Video Screencast Help

Knowledgebase Articles for Symantec Protection Engine (SPE)

Created: 13 Feb 2014 • Updated: 06 Mar 2014 | 1 comment
Language Translations
SebastianZ's picture
+3 3 Votes
Login to vote

spe1.png

The following document may be an introduction to Symantec Protection Engine for NAS (SPE for NAS) and Symantec Protection Engine for Cloud Services. The most current version of this product available is 7.5.0.34. Documents presented in this article are split in several categories to allow you fast browsing and search for interesting topics. Both Symantec official KB resources and Symantec Connects resources included.
The official webpages for the both products can be accessed under following links:

 

Symantec Protection Engine for Cloud Services
http://www.symantec.com/protection-engine-for-cloud-services
Symantec Protection Engine for Network Attached Storage
http://www.symantec.com/protection-engine-network-attached-storage

In the download section of this article I have placed Datasheets for both SPE for NAS and SPE for Cloud Services. Beside this two documents you will find as well .pdf version of configuration guides for SPE for NAS on following NAS platforms: NetApp, IBM, EMC and Hitachi.

 

spe2.png

 

Symantec Protection Engine for Cloud Services

...is a flexible and feature rich client/server application that allows customers to incorporate malware and threat detection technologies into almost any application. Protection Engine includes Symantec's proprietary,patented URL categorization technology and industry-leading malware protection for fast, scalable, and reliable content scanning services helping organizations protect their data and storage systems against the ever growing malware threat landscape. (source: SPE for Cloud Services Datasheet)

 

Symantec Protection Engine for Network Attached Storage

...provides scalable, high-performance threat detection services to protect valuable data stored on network attached storage (NAS) devices. This solution provides increased scanning performance and improved detection capabilities for protection against multi-blended threats.(source: SPE for NAS Datasheet)

 

Symantec Protection Engine system requirements (version 7.5):

Supported operating systems

32-bit OS
• Windows® 2008 (English and Japanese)
• Red Hat® Enterprise Linux 6.x
• Red Hat® Enterprise Linux 5.x
• SUSE® Linux Enterprise Server 11

64-bit OS
• Windows® 2012 (English and Japanese)
• Windows® 2012 R2 (English and Japanese)
• Windows® 2008 (English and Japanese)
• Windows® 2008 R2 (English and Japanese)
• Solaris (SPARC) 10 and 11
• Red Hat® Enterprise Linux 6.x
• Red Hat® Enterprise Linux 5.x
• SUSE® Linux Enterprise Server 11

Supported Virtualization systems
• VMware® vSphere Hypervisor™ v5.1 or later
• Windows ® 2012 Hyper-V
• Windows ® 2008 R2 Hyper-V
• Xen 3.4.3 on RHEL 5.4 x64
All supported operating systems (Windows and Linux) are supported in above Hypervisors.

Supported browsers
• Mozilla Firefox® 24 ESR or later
• Microsoft® Internet Explorer® 9 or later

Minimum hardware configuration
• Intel or AMD Server Grade Single Processor Quad Core systems or higher or UltraSPARC
• Java™ Runtime Environment 7 (If UI is required)
• 4 GB random-access memory (RAM)
• 5 GB hard disk space available (10 GB of hard disk space if using URL Filtering)
• 1 NIC with static IP address running TCP/IP
• 100 Mbps Ethernet link (1 Gbps recommended)

 

Important notes about the product:

  • Symantec Protection engine allows following authentication modes:
  1. Symantec Protection Engine-based authentication
  2. Windows Active Directory-based authentication
  • Symantec Protection Engine 7.0 supports JRE 7.0
  • Since version 7.0 of SPE supports as well Windows 2012 Server
  • Symantec Protection Engine for NAS uses following protocols to interface with NAS devices:
  1. SPE native protocol
  2. ICAP
  3. RPC
  • Symantec Protection Engine definitions can be updated from internal Symantec Liveupdate Administrator
  • SPE events may be integrated with System Center Operations Manager (SCOM).
  • SPE console can be accessed in a Web browser by typing following address: https://<servername>:8004
  • Migration to SPE version 7.0 is only supported with version of Scan Engine 5.1 or higher. Upgrade from earlier versions is unsupported.
  • Symantec Protection Engine uses following tools to detect risks:
  1. Definition-based detection for threat components like viruses, worms and trojans
  2. Bloodhound heuristics technology to scan for unusual behaviors where no known definitions exist yet
  3. Container file decomposer - extracts container files so that they can be scanned for risks.
  • Partner Devices Certified with Symantec Protection Engine for NAS include:
  • IBM SONAS
  • IBM Storwize v7000 Unified Systems
  • EMC Isilon OneFS
  • NetApp Data ONTAP
  • Hitachi File OS
  • Hitachi HNAS
  • SPE Definitions may be download in a self-executable Intelligent Updater from following link:

http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=pe
 

 

 

SYMANTEC KB ARTICLES

BEST PRACTICES:

Sizing Guide for Symantec Protection Engine for Network Attached Storage (SPE for NAS)
http://www.symantec.com/docs/TECH196906
Best Practices: Installing Scan Engine 5.2.x or Symantec Protection Engine 7.0.x on Red Hat Enterprise Linux 5.x
http://www.symantec.com/docs/HOWTO35969
Best Practices for initial installation and testing of Symantec Scan Engine 5.x and Protection Engine 7.x in a CAVA 3.6.x environment
http://www.symantec.com/docs/TECH89267
Best practices for file types exclusions on Symantec Protection for Network Attached Storage.
http://www.symantec.com/docs/TECH96713
How to configure SAV for NAS 5.x for use with NetApp Filer
http://www.symantec.com/docs/TECH89560

 

 

SYMANTEC PROTECTION ENGINE 7.5 DOCUMENTATION:

Symantec™ Protection Engine for Network Attached Storage 7.5 Release Notes
http://www.symantec.com/docs/DOC7184
Symantec™ Protection Engine for Network Attached Storage 7.5 Getting Started Guide
http://www.symantec.com/docs/DOC7182
Symantec™ Protection Engine for Network Attached Storage 7.5 Implementation Guide
http://www.symantec.com/docs/DOC7185
Symantec™ Protection Engine for Network Attached Storage 7.5 Software Developer's Guide
http://www.symantec.com/docs/DOC7188
Symantec™ Protection Engine for Network Attached Storage 7.5 C SDK Guide
http://www.symantec.com/docs/DOC7189

 

Symantec™ Protection Engine for Cloud Services 7.5 Release Notes
http://www.symantec.com/docs/DOC7183
Symantec™ Protection Engine for Cloud Services 7.5 Getting Started Guide
http://www.symantec.com/docs/DOC7181
Symantec™ Protection Engine for Cloud Services 7.5 Implementation Guide
http://www.symantec.com/docs/DOC7191
Symantec™ Protection Engine for Cloud Services 7.5 Software Developer's Guide
http://www.symantec.com/docs/DOC7186
Symantec™ Protection Engine for Cloud Services 7.5 C SDK Guide
http://www.symantec.com/docs/DOC7187

Symantec Protection Engine 7.5 Released - March 2014
https://www-secure.symantec.com/connect/blogs/symantec-protection-engine-75-released-march-2014

 

 

GENERAL:

What's new in Symantec Protection Engine
http://www.symantec.com/docs/HOWTO79586
Support Matrix for Partner Devices Certified with Symantec Protection Engine (SPE) for Network Attached Storage (NAS) 7.0.x
http://www.symantec.com/docs/HOWTO83461
Release notes for Symantec Protection Engine for Network Attached Storage 7.0
http://www.symantec.com/docs/TECH196149
Release notes for Symantec Protection Engine for Cloud Services 7.0
http://www.symantec.com/docs/TECH196148
About threat categorization and risk ratings
http://www.symantec.com/docs/HOWTO79817
About authentication modes in Symantec Protection Engine
http://www.symantec.com/docs/HOWTO79822
How Symantec Protection Engine detects risks
http://www.symantec.com/docs/HOWTO79651
TCP/UPD ports used for communication between Symantec Protection Engine (SPE) and NetApp Filer (Data ONTAP)
http://www.symantec.com/docs/TECH214539
Available RuleSpace Categories for Symantec Scan Engine 5.2.10 and later and Symantec Protecion Engine 7.0.x
http://www.symantec.com/docs/TECH213808

 

 

INSTALLATION:

Before you install Symantec Protection Engine
http://www.symantec.com/docs/HOWTO79593
Symantec Protection Engine post-installation tasks
http://www.symantec.com/docs/HOWTO79616
About installing Symantec Protection Engine
http://www.symantec.com/docs/HOWTO79612
Installing Symantec Protection Engine on Windows
http://www.symantec.com/docs/HOWTO79613
About implementing a silent installation for Windows
http://www.symantec.com/docs/HOWTO79722
Installing Symantec Protection Engine on Linux
http://www.symantec.com/docs/HOWTO79614
Installing Symantec Protection Engine on Solaris
http://www.symantec.com/docs/HOWTO79615
Migrating to version 7.0
http://www.symantec.com/docs/HOWTO79627

 

 

CONFIGURATION:

Managing user accounts
http://www.symantec.com/docs/HOWTO79771
Accessing the Symantec Protection Engine console
http://www.symantec.com/docs/HOWTO79619
Changing the console settings
http://www.symantec.com/docs/HOWTO79777
Edit the Symantec Protection Engine configuration files
http://www.symantec.com/docs/HOWTO79738
Notifying a file server when definitions are updated
http://www.symantec.com/docs/HOWTO79647

 

About container files in Symantec Protection Engine
http://www.symantec.com/docs/HOWTO79657
Configuring Symantec Protection Engine to handle partial container files
http://www.symantec.com/docs/HOWTO79793
Configuring Symantec Protection Engine to handle encrypted container files
http://www.symantec.com/docs/HOWTO79791
Configuring Symantec Protection Engine to handle malformed container files
http://www.symantec.com/docs/HOWTO79792

 

About configuration options
http://www.symantec.com/docs/HOWTO79742
Enabling threat detection in Symantec Protection Engine
http://www.symantec.com/docs/HOWTO79652
Enabling non-viral threat detection in Symantec Protection Engine
http://www.symantec.com/docs/HOWTO79655
Change authentication mode settings for accessing Symantec Protection Engine console
http://www.symantec.com/docs/HOWTO79802
Importing keys from a third-party certificate
http://www.symantec.com/docs/HOWTO79623
Configuring file name filtering in Symantec Protection Engine
http://www.symantec.com/docs/HOWTO79658

 

Verifying, stopping, and restarting the Symantec Protection Engine daemon on Linux and Solaris
http://www.symantec.com/docs/HOWTO79617
Verifying, stopping, and restarting the Symantec Protection Engine service on Windows
http://www.symantec.com/docs/HOWTO79626

 

 

COMMAND-LINE SCANNING:

About the Symantec Protection Engine command-line scanner
http://www.symantec.com/docs/HOWTO79603
Setting up a computer to submit files to Symantec Protection Engine for scanning
http://www.symantec.com/docs/HOWTO79725
Java-based command-line scanner syntax and usage
http://www.symantec.com/docs/HOWTO79783
Supported command-line options for Java-based command-line scanner
http://www.symantec.com/docs/HOWTO79784
C-based command-line scanner syntax and usage
http://www.symantec.com/docs/HOWTO79726
Supported command-line options for C-based command-line scanner
http://www.symantec.com/docs/HOWTO79727

 

 

PERFORMANCE:

Obtaining Performance Monitor statistics from Protection Engine
http://www.symantec.com/docs/TECH214136
Improving network performance: Scan Engine 5.2.x and Protection Engine 7.x for NAS and RPC Filers
http://www.symantec.com/docs/TECH96735
Ways to improve Symantec Protection Engine performance
http://www.symantec.com/docs/HOWTO79764
Deployment considerations and recommendations
http://www.symantec.com/docs/HOWTO79765
Enhance performance by limiting scanning
http://www.symantec.com/docs/HOWTO79767
Configuration settings that can conserve and enhance performance
http://www.symantec.com/docs/HOWTO79766
Allocating resources for Symantec Protection Engine
http://www.symantec.com/docs/HOWTO79625

 

Specifying the maximum file or message size to scan
http://www.symantec.com/docs/HOWTO79768
Setting container file limits
http://www.symantec.com/docs/HOWTO79770
Specifying which files to scan
http://www.symantec.com/docs/HOWTO79769

 

 

LOGGING:

Logging levels and events
http://www.symantec.com/docs/HOWTO79681
Logging destinations
http://www.symantec.com/docs/HOWTO79680
Configuring Symantec Protection Engine to log events to SSIM
http://www.symantec.com/docs/HOWTO79696

 

 

SYMANTEC TECHNICAL SOLUTIONS FOR SPE 7.0:

Symantec Scan Engine or Symantec Protection Engine do not receive scan requests from EMC storage using Event Enabler (ex CAVA agent) 64bit version
http://www.symantec.com/docs/TECH170861
Issues setting the correct Quarantine Port in Symantec Protection Engine 7.x to work with Symantec Central Quarantine Server
http://www.symantec.com/docs/TECH209232
Access to PDF files is blocked due to the files are incorrectly decomposed to contain a zero byte javascript file.
http://www.symantec.com/docs/TECH210613
Decomposer ID 27 While scanning files with paths lengths over 260 characters on a Celerra Filer.
http://www.symantec.com/docs/TECH211020
Symantec Protection Engine service will not start after installation on Solaris 11
http://www.symantec.com/docs/TECH211908
Java LiveUpdate fails with Return code = 232 after upgrading to Symantec Protection Engine 7.x from Scan Engine 5.2.7 or earlier
http://www.symantec.com/docs/TECH211921
Symantec Scan Engine (SSE) / Protection Engine (SPE) does not start anymore on your Linux / Solaris server and the ScanEngineAbortLog.txt reports "400 CSAPI failed to initialize"
http://www.symantec.com/docs/TECH212465
Symantec Scan Engine (SSE) 5.2.x, Symantec Protection Engine (SPE) 7.0.x won't start if Java Runtime Environment (JRE) is updated AFTER the SSE/SPE installation
http://www.symantec.com/docs/TECH212732
Symantec Scan Engine (SSE) and Symantec Protection Engine (SPE) Web console page shows a Java security warning which suggests blocking SSE/SPE applets with a future version of Java
http://www.symantec.com/docs/TECH213129
Virus file is shown in quarantine page although Symantec Protection for SharePoint (SPSS) failed to quarantine the file as it is locked by workflow process.
http://www.symantec.com/docs/TECH213736
After upgrading to Java 7 Update 51 you are no longer able to launch the Scan Engine / Protection Engine Console
http://www.symantec.com/docs/TECH214308

 

 

SYMANTEC CONNECT RESSOURCES:

Introduction to Symantec Protection Engine for Network Attached Storage
https://www-secure.symantec.com/connect/articles/introduction-symantec-protection-engine-network-attached-storage
Installation of the Symantec Protection Engine - Graphical Steps
https://www-secure.symantec.com/connect/articles/installation-symantec-protection-engine-graphical-steps

 

 

SCAN ENGINE VERSION 5 REFERENCES:

Scan Engine Product Documentation
http://www.symantec.com/docs/DOC2277
Best Practices for implementing Symantec AntiVirus for Network Attached Storage with a NetApp Filer
http://www.symantec.com/docs/TECH132123
Best Practice for Symantec AntiVirus for Network Attached Storage 5.x with EMC Celerra Filer
http://www.symantec.com/docs/TECH132270
Best practices for using software firewalls on Scan Engine hosts in RPC/Netapp environments
http://www.symantec.com/docs/TECH146058
XPath location of Symantec Scan Engine parameters in the Scan Engine xml configuration files
http://www.symantec.com/docs/TECH161296
Recommending client-side exclusions for large files when using Symantec AntiVirus (SAV) for Network Attached Storage (NAS)
http://www.symantec.com/docs/TECH159835
Excluding large files from scanning to improve scan and network performance in Scan Engine 5.2.5 and later
http://www.symantec.com/docs/TECH170128

 

 

Comments 1 CommentJump to latest comment

Roopa Amit's picture

Hi ,

 

Can anyone please guide me to a similar detailed article for Symantec 12.x installtion, administration reports and monitoring ? Or you could route me the link in which there is a discussion already.

 

Regards,

Roopa

0
Login to vote