Preventing Symantec AntiVirus for Macintosh curl communication to Symantec servers

Article:TECH104591  |  Created: 2008-01-04  |  Updated: 2012-01-25  |  Article URL http://www.symantec.com/docs/TECH104591
Article Type
Technical Solution


Environment

Issue



The SAVM (Symantec AntiVirus for Macintosh) 10.2 installer briefly connects to a Symantec IP address. Some high-security customers have a strict zero-tolerance policy for applications making connections to servers outside their local network. As a customer with such a policy, you want to prevent this connection to Symantec servers.

Symptoms
The SAVM installer launches the executable /usr/bin/curl, which briefly connects to a Symantec IP address (symantec.georedirector.akadns.net) over port 80.

 


Cause



This connection to Symantec servers is a one-time occurrence at installation that helps Symantec track the number of SAVM installations. It is a standard component of Symantec products. Symantec is not transferring any personal information; the communication is simply relaying which product has been installed and whether the installation was successful. It is not used for billing or license enforcement.


Solution



Solution 1:
You can prevent the connection to Symantec by adding the following line to the SAVM installer postinstall/postupgrade scripts. This will modify the appropriate Preferences on the target computers. The line must be added at the top of both of the following two files in the installer:

Symantec AntiVirus Installer.mpkg/Contents/Resources/postinstall
Symantec AntiVirus Installer.mpkg/Contents/Resources/postupgrade

Add this line to the installer scripts, after the line #!/bin/bash:

/usr/bin/defaults write "{$3}/private/var/root/Library/Preferences/com.symantec.autoprotect" "Dash9000Done" -bool "YES"

Solution 2:
Instead of modifying the installer scripts (Solution 1), the connection can be prevented by executing a command on a particular computer. This command will modify the Preferences on a specific target volume. In this example command, the volume is named "test volume.” This command should be executed from Terminal, before installing SAVM.

Run this command from Terminal, replacing "test volume" with the actual volume name.

sudo /usr/bin/defaults write "/Volumes/test volume/private/var/root/Library/Preferences/com.symantec.autoprotect" "Dash9000Done" -bool "YES"

Note

The solutions above will only prevent/block the installer connection to Symantec; SAVM will not otherwise be affected.

 



Legacy ID



2008040410425848


Article URL http://www.symantec.com/docs/TECH104591


Terms of use for this information are found in Legal Notices