Endpoint Protection

 View Only

  • 1.  SAVFL

    Posted Mar 05, 2014 09:54 PM

    Hi,

     

    Please help about SAVFL. Here is the Question?

     

                    1.       What are the ports that we need to open in order for the client to get the updated signatures/virusdefs.

     

                 Source          destination

                 Client     -> SAV LUA server

     

     

    2.       Live update flow.

     

    Client pull virusdeff/signature updates from SAV LUA or SAV (LUA) - > push the virusdeff/signature to client machine?

                   

    3. How to enable auto protect ?

    still disabled after running ./sav autoprotect --enable

     

     

    4.       Symantec (LUA) must connect only to Symantec Live Update server via port443(liveupdate.symantecliveupdate.com)

                    For one way authentication we need to get the certificate of theliveupdate.symantecliveupdate.com server and we will load it on our end.

     

           5. Can you also validate the error we’ve encountered after manual liveupdate

     

    [root@php-sshpa-localfse02 symantec_antivirus]# ./sav liveupdate -u

    Command failed: Problem with LiveUpdate.

    Check that java directory is in PATH  --- error

    Unable to perform update

     

     

     

     



  • 2.  RE: SAVFL

    Posted Mar 07, 2014 12:24 PM

    it should be on port 7070 from client to luadmin

    this article will help you with kernel compiling so that you can enable ap

    https://www-secure.symantec.com/connect/articles/sav-linux-scanning-best-practices-somewhat-illustrated-guide

     

    To see what versions of Java are compatible with Symantec AntiVirus for Linux?

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008041409001548



  • 3.  RE: SAVFL

    Posted Mar 10, 2014 05:39 AM

    Hi J0neLL,

    Later on this year, a managed SEP for Linux client is expected.  This will simplify the management of your defenses on those Linux machines. &: )

    In the meantime, this article may help answer the questions above:

    SAV for Linux: A (Somewhat) Illustrated Guide Part 3 focused on how to keep SAV for Linux up-to-date.

    SAVFL clients must pull their definitions from either the Interet LU servers, a LUA 2.x server, or update via Intellgent Updater.  The same mechanisms which work for updating Windows clients from a SEPM do not work for SAVFL.

    Is there any reason why your LUA server must communciate with internet-based source servers over port 443?

    Also: did you compile your own Auto-Protect module when installing the SAVFL software?  It is generally necessary.

    Best practice to install Symantec Antivirus for Linux.
    http://www.symantec.com/docs/TECH150596

    Many thanks!

    Mick

     



  • 4.  RE: SAVFL
    Best Answer

    Posted Mar 12, 2014 08:55 AM

    Hi J0neLL,

    Just a ping to see if you still need help?  The thread remains marked "needs solution"

    All the best,

    Mick



  • 5.  RE: SAVFL

    Posted Apr 03, 2014 05:45 AM

     

    Hi Mick

    Great article, thanks



  • 6.  RE: SAVFL

    Posted Apr 03, 2014 05:47 AM

    Many thanks! &: )  Glad to assist.