Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Symantec antivirus corp. edition 10.2 on Exchange 2007

Status
Not open for further replies.
Yorkshireman2

Yorkshireman2

Programmer
Jan 21, 2005
154
0
0
CA
I am new to this so please make allowances.

Following an IT disaster in September when our primary DC with everything on it died, we now have a single domain controller (Win2k3 64-bit) on which I have installed Exchange 2007. This is not on-line yet; it can send mail out if a client selects the Exchange account, but all incoming mail is being blocked/forwarded by the main router to a temporary external web-mail server from which it comes into our mail clients, which all have internet mail accounts set up.

I then updated the old Symantec managed clients on this server and on all workstations to the new 10.2 unmanaged client. (The old managed clients were tied to our old, dead server which used to be the primary DC, exchange 2k server and Symantec antivirus server, so I couldn't do anything with them)
On the new server, I installed the Symantec antivirus corporate edition 10.2 client-only, because Symantec told me the SAV server software will not work on 64-bit servers!

Before going online and allowing incoming mail I want to know if our exchange server is now being protected by the Symantec antivirus client.


I read about the Exchange 2007 antispam option and found out how to install it, so I did this. However, I really don't know if the Exchange is being protected by the Symantec Antivirus client on this server.

I have now just read a Symantec article
...which states that "Before you begin: Symantec AntiVirus 10.1 and Symantec Client Security 3.1 do not create exclusions for Microsoft Exchange 2007.
For a list of recommended exclusions for Exchange 2007, read the Microsoft TechNet article File-Level Antivirus Scanning on Exchange 2007.”

I am rather worried and totally confused now, so can someone tell me:
1. Is the SAV corp edition 10.2 client already protecting the exchange server? Or is it not protecting it at all?

2. Do I have to follow the Symantec article advice in the above link and manually do this on our exchange 2007 before going online?
3. If so, how?

Help appreciated. :)




Yorkshireman2
 
Sort by date Sort by votes
On the new server, I installed the Symantec antivirus corporate edition 10.2 client-only, because Symantec told me the SAV server software will not work on 64-bit servers!"

That may be true for 10.x, but all I have are 64-bit servers here running SEP 11 - the only thing that doesn't work is the central quarantine server.

The 10.2 is not protecting the Exchange server at all (short of scanning folders.) You need the Exchange Symantec service to protect the mailboxes.

I'd strongly advise migrating to SEP 11 MR5 now if you can.
 
Upvote 0 Downvote
Microsoft strongly advises against having your Exchange Server running on a DC.

That said, you must exclude the files mentioned in this Microsoft TechNet article from being scanned. Failing to do so could result in a severe failure of Exchange.

Hope this helps.

Please help us help you. Read Tek-Tips posting polices before posting.
 
Upvote 0 Downvote
Microsoft strongly advises against having your Exchange Server running on a DC."
Well, maybe, but when it's the only server available there is no choice. We used to have an SBS 2000 server with exchange 2000 bundled with it and that was designed to run on one server for small businesses. Strange that now Microsoft advises against running on one server-- small businesses like ours still only have one main server to run everything.

That sbs 2000 server I mentioned was our primary DC and it died on September 11th, taking everything with it.
It used to have Symantec antivirus and antispam protecting Exchange although I have no idea how it was configured. Now that we only have the 64 bit server (promoted to primary DC) the only version of exchange we could buy was 2007 but now we find Symantec cannot get its product to run on a 64 bit server. Great!

We just spent a large amount (for us) on buying exchange 2007- we are a small business so we can't afford to keep buying more software like SEP 11--there's no end to it. We'll have to find an economical solution.

Your replies have generated some questions so I'll try talking to Symantec first to see if they can offer a solution/suggestion.

Thanks to danomac and cmeagan656 though.


Yorkshireman2
 
Upvote 0 Downvote
Just a thought - if you renew your licenses yearly from Symantec (which you should for updates, etc...) you could be entitled to an upgrade.

If you don't subscribe yearly, the AV protecting Exchange would stop working when it runs out.

It may be as simple as downloading the ISOs from FileConnect and planning a migration. If you have file-push set up it should be relatively easy going from 10.2 -> 11.

Be aware that there is a separate product for protecting Exchange. The standard client-only package protects files stored locally on the server - it doesn't actually protect the mailboxes without the separate package.

I'm sure Symantec will be able to clear it up.
 
Upvote 0 Downvote
Thanks for the tip danomac - I rang them .
(of course it took hours while I was connected across the world and gave all my details again and it required a conference with another Sym. person even further away(Mars? the phone line sure sounded like it).
First I found that I need Mail Protection-(as you said)-then their licence contact told me that our deceased IT guy had purchased a product called 'Multi Tier Protection" with support until mid-next year. This apparently includes antivirus, mail protection and anti spam.

Great!...but how to get it? It took another days calling to find out how to use their licence portal and register, then enter the serial# to get a licence file.
Now I finally reached the download page but I cannot identify which download(s) I need- the filenames don't sound like what I need.

I will ring them again tomorrow and get help on what to download.

Because I didn't know we had this, I installed the Microsoft Exchange 2007 antispam feature. Now I'm wondering- because the old server had the Symantec antispam and mail protection running together, maybe its a better system and integrates better (since Symantec's mail protection will be running too).

Q
Anyone know if I can leave Microsoft's antispam running as well, or if I should just uninstall it and use Symantec's products together?

If I understand it correctly, it sounds like the mail protection should run safely after installing; same with antispam. However, I believe it's the antivirus client I have on the server already which needs the exclusions setting up to prevent the server being damaged.
(Unless I have it wrong and it's the mail protection).
Anyway I wil ask Symantec to clarify this if I get someone who knows what they are talking about.





Yorkshireman2
 
Upvote 0 Downvote
By the way, when you said 'file push' I assume this refers to using the Symantec server to update clients? I'm not familiar with all of this yet.
Presumably, if Symantec has another type of Antivirus server product that runs on 64 bit then I can use that to convert the unmanaged clients to managed and update them like that.
If they don't, then I will have to wait until I get this running and then get the old 32-bit server rebuilt to take on a useful role (like running the Symantec server software):)


Yorkshireman2
 
Upvote 0 Downvote
I'm 99.99% certain that Multi-Tier protection comes with upgrades, so you should be able to get them off of fileconnect. You will need your Maintenance Agreement Serial Number - log on to fileconnect and browse around.

I don't know what language you are using, but in English, these are the files you want:

Symantec_Endpoint_Protection_11.0.5_AllWin_EN_CD1.zip
Symantec_Endpoint_Protection_11.0.5_AllWin_EN_CD2.zip
Information_Foundation_Mail_Security_For_MSE_6.0.9.286_AllWin_EN.exe

(The last one is the Exchange mailbox protector. You'll need to install the license file that came with the certificate for this to work. Oh, the .5 means Maintenance Release 5, or MR5 as I mentioned in my earlier posts.)

The first two are the antivirus CD ISOs. Download them and run the setup on the first disk. It will give you a choice to install the management console (this goes on the server.) You can also install unmanaged clients with this CD. If you have a lot of workstations it's far more convenient to use the managed tools.

Once the managed tool is installed and running on the server (uh, be aware that if you use Backup Exec and the management console on the same server you will need patches to make sure that Backup Exec doesn't hang while loading) you need to create "client install sets" which is basically a predefined software source with central settings. It will create a MSI that you can push to the clients to upgrade.

Yes, by file push I meant centrally upgrading software on the clients. As long as WMI is working on the workstations, you should be able to browse for unmanaged clients and convert them from the server.

There's a ton of documents on Symantec's site to assist with upgrading/deploying, I suggest you read some of them - there's so much to cover that it's nearly impossible to cover it all in this thread. ;-)

Once you get all the settings you want on the clients and create the install packages you can either run them remotely or locally visit each machine and install the package.

Exchange's AV setup is slightly different, you can set up all sorts of rules - including the spam protection. After that, make sure the license file is installed.

I currently use three different spam filters, Symantec's, Xwall and Exchange. The two latter ones actually deposit messages in Exchange's Junk Mail folders to let the users sort the mess out. Less maintenance for me!

D
 
Upvote 0 Downvote
Really good info danomac- That's the great thing about this forum --it's read by people who DO know what they are talking about.

Thank you v. much. I'll move on this tomorrow.

Yorkshireman2
 
Upvote 0 Downvote
Also, don't forget what cmeagan656 mentioned - make sure that those directories are not scanned by the AV software. SEP 11 should put those exclusions in automatically, but I'd check to make sure they're actually there.

You've got a bit of initial work ahead of you, but after that the system is more or less automated. Good luck!

D
 
Upvote 0 Downvote
Your advice was spot on- I installed Symantec Endpoint Manager and the 64 bit client on the server and I have started deploying the client install packages to workststations. That is a nice feature! I also installed mail security.

The Symantec fellow said the exclusions are already done, although I'm not sure how to check.
AFTER I had installed it, he mentioned that I should probably have a separate group for the server and disable "threat scan" and "network scan" on the server. Again, not sure how to check this.

I have deployed the client to quite a few workstations so far but a few have problems.
One said it deployed ok but the manager won't communicate with it(won't see it in the client list). This client workstation had a yellow dot on it and now has a red mark on it.

Another station- I can't even communicate with it to deploy; when I try to add it to the wizard list it takes a long time trying to communicate and then returns an error about 'No network provider' and 'network path not being found'.
I see on the internet that windows firewall should be turned off and many more inconvenient and unsafe things.
Yet many of the remote deploymets I have made so far are to computers with firewall turned ON and other things set as default.
So I don't understand the difference.

Already I had to turn the windows firewall on the server OFF, on Symantec's advice, so I could install the Sym,antec software. This seems counterintuitive for safety, to leave the firewall off.


A single Vista PC -- the wizard said it had deployed ok but it did not install. I tried running the package from the temp directory on that machine a few times today but it rolls back at the end, saying anothe rinstall was still in progress and i must reboot to finish then try again. I did that 4 times and it still said that.


I also wonder about the old antivirus corp 10 clients. Symantec said the new client installs would overwrite these but I wonder- does Live update need removing?
I thought the manager/server does the updates and sends them out- so why does each client need Live update on them?

Maybe the presence of live Update on each client is causing a problem on some computers?




Yorkshireman2
 
Upvote 0 Downvote
Sorry, I've been tied up cursing at an ISP of ours. I'll have it sorted by tomorrow hopefully and I can answer some questions in detail.
 
Upvote 0 Downvote
Hi,
Ok I spent hours and hours on the phone with Symantec-luckily got a good rep. The Vista pc is now running the client and the the other two desktops are running now. One in particular took most of the time- the rep had to try everything in the book and then throw the book out, but he got it in the end.

The final step in one desktop which would not communicate with the Symantec server seemed to validate the rep's theory that the old, dead domain controller/Symantec antivirus server had somehow set the internet connection properties to only work through that server and the settings were made by the SYSTEM account so we couldn't see them or change the setting that was causing the problem.
The rep used the task scheduler to issue a task from the SYSTEM account to reset the internet connection properties to default- bingo it worked.

I wish I had understood more of what he was doing, even though he tried to explain it as he went.


I found out that the Windows Firewall must be turned off when using Symantec Endpoint Network Threat Protection, because a) the Symantec software will sometimes not install properly with it on (especially to Vista PCs), and b) the Symantec Network Threat protection does the same job as the windows firewall anyway, so running two firewalls would slow the PC down.




Yorkshireman2
 
Upvote 0 Downvote
Oh. One other thing-
I checked the client running on the server and it shows only the Antivirus and Spyware feature, while the workstation client installs shows all three Symantec Endpoint features, so It seems my server client is set correctly (I hope).

The tape backups (Backup Exec 11d) have worked normally (completed with exceptions, as usual), for two weeks continuously, so that seems stable with the new software.

The Mail security and antispam software haven't shut down the server yet, so it seems a good sign.

We are going to allow incoming mail to the new mail server on Monday (I'll keep my eyes closed!)


Yorkshireman2
 
Upvote 0 Downvote
Sounds like you've got everything working. No news is good news!
 
Upvote 0 Downvote
Thanks Danomac,

Today (15th) is my wedding anniversary! No complaints today and our new mail server/primary DC/etc. has been working for over 24 hours. Phew! (The backup exec worked last night too)
Case closed, I hope. :-D

(Now, if we could just get a second server up running as a secondary DC and even get a full duplicate of this one as a failover it would feel much more comfortable!)

Yorkshireman2
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
DKIM for Exchange 2019
Replies
1
Views
82
DrB0b
DrB0b
Henry Pence
  • Locked
  • Question
Is Norton Antivirus Necessary?
Replies
2
Views
64
Henry Pence
Henry Pence
Olumighty
  • Locked
  • Question
BIOS PASSWORD WIPE OR CLEAR ON COMPUTER LAPTOP 1
Replies
1
Views
57
SamBones
SamBones
Sentrif
  • Locked
  • Question
New laptop win7, antivirus needed 2
2
Replies
21
Views
153
goombawaho
goombawaho
Tiffc0922
  • Locked
  • Question
Virus / Malware Scans on Local PCs
Replies
5
Views
72
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top