Video Screencast Help

Symantec Antivirus Protection (Linux)

Created: 27 Feb 2012 • Updated: 28 Feb 2012 | 9 comments
JRS17's picture
This issue has been solved. See solution.

I will be deploying SAV to RHEL clients for an enterprise deployment.  

 

A couple questions:

 

1) Can you manage SAV clients via SEPM?  If not, how are SAV clients managed? How do they report?  get updates?  

 

2)  Which one of the files are deployed to the linux clients?

 

 

 

Comments 9 CommentsJump to latest comment

Avkash K's picture

Hi,

 

This article will clear all your doubts..

Management of Symantec AntiVirus (SAV) for Linux:

http://www.symantec.com/docs/TECH102587

 

Best practice to install Symantec Antivirus for Linux:

http://www.symantec.com/docs/TECH150596

 

Hope this helps you!!

Regards,

Avkash K

Idimple's picture

hello ,

please check out beloe link

 

https://www-secure.symantec.com/connect/forums/linux-server-0

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)
pete_4u2002's picture

1) Can you manage SAV clients via SEPM?  If not, how are SAV clients managed? How do they report?  get updates?  

No, SAV clients cannot be managed by SEPM. THey will be updated using the configuration in SSC console. Note that SAV is EOSL from July 4 2012. You should be migrating them to SEP.

 

2)  Which one of the files are deployed to the linux clients?

 

Under RPM folder you will be seeing install packages, under doc folder there is install guide for linux, please go through it for install.

SameerU's picture

SAV linux clients can be updated by configuring Liveudpate Administrator

RPM packages can be installed for linux clients

Regards

Mick2009's picture

The above advice is accurate. 

One additional piece of infromation that may be of interest: though SAV For Linux clients cannot be managed by a SEPM, several of their logs can be forwarded to the SEPM and included in the SEPM's reports/notifications/alerts...

Symantec AntiVirus for Linux (SAVFL) Reporter 1.0.10 Release Notes
Article: DOC3474   |  Created: 2010-12-15   |  Updated: 2011-11-01   | 
Article URL http://www.symantec.com/docs/DOC3474

Hope this helps! &: )

Please do update the thread with any additional questions, or mark this thread as "solved" for the benefit of future admins with the same question.
 

With thanks and best regards,

Mick

JRS17's picture

As I understand it:

Only way to manage SAV clients is via LiveUpdate Administrator 2.1 however, the following Symantec article provides a solution for using LiveUpdate and incidcates the following:

http://www.symantec.com/business/support/index?page=content&id=TECH154896

 

"Solution

 There are circumstances in which the use of LUA is recommended by Symantec Technical Support.

  • When a mixture of Symantec products are in use. For example: Symantec Endpoint Protection (SEP), legacy Symantec AntiVirus (SAV) clients that are not yet migrated to SEP, several Symantec Mail Security for Microsoft Exchange (SMSMSE) and Symantec Scan Engine (SSE) servers."
     

Where it says SAV clients that are not migrated to SEP - what does that mean?  Does SEP now support Linux (namely RHEL)?

 

Also, is it true that SAV is end of life in July?  What will replace it?  This is just before our go-live date, so I am wondering if it is even worth to install.

Mick2009's picture

Hi JRS,

SAV 10.1 is the product that will be reaching its end of life in July.  Here is an article with more information:

End of life announcement for Symantec AntiVirus Corporate Edition and Symantec Client Security
Article: TECH178551   |  Created: 2012-01-09   |  Updated: 2012-02-17   | 
Article URL http://www.symantec.com/docs/TECH178551 
 

"SAV for Linux" (SAVFL) is a completely different product, designed to protect Linux boxes.  It shipped with SAV 10 and also ships with the current endpoint ptoduct, Symantec Endpoint Protection (SEP).  SAVFL is not going to reach its End of Life this year.  SAVFL will continue to be shipped with SEP for the foreseeable future.

One clarification: SAVFL machines can be updated via an in-house LUA 2.x server, but LUA servers cannot manage them.  (LUA servers just provide LiveUpdate content) 

Hope this helps! &: )

With thanks and best regards,

Mick

JRS17's picture

Mick2009,

This very much helps.  But one last question.  Since there is nothing that can managed SAV clients,   LU administrator will provide contents udpates, but I will need to configure scan scheduling, etc. individually on every Linux agent?

 

Vikram Kumar-SAV to SEP's picture

Hi,

SAVFL (SAv for Linux)  -

Reports and Logs-- Can be forwarded toSEPM 12.1 but not to SEPM 11.x

Or else you can configure a  Central Syslog and all SAVFL clients can fowards theirlogs to Syslog.

Virus Definition Updates --either configure all machines to directly connect to the internet and download the definitions or if you want Central Liveupdate server which can download Virus Definitions from Internet and distribute it to your SAVFL clients use LU Admin it does just that..

Centrally Managing Policies--

Now this is the most important however the most tricky one because you cannot centrally manage the policies/Settings for SAVFL.

SAVFL clients store all these policies/settings in a file called GRC.DAT

Make the changes on 1 machine after the changes are applied copy the GRC.DAT file 

Write a script and deploy the GRC.DAT file to all the clients where you want to change the policy.

you can use ConfigEd tool check this doc:

http://www.symantec.com/docs/TECH102587

 

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

SOLUTION