Symantec at Cornell - PowerPoint PPT Presentation

1 / 27

About This Presentation

Title:

Symantec at Cornell

Description:

Platinum Support Symantec provided support for all licensed products ... 1997 Keith Boncek arranges volume purchase of Symantec Licenses ... – PowerPoint PPT presentation

Number of Views:86

Avg rating:3.0/5.0

Slides: 28

Provided by: leeb2

Category:

more less

Transcript and Presenter's Notes

Title: Symantec at Cornell

1

Symantec at Cornell
Lee Brink
CIT Systems and Operations
lcb5_at_cornell.edu
255-1834

2
Agenda

History
SAV versions
Cornell Customizations
Common Problems
Recommended Upgrade Procedure
Technical Support
The Future of Symantec at Cornell

3
Common Abbreviations/Terms

SAV Symantec Antivirus
SCF Symantec Client Firewall
SCS Symantec Client Security
Combination of first two products
Platinum Support Symantec provided support for
all licensed products

4
History of Symantec at Cornell

Prior to 1997 Disinfectant for Mac and F-Prot
for DOS
1997 Keith Boncek arranges volume purchase of
Symantec Licenses
1998 CIT Software Acquisition Program takes
over management of bulk purchase
1999 Campus Store takes over management of bulk
purchase

5
History of Symantec at Cornell

2000 CIT funds campus wide license. 10,000
staff faculty licenses with student usage free
One year license given to us with purchase of one
year maintenance agreement
Additional year paid for in advance
2003 CIT negotiates 3 year license and includes
SCF (Now known as SCS)
2007 License up for renewal

6
Symantec Licensing Terms

Staff, and faculty may install the SCS client on
any office or home machine
Students may install the SCS client on their
personal machine
Students and employees leaving Cornell must
uninstall software

7
Symantec Licensing Terms

Departments may install the Symantec
server/Administrative tools on as many machines
as they like
Standalone client for Windows Server OS not
covered in current license

8
The Symantec Mindset

Symantec develops SAV/SCS for the Corporate (AKA
Managed) environment
LiveUpdate only updates definitions and rule sets
Labor intensive to update standalone clients
Difficult to customize client for standalone
operation

9
SAV/SCS Current Version

10.1/3.1 MR5
Point Patch 1 released 11/07/2006
Maintenance Patch 1 released sometime after
Patches focus on managed client issues
Install patches in order of release
Supported OS Windows XP, Windows Vista, Mac OS
10.3

10
64 bit SAV

Used for 64 bit Windows XP installations
No firewall
Included in departmental distribution
Standalone installer not published to avoid user
confusion
64 bit Vista client recently released

11
Vista Support

32 bit version of SAV available for download
No firewall currently available
Current rumor is full Vista support with 10.2, at
the end of June

12
SAV for the Macintosh

Current Version 10.1.1
Works on 10.3 and later, Intel/Mac also
Quick Menu AutoProtect control not installed
Moved to separate installer
Available at CIT Antivirus Page

13
Where is SAV/SCS Available?

Standalone clients available via
Bear Access
CIT Antivirus page http//www.cit.cornell.edu/soft
ware/downloads/antivirus
Full distribution
Distribution page linked off above page
Note Must be in appropriate permit to download
Updated on regular basis
Current version only

14
Bear Access Changes to SAV/SCS

SAV config changes
LiveUpdate runs from 10am-12pm every day
Eudora .mbx files are excluded
Firewall modifications
P-Rules added for most common applications used
on Cornell campus (Eg CUTV)

15
SAV/SCS Limitations

OS and applications must be up to date for best
effectiveness
Good at detecting known viruses no protection on
suspected bad behavior
Works well in a layered security model
Current trojans and viruses will disable SAV
silently

16
Common Problems

Subscription Expired
Mixed Corporate Edition with Personal Edition
Must uninstall delete anything remotely
Symantec
Managed client is not talking to server
Insure that firewall has rule allowing server to
initiate connection
Windows file sharing is used to transfer push
updates. Firewall has to be open port 445

17
Common Problems

SAV/SCS not updating definitions or rules
Machine infected?
Experience has shown multiple causes beyond
above, all stubborn
Usually ends up being a uninstall, SAV registry
cleaning, and reinstall
SAV is deleting email

18
Symantec AV and Email

Affects POP users only
Entire mailboxes get removed when a single email
has a virus
Workaround for Eudora Exclude .mbx files
Workaround for Thunderbird Exclude profile in
DS\Application Data\Thunderbird\Profiles

19
Upgrading SAV/SCS

Experience has shown that relying on Symantec
installer to upgrade is dangerous
Safest course for clients
Uninstall
Reboot
Delete all Symantec directories
Reinstall
Note Firewall rules will survive an uninstall
Follow Symantec clean up doc for details

20
Upgrading SAV/SCS

Safest course for upgrading server
Install latest version on new machine
Join new install to group as a child server
Promote new install to parent
Remove old server from group
Uninstall, delete, reinstall new version on old
server

21
Virus Breaches SAV - Recourse?

Current viruses excel at hiding against SAV
other antivirus/anti-spyware software
If malware gets past defenses, little recourse
but to reformat reinstall
Removal sometimes cripples machine
Antivirus software poor at removing latest
malware completely

22
New Virus? Report Procedure

IT Security Office handles contacting Symantec in
reporting potential new viruses
Must meet following criteria
Significant impact on campus
Not covered in Symantec index of threats covered
by current virus definitions
Other tools unable to identify malware as a known
threat

23
Technical Support for SAV/SCS

Client Support
Front line CIT Contact Center
Referred to back-line when unable to answer
If problem can't be resolved over the phone, the
user can bring in machine on case by case basis

24
Technical Support for SAV/SCS