Best practices for Symantec AntiVirus Corporate Edition 8.x RealTime Protection on a Microsoft Exchange Server
|Article:TECH99906|||||Created: 2002-01-09|||||Updated: 2011-08-01|||||Article URL http://www.symantec.com/docs/TECH99906|
This document provides best practice recommendations for Symantec AntiVirus Corporate Edition (Symantec AV) RealTime Protection (RTP) running on a Microsoft Exchange Server (MSE).
As a best practice, Symantec Technical Support recommends installing Symantec AV as a server in its own server group or as an unmanaged client. When Symantec AV is installed in either of these configurations, the Symantec AV RTP scanning options can be set to exclude the MSE directory structure and the Norton AntiVirus for Microsoft Exchange (NAVMSE) or Symantec AntiVirus/Filtering for Microsoft Exchange (SAVFMSE) temporary processing folder. If Symantec AV RTP scans the Exchange directory structure and the NAVMSE/SAVFMSE processing folder, it can cause false positive virus detections, unexpected behavior on the Exchange server, or damage to the Exchange databases. This is true of all antivirus programs running on Exchange servers. For more information, see the Microsoft Knowledge Base article XGEN: Recommendations for Troubleshooting an Exchange Computer with Antivirus Software Installed - ID Q245822.
To access the Microsoft Knowledge Base, connect to http://search.support.microsoft.com/kb/c.asp and search for the specific article ID number.
Method 1: Configure Symantec AV as a stand-alone server
If Symantec AV is not yet installed on the Exchange server, install the server software by clicking "Deploy AntiVirus Server" from the installation menu. You will be prompted to enter a server group name. This group will contain just the Symantec AV/NAVMSE server or servers. Symantec Technical Support recommends that you use a descriptive name that you can easily recognize as the group of Exchange Servers.
If Symantec AV server is already installed on the Exchange server, then create a new group in the Symantec System Center (SSC). Open the SSC, right-click "System Hierarchy" in the left pane, and then click New > Server Group. Give this new server group a descriptive name that describes the group as Exchange Servers only. Click the icon representing the Exchange Server, which appears under the group with other Symantec AV servers, and drag the icon to the folder icon for the new server group. If the SSC prompts you to make this server a member of the new group, click Yes or OK.
Designate this server as the Primary server of its group. Unlock the server group in the SSC, right-click the new server icon in the left pane, and then click "Make Server a Primary Server." Set up exclusions for real-time protection and scheduled scans. For additional instructions, see the document How to prevent Symantec AntiVirus Corporate Edition from scanning the Microsoft Exchange directory structure.
Configure the Virus Definition Manager for this server or server group to update using LiveUpdate (default), and then update the virus definitions.
To update from the primary server in your main server group
- Right-click the Exchange server group in SSC and click All Tasks > Symantec AntiVirus > Virus Definition Manager.
- Choose "Update primary server of the group only."
- Click "Configure..." and then ensure that the update schedule is enabled. Symantec technical support recommends setting the schedule for daily updating.
- Click "Source", and then click LiveUpdate or "Another protected server." To choose another server, select the Primary server of your main server group.
- Click OK, until you return to the main SSC window.
Method 2: Install Symantec AV as an unmanaged client
If Symantec AV is already installed on the Exchange server as a managed client, uninstall Symantec AV, restart the computer, and reinstall Symantec AV as an unmanaged client. If Symantec AV is not installed, then install it as an unmanaged client.
Note: To install Symantec AV client as an unmanaged client, you must use the installation CD. If you use the installation files from a previously installed Symantec AV server or use the NT client rollout installer, the client will automatically retrieve configuration information from the selected parent server and become managed.
When the unmanaged client is installed, schedule LiveUpdate to retrieve updates from Symantec. If NAVMSE is also installed, Symantec Technical Support recommends that you use its Web interface to disable the LiveUpdate schedule for NAVMSE, as NAVMSE only allows for 10 updates per month. If SAVFMSE is installed, you have the option of scheduling LiveUpdate from the SAVFMSE Web interface or from within the Symantec AV client. Regardless of which option you choose, you should choose only one application to run LiveUpdate.
Note: The virus definitions downloaded by Symantec AV, NAVMSE, or SAVFMSE are exactly the same and are downloaded to the same location. The virus definitions are shared by all installed Symantec antivirus products.
To schedule LiveUpdate to run from an unmanaged Symantec AV client
- Open the unmanaged Symantec AV client on the Exchange server.
- Click File, and then click Schedule Updates.
- Check "Enable scheduled automatic updates," and then click Schedule.
- For Frequency, select Daily.
- Select the desired time for LiveUpdate to run automatically.
- Click OK twice and close Symantec AV.
Method 3: Place the Exchange server into a client group specifically configured for Exchange servers
A new feature in Symantec AV 8.0 is the ability to make client groups. Client groups can be configured differently from your other clients on the same server. You can create a client group for your Exchange server or servers. You can then configure the settings at the client group level, so that the exclusion will apply to all Exchange servers in the group. For instructions on how to create client groups, please see the document How to create and manage client groups in Symantec System Center 5.0.
Once you have created the client group, you can configure that group to exclude the appropriate files and folders.
You can then install Symantec AV 8.0 client to the MSE server and allow it to be managed by a server in your server group. Once installed, assign that client to the client group you created for your MSE server(s). This will allow the client to be managed and receive definitions automatically by the server, but have settings specific to your Exchange servers. In the future if you add a new Exchange server, you can simply install the client software to it in a managed state, then assign it to this same client group.
For instructions on how to configure Symantec AV to exclude the necessary Exchange and NAVMSE/SAVFMSE directories, see the document How to prevent Symantec AntiVirus Corporate Edition from scanning the Microsoft Exchange directory structure.
Explanation for this recommendation
Installing Symantec AV as unmanaged client or stand-alone server means that if you change server or group level settings, the stand-alone server or unmanaged client is unaffected. For example, if Symantec AV is installed as a managed client on an Exchange server, you can set real-time scan exclusions for this particular client, but any changes made to real-time settings at the parent server, server group or client group level (above this client) result in these exclusions being reset. In the same way, if Symantec AV server is installed on an Exchange server, you can make server-specific exclusions, but if you modify any server RTP options at the server group level, these modifications can overwrite the exclusions.
Article URL http://www.symantec.com/docs/TECH99906