Recommendations for installing Symantec Endpoint Protection for Macintosh 11.x on Mac OS X Server

Article:TECH132046  |  Created: 2010-01-28  |  Updated: 2014-09-22  |  Article URL http://www.symantec.com/docs/TECH132046
Article Type
Technical Solution


Environment

Issue



This page gives best practices to install the legacy product Symantec Endpoint Protection for Macintosh (SEP for Mac) 11.x on Mac OS X Server.

It is recommended that you use the newest Symantec Endpoint Protection version. As of SEP 12.1, Macintosh OS X Server is fully supported. SEP 11.x is considered End of Life (EOL), and all support ends on January 5, 2015. 

For your convenience, the following tips are provided for tuning installations on OS X servers or workstations. 

 


Solution



General
 

  • Symantec has not informally or formally tested SEP 11.x for Mac with Xsan or Xserve RAID. Symantec cannot recommend using SEP  for Mac in this way.
  • SEP 11.x  for Mac on Mac OS X Server should not be seen as a replacement for antivirus software on client computers.
  • These guidelines also apply to SAV for Mac, which is no longer supported.
     


Performance

  • To tune performance, set up Auto-Protect to scan only very specific areas of your storage. Target places like: FTP directory, WebDAV directories, Shared Items, and user directories. Do this using the "ONLY in" option in the Symantec Auto-Protect Preference Pane on the Safe Zones tab (SAV for Mac), or in the Antivirus and Antispyware policy, under Mac Settings, File System Auto-Protect, General Scan details. 
  • As of Mac OS X 10.4, Auto-Protect scans files that are written to a mounted network share from the client running Auto-Protect. In some network configurations, this can cause degraded performance and reliability. Excluding mounted shares using SafeZones will resolve these type of issues. Universal SafeZones on Network drives can lower performance when you copy files from one computer to another or save files to a network share. By excluding the network share via SafeZones, it will improve file transfer times and stop Auto-Protect related error messages.  However, every exclusion set poses a security risk, particularly on a server that may be hosting content for multi-platforms, so this should be considered before excluding all shares outright.

    Note: Safe Zones and Centralized Exceptions can exclude files and folders or include files or folders, not both. To use Centralized Exceptions via the SEPM, "Scan everywhere except in specific folders" must be checked in Antivirus / Antispyware policy, under Mac Settings, File System Auto-Protect. See Technical Information for documentation. 


Compatibility 

  • Turn off the scanning of compressed files to increase performance.
  • Mac OS X Server bundles antivirus and antispam with the mail service. If you enable mail service, make sure that this directory is not scanned:
    /private/var/spool/imap
  • Never scan directories with database files (such as MySQL, FileMaker, etc.). You will want to exclude these directories.
     


Current Protection 

  • To keep SEP or SAV for Mac current, set up LiveUpdate to launch for the root account; if managed, ensure a LiveUpdate schedule is established via LiveUpdate policy (SEP for Mac) or send it a schedule (SAV for Mac). If unmanaged, use symsched via command line in Terminal. By scheduling LiveUpdate for the root account, SEP or SAV for Mac is updated no matter which account is logged on (see Technical Information).



Technical Information

Additional information can be found in 'Compatibility between Symantec Endpoint Protection and Macintosh OS X'



 




Legacy ID



2010042813250348


Article URL http://www.symantec.com/docs/TECH132046


Terms of use for this information are found in Legal Notices