Recommendations for installing Symantec Endpoint Protection for Macintosh / Symantec Antivirus for Macintosh on Mac OS X Server

Article:TECH132046  |  Created: 2010-01-28  |  Updated: 2012-06-26  |  Article URL http://www.symantec.com/docs/TECH132046
Article Type
Technical Solution


Environment

Issue



This page gives best practices to install Symantec Endpoint Protection for Macintosh (SEP for Mac) or Symantec Antivirus for Macintosh (SAV for Mac) on Mac OS X Server.

It is recommended that you use the newest Symantec production version. As of SEP 12.1, Macintosh OS X Server is fully supported.

For your convenience, the following tips are provided for tuning installations on OS X servers or workstations:

 


Solution



General
 

  • Symantec has not informally or formally tested SEP or SAV for Mac with Xsan or Xserve RAID. Symantec cannot recommend using SEP or SAV for Mac in this way.
  • SEP or SAV for Mac on Mac OS X Server should not be seen as a replacement for antivirus software on client computers.
     


Performance

  • To tune performance, set up Auto-Protect to scan only very specific areas of your storage. Target places like: FTP directory, WebDAV directories, Shared Items, and user directories. Do this using the "ONLY in" option in the Symantec Auto-Protect Preference Pane on the Safe Zones tab (SAV for Mac), or in the Antivirus and Antispyware policy, under Mac Settings, File System Auto-Protect, General Scan details. 
  • As of Mac OS X 10.4, Auto-Protect scans files that are written to a mounted network share from the client running Auto-Protect. In some network configurations, this can cause degraded performance and reliability. Excluding mounted shares using SafeZones will resolve these type of issues. Universal SafeZones on Network drives can lower performance when you copy files from one computer to another or save files to a network share. By excluding the network share via SafeZones, it will improve file transfer times and stop Auto-Protect related error messages.  However, every exclusion set poses a security risk, particularly on a server that may be hosting content for multi-platforms, so this should be considered before excluding all shares outright.

    Note: Safe Zones and Centralized Exceptions can exclude files and folders or include files or folders, not both. To use Centralized Exceptions via the SEPM, "Scan everywhere except in specific folders" must be checked in Antivirus / Antispyware policy, under Mac Settings, File System Auto-Protect. See Technical Information for documentation. 


Compatibility 

  • Turn off the scanning of compressed files to increase performance.
  • Mac OS X Server bundles antivirus and antispam with the mail service. If you enable mail service, make sure that this directory is not scanned:
    /private/var/spool/imap
  • Never scan directories with database files (such as MySQL, FileMaker, etc.). You will want to exclude these directories.
     


Current Protection 

  • To keep SEP or SAV for Mac current, set up LiveUpdate to launch for the root account; if managed, ensure a LiveUpdate schedule is established via LiveUpdate policy (SEP for Mac) or send it a schedule (SAV for Mac). If unmanaged, use symsched via command line in Terminal. By scheduling LiveUpdate for the root account, SEP or SAV for Mac is updated no matter which account is logged on (see Technical Information).



Technical Information

Title: 'Compatibility between Symantec AntiVirus/Symantec Endpoint Protection and Macintosh OS X'
Document ID: 2010031717331048

For SEP for Mac:

Title: 'How to create a Security Risk Exception for a Mac client from the Symantec Endpoint Protection Manager (SEPM)'
Document ID: 2010041505243448


For SAV for Mac:

Title: 'Problems occur when you save files with Auto-Protect on' (how to configure SafeZones for SAV for Mac clients)
Document ID: 2007280190169898

Title: 'How to remotely schedule LiveUpdate and virus scans on Symantec AntiVirus for Macintosh 10.x clients'
Document ID: 2007393022179698

Title: 'Guide to symsched Command-line Switches'
Document ID: 2008072912573848

Title: 'Symantec AntiVirus for Macintosh: How to Disable Scanning of Compressed Archives'
Document ID: 2008101314543548



 




Legacy ID



2010042813250348


Article URL http://www.symantec.com/docs/TECH132046


Terms of use for this information are found in Legal Notices