Endpoint Protection

Hi,

I installed symantec antivirus in redhat linux client,  but it is not connecting with management server, can anyone help me on this.

[root@Acacia ~]# ls
anaconda-ks.cfg  InformeTiempoAlzamientoDetalle.xls  install.log.syslog       sav-1.0.14-13.i386.rpm     savreporter-1.0.14-13.noarch.rpm
cvelasquez       Instalacion                         mastaba_apache_20120126  savap-1.0.14-13.i386.rpm   savui-1.0.14-13.i386.rpm
Desktop          install.log                         rstatd-3.03-1.i386.rpm   savjlu-1.0.14-13.i386.rpm  sinacofi-util.jar.resp
[root@Acacia ~]# rpm -Uhv sav-1.0.14-13.i386.rpm
Preparing...                ########################################### [100%]
   1:sav                    ########################################### [100%]
[root@Acacia ~]# rpm -Uhv savap-1.0.14-13.i386.rpm
Preparing...                ########################################### [100%]
   1:savap                  ########################################### [100%]
[root@Acacia ~]# rpm -Uhv savjlu-1.0.14-13.i386.rpm
Preparing...                ########################################### [100%]
   1:savjlu                 ########################################### [100%]
[root@Acacia ~]# rpm -Uhv savui-1.0.14-13.i386.rpm
Preparing...                ########################################### [100%]
   1:savui                  ########################################### [100%]
[root@Acacia ~]# rpm -Uhv savreporter-1.0.14-13.noarch.rpm
Preparing...                ########################################### [100%]
   1:savreporter            ########################################### [100%]
[root@Acacia ~]# pwd
/root
[root@Acacia ~]# cd ..
[root@Acacia /]# cd etc
[root@Acacia etc]# cat reporterd.ini
; reporterd.ini - the configuration file for reporterd
; For more help information, please see the reporterd.ini(5) man page.
[Reporting]
; Report Server URL
ReportServerURL=http://serverip:8014/Reporting
; File upload size limit 'FileSizeLimit' MB.
; Value range: 1 - 10
FileSizeLimit=2
; Minimal free disk space ('MinDiskSize' MB) is required.
; Value range: 30 - 2048
MinDiskSize=100
; The RunNowPeriod specifies the number of minutes to run in Run Now mode.
; Value range: 1 - 525600
RunNowPeriod=5
; Server group name
; The server group name string cannot include special characters, such as the comma(,) or single quotes('').
ServerGroup=Symantec AntiVirus for Linux
; Character encoding
; The default blank value means to use the current operating system character encoding as the program character encoding.
; Note: You should typically leave this parameter's value blank, unless you want to override the default.
Encoding=
[Inventory]
; Delete logs after 'DeleteLogDays' days.
; Value range: 1 - 365
DeleteLogDays=7
; Scan inventory every 'Frequency' minutes.
; Value range: 1 - 525600
Frequency=1440
; Enable tracing.
; Value range: 1 -> yes, 0 -> no
Debug=0
[LogSender]
; Aggregate redundant events every 'AggregationPeriod' minutes.
; Value range: 0 - 60
AggregationPeriod=5
; Delete logs after 'DeleteLogDays' days.
; Value range: 1 - 365
DeleteLogDays=7
; Process logs every 'Frequency' minutes.
; Value range: 1 - 525600
Frequency=5
; Enable tracing.
; Value range: 1 -> yes, 0 -> no
Debug=0
[root@Acacia etc]# vi reporterd.ini
[root@Acacia etc]# cat reporterd.ini
; reporterd.ini - the configuration file for reporterd
; For more help information, please see the reporterd.ini(5) man page.
[Reporting]
; Report Server URL
ReportServerURL=http://168.231.1.98:8014/Reporting
; File upload size limit 'FileSizeLimit' MB.
; Value range: 1 - 10
FileSizeLimit=2
; Minimal free disk space ('MinDiskSize' MB) is required.
; Value range: 30 - 2048
MinDiskSize=100
; The RunNowPeriod specifies the number of minutes to run in Run Now mode.
; Value range: 1 - 525600
RunNowPeriod=1
; Server group name
; The server group name string cannot include special characters, such as the comma(,) or single quotes('').
ServerGroup=Symantec AntiVirus for Linux
; Character encoding
; The default blank value means to use the current operating system character encoding as the program character encoding.
; Note: You should typically leave this parameter's value blank, unless you want to override the default.
Encoding=
[Inventory]
; Delete logs after 'DeleteLogDays' days.
; Value range: 1 - 365
DeleteLogDays=7
; Scan inventory every 'Frequency' minutes.
; Value range: 1 - 525600
Frequency=1440
; Enable tracing.
; Value range: 1 -> yes, 0 -> no
Debug=0
[LogSender]
; Aggregate redundant events every 'AggregationPeriod' minutes.
; Value range: 0 - 60
AggregationPeriod=5
; Delete logs after 'DeleteLogDays' days.
; Value range: 1 - 365
DeleteLogDays=7
; Process logs every 'Frequency' minutes.
; Value range: 1 - 525600
Frequency=5
; Enable tracing.
; Value range: 1 -> yes, 0 -> no
Debug=0
[root@Acacia etc]# pwd
/etc
[root@Acacia etc]# /init.d/reporterd runnow
bash: /init.d/reporterd: No such file or directory
[root@Acacia etc]# pwd
/etc
[root@Acacia etc]# cd ..
[root@Acacia /]# /etc/init.d/reporterd runnow
Switching to RunNow mode:                                            OK

[root@Acacia /]# /etc/init.d/reporterd runnow
Switching to RunNow mode:                                            OK

[root@Acacia /]# /etc/init.d/reporterd runnow
Switching to RunNow mode:                                            OK

[root@Acacia /]# perl -v

This is perl, v5.8.8 built for i386-linux-thread-multi

Copyright 1987-2006, Larry Wall

Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.

Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl".  If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.

[root@Acacia /]# telnet 168.231.1.98 8014
Trying 168.231.1.98...
Connected to angamos.sinacofi.corp (168.231.1.98).
Escape character is '^]'.
Connection closed by foreign host.
[root@Acacia /]#

The Linux client is not managed by the SEPM.

You can only use SAVFL reporter to send the logs to the SEPM

otherwise it cannot be managed via the SEPM

Management of Symantec AntiVirus (SAV) for Linux

Is this what you mean?

Hello,

Symantec Endpoint Protection version 11/12 does not support Linux environment. There is no SEP for Linux. There is SAV for Linux (SAVFL) which is included on the SEP disk download.

The SAVFL client cannot be managed by the SEPM, although it can report logs back to the SEPM by using SAV Reporter, which was released after SAVFL 1.0.10, but can be downloaded from the following KB article.

Similar threads:

https://www-secure.symantec.com/connect/forums/symantec-antivirus-linux-question#comment-8743941

https://www-secure.symantec.com/connect/forums/sep-11x-linux#comment-8831401

Few helpful KB's:

Symantec AntiVirus for Linux (SAVFL) Reporter 1.0.10 Release Notes 

http://www.symantec.com/docs/DOC3474

SAV for Linux Scanning Best Practices: A (Somewhat) Illustrated Guide

https://www-secure.symantec.com/connect/articles/sav-linux-scanning-best-practices-somewhat-illustrated-guide

Best practice to install Symantec Antivirus for Linux.

http://www.symantec.com/docs/TECH150596

Hi,

thanks for information, iam new to Symantec Antivirus, I installed SAV reporter and added server ip in report.ini file

[root@Acacia ~]# rpm -Uhv savreporter-1.0.14-13.noarch.rpm
Preparing...                ########################################### [100%]
   1:savreporter            ########################################### [100%]

 Report Server URL
ReportServerURL=http://168.231.1.98:8014/Reporting,

can you please guide me, what is the next step, I need to do now. because iam not able to see linux client in management console.
 

Please check this article by Symantec's Mick2009 for guidance on getting it working:

https://www-secure.symantec.com/connect/articles/sav-linux-somewhat-illustrated-guide-part-4-savfl-reporter

Thank you Brain, I can able to see linux server in SEPM.

Thanks to all

Many thanks, NBU_13!  Glad that it is working correctly for you.  &: )

A managed SEP for Linux client is currenty under development.  In the future, these Linux machines should appear in the SEPM right alongside the Windwos and Mac clients.

In the meantime, please do not forget to set the exclusions correctly on that SAVFL machine. SAV for Linux Scanning Best Practices: A (Somewhat) Illustrated Guide covers the importance of auto-protect scanning, necessary scan exclusions and how to test them.

With thanks and best regards,

Mick