listening on.
  7. In the Protocol drop-down menu, select one of the following:
    • IP
    • SPX
      SPX communication is only supported for communication with legacy clients and servers running Symantec AntiVirus 9.x or earlier.
  8. Click OK.

To configure NetWare servers to forward to the Quarantine Server using the TCP/IP protocol
In the Quarantine Options window, type the Quarantine Server's IP address instead of its computer name.

To configure NetWare servers to forward to the Quarantine Server using IPX/SPX protocol
In the Quarantine Options window, type the Quarantine Server's IPX address instead of its computer name.


Note: The IPX/SPX protocol is only supported for communication with legacy clients and servers running Symantec AntiVirus 9.x or earlier.


Firewall considerations
Symantec Quarantine Server communicates with the Symantec Security Response auto-response server by using the static TCP ports 2847 and 2848. These ports are used by the Quarantine Server to submit viruses by using Scan and Deliver. These ports are closed after the submission is completed. If Symantec creates new virus definitions based on the submitted files, the Symantec Security Response auto-response server notifies the Quarantine Server by using the static TCP ports 2847 and 2848.

Symantec Quarantine Server connects to the Internet by using TCP port 80 to obtain virus definition updates. Opening these ports at the firewall to allow outbound traffic from the Symantec Quarantine Server should not pose a security threat.




References
For additional information, see the Symantec Central Quarantine Administrator's Guide (CentQuar.pdf) located in the Docs folder of CD 1.






Legacy ID



2005033118471548


Article URL http://www.symantec.com/docs/TECH101177


Terms of use for this information are found in Legal Notices