Norton AntiVirus Corporate Edition (NAVCE)
Installation and Setup
The British Institute – Bandung
Last Updated November 16, 2001
By Matthew Arciniega
This document outlines a procedure for installing and configuring
NAVCE v7.5x at TBI Dipatiukur, Bandung. It can also serve as a quick
introduction for anybody who must administer the NAVCE system in the
absence of a knowledgeable SysAdmin.
Before you start installing, have a look at the NAVCE
Pre-Installation Guide from Disk 1. Then, to make sense of that, and
to see how I recommend it be applied at TBI, come back to this
document.
NAVCE Components
NAVCE consists of several components. You must understand their
basic functions and decide where you are going to install them
before you do anything.
Symantec System Center (SSC)
This is a management console snap-in for the
Microsoft Management Console, so it should be installed on a
computer running the MMC, such as Windows 2000 Pro or Server. It
allows the administrator to define server groups, establish
settings on those groups (such as frequency of updates and scans)
and manually initiate virus sweeps on those groups and on
individual computers. There are optional components that let you
remotely install the Antivirus Server or Client to Windows NT/2000
machines. The Central Quarantine Console and the Alert Management
System console (discussed below) are also part of the SSC. To
centralize administration of the network, I recommend installing
the SSC on our primary domain controller. However, installing it
to the same system as the NAVCE Server is another option.
NAVCE Server
This is used to protect the computer on which it is running, to
download program and virus definition updates using the Norton
LiveUpdate program, and to distribute the virus def files to other
machines on the network.
The NAVCE Server should reside on a computer running Windows
2000 Pro or Server. It is not necessary that the computer be
devoted exclusively to this function; it can easily double as a
workstation if needs be, and if the workstation hardware is
powerful enough. However, because of its central role, there are
advantages to having it on an admin-only machine where it can be
closely monitored and updates initiated without disturbing a
workstation user. At the very least, I don’t recommend installing
the service on a computer that supplies file services, user
authentication, or DHCP because of the potential for network
congestion. For the time being, I recommend installing the NAVCE
Server on one of the Internet servers.
Norton AntiVirus CE Desktop Client
Installed on any Windows machine, this is the engine that does the
work of virus scanning. It can be administered from the client
machine by the individual user and used to initiate manual and
scheduled scans. However, it can also be remotely administered
from the SSC—which is what we generally want at TBI. The client
can be remotely installed from the SSC to any computer running
Windows NT/2000. It can be automatically installed on Windows 9x
clients through logon scripts.
Central Quarantine
There are two components to this, a Server and a management
Console. The Quarantine Server provides a central location for
client computers to forward copies of virus-infected files for
review and submission to SARC, the Symantec AntiVirus Research
Center. You will probably not be using this feature—unless you
have a licensed copy of NAVCE. However, this component also allows
you to set policy options for what happens to files when
newly-arrived virus def files are able to clean them.
Hard disk space on this computer should be sufficient for
quarantined files (500 MB – 1 GB is probably sufficient for TBI).
The Quarantine Console is installed as part of the SSC to
establish quarantine settings and work with quarantined files. I
recommend installing Central Quarantine to the same computer as
NAVCE Server. The Quarantine Console must reside on the same
machine as the SSC.
Alert Management System (AMS)
This is an optional component of both the SSC and
NAVCE Server installations. It allows the Norton AV Server and
Quarantine components to generate status and error messages, which
can then be forwarded to the SSC computer and displayed in a
number of ways, including as pop-up windows and as System Event
messages.
LiveUpdate Administration Utility
This is an optional component that is really only useful if you
have a number of different Symantec/Norton products and want to be
able to update them all from a central location on a local file
server. At TBI it will probably never be necessary to install this
component.
Installation of Components
Installation will disrupt the network for a few minutes during
each reboot of the DC (2x) and Internet server (1x). The order of
installation is important, as some components simply will not
install unless others have been installed previously. The install
location will follow the recommendations made above.
- Install Symantec System Center (Disk 1)
Install to the primary domain controller. Note that of the three
sub-components you can choose to install, the Microsoft Management
Console (MMC) will already exist on the domain controller, and the
checkbox should be deselected. DO NOT reinstall the MMC! DO
install the other two sub-components. You’ll be asked for the name
of a default Server group. Just call it TBI Group. Reboot the
computer when the install is finished.
- Install Norton Antivirus Snap-in (Disk 2)
Install to the primary domain controller.
- Install Symantec System Center Console Add-ons (Disk 2)
Install to the primary domain controller. Reboot the computer.
- (Optional) Install LiveUpdate Administration Utility (Disk 1)
Install this to a file server if you want to set up a Central
LiveUpdate. Again, at TBI this component will probably never need
to be installed, as we can use a simpler and more direct means of
updating our virus definition files.
- Install the Quarantine Console Snap-in (Disk 1)
Install to the primary domain controller.
- Install Central Quarantine Locally (Disk 1)
Install to the Internet server that will also host the NAVCE
Server component.
- Install Norton Antivirus to Servers
Install to the Internet server where you previously installed
Central Quarantine. Reboot the computer. You should now see the
NAVCE shield icon in the System Tray.
Configuration of Components
You’re now ready to configure NAVCE and get familiar with the
components. Start by opening Norton AntiVirus Corporate Edition
on the NAVCE Server machine (the Internet server, if you’ve followed
the above recommendations). You’ll have to provide the default
Server Group password, which is “symantec”. Click on the
Configure node in the tree on the left. Have a look at the
available options, but you probably won’t need to change the default
settings. Go back to the root node and click the LiveUpdate
button to run LiveUpdate and update your virus definition files.
When that’s finished, click on the Scan node, click Scan
Computer, check the My Computer box, and click the
Scan button to run a full system scan.
No go to your primary DC and open the Symantec System Center
Console. Expand all the nodes under the Symantec System
Center node. You’ll be asked for the default password (“symantec”)
to unlock the TBI server group. Right-click on TBI Group and
select Configure Server Group Password. Enter a new password,
if the default is not to your liking. After that, right-click on
System Hierarchy, select Properties, and uncheck the
Lock all server groups when exiting console box. We won’t have a
need for such security precautions as long as the SSC is on a domain
controller accessible only by SysAdmins.
In the SSC console, under Symantec System Center/System
Hierarchy/TBI Group, you should see an icon for the NAVCE server. If
you don’t, you’ll need to run a “network discovery”. Look for the
Tools menu in the SSC console, and select Discovery Service.
Click the Run Discovery Now button. While you’re there, set
the Discovery Interval to 1440 minutes (the maximum). This
will reduce network traffic, since our network rarely changes, and
once our server has been discovered the information is cached for
subsequent use.
Once you can see the NAVCE Server, you can start installing
clients. However, it’s best to tweak some administrative settings
before you do that, so as to avoid extra reboots for your clients.
Set Administrator Only Options
In the SSC console, right-click the server icon. Select All
Tasks/Norton AntiVirus/Client Administrator Only Options. I
recommend checking all boxes except Display message when
definitions are outdated. There is no real need for this, since a
SysAdmin can see immediately from the SSC which clients are using
outdated definitions and which are current.
Set Realtime Protection Options
Now right-click the server icon again. This time, select All
Tasks/Norton AntiVirus/Client Realtime Protection Options. You can
accept the default protection settings, but click all the padlock
icons so that workstation users cannot change your system-wide
settings. In Drive Types, you may want to clear the Network
checkbox.
Configure Virus Definition Manager
This is a crucial area. Right-click the NAVCE Server name in the
SSC console. Select All Tasks/Norton AntiVirus/Virus Definition
Manager. Notice that there are two parts to this window. The top
half is for configuring NAVCE servers, while the bottom half is
for configuring clients.
In the server section, select Update the Primary Server of
this Server Group only, and click Configure. Notice the
Update Now button; this is another way to update your virus
definitions. Click the box that says Schedule for Automatic
Updates if it’s not already checked. The default update interval
is one week, which should be fine. You might want to change the day
and hour, though. Click OK until you’re back to the Virus Definition
Manager main window.
In the client section, check Update Virus Definitions from
Parent Server. Uncheck Schedule client for automatic updates
using LiveUpdate. Check Do not allow clients to launch
LiveUpdate. Click the Settings button and enter the update check
interval. Once per day (1440 minutes) should be enough. Click OK
until you’re back to the SSC console.
Configure Central Quarantine and
set Quarantine Options
From the SSC console, right-click Symantec
Central Quarantine and select Attach to Server. Enter
the NetBIOS name of the Quarantine Server in the first blank (the
same computer as the NAVCE Server, if you’ve followed my
recommendations). Click OK.
Right-click Symantec Central Quarantine again and select
Properties. In the Protocols section, check
Listen on IP, and enter a port number of 1500 (or another
number over 1025 if port 1500 is being used for other purposes on
the network). Click OK.
Now right-click the TBI group folder and select All
Tasks/Norton AntiVirus/Quarantine Options. Check Enable
Quarantine or Scan and Deliver and select Allow Forwarding
to Quarantine Server. Enter the Quarantine Server name, the
port number (1500) and select IP as the Protocol. Now select your
policy choice for what happens When new virus definitions arrive.
I recommend Repair silently without restoring. This gives the
SysAdmin a chance to review the file to determine if it really
warrants restoration. Click OK, and you’re done.
Schedule a Server Group Scan
Right-click the TBI group folder and select All
Tasks/Norton AntiVirus/Scheduled Scans. Click New. Set the
frequency of network-wide scans (at least once a week). Before you
click OK, click Scan Settings, then Options. Set the
CPU Utilization checkbox, and move the slider a notch or
two to the left. This will insure the system doesn’t become too
sluggish if the scan is run during normal usage hours. Naturally,
if you intend to run these scans during off-hours, you can set the
CPU utilization higher, and the scan will complete more quickly.
Click OK until you’re back to the console.
Installing Clients
For NT/2000 machines, select NT Client Install from the Tools
menu and follow the directions to remotely install the NAVCE client
simultaneously on all computers. You may have to reboot those
computers before the NAVCE service can start.
For Win9x machines, copy Disk 2 of the NAVCE installation set to
a network share, then run the cdstart application from
each Win9x client. Choose to install the NAVCE client locally. When
asked, specify that you want to use a “managed” client, and select
an NAVCE server. You’ll have to reboot these clients before the
NAVCE service starts.
Note: It is also possible to automate the installation with logon
scripts, but this only works if an NT domain is up and running. The
procedure is not covered here, but I’ve attached a Symantec
KnowledgeBase article that explains how to do it.
That’s all there is to it. In less than 15 minutes all your
clients should appear in the SSC when you click on the server name.
And pretty soon the server will push the new virus definition files
onto your clients. When you see in your SSC console that this is the
case, it would be a good idea to run a virus sweep to make sure the
network is starting out clean. Obviously, if the network still
contains many slower machines, then off-hours would be best for
this. To run the sweep, right-click on the server name and select
All Tasks/Norton AntiVirus/Start Virus Sweep. There is no need to
change the default parameters.
For further information, such as how to configure the very useful
Alert Management System, refer to the product documentation.
A final note of caution: what you do in the SSC can affect the
virus-detecting capabilities of your entire network. Make sure you
know what a setting does before you start tweaking.
END OF DOCUMENT |