Preventing Symantec AntiVirus for Macintosh curl communication to Symantec servers
| Article:TECH104591 | | | Created: 2008-01-04 | | | Updated: 2012-01-25 | | | Article URL http://www.symantec.com/docs/TECH104591 |
Problem
The SAVM (Symantec AntiVirus for Macintosh) 10.2 installer briefly connects to a Symantec IP address. Some high-security customers have a strict zero-tolerance policy for applications making connections to servers outside their local network. As a customer with such a policy, you want to prevent this connection to Symantec servers.
Symptoms
The SAVM installer launches the executable /usr/bin/curl, which briefly connects to a Symantec IP address (symantec.georedirector.akadns.net) over port 80.
Cause
This connection to Symantec servers is a one-time occurrence at installation that helps Symantec track the number of SAVM installations. It is a standard component of Symantec products. Symantec is not transferring any personal information; the communication is simply relaying which product has been installed and whether the installation was successful. It is not used for billing or license enforcement.
Solution
Solution 1:
You can prevent the connection to Symantec by adding the following line to the SAVM installer postinstall/postupgrade scripts. This will modify the appropriate Preferences on the target computers. The line must be added at the top of both of the following two files in the installer:
Symantec AntiVirus Installer.mpkg/Contents/Resources/postinstall
Symantec AntiVirus Installer.mpkg/Contents/Resources/postupgrade
Add this line to the installer scripts, after the line #!/bin/bash:
/usr/bin/defaults write "{$3}/private/var/root/Library/Preferences/com.symantec.autoprotect" "Dash9000Done" -bool "YES"
Solution 2:
Instead of modifying the installer scripts (Solution 1), the connection can be prevented by executing a command on a particular computer. This command will modify the Preferences on a specific target volume. In this example command, the volume is named "test volume.” This command should be executed from Terminal, before installing SAVM.
Run this command from Terminal, replacing "test volume" with the actual volume name.
sudo /usr/bin/defaults write "/Volumes/test volume/private/var/root/Library/Preferences/com.symantec.autoprotect" "Dash9000Done" -bool "YES"
Note
The solutions above will only prevent/block the installer connection to Symantec; SAVM will not otherwise be affected.
|
|
Legacy ID
2008040410425848
Article URL http://www.symantec.com/docs/TECH104591
Terms of use for this information are found in Legal Notices
Thank you.