Archive for October, 2007

10.31.07

Symantec Endpoint Security 11 Kickstart Part 2 of 2 Configuration

Posted in OS at 3:53 pm by webmaster

NOTE This is work in progress .  Use at your own risk.  I have abandoned evalauating this product because the server memory requirements are too hight for the market I server (Small and Medium sized businesses. 

We have Symantec Endpoint Proteaction Manager installed and have installed the server as an unmanaged client. 

We will now create a 32 bit client install package using the SEP Manager that will include the Antivirus, Antispyware (with Outlook email scanning) .

  1. Create new client group and add Client Feature Set
    1. Clients
    2. Right Mouse Click on Global –> Add Group 
      1. Workstations
      2. General Workstations
  2. Associate client group with default Antivirus/Antispyware group
    1. Highlight Workstations group and select Install Packages
    2. Tasks –> Add Client Install Package
      1. Package –> Select 32 bit client
      2. Features –> Select Only Antivirus and Antispyware
    3. OK
  3. Export Client Install Package
  4. Configure Policies
    1. Client
      1. Exclusion List pst files
      2. Scheduled Scan
      3. LiveUpdate settings
      4. Disable network scanning
      5. Enable email scanning
      6. Lockdown
    2. Server
      1. Exclusion List
      2. Configure Scheduled Scan
      3. LiveUpdate settings (once a day)
      4. Disable network scanning
      5. disable email
  5. Points to ponder
    1. Software minor releases will be released through live update.  There are mechanisms to control thse but it looks to me like updates are enabled by default.
    2. Liveupdate happens by default every 4 hours
    3. Proactive Threat Protection includes as part of it Symantec’s

10.30.07

Symantec Endpoint Security 11 Kickstart Part 1 of 2 Installation

Posted in OS at 12:06 am by webmaster

Symantec has upgraded its popular Small and Mid sized Antivirus offering renaming it Symantec Antivirus Corporate Edittion to Symantec Endpoint Security.  The name is not the only thing that changed:

  • The server component requires a lot more resources, as it now has database built into the program (2 G of RAM is recommended on the server). 
  • The client componet was totally rewritten and is now a lot more effeceint and consumes less resources. 
  • Client deployment from the server also has a major change.  Deployment is now handled through IIS. 
  • Client components are customizabale (policies).  The Client components policies MUST be customized before deployment in our environments or share access will be blocked.
    I would also recommend disabling the firewall even though there are more features than the winxpsp2 firewall.
  • USB blocking and other devices can be blocked.  Interesting feature, I hope to try it soon.
  • Dot releases will be available via LiveUpdate in the near future – WooHoo lets hope thare is some control.
  • For any client workstation upgrades, I would recommend using SCSCleanWipe from Symantec to first uninstall the current client on any workstation and then perform a fresh install. 
  • Symantec System Center upgrades from Sav 10.x.x appear to require lots of hand holding and configuration – This does not appear to be your typical SSC upgrade.  If there is not a lot of customization or a lot of clients a fresh install may be the way to go.   (I should be posting on a upgrade in the near future as I have a lot of existing systems on SAV 10.x.)

Consult this FAQ for more in depth information. 

Installation

Here is a list of all the documentation available for Endpoint Security.  I followed the installation guide on a new Windows Server 2003 system, those steps are included below.  (The Symantec documentation is not clear which setup.exe to run)

  1. Add IIS using Add Remove Programs
    1. Start –> Control Panel Add or Remove Programs
    2. Add or Remove Windows Components
    3. Double-Click Application Server
    4. Select Internet Information Services (IIS)
    5. ok
    6. next
    7. finish
  2. Restart the server
  3. obtain your serial number and download CD1 from Symantec
  4. located on the CD I downloaded was the following information
    SEP Build 11.0.780.1008
    CMC/SNAC Build 11.0.780.980
    SESM Build 11.0.780.942
  5. Install Symantec Endpoint Protection Mangaer (SEPM)
    1. navigate to SEPM
    2. Double Click setup.exe
    3.  Next
    4. I Accept the terms of the license agreement, Next
    5. Choose install folder
    6. Use Default Website ?
    7. Install
    8. Finish
    9. WAIT FOR CONFIGURATION SCREEN TO REAPPEAR
    10. Configure Site
      1. Install My first site
      2. Next
      3. Next with the following defaults
        1. Server Name
        2. Server Port (8443)
        3. Server Data Folder
      4. Site Name is Machinename, Next
      5. EncryptionPassword
      6. Embedded database
      7. admin, AdminPassword
      8. Migration and Deployment Wizard
        1. Yes, Finish
        2. Next
        3. Deploy The Client, Next
        4. Client Group test1, Next
        5. choice1.JPG
        6. No, Just create them I will deploy them later, Finish
      9. Symantec Endpoint Protection Manager
        1. These steps will be completed in part 2 of 2 in a future post
    11. Open port 139 on client firewall (Most likely Windows XP SP2 firewall) TCP 2987 is no longer required unless you have multiple SEP servers communicating with each other.
  6. Install SEP software  on server
    1. Setup.exe on root of cd download
    2. Install Symantec Endpoint Protection
    3. Next
    4. I Accept the terms of the license agreement, Next
    5. Typical, next (Can select scanner etc.)
    6. install
    7. Wait for install
    8. Finish
  7. Restart Windows
  8. Configure exclusions and schduled scans (Also in part 2 of 2 of a future blog post)

You now have the Symantec Endpoint Security and the Symantec Endpoint Security Manger installed on the server.  Stand by for a future post on how to configure policies and server configuration.

10.16.07

Enabling Gigabit interfaces on 3COM switches

Posted in OS at 11:38 pm by webmaster

I end up installing a 26 port 3COM switch every three months or so and I am tired of looking up the commands to enable the Gigabit interface as the switch comes with the ports disabled presumably because 3COM thinks more people will use the fiber interfaces which require daughter cards.

  1. First Set the IP Information in the switch.  To do that power the switch up in a DHCP environment, learn the IP by using a scanner like angryip (or check the DHCP log file).
  2. Telnet to the device and run the following command to enable the Gigabit interface on port 25
    1. telnet IP Address
    2. Username admin
    3. Password blank
      1. sys
        1. Interface GigabitEthernet 1/0/27
        2. Undo shutdown
        3. quit
        4. Interface GigabitEthernet 1/0/28
        5. Undo shutdown
        6. quit
    4. CTRL-Z
  3. save
  4. change passwords (admin, manager, monitor)
    1.  sys
    2. local-user admin
    3. password
    4. repeat for manager and monitor
    5. CTRL-Z
    6. save
  5. Change the IP address of the switch and subnet mask if required.  Using the web based interface may be easier.  Don’t forget to save your changes.

Your done!

10.15.07

Determine USB interface in Windows

Posted in OS at 12:50 pm by webmaster

Ever want to determine the speed of the USB controller on your motherboard in Windows?

David on the SBS newsgroup dropped this tidbit.  Simply look in device manager:

 

Device Manager is the best way to see what type USB ports you have, but
it’s not intuitive. USB 2.0 machines will have a “Standard Enhanced PCI
to USB Host Controller” plus a “Standard OpenHCD USB Host Controller”.
USB 1.1 machines only have the latter. USB 2 machines have one enhanced
USB controller and may have several standard USB controllers. Keyword
is “Enhanced”, though you may also see references to “EHCI” which
indicates a USB 2.0 controller.