Embed Size (px)
DESCRIPTION
Citation preview
Agenda History SAV versions Cornell Customizations Common Problems Recommended Upgrade Procedure Technical Support The Future of Symantec at Cornell
Common Abbreviations/Terms SAV – Symantec Antivirus SCF – Symantec Client Firewall SCS – Symantec Client Security
Combination of first two products Platinum Support – Symantec provided support
for all licensed products
History of Symantec at Cornell Prior to 1997: Disinfectant for Mac and F-Prot
for DOS 1997 – Keith Boncek arranges volume
purchase of Symantec Licenses 1998 – CIT Software Acquisition Program takes
over management of bulk purchase 1999 – Campus Store takes over management
of bulk purchase
History of Symantec at Cornell 2000 – CIT funds campus wide license. 10,000
staff & faculty licenses with student usage free One year license given to us with purchase of one
year maintenance agreement Additional year paid for in advance
2003 – CIT negotiates 3 year license and includes SCF (Now known as SCS)
2007 – License up for renewal
Symantec Licensing Terms Staff, and faculty may install the SCS client on
any office or home machine Students may install the SCS client on their
personal machine Students and employees leaving Cornell must
uninstall software
Symantec Licensing Terms Departments may install the Symantec
server/Administrative tools on as many machines as they like
Standalone client for Windows Server OS not covered in current license
The Symantec “Mindset” Symantec develops SAV/SCS for the Corporate
(AKA Managed) environment LiveUpdate only updates definitions and rule
sets Labor intensive to update standalone clients
Difficult to customize client for standalone operation
SAV/SCS Current Version 10.1/3.1 MR5
Point Patch 1 released 11/07/2006 Maintenance Patch 1 released sometime after
Patches focus on managed client issues Install patches in order of release Supported OS: Windows XP, Windows Vista,
Mac OS 10.3+
64 bit SAV Used for 64 bit Windows XP installations No firewall Included in departmental distribution Standalone installer not published to avoid user
confusion 64 bit Vista client recently released
Vista Support 32 bit version of SAV available for download No firewall currently available Current rumor is full Vista support with 10.2, at
the end of June
SAV for the Macintosh Current Version: 10.1.1 Works on 10.3 and later, Intel/Mac also Quick Menu & AutoProtect control not installed
Moved to separate installer Available at CIT Antivirus Page
Where is SAV/SCS Available? Standalone clients available via:
Bear Access CIT Antivirus page
http://www.cit.cornell.edu/software/downloads/antivirus Full distribution
Distribution page linked off above page Note: Must be in appropriate permit to download Updated on regular basis Current version only
Bear Access Changes to SAV/SCS SAV config changes
LiveUpdate runs from 10am-12pm every day Eudora .mbx files are excluded
Firewall modifications P-Rules added for most common applications used
on Cornell campus (Eg: CUTV)
SAV/SCS Limitations OS and applications must be up to date for best
effectiveness Good at detecting known viruses; no protection
on suspected bad behavior Works well in a layered security model Current trojans and viruses will disable SAV
silently
Common Problems Subscription Expired
Mixed Corporate Edition with Personal Edition Must uninstall & delete anything remotely Symantec
Managed client is not talking to server Insure that firewall has rule allowing server to
initiate connection Windows file sharing is used to transfer “push”
updates. Firewall has to be open port 445
Common Problems SAV/SCS not updating definitions or rules
Machine infected? Experience has shown multiple causes beyond
above, all stubborn Usually ends up being a uninstall, SAV registry
cleaning, and reinstall SAV is deleting email
Symantec AV and Email Affects POP users only Entire mailboxes get removed when a single
email has a virus Workaround for Eudora: Exclude .mbx files Workaround for Thunderbird: Exclude profile in
D&S\Application Data\Thunderbird\Profiles
“Upgrading” SAV/SCS Experience has shown that relying on
Symantec installer to upgrade is dangerous Safest course for clients:
Uninstall Reboot Delete all Symantec directories Reinstall
Note: Firewall rules will survive an uninstall Follow Symantec clean up doc for details
“Upgrading” SAV/SCS Safest course for upgrading server
Install latest version on new machine Join new install to group as a child server Promote new install to parent Remove old server from group Uninstall, delete, reinstall new version on old server
Virus Breaches SAV - Recourse? Current viruses excel at hiding against SAV &
other antivirus/anti-spyware software If malware gets past defenses, little recourse
but to reformat & reinstall Removal sometimes cripples machine Antivirus software poor at removing latest malware
completely
New Virus? Report Procedure IT Security Office handles contacting Symantec
in reporting potential new viruses Must meet following criteria:
Significant impact on campus Not covered in Symantec index of threats covered
by current virus definitions Other tools unable to identify malware as a known
threat
Technical Support for SAV/SCS Client Support
Front line: CIT Contact Center Referred to back-line when unable to answer If problem can't be resolved over the phone, the
user can bring in machine on case by case basis
Technical Support for SAV/SCS Department Support
Try net-admin mailing list Emergency or above doesn't help, contact Lee
Brink for Platinum Support Before call is made to Symantec be sure that:
A phone is near console of affected machine You are at the current version and patch level
Departments may also buy their own contract
The Future of Symantec @ CU Cost of campus license has skyrockted Switching vendors an option, but
Large cost in switching campus Benefits must outweigh current costs Would require major effort at significant expense
All options being weighed by IT Security Office
Your Thoughts Symantec not meeting your needs? CIT distribution and support need change? Time to consider switching to another vendor?
