2010/2013/2016/2019 implementation guide for microsoft

Symantec ™ Protection for SharePoint ® Servers 6.0.11Implementation Guide for Microsoft SharePoint ®2010/2013/2016/2019

Symantec ™ Protection for SharePoint ® Servers 6.0.11 Implementation Guide for

Microsoft SharePoint ® 2010/2013/2016/2019

Table of Contents

Copyright Statement............................................................................................................................ 6Introducing Symantec ™ Protection for SharePoint ® Servers......................................................7

About Symantec Protection for SharePoint Servers................................................................................................... 7What's new in Symantec Protection for SharePoint Servers 6.0.11...........................................................................7Components of Symantec Protection for SharePoint Servers................................................................................... 8How Symantec Protection for SharePoint Servers Work............................................................................................ 8

About real-time scanning............................................................................................................................................ 8How caching works on the SharePoint server.................................................................................................... 9What happens when a file is uploaded...............................................................................................................9What happens when a file is downloaded.......................................................................................................... 9

About scheduled scanning and manual scanning......................................................................................................9Preserving bandwidth and time during manual and scheduled scans.............................................................. 10Quarantining infected files................................................................................................................................. 10

What happens when a file is scanned..................................................................................................................... 10About scanning policies in the Symantec Protection Engine................................................................................... 11About logging and email notifications.......................................................................................................................12About on-demand reports and scheduled reports....................................................................................................13About handling large scanning volumes...................................................................................................................13

About deployment options (single-server and farm environments).........................................................................14About deployment options (single-server and farm environments).......................................................................... 14About deploying Symantec Protection for SharePoint Servers in a single-server farm environment....................... 15About deploying Symantec Protection for SharePoint Servers in a farm environment............................................ 15About supported platforms........................................................................................................................................16

How Symantec Protection Engine protects against viruses.....................................................................................16Where to get more information.................................................................................................................................... 16

Installing Symantec Protection for SharePoint Servers................................................................ 18Before you install........................................................................................................................................................... 18

About protecting the servers that are running the Symantec Protection for SharePoint Servers components.........18About preventing conflicts with other products.........................................................................................................18About stopping IIS during installation....................................................................................................................... 19

System requirements..................................................................................................................................................... 19System requirements for Symantec Protection for SharePoint Servers integrated installation................................ 19System requirements for Symantec Protection for SharePoint console only........................................................... 20System requirements for Symantec Protection Engine............................................................................................21

System requirements to install Symantec Protection Engine on Windows....................................................... 22System requirements to install Symantec Protection Engine on Linux.............................................................23

2



About installing Symantec Protection for SharePoint Servers.................................................................................25About the installation options....................................................................................................................................27About installing Symantec Protection for SharePoint Servers (integrated installation)........................................... 27

Installing Symantec Protection for SharePoint Servers using the installation wizard........................................28About installing Symantec Protection for SharePoint Servers using remote installation...................................31

Installing only Symantec Protection Engine using the installation wizard................................................................ 31............................................................................................................................................................................33

About installing only the Symantec Protection for SharePoint console....................................................................34Installing the Symantec Protection for SharePoint console using the installation wizard..................................35Installing the Symantec Protection for SharePoint console using the silent installation feature........................36Performing silent installations using default configuration values..................................................................... 37

About repairing or modifying Symantec Protection for SharePoint Servers or its components................................37Upgrading Symantec Protection for SharePoint Servers 5.1.x to version 6.0.x (SharePoint Server 2010)...........38Post-installation tasks................................................................................................................................................... 39

Starting the Central Administration service in a farm environment.......................................................................... 39Uninstalling Symantec Protection for SharePoint Servers....................................................................................... 40

Uninstalling the Symantec Protection for SharePoint console................................................................................. 40............................................................................................................................................................................41............................................................................................................................................................................41............................................................................................................................................................................41

Uninstalling Symantec Protection Engine.................................................................................................................42............................................................................................................................................................................42

Using the Symantec Protection for SharePoint console...............................................................43About the Symantec Protection for SharePoint Console..........................................................................................43

Accessing the console.............................................................................................................................................. 43Changing the Service Logon Account Information...................................................................................................44

About the Console Home Page.................................................................................................................................... 45Navigation Links........................................................................................................................................................ 45Feature Links.............................................................................................................................................................45Status Pane...............................................................................................................................................................46

Configuring Symantec Protection for SharePoint Servers............................................................48About Configuring Symantec Protection for SharePoint Servers............................................................................ 48

Configuring a Password for the Console..................................................................................................................48About SharePoint Server Farm Overview................................................................................................................... 49Configuring Real-Time Scanning..................................................................................................................................49About manual scans and scheduled scans................................................................................................................52

About Configuring Global Manual and Scheduled Scanning Options......................................................................52Excluding Files with Specific Extensions From Being Scanned....................................................................... 53Excluding Folders from being Scanned............................................................................................................ 53

3



Including files with specific extensions to be scanned......................................................................................54Including folders to be scanned........................................................................................................................ 54Specifying the Number of Threads for Scanning.............................................................................................. 55Scanning All File Versions in the Document Library.........................................................................................55Scanning Those Files that have been Added or Modified since the Last Completed Scan..............................55Specifying the Location for Quarantined Documents........................................................................................56Specifying File Handling Rules..........................................................................................................................56Reviewing Scan Statistics..................................................................................................................................57

Scheduling Scans......................................................................................................................................................58Performing Manual Scans.........................................................................................................................................59

About Importing and Exporting Settings.................................................................................................................... 60Importing Settings from a SharePoint Deployment.................................................................................................. 60Exporting Settings from a SharePoint Deployment.................................................................................................. 61

Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers...............................61About Adding, Removing, Editing, and Viewing Registered Symantec Protection Engines.....................................62Specifying the Scanning Mode for Load Balancing................................................................................................. 64Checking for the Latest Virus Definitions................................................................................................................. 64

Configuring Symantec Protection Engine.......................................................................................67Accessing the Symantec Protection Engine Console............................................................................................... 67About Communication Protocol Settings....................................................................................................................68

Configuring ICAP-Specific Settings.......................................................................................................................... 68Ways to Control Which File Types are Scanned........................................................................................................ 70About Licensing Symantec Protection Engine...........................................................................................................71

About License Activation...........................................................................................................................................71If You Do Not Have a Serial Number.......................................................................................................................72Obtaining a License File........................................................................................................................................... 72Installing the License File......................................................................................................................................... 73

Keeping Your Product and Protection Up-to-Date..................................................................................................... 73About Definition Updates.......................................................................................................................................... 73

About LiveUpdate...........................................................................................................................................................74Configuring LiveUpdate to Occur Automatically....................................................................................................... 74Performing LiveUpdate On Demand.........................................................................................................................75

About Rapid Release..................................................................................................................................................... 75Configuring Rapid Release Updates to Occur Automatically...................................................................................75Performing Rapid Release Updates On Demand.................................................................................................... 76

Enabling Security Risk Detection.................................................................................................................................76Monitoring Symantec Protection for SharePoint Servers activity................................................78

Ways to Monitor Symantec Protection for SharePoint Servers Activity..................................................................78About the Status Pane.................................................................................................................................................. 79

4



About SMTP logging......................................................................................................................................................79Configuring SMTP Logging.......................................................................................................................................81Customizing SMTP Messages..................................................................................................................................83

About Keywords................................................................................................................................................. 84About Monitoring Scanning Activity............................................................................................................................89

Configuring the Log File Folder Location................................................................................................................. 90Setting the Logging Level for Each Event Source................................................................................................... 90Setting the Maximum Storage Time for Log Files....................................................................................................91Generating an On-Demand Report...........................................................................................................................91Scheduling a Report................................................................................................................................................. 92

About Quarantine Management....................................................................................................................................95Restoring Quarantined Files..................................................................................................................................... 95Deleting Quarantined Files....................................................................................................................................... 96

Troubleshooting Symantec Protection for SharePoint Servers....................................................97Symantec Protection for SharePoint Servers Link Is Missing from the SharePoint Central AdministrationSite................................................................................................................................................................................... 97Unable to Access the Symantec Protection Engine Console................................................................................... 97Symantec Protection Engine Registration Fails.........................................................................................................97Slow Server Response or High Server Load.............................................................................................................. 98No reports are generated.............................................................................................................................................. 98Connection failed error message................................................................................................................................. 99

...................................................................................................................................................................................99Failure sending mail error message.......................................................................................................................... 100Unable to remember the console password.............................................................................................................100Error 1722 when installing Symantec Protection Engine........................................................................................100Scanning process error messages............................................................................................................................ 100Unable to view information on the SharePoint Server Farm overview page.........................................................101

Appendix Materials.......................................................................................................................... 102Appendix A: Error codes................................................................................................................. 103

About error codes and messages.......................................................................................................................... 103

5



Copyright Statement

Broadcom, the pulse logo, Connecting everything, and Symantec are among the trademarks of Broadcom.

Copyright ©2020 Broadcom. All Rights Reserved.

The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. For more information, please visitwww.broadcom.com.

Broadcom reserves the right to make changes without further notice to any products or data herein to improve reliability,function, or design. Information furnished by Broadcom is believed to be accurate and reliable. However, Broadcom doesnot assume any liability arising out of the application or use of this information, nor the application or use of any product orcircuit described herein, neither does it convey any license under its patent rights nor the rights of others.

6

http://www.broadcom.com



Introducing Symantec ™ Protection for SharePoint ® Servers

About Symantec Protection for SharePoint ServersSymantec ™ Protection for SharePoint Servers provides virus scanning and repair services for the followingSharePoint products:

• Microsoft SharePoint Foundation 2010• Microsoft Office SharePoint Server 2010• Microsoft SharePoint Foundation 2013• Microsoft Office SharePoint Server 2013• Microsoft SharePoint Server 2016• Microsoft SharePoint Server 2019

In addition to virus scanning and repair services, Symantec Protection for SharePoint Servers provides logging,monitoring, and reporting of infected documents on the SharePoint server.

What's new in Symantec Protection for SharePoint Servers 6.0.11The following table describes the new features in Symantec Protection for SharePoint Servers 6.0.11.

Table 1: New features

Feature Description

Integration withSymantec ProtectionEngine

Symantec Protection for SharePoint Servers is now integrated with Symantec Protection Engine 8.0.1 forvirus scanning and repair services that use the latest Symantec technologies.You must install the Symantec Protection Engine that is packaged with the Symantec Protection forSharePoint Servers 6.0.11.For more information, see the Symantec Protection Engine Implementation Guide.

Multiple Farms that havesingle SQL Server

You can install Symantec Protection for SharePoint Servers on Multiple Farms that point to the same SQLServer.

Inclusion list for manualand scheduled scan

You can now configure inclusion list for manual and scheduled scan like the existing exclusion list.

NOTE

Symantec Protection for SharePoint Servers 6.0.9 and later do not support Windows SharePoint Services 3.0(WSS 3.0) and Microsoft Office SharePoint Server 2007 (MOSS 2007) or below versions.

7



Components of Symantec Protection for SharePoint ServersSymantec Protection for SharePoint Servers includes the following components, which you can install and configureseparately:

SymantecProtectionEngine

Provides virus scanning and repair servicesYou can install Symantec Protection Engine on the SharePoint server. You can also install Symantec ProtectionEngine on a separate server that is not running SharePoint. This arrangement facilitates antivirus processing on adifferent computer thereby reducing the CPU load on the SharePoint server.

SymantecProtection forSharePointConsole

Provides a means for users to configure how Symantec Protection Engine and the SharePoint server shouldcommunicate with each other, handle infected files, and monitor scanning activity. The Symantec Protection forSharePoint console refers to the administrative console of Symantec Protection for SharePoint Servers. You canconfigure how Symantec Protection for SharePoint Servers handles the communication between the SymantecProtection Engine and the SharePoint server through this console. Symantec Protection for SharePoint Servers alsointerprets the results that are returned from the protection engine after scanning.

How Symantec Protection for SharePoint Servers WorkSymantec Protection for SharePoint Servers provides the following types of scanning:

• Real-time scanning of files as they are uploaded and downloaded from the SharePoint serverAbout real-time scanning

• Scheduled scans and manual scans of the files that are stored on the SharePoint serverAbout scheduled scanning and manual scanning

In addition to scanning, Symantec Protection for SharePoint Servers does the following:

• Monitors scanning activity by its logging and email notification featureAbout logging and email notifications

• Generates on-demand reports and schedules distribution of reports by mailAbout on-demand reports and scheduled reports

About real-time scanningFiles are scanned in real time as they are uploaded and downloaded from the SharePoint server. You can configure toscan files on upload, download, or both. All files that are uploaded or downloaded are submitted for scanning, regardlessof file type. Symantec Protection for SharePoint Servers also supports scanning of files that are uploaded to documentlibrary, calendars, contacts, lists, and so on.

NOTE

If scanning fails for any reason during a real-time scan (for example, if the Symantec Protection Engine goesoffline or reaches its scanning threshold), the scan is terminated. The scan request is not re-submitted until auser tries to upload or download the file.

You can configure the following options for real-time scanning:

• Scan documents on upload.• Scan documents on download.• Allow users to download infected documents.• Attempt to clean infected documents.

You must set up real-time scanning to ensure protection of your SharePoint server before you let users start uploadingor downloading files. For the most secure configuration, select the Scan documents on upload, Scan documents ondownload, and Attempt to clean infected files options.

8



WARNING

Selecting the option Allow users to download infected documents can put your organization at risk.Irreparable files might contain viruses that can infect your computer. SharePoint security ensures that onlyadministrators can download the irreparable files if this option is not enabled.

Configuring real-time scanning

How caching works on the SharePoint serverThe SharePoint server caches the scanning results for each stored file. The cached information includes the date andthe revision number of the virus definitions that were used to perform the scan. The cached information also includes thestatus of the file (whether the file is clean or infected).

In real-time scanning, all files that are uploaded or downloaded are submitted for scanning. On download, the SharePointserver evaluates the status of the file and the virus definition that were used to determine whether the file must bescanned. If another user requests access to that same file and the virus definitions have not changed, a redundant scan isavoided. Individual cache entries are updated whenever a stored file is changed.

What happens when a file is uploadedWhen you try to upload a file to the SharePoint server, the file is submitted first to Symantec Protection Engine forscanning. If the file contains a virus that cannot be repaired, the file is not stored on the SharePoint server. You receivea notification that the file is infected and cannot be uploaded. If you configure the SharePoint server to attempt to cleaninfected files and if the infected file is a repairable file, then it is repaired and uploaded to the SharePoint server.

What happens when a file is downloadedWhen you try to download a stored file, Symantec Protection for SharePoint Servers verifies the followinginformation about the file:

• If the file was scanned on upload• The status of the file (for example, if the file is clean)• Whether the virus definition that were used during the latest scan are the most current

If the file is infected, or if the virus definitions are not the most current, the file is submitted to Symantec Protection Enginefor scanning. Based on the scan results, the file is handled according to the settings that you specify.


If the file is clean and was scanned with the latest definitions, the file is not rescanned. It is automatically downloaded toyou. If you configure the SharePoint server to attempt to clean infected files and if the infected file is a repairable file, thenit is repaired and downloaded to the server.

If the file contains a virus that cannot be repaired, the file is not downloaded to the user. You receive a notification that thefile is infected and cannot be downloaded. (You can configure Symantec Protection for SharePoint Servers to permit usersto download infected files. However, the most secure configuration is to disable this option. Files that contain viruses posea risk to your organization. You are denied access to infected files by default.)

About scheduled scanning and manual scanningYou can schedule periodic scans of the documents that are stored on the SharePoint server. Schedule periodic scans ofthe document library to ensure that all files have been scanned for viruses. These scans ensure that the files that have notbeen previously scanned are scanned in a timely manner. Regular scans also ensure that scanning is kept up to date asvirus definitions change. Scheduled scans occur at the time and frequency that you specify.

9



You can force an immediate (manual) scan of the documents that are stored on the server. The options of Exclusion/Inclusion List, Optional Settings, and Infected File Detection Rules that you configure for scheduled scans also applyto manual scans. You can either perform a manual scan or a scheduled scan along with real-time scanning without anyadverse effects.

About manual scans and scheduled scans

During scheduled scans and manual scans, all files are submitted for scanning, regardless of whether they were scannedpreviously or not. Only files in the Exclude folders list and the File extension exclude list are omitted from scanning. If ascan request fails because the protection engine is unavailable, the scan request is sent to the next protection engine,which is available and registered.

You can configure the following options for manual scans and scheduled scans:

• Excluding files with specific extensions from being scanned• Excluding folders from being scanned• Including files with specific extensions to be scanned• Including folders to be scanned• Specifying the number of threads for scanning• Scanning all file versions in the document library• Scanning those files that have been added or modified since the last completed scan• Specifying the location for quarantined documents• Specifying file handling rules• Reviewing scan statistics

Preserving bandwidth and time during manual and scheduled scansYou can designate which directories on the SharePoint server are scanned during scheduled scans and manual scans.You can scan all directories on the SharePoint server, or you can include or exclude certain directories from scanning.

You can control which file types are scanned during manual scans and scheduled scans by specifying the file typespassed to Symantec Protection Engine. You can save bandwidth and time by excluding those files types that are notlikely to contain viruses and can be excluded from scanning. You can also include only the file types that are likely tocontain viruses for scanning. Based on the file extension,Symantec Protection for SharePoint Servers makes an initialdetermination, about whether to pass a file to Symantec Protection Engine for scanning.

You can limit scanning to only those files that have been added or modified since the last manual or scheduled scan.Symantec Protection for SharePoint Servers can compare the time a file was modified or added with the time of the lastscan. This feature lets you conserve scanning resources by omitting files from scanning that have not been modified oradded since the last scan. When this feature is disabled, all files are scanned during manual scans and scheduled scans.

Quarantining infected filesSymantec Protection for SharePoint Servers can quarantine the infected files that are found during a scheduled scan ormanual scan. A copy of each infected item is forwarded to a quarantine directory. This file is not quarantined or deletedif it is checked out by any user. You can view a list of all these quarantined files in the Quarantine Management page.You can view or delete the quarantined file based on your analysis. The default quarantine location is C:\Program Files\Symantec\SharePoint\Quarantine.

What happens when a file is scannedAfter the Symantec Protection for SharePoint console and Symantec Protection Engine are installed and properlyconfigured, files are passed to Symantec Protection Engine for analysis.

10



If Symantec Protection Engine does not find a virus in a file, Symantec Protection Engine indicates that the file is clean.

If a virus is detected, Symantec Protection Engine does one of the following actions:

Records a log entry that an infection was found Separate logging and alerting features are available throughthe Symantec Protection for SharePoint console and SymantecProtection Engine. You can activate logging and alerting optionsin Symantec Protection Engine to supplement those loggingand alerting options that are available through the SymantecProtection for SharePoint console. The Symantec Protection forSharePoint console sends an email notification and records a logentry when an infection is found.

Attempts to repair the infected file If the file can be repaired, Symantec Protection Engine repairsit and passes a clean file back to Symantec Protection forSharePoint Servers. Configure the SharePoint antivirus settings toaccept these repaired files so that infected files are replaced withrepaired files on the SharePoint server.Configuring real-time scanning

Deletes unrepairable infected files from the container files When a container file or archive file is submitted for scanning,Symantec Protection Engine decomposes the container fileand scans each embedded file individually. If the container filecontains unrepairable files, Symantec Protection Engine deletesthe unrepairable files from the container or the archive file.The remaining clean contents are forwarded to the SharePointserver. Symantec Protection for SharePoint Servers handlesthis container file as a repaired file. (Configure the SharePointantivirus settings to accept repaired files so that infected files canbe replaced with repaired files.)

Note: When a top-level file (a file that is not embedded in acontainer file) is infected and cannot be repaired, SymantecProtection Engine indicates it to Symantec Protection forSharePoint Servers and the SharePoint server. The SharePointserver denies access to the infected file by default. The file isdeleted from the SharePoint server if you have configured it to doso.

Registering Symantec Protection Engine with SymantecProtection for SharePoint Servers

About scanning policies in the Symantec Protection EngineWhen Symantec Protection Engine scans a file for viruses, it applies the scanning policies that you configure in theSymantec Protection Engine console. For example, you can limit the resources that Symantec Protection Engine uses byonly scanning certain types of files.

When an established threshold is met or exceeded during a scan, or a policy is violated, Symantec Protection Enginecommunicates this information to Symantec Protection for SharePoint Servers. Symantec Protection for SharePointServers treats the file as though an unrepairable infection was found. The policies that you configure for handling infectedfiles (that is, blocking or deleting files) are applied.

11



The following scanning policies are available through the Symantec Protection Engine console:

You can restrict the amount of resources that are used to processlarge container files.

Symantec Protection Engine uses a decomposer to extract theembedded files from a container file, scan all of the files, andreassemble the container file once scanning is complete. Foroverly large container files, this process can require a significantamount of resources. You can use these settings to control theresources that Symantec Protection Engine uses to process largecontainer files and to prevent these overly large container filesfrom being stored on the SharePoint server. You can specifythe maximum amount of time spent in decomposing a containerfile, the maximum file size for individual files in a container file,maximum number of nested levels to be decomposed, andthe maximum number of bytes that are read when determiningwhether a file is MIME-encoded.

You can establish a mail policy to filter mail and mail attachmentsbased on a number of attributes.

These mail policy settings are applied to all MIME-encodedmessages. If MIME-encoded messages are posted for useraccess on the SharePoint server, you can use the mail policysettings in Symantec Protection Engine to filter email based onattachment file size or file name, message origin, total messagesize, or message subject line.

Note: Mail policy settings do not affect nonMIME-encodedfile types that are passed to Symantec Protection Enginefor scanning. When a mail filter policy is violated, SymantecProtection Engine only applies the action to MIME-encodedmessages.

For more information, see the Symantec Protection Engine Implementation Guide.

About logging and email notificationsSymantec Protection for SharePoint Servers logs events for the Scan Process, Symantec Protection Engine, and Systemreport sources by default. You can specify the logging level for each of these report sources in Log File settings.

About monitoring scanning activity

The default location of the log files is <installdir>:\Program Files\Symantec\SharePoint\Logfiles.

Symantec Protection for SharePoint Servers provides Simple Mail Transfer Protocol (SMTP) logging capabilities. WhenSMTP logging is configured, an email notification is sent to a specified recipient for chosen events.

To configure SMTP logging, you must do the following:

• Enable the email notification system.• Identify an SMTP server and port number for forwarding the log messages.• Provide the default origin and destination information for the SMTP messages.• Select the event categories for which SMTP messages should be generated.

You can choose separate sender and recipient email addresses for each event category.

Configuring SMTP logging

You can also select the email notification level so that Symantec Protection for SharePoint Servers sends an emailnotification only for the events whose level you specify. You can provide separate recipient information for each type ofmessage. Default message text is included, but you can customize individual messages.

12



NOTE

You must disable the email notification setting, save it, and then re-enable it to reset the password as blank afterthe first time that you saved the password.

Customizing SMTP messages

About on-demand reports and scheduled reportsYou can manually generate and analyze reports for a specified date range. You must select a report source (ProtectionEngines, Scan Processes, or System) and define the log data you to display. You can generate a detailed report of all logsor pie chart reports. Symantec Protection for SharePoint Servers displays a numerical statistical report beneath the piechart.

Generating an on-demand report

You can configure Symantec Protection for SharePoint Servers to generate reports and distribute them by email tospecified recipients at a scheduled time. From the options available, select hourly, daily, weekly, monthly, or once toschedule the reports.

NOTE

You must first configure email notifications before you try to schedule a report by email.

To schedule reports, you must do the following tasks:

• Select a schedule.Choose from the default schedules or create a new schedule.

• Select a report data range.Symantec Protection for SharePoint Servers retrieves data from within this specified date range.

• Choose a report source (Protection Engines, Scan Processes, or System) and report definition.These options determine the content of your scheduled report.

• Select a report format.• Activate report generation by mail.

Specify the sender and recipient's email address.

Scheduling a report

About handling large scanning volumesIn a simple Symantec Protection for SharePoint Servers configuration, a single Symantec Protection Engine handles thescanning and the repair services for the SharePoint server. However, larger traffic volumes can require multiple protectionengines to handle virus scanning. If you process large traffic volumes or have multiple clients making virus scanningrequests, you can install and configure multiple protection engines to handle the scanning load.

If you install multiple protection engines to handle increased loads, you must register each Symantec Protection Enginewith Symantec Protection for SharePoint Servers. Each Symantec Protection Engine must be installed on a separatecomputer on your network.

Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers

When you use multiple protection engines, you can specify how you want the scanning load to be distributed by selectinga scanning mode.

13



The scanning modes are as follows:

Cycle mode Scanning is distributed evenly across all registered Symantec Protection Engines using a continuous repeatingsequence. In a standalone or a single-server farm environment, this option is available only if multiple protectionengines are registered; but in a farm environment, this option is available even if one protection engine is registered.

Priority mode Scanning is distributed to Symantec Protection Engines based on priority. You specify the priority when you registera Symantec Protection Engine with Symantec Protection for SharePoint Servers.About adding, removing, editing, and viewing registered Symantec Protection Engines

If you enable both modes, the priority mode takes precedence. If both the registered protection engines have the samepriority, then the cycle mode takes precedence.

Specifying the scanning mode for load balancing

About deployment options (single-server and farm environments)Symantec Protection for SharePoint Servers includes the following components that can be installed separatelyor together:

• Symantec Protection for SharePoint console• Symantec Protection Engine

Components of Symantec Protection for SharePoint Servers

About the installation options

You must install Symantec Protection for SharePoint Servers and its components in different ways based on thefollowing SharePoint environments:

• Single-server farm environment• Farm environment

In a SharePoint farm environment, based on the SharePoint version, install the Symantec Protection for SharePointconsole on the following servers:

Microsoft SharePoint Foundation 2010/2013Microsoft Office SharePoint Server 2010/2013/2016/2019

Install the Symantec Protection for SharePoint console on eachfront-end Web server in the farm and at least on one server whereCentral Administration service is running.You can install the Symantec Protection for SharePoint consoleon the other Application servers in the farm to run on-demand orscheduled scans on these servers, if desired. However, you canrun these scans from the front-end servers as well.You can install Symantec Protection Engine on the same serveras the Symantec Protection for SharePoint console or on aseparate server.

About deployment options (single-server and farm environments)Symantec Protection for SharePoint Servers includes the following components that can be installed separatelyor together:

• Symantec Protection for SharePoint console• Symantec Protection Engine

Components of Symantec Protection for SharePoint Servers


14



You must install Symantec Protection for SharePoint Servers and its components in different ways based on thefollowing SharePoint environments:

• Single-server farm environment• Farm environment

In a SharePoint farm environment, based on the SharePoint version, install the Symantec Protection for SharePointconsole on the following servers:

Microsoft SharePoint Foundation 2010/2013Microsoft Office SharePoint Server 2010/2013/2016/2019

Install the Symantec Protection for SharePoint console on eachfront-end Web server in the farm and at least on one server whereCentral Administration service is running.You can install the Symantec Protection for SharePoint consoleon the other Application servers in the farm to run on-demand orscheduled scans on these servers, if desired. However, you canrun these scans from the front-end servers as well.You can install Symantec Protection Engine on the same serveras the Symantec Protection for SharePoint console or on aseparate server.

About deploying Symantec Protection for SharePoint Servers in a single-serverfarm environmentIn a standalone or single-server farm environment, you can choose to do a full install of both components of SymantecProtection for SharePoint Servers on the same computer. You can also choose to move antivirus processing off-box byinstalling Symantec Protection Engine on a separate server. However, ensure that you install the Symantec Protection forSharePoint console on the SharePoint server.

About deploying Symantec Protection for SharePoint Servers in a farmenvironmentIn a SharePoint farm environment, based on the SharePoint version used, deploy Symantec Protection for SharePointServers on the following servers:

• Microsoft SharePoint Foundation 2010• Microsoft Office SharePoint Server 2010• Microsoft SharePoint Foundation 2013• Microsoft Office SharePoint Server 2013• Microsoft SharePoint Server 2016• Microsoft SharePoint Server 2019

Install the Symantec Protection for SharePoint console on each server in the farm and at least on one server whereCentral Administration service is running.

NOTE

Installation must be done first on the server hosting the SharePoint Central Administration service, followed bythe installation on all other remaining servers.

You can install the Symantec Protection for SharePoint console on the other Application servers in the farm to run on-demand or scheduled scans on these servers, if desired. However, you can run these scans from the other servers aswell.

The other component, which is Symantec Protection Engine, can be installed on the same server as the SymantecProtection for SharePoint console or on a separate server.

15



About supported platformsYou can install the Symantec Protection for SharePoint console on the following platforms:

• Microsoft Windows Server 2008 64-bit with SP2/R2 or later• Microsoft Windows Server 2012/R2 or later• Microsoft Windows server 2016• Microsoft Windows server 2019

System requirements for Symantec Protection for SharePoint console only

About installing only the Symantec Protection for SharePoint console

Symantec Protection Engine runs on the following platforms:

• Red Hat Linux• Microsoft Windows Server 2008 SP2/R2 or later• Microsoft Windows Server 2012/R2 or later• Microsoft Windows Server 2016• Microsoft Windows server 2019

You can deploy Symantec Protection Engine in any environment that is running any combination of these platforms.

System requirements for Symantec Protection Engine

How Symantec Protection Engine protects against virusesSymantec Protection for SharePoint Servers sends the files to Symantec Protection Engine for virus scanning and repair.Symantec Protection Engine detects viruses, worms, and Trojan horses in all major file types (for example, Windows files,DOS files, and Microsoft Word and Excel files). Symantec Protection Engine includes a decomposer that handles mostcompressed and archive file formats and nested levels of files.

Symantec Protection Engine provides protection against container files that can cause denial-of-service attacks (forexample, container the files that are overly large, that contain large numbers of embedded compressed files, partialcontainer files, or that have been designed to use resources maliciously and degrade performance). Symantec ProtectionEngine detects security risks such as adware, dialers, hacking tools, joke programs, remote access programs, spyware,and trackware.

The Symantec Protection Engine also detects mobile code such as Java, ActiveX, and standalone script-based threats.Symantec Protection Engine uses Symantec AntiVirus technologies, for heuristic detection of new or unknown viruses.

Where to get more informationThe following online resources for Symantec Protection for SharePoint Servers are available:

Online Help Symantec Protection for SharePoint Servers Online HelpTechnical Support Symantec Enterprise Security Support

Provides access to the technical support knowledge base articles,downloads, product release details, updates and patches, andcontact options for support.

Symantec Security Center Symantec Security CenterProvides access to the virus encyclopedia, which containsinformation about all known threats; information about hoaxes;and access to white papers about threats

16

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/endpoint-security-and-management/symantec-protection-for-sharepoint-servers/6-0-10.html

https://support.broadcom.com/security

https://www.broadcom.com/support/security-center



Education Services Education ServicesAccess the training courses, Symantec eLibrary, and more.

Symantec Connect forums Symantec Protection for SharePoint Servers

17

https://www.broadcom.com/support/symantec/services/education

https://community.broadcom.com/symantecenterprise/communities/community-home?CommunityKey=c8c5d04e-d5ad-4e75-87f2-3bc00a324226



Installing Symantec Protection for SharePoint Servers

Before you installDo the following tasks before you install Symantec Protection for SharePoint Servers or its components:

• Provide antivirus protection for the servers on which the Symantec Protection for SharePoint Servers components run.About protecting the servers that are running the Symantec Protection for SharePoint Servers components

• Exclude certain directories from scanning by any other antivirus product that is running on the computers on which youinstall the components.About preventing conflicts with other products

• Plan to install the Symantec Protection for SharePoint console at a time when Microsoft Internet Information Server(IIS) can be stopped temporarily.Microsoft IIS restarts automatically after the installation is complete.System requirements

• Ensure that the computer on which you plan to install the console and Symantec Protection Engine meets theminimum system requirements.You can install both components together or on separate computers.System requirements

• Ensure that the ports 9455 and 9466 are available.– Port 9455 is used by the command channel for sending commands or requests to the SPSS service.– Port 9466 is used by the reporting channels such as on-demand and scheduled reports.

• Symantec recommends that you back up the web.config file of the SharePoint Central Administration site.

About protecting the servers that are running the Symantec Protection forSharePoint Servers componentsBefore you install Symantec Protection Engine and the Symantec Protection for SharePoint console, consider to installadditional antivirus protection such as Symantec AntiVirus™ Corporate Edition to protect the servers on which thesecomponents run.

By design, Symantec Protection Engine scans only the files that are passed to it from Symantec Protection for SharePointServers. Symantec Protection for SharePoint Servers does not protect the operating systems of the computers on whichSymantec Protection Engine and SharePoint Server run. Because both of these servers potentially handle viruses, theyare vulnerable without real-time virus protection.

To achieve comprehensive virus protection with Symantec Protection for SharePoint Servers, it is important to protect theSymantec Protection Engine server and the SharePoint server from virus attacks. To protect the host computers, install anantivirus program on these servers in addition to the Symantec Protection for SharePoint Servers components.

About preventing conflicts with other productsTo prevent a conflict between the antivirus product that is running on the host computer and Symantec Protectionfor SharePoint Servers, configure any other antivirus product that is running on the host computer to exclude certaindirectories from scanning.

Directories to exclude from scanning lists the directories to exclude from scanning.

18



Table 2: Directories to exclude from scanning

Directories Server

Windows: <Installdir>\temp The server on which Symantec Protection Engine runs.Linux: <Installdir>/temp These directories are the temporary directories that Symantec

Protection Engine uses for scanning.<Installdir>\Program Files\Symantec\SharePoint\Quarantine (orthe folder that you have set)

The server on which Symantec Protection for SharePoint consoleruns.Symantec Protection for SharePoint Servers uses it as the defaultquarantine directory.

<Installdir>\Program Files\Symantec\SharePoint The server on which Symantec Protection for SharePoint consoleruns.

<Installdir>\Program Files\Common Files\Symantec Shared The server on which Symantec Protection for SharePoint consoleruns.

About stopping IIS during installationDuring the installation, the Microsoft Internet Information Server (IIS) must be stopped temporarily. During the time that ittakes to complete the installation, no access to IIS services is available. You must plan to install the Symantec Protectionfor SharePoint console when Microsoft IIS can be stopped temporarily. Microsoft IIS restarts automatically after theinstallation is complete.

System requirementsYou can choose to install both components of Symantec Protection for SharePoint Servers together on the samecomputer or on different computers.

System requirements for Symantec Protection for SharePoint Servers integrated installation



System requirements for Symantec Protection for SharePoint Servers integratedinstallationMinimum system requirements for Symantec Protection for SharePoint console and Symantec Protection Enginedescribes the minimum system requirements to install the Symantec Protection for SharePoint console and SymantecProtection Engine on the same server.

19



Table 3: Minimum system requirements for Symantec Protection for SharePoint console and Symantec ProtectionEngine

Requirement Details

Hardware requirements • Processor and Memory: As per the requirements of the versionof Microsoft SharePoint

• Disk space: 6 GB• One network interface card (NIC) running TCP/IP with a static

IP address• Internet connection to update antivirus definitions

Operating system Symantec Protection for SharePoint Servers runs on thefollowing platforms:• Windows Server 2008 64-bit with SP2/R2 or later• Windows Server 2012/R2 or later• Windows Server 2016• Windows Server 2019

Software requirements Any of the following Microsoft SharePoint Server editions:• Microsoft SharePoint Foundation 2010• Microsoft Office SharePoint Server 2010• Microsoft SharePoint Foundation 2013• Microsoft SharePoint Server 2013• Microsoft SharePoint Server 2016• Microsoft SharePoint Server 2019Any of the following Web browsers:• SharePoint Server 2010/2013

– Internet Explorer 7.0, 8.0, 9.0, 10.0• SharePoint Server 2016/2019

– Internet Explorer 10/11/EdgeThe following software components:• Microsoft .NET Framework 3.5 or later (only for Microsoft

SharePoint 2010)• Microsoft .NET Framework version 4.5.2 or later (not

applicable for Microsoft SharePoint 2010)• Central Admin Site ASP.NET Version 2.0 or later

System requirements for Symantec Protection for SharePoint console onlyMinimum system requirements for the Symantec Protection for SharePoint console describes the minimum systemrequirements to install the Symantec Protection for SharePoint console.

20



Table 4: Minimum system requirements for the Symantec Protection for SharePoint console

Requirement Details

Hardware requirements • Processor and Memory: As per the requirements of the versionof Microsoft SharePoint

• Disk space: 512 MB (may vary depending on how long youchoose to maintain log files)

Operating system Symantec Protection for SharePoint Servers runs on thefollowing platforms:• Windows Server 2008 Standard/Enterprise/Data Center SP2/

R2• Windows Server 2012 Standard or Datacenter/R2• Windows Server 2016 (Applicable for Microsoft SharePoint

Server 2016 and 2019)• Windows Server 2019 (Applicable for Microsoft SharePoint

Server 2019 only)

Software requirements Any of the following Microsoft SharePoint Server editions:• Microsoft SharePoint Foundation 2010• Microsoft Office SharePoint Server 2010• Microsoft SharePoint Foundation 2013• Microsoft Office SharePoint Server 2013• Microsoft SharePoint Server 2016• Microsoft SharePoint Server 2019Any of the following Web browsers:• SharePoint Server 2010/2013

– Internet Explorer 7.0, 8.0, 9.0, 10.0• SharePoint Server 2016/2019

– Internet Explorer 10/11/EdgeThe following software components:• Microsoft .NET Framework 3.5 or later (only for Microsoft

SharePoint 2010)• Microsoft .NET Framework version 4.5.2 or later (not

applicable for Microsoft SharePoint 2010)• Central Admin Site ASP.NET Version 2.0 or later

System requirements for Symantec Protection EngineYou can install Symantec Protection Engine on Windows and Linux.

System requirements to install Symantec Protection Engine on Windows

System requirements to install Symantec Protection Engine on Linux

21



System requirements to install Symantec Protection Engine on WindowsThe following are the system requirements to install Symantec Protection Engine on Windows:

Operatingsystem

• Windows Server 2008 SP2 (64-bit)• Windows Server 2008 R2 (64-bit)• Windows Server 2012 (64-bit)• Windows Server 2012 R2 (64-bit)• Windows Server 2016 (64-bit)• Windows Server 2019 (64-bit)• Windows Server 2008 SP2 (64-bit) Japanese• Windows Server 2008 R2 (64-bit) Japanese• Windows Server 2012 (64-bit) Japanese• Windows Server 2012 R2 (64-bit) Japanese• Windows Server 2016 (64-bit) Japanese• Windows Server 2019 (64-bit) JapaneseEnsure that your operating system has the latest service patches available.

Processor Intel or AMD Server Grade Single Processor Quad Core systems or higherMemory 8 GB RAM or higherDisk space 40 GB of hard disk space

60 GB of hard disk space for using URL Filtering featureHardware • Network interface card (NIC) running TCP/IP with a static IP address

• Internet connection to update definitions• 100 Mbps Ethernet link (1 Gbps recommended)

Software • 64-bit Java Runtime Environment (JRE) 8.0 Update 232 or later but earlier than 261– We recommend that you use the latest JRE version to avoid any known vulnerabilities.– JRE is required only if you plan to operate Symantec Protection Engine in the Core server with user interface

mode.– To know about the operating systems that JRE 10.0.2 (64-bit) supports, refer to the official Oracle

documentation or Symantec Protection Engine Java Support Matrix.• One of the following Web browsers to access the Symantec Protection Engine console:

– Microsoft Internet Explorer 11 or laterUse Microsoft Internet Explorer to access the Symantec Protection Engine console from a Windows clientcomputer.

Note: If you are using 64-bit Internet Explorer browser, you must add the followingregistry key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]"TabProcGrowth"=dword:00000000

– Mozilla Firefox 32-bit (Extended Support Release) 45 or laterUse Mozilla Firefox to access the Symantec Protection Engine console from a Linux client computer.

The Web browser is required only for Web-based administration. You must install the Web browser on acomputer from which you want to access the Symantec Protection Engine console. The computer must haveaccess to the server on which Symantec Protection Engine runs.

22

https://knowledge.broadcom.com/external/article?legacyId=TECH203642



Hypervisorsupport

• Windows 2008 R2 Hyper-V• Windows 2012 Hyper-V• VMware vsphere 5.5 or later• VMware vsphere 6.0 or laterThe following Windows guest operating systems have been certified on Hyper-V:• Windows Server 2008 SP2 (64-bit)• Windows Server 2008 R2 (64-bit)• Windows Server 2008 Japanese (64-bit)• Windows Server 2008 R2 Japanese (64-bit)• Windows Server 2012 (64-bit)• Windows Server 2016 (64-bit)• Windows Server 2019 (64-bit)

System requirements to install Symantec Protection Engine on LinuxThe following are the system requirements to install Symantec Protection Engine on Linux:

Operatingsystem

• Red Hat Enterprise Linux Server 6.8 (64-bit) or later• Red Hat Enterprise Linux Server 7.0 (64-bit) or later• Red Hat Enterprise Linux Server 7.5 ( 64-bit) or later• Red Hat Enterprise Linux Server 7.6 ( 64-bit) or later• CentOS Linux 7.1 (64-bit) or laterEnsure that your operating system has the latest service patches available.

Processor Intel or AMD Server Grade Single Processor Quad Core systems or higherMemory 8 GB RAM or higherDisk space 40 GB of hard disk space

60 GB of hard disk space for using URL Filtering featureHardware • Network interface card (NIC) running TCP/IP with a static IP address

• Internet connection to update definitions• 100 Mbps Ethernet link (1 Gbps recommended)

23



Software • Ensure that the following packages are installed:– 64-bit zlib library package– GNU sharutils-4.6.1-2 or later– 64-bit GNU libuuid-2.17.2-6 or later– 64-bit GNU C Library (glibc)

• RHEL 6.8 and later: glibc version 2.12-1.177 or later• RHEL 7.0 and later: glibc version 2.17-260 or later• CentOS Linux 7.1 (64-bit) or later: glibc version 2.17-260 or later

– InitscriptsThis package is required for Red Hat Linux only.

– pidofThis package is required to find the process IDs of the running programs.

• 64-bit Java Runtime Environment (JRE) 8.0 Update 232 or later but earlier than 261– We recommend that you use the latest JRE version to avoid any known vulnerabilities.– JRE is required only if you plan to operate Symantec Protection Engine in the Core server with user interface

mode.– Install JRE using Red Hat Package Manager (RPM). Ensure that you note the installation location. You must

provide the location of the JRE if the installer is unable to detect it.– To know about the operating systems that JRE 10.0.2 (64-bit) supports, refer to the official Oracle

documentation or Symantec Protection Engine Java support matrix.• One of the following Web browsers to access the Symantec Protection Engine console:

– Microsoft Internet Explorer 11 or laterUse Microsoft Internet Explorer to access the Symantec Protection Engine console from a Windows clientcomputer.

Note: If you are using 64-bit Internet Explorer browser, you must add the followingregistry key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]"TabProcGrowth"=dword:00000000

– Mozilla Firefox 32-bit (Extended Support Release) 45 or laterUse Mozilla Firefox to access the Symantec Protection Engine console from a Linux client computer

The Web browser is required only for Web-based administration. You must install the Web browser on acomputer from which you want to access the Symantec Protection Engine console. The computer must haveaccess to the server on which Symantec Protection Engine runs.

Note: If any of the above package binary is already present on the computer and if the installer is still unable to findit, you can add the path to the binary in LD_LIBRARY_PATH environment variable.

Hypervisorsupport

• Windows 2008 R2 Hyper-V• Windows 2012 Hyper-V• VMware vsphere 5.5 or later• VMware vsphere 6.0 or laterThe following Linux guest operating systems have been certified on Hyper-V:• Red Hat Enterprise Linux Server 6.8 (64-bit) or later• Centos 7.1 or later

24

https://knowledge.broadcom.com/external/article?legacyId=TECH203642



About installing Symantec Protection for SharePoint ServersSymantec Protection for SharePoint Servers comprises the following components:

Symantec Protection Engine Provides the virus scanning and repair services.The latest version of Symantec Protection Engine is included inthe software package.

Symantec Protection for SharePoint console Provides you a means to configure how Symantec ProtectionEngine and the SharePoint server communicate with each other.The console also lets you configure how Symantec Protection forSharePoint Servers handles infected files and monitors scanningactivity.

You can install these components separately or together.

Based on the SharePoint farm environment and SharePoint version used, you must install the Symantec Protection forSharePoint console on all the servers in the farm and at least on one server where Central Administration service isrunning.

NOTE

Installation must be done first on the server hosting the SharePoint Central Administration service, followed bythe installation on remaining servers.

About deployment options (single-server and farm environments)

During installation, Symantec Protection for SharePoint Servers installs both components together or separately based onthe installation option that you choose.


Upgrading from previous versions

25



The Symantec Protection for SharePoint Servers installation program checks for previous versions of the product anddoes one of the following:

No previous version is detected Based on the installation option you choose, the installationprogram performs a full installation of Symantec Protection forSharePoint Servers and its components.About the installation options

A previous version of either component is detected The installation program does one of the following whenit detects a previous version of Symantec Protection forSharePoint Servers for Microsoft SharePoint 2010, 2013,2016, or 2019:• Symantec Protection for SharePoint Servers (version 5.1.x): If

the installation program detects an older version of SymantecProtection for SharePoint Servers, it uninstalls SymantecProtection for SharePoint Servers version 5.1.x and theninstalls Symantec Protection 6.0.x for SharePoint Servers. Theinstallation program does not retain any settings from the olderversion of the product.

• Symantec Protection for SharePoint Servers (version 6.0.x):If the installation program detects Symantec Protection forSharePoint Servers version 6.0.x, it upgrades the productto Symantec Protection 6.0.x for SharePoint Servers. Theinstallation program retains all the settings from the olderversion of the product.

• If you are upgrading from Symantec Protection for SharePointServers version 6.0.5 or older to version 6.0.11 or later, thenupgrade all server in the farm. After upgrade, ensure thatthe following SPSS tables are removed from the SharePointdatabase:– SPSSObjects– QuarantineAllDocs– QuarantineAllDocStreams– QuarantineAllDocVersions– QuarantineAllUserDataHowever, if you are upgrading from Symantec Protection forSharePoint Servers version 6.0.6 or later to version 6.0.11 orlater, upgrade all the servers in the farm.

Note: While upgrading SharePoint Servers, you must manuallyuninstall Symantec Protection for SharePoint Servers and installthe latest version.

Symantec Protection Engine 7.9: If the installer detects SymantecProtection Engine 7.9, it upgrades the product to SymantecProtection Engine 8.0.

During a fresh installation of Symantec Protection Engine, you can enter the file path of a valid license for automaticlicense activation. Symantec Protection for SharePoint Servers automatically registers the Symantec Protection Engineif you enter the license file path during a full installation. When you provide the license of Symantec Protection Engineduring the installation process, you eliminate the need to register it through the Symantec Protection for SharePointconsole.

If you install Symantec Protection Engine separately, you can still enter the license file path during installation. Automaticactivation occurs if the license is valid. However, you must register Symantec Protection Engine manually with SymantecProtection for SharePoint Servers.


26



Symantec Protection Engine installs a virtual administrative account during installation. Do not forget the password forthis account because it is the only account that you can use to manage Symantec Protection Engine. You can change thepassword in the console, but to do so you must have the old password.

Accessing the Symantec Protection Engine console

If you do not have the license file at the time of installation, you can activate the license later through the SymantecProtection Engine console.

About licensing Symantec Protection Engine

The installation program installs the Symantec Protection for SharePoint console using the service logon details that youenter during the installation procedure. You can change the service logon details after installation. You can also passwordprotect the console so that unauthenticated users cannot access or modify the settings.

Accessing the console

You can use the silent installation or remote installation feature for multiple installations on your network.

Installing the Symantec Protection for SharePoint console using the silent installation feature

About installing Symantec Protection for SharePoint Servers using remote installation

About the installation optionsOn a Windows platform, the software installer displays the following options:

Install Symantec Protection 6.0 forSharePoint Servers (Full Install)

Installs both Symantec Protection Engine and the Symantec Protection for SharePoint console.About installing Symantec Protection for SharePoint Servers (integrated installation)

Install only the SymantecProtection Engine

Installs Symantec Protection Engine only.This installation is useful if you want to move antivirus scanning off-box, thereby reducing the CPUload on the SharePoint Server.Installing only Symantec Protection Engine using the installation wizard

Install only the SymantecProtection for SharePoint console

Installs the administrative console for Symantec Protection for SharePoint ServersAbout installing only the Symantec Protection for SharePoint console

On a Linux platform, you can install Symantec Protection Engine only. Because only Symantec Protection Engine issupported on Linux.

About installing Symantec Protection for SharePoint Servers (integratedinstallation)When you perform an integrated installation, you install both the Symantec Protection for SharePoint console andSymantec Protection Engine on the same server. Before you begin the installation procedure, ensure that your servermeets the minimum system requirements. You must also ensure that the SharePoint server and all applicable updates areinstalled, configured, and working correctly before you begin installation.

For more information, see the Microsoft documentation.

System requirements for Symantec Protection for SharePoint Servers integrated installation

You can do a consolidated install of Symantec Protection for SharePoint Servers or install either component separatelyusing the software installer. However, you cannot do an integrated install using the silent install feature. You can install theSymantec Protection for SharePoint console and Symantec Protection Engine separately using the silent install feature.

Installing Symantec Protection for SharePoint Servers using the installation wizard

Installing the Symantec Protection for SharePoint console using the silent installation feature

27



For more information about how to install Symantec Protection Engine using the silent install feature, see the SymantecProtection Engine Implementation Guide.

Installing Symantec Protection for SharePoint Servers using the installation wizardYou can install Symantec Protection for SharePoint Servers from the software package using an installation wizard.

After installation is complete, the Symantec Protection for SharePoint console is installed as a Windows Server service.Symantec Protection for SharePoint console is listed as Symantec Protection 6.0 for SharePoint Servers in the ServicesControl Panel. Symantec Protection Engine is listed as a separate entry in the Services Control Panel.

The Symantec Protection for SharePoint Servers service starts automatically when the installation is complete. Installationactivities are recorded in the Windows Application Event Log and System log files at the default location C:\Program Files\Symantec\SharePoint\Logfiles.

NOTE

Before you install Symantec Protection for SharePoint Servers, ensure that the ports 9455 and 9466 areavailable.

To install Symantec Protection for SharePoint Servers using the installation wizard1. Log on to the computer on which you plan to install the product as administrator or as a user with administrator rights.

• Local Administrator rights• Db_owner permissions on SharePoint configuration and SharePoint Admin content databases• Dbcreator server role

Dbcreator server role is required during installation of SPSS because SPSS creates its own database. Aftersuccessful installation in the farm (all servers), user can be removed from Dbcreator role.

2. Run the Symantec Protection for SharePoint Servers software installer.

3. On the main page, click Install.

4. In the next installer screen window, click Install Symantec Protection 6.0 for SharePoint Servers (Full Install).

Symantec Protection Engine is installed first, then the Symantec Protection for SharePoint console is installed.

The installer first checks if the computer has 64-bit Java Runtime Environment (JRE) 8.0 Update 232 or later butearlier than 261. If not, the installation process stops. You must manually install 64-bit Java Runtime Environment(JRE) 8.0 Update 232 or later but earlier than 261, and then continue with the installation of Symantec ProtectionEngine

5. In the Required Components window, follow the on-screen instructions.

6. On the Symantec Protection Engine License Setup page, click Browse to browse to select the appropriate license file.

For more information on how to obtain a license file, see the Symantec Protection Engine Implementation Guide. Youcan also install the license at a later time through the Symantec Protection Engine console.


7. Click Next.

Symantec Protection Engine installation begins.

8. In the Welcome panel, click Next.

9. In the License Agreement panel, indicate that you agree with the terms of the Symantec Software LicenseAgreement, and then click Next.

If you do not indicate that you agree, the installation is canceled.

28



10. In the Destination Folder panel, select the location to install Symantec Protection Engine, and then click Next.

The default location is C:\Program Files\Symantec\Scan Engine.

11. In the Initialization Methods panel, select one of the following:

• Core server with user interface (requires JRE)• Core server only (does not require JRE)

12. If you select Core server with user interface (requires JRE) in Initialization Methods panel, the installer first checksfor the required JRE version. If not, the installation process stops.

For supported JRE versions, see System requirements for Symantec Protection Engine

13. In the UI Authentication method panel, select one of the following:

• Symantec Protection Engine-based authentication• Windows Active Directory-based authentication

For more information, see Symantec Protection Engine Implementation Guide.

14. Click Next.

15. If you select Symantec Protection Engine-based authentication, in the Administrative UI Setup panel, configurethe following options:

AdministratorPassword

Type a password for the administrator account that you intend to use to manage Symantec Protection Engine.

ConfirmAdministratorPassword

Confirm the password by typing it again.

16. If you select Windows Active Directory-based authentication, do the following in the order listed below:

• In the UI Authentication method panel, select Windows Active Directory-based authentication, and then clickNext.

• In the Windows Active Directory-based Authetication Settings panel, in the Group Name box, type a validsecurity group name in the Domain\Groupname format.

• Click Next.If the group name is incorrect, a Group Name Validation screen appears.Click Back to try the security group name again.Alternatively, click Next to continue the installation without a valid group name.The Symantec Protection Engine service starts after installation but you cannot access the console. Once theinstallation is complete, you must go to configuration.xml and enter the user name to access the console.

17. In the Administrative UI Setup panel, configure the following options:

Administrator Port Type the port number on which the Web-based console listens.If you change the port number, use a number that is greater than 1024 that is not in use by any other programor service. The default port number is 8004. You can disable the console by typing 0. If you disable the console,you can configure Symantec Protection Engine by editing the configuration file.

SSL Port Type the Secure Socket Layer (SSL) port number on which encrypted files are transmitted for increased security.The default SSL port number is 8005. If this port is already in use, select an SSL port that is not in use by anyother program or service. Use a port number that is greater than 1024.

29



18. Click Next.

19. In the URL Filtering and URL Reputation panel, select the following options if required.

• Enable URL Filtering and download URL Filtering definitions• Enable URL Reputation and download URL Reputation definitions

20. Click Next.

21. In the Reputation-based Protection (Insight), select an appropriate Symantec Insight Aggression Level for betterprotection, and then click Next.

22. In the Ready to Install the Program panel, click Install.

23. Click Finish to complete installation of Symantec Protection Engine.

Once installation of Symantec Protection Engine is complete, the installation of Symantec Protection for SharePointconsole automatically begins.




26. In the Customer Information panel, in the User Name box, type the account name under which you are installing theSymantec Protection for SharePoint console.

27. In the Organization box, type the name of your organization.

28. Select who will have access to the console after installation.

You can limit access to the account under which the console is installed, or you can let all users access the console.

29. Click Next.

30. In the Destination Folder panel, select the location to install Symantec Protection for SharePoint Servers, and clickNext.

The default location is C:\Program Files\Symantec\.

31. In the SPSS Database Name panel, specify the database name, which is used by Symantec Protection for SharePointServers for creating all the tables required for working of Symantec Protection for SharePoint Servers, and click Next.

32. Specify the user name and password for the account that is used to log on to the Symantec Service.

The logon user must also have the following service-level permissions:

• Local Administrator rights• Db_owner permissions on SharePoint configuration and all SharePoint content databases• ‘Log on as a service’ right

The user account credentials must be of a user who configured SharePoint farm using SharePoint Configuration andTechnology wizard.

The user name must be in the format domain\username or computer\username.

NOTE

After successful installation in the farm (all servers), the service logon user must also have Db_ownerpermission on SPSS database.

30



33. Click Next.

34. In the SharePoint Services Stop Information panel, indicate whether you agree to stop Microsoft IIS and MicrosoftSharePoint Server services.

If you do not want to stop IIS, select I do not agree that the services can be stopped. This option does not allow theinstallation to proceed.

35. Click Next.

36. In the Ready to Install the Program panel, click Install to begin the installation.

37. Click Finish when installation is complete.

38. Verify that the service user is db_owner of SharePoint content, configuration, and SPSS databases.

About installing Symantec Protection for SharePoint Servers using remote installationSymantec Protection for SharePoint Servers supports the remote installation of the entire product or any of itscomponents through Systems Center Configuration Manager 2007 SP2.

For more information, see the appropriate Microsoft documentation.

Ensure that the server on which you plan to remotely install Symantec Protection for SharePoint Servers or itscomponents meets the minimum system requirements.

System requirements

Installing only Symantec Protection Engine using the installation wizardYou can install Symantec Protection Engine either on a Windows server that is running the SharePoint server or on aseparate server that is not running SharePoint. This lets you move antivirus scanning off-box, thereby reducing the CPUload on the SharePoint server.

Install and configure Symantec Protection Engine before you configure the Symantec Protection for SharePoint console.

You must ensure that the computer on which you install Symantec Protection Engine meets the system requirements.


During installation, you can choose the authentication mode for accessing the Symantec Protection Engine console. Ifyou choose Symantec Protection Engine-based authentication then Symantec Protection Engine installs an administratoraccount. Symantec recommends that you remember the password for this account as it is the only account usedto manage Symantec Protection Engine. If you want to change the password in the console, you must have the oldpassword.

If you choose Windows Active Directory-based authentication, Symantec Protection Engine allows users from theauthorized Windows Active Directory security group to access the console.

You can install the Symantec Protection Engine by using the software installer on a Windows 2008 Server or Windows2012 Server.

For more information about how to install Symantec Protection Engine, see Symantec Protection Engine ImplementationGuide.

To install Symantec Protection Engine with Symantec Protection Engine-based authentication:

31



1. Log on to the computer on which you plan to install the product as administrator or as a user with administrator rights.



4. In the next installer screen window, click Install only the Symantec Protection Engine.

The installer first checks if the computer has 64-bit Java Runtime Environment (JRE) 8.0 Update 232 or later butearlier than 261. If not, the installation process stops. You must manually install 64-bit Java Runtime Environment(JRE) 8.0 Update 232 or later but earlier than 261 and then continue with the installation of Symantec ProtectionEngine

You must install JRE only if you plan to operate Symantec Protection Engine in the Core server with the user interfacemode .




6. Click Next.











12. In the UI Authentication method panel, select Symantec Protection Engine-based authentication, and then clickNext.


AdministratorPassword

Type a password for the administrator account that you intend to use to manage Symantec Protection Engine.

ConfirmAdministratorPassword

Confirm the password by typing it again.

Administrator Port Type the port number on which the Web-based console listens.If you change the port number, use a number that is greater than 1024 that is not in use by any other programor service. The default port number is 8004. You can disable the console by typing 0. If you disable the console,you can configure Symantec Protection Engine by editing the configuration file.

32



SSL Port Type the Secure Socket Layer (SSL) port number on which encrypted files are transmitted for increased security.The default SSL port number is 8005. If this port is already in use, select an SSL port that is not in use by anyother program or service. Use a port number that is greater than 1024.

14. Click Next.



16. Click Next.

17. In the Reputation-based Protection (Insight), select an appropriate Symantec Insight Aggression Level for betterprotection and then click Next.


19. Click Finish to complete installation of Symantec Protection Engine.

To install Symantec Protection Engine with Windows Active Directory-based authentication:1. Log on to the computer on which you plan to install the product as administrator or as a user with administrator rights.




The installer first checks if the computer has 64-bit Java Runtime Environment (JRE) 8.0 Update 232 or later butearlier than 261. If not, the installation process stops. You must manually install 64-bit Java Runtime Environment(JRE) 8.0 Update 232 or later but earlier than 261, and then continue with the installation of Symantec ProtectionEngine.



6. Click Next.









33





12. In the UI Authentication method panel, select Windows Active Directory-based authentication, and then clickNext.

13. In the Windows Active Directory-based Authetication Settings panel, in the Group Name box, type a valid securitygroup name in the Domain\Groupname format.

14. Click Next.

If the group name is incorrect, a Group Name Validation screen appears.

Click Back to try the security group name again.

Alternatively, click Next to continue the installation without a valid group name.

The Symantec Protection Engine service starts after installation but you cannot access the console. Once theinstallation is complete, you must go to configuration.xml and enter the user name to access the console.


Administrator Port Type the port number on which the Web-based console listens.If you change the port number, use a number that is greater than 1024 that is not in use by any otherprogram or service. The default port number is 8004. You can disable the console by typing 0. If youdisable the console, you can configure Symantec Protection Engine by editing the configuration file.

SSL Port Type the Secure Socket Layer (SSL) port number on which encrypted files are transmitted forincreased security.The default SSL port number is 8005. If this port is already in use, select an SSL port that is not in useby any other program or service. Use a port number that is greater than 1024.

16. Click Next.



18. Click Next.

19. In the Reputation-based Protection (Insight), select an appropriate Symantec Insight Aggression Level for betterprotection and then click Next.


21. Click Finish.

About installing only the Symantec Protection for SharePoint consoleEnsure that you install the Symantec Protection for SharePoint console on a server that meets the system requirements.


Based on the SharePoint farm environment and SharePoint version used, you must install the Symantec Protection forSharePoint console on all the servers in the farm and at least on one server where Central Administration service isrunning.

NOTE

Installation must be done first on the server hosting the SharePoint Central Administration service, followed bythe installation on remaining servers.

34




You should ensure that the SharePoint server and all applicable updates are installed, configured, and working correctlybefore you install the Symantec Protection for SharePoint console.

For more information, see the Microsoft documentation.

You can install the Symantec Protection for SharePoint console by using the software installer or you can use the silentinstall feature.

Installing the Symantec Protection for SharePoint console using the installation wizard

You can use the remote installation feature for multiple installations of Symantec Protection for SharePoint console orSymantec Protection Engine on your network.

About installing Symantec Protection for SharePoint Servers using remote installation

Installing the Symantec Protection for SharePoint console using the installation wizardYou can install Symantec Protection for SharePoint console by using the software installer.

When the installation is complete, the Symantec Protection for SharePoint console is installed as a Windows Serverservice and is listed as Symantec Protection 6.0 for SharePoint Servers in the Services Control Panel. The SymantecProtection for SharePoint Servers service starts automatically when the installation is complete. Installation activities arerecorded in the Windows Application Event Log and System log files at the default location C:\Program Files\Symantec\SharePoint\Logfiles.

NOTE

Before you install Symantec Protection for SharePoint Servers, ensure that the ports 9455 and 9466 areavailable.

To install the Symantec Protection for SharePoint console using the installation wizard1. Log on to the computer on which you plan to install the console as administrator or as a user with administrator rights.

The logon user must also have the following service-level permissions:

• Local Administrator rights• Db_owner permissions on SharePoint configuration and SharePoint Admin content databases• Dbcreator server role

Dbcreator server role is required during installation of SPSS because SPSS creates its own database. Postsuccessful installation in the farm (all servers), user can be removed from Dbcreator role.



4. In the next installer screen window, click Install only the Symantec Protection for SharePoint console.

5. In the Required Components window, follow the on-screen instructions.




35



8. In the Customer Information panel, in the User Name box, type the account name under which you are installing theSymantec Protection for SharePoint console.

9. In the Organization box, type the name of your organization.

10. Select who will have access to the console after installation.

You can limit access to only the account under which the console is installed, or you can let all users access theconsole.

11. Click Next.

12. In the Destination Folder panel, select the location to install Symantec Protection for SharePoint Servers, and thenclick Next.

The default location is C:\Program Files\Symantec\.

13. In the SPSS Database Name panel, specify the database name which will be used by Symantec Protection forSharePoint Servers for creating all the tables required for working of Symantec Protection for SharePoint Servers, andthen click Next.

14. Specify the user name and password for the account that is used to log on to the Symantec Service.

• Local Administrator rights• Db_owner permissions on SharePoint configuration and all SharePoint content databases• ‘Log on as a service’ right



NOTE

After successful installation in the farm (all servers), the service logon user must also have Db_ownerpermission on SPSS database.

15. Click Next.

16. In the SharePoint Services Stop Information panel, indicate whether you agree to stop Microsoft IIS and MicrosoftSharePoint Server services.

If you do not want to stop IIS, select I do not agree that the services can be stopped. This option does not allow theinstallation to proceed.

17. Click Next.

18. In the Ready to Install the Program panel, click Install to begin the installation.

19. Click Finish when the installation is complete.

20. Verify that the service user is db_owner of SharePoint content, configuration, and SPSS databases.

Installing the Symantec Protection for SharePoint console using the silent installation featureThe silent installation feature lets you automate the installation of Symantec Protection for SharePoint console. You canuse the silent installation feature when you install multiple applications of Symantec Protection for SharePoint console andSymantec Protection Engine with identical input values.

For more information about how to install Symantec Protection Engine using the silent install feature, see the SymantecProtection Engine Implementation Guide.

36



Performing silent installations using default configuration valuesIn Windows, you provide all of the information on the command-line first, and then run the installation silently. You can usethe silent installation feature to install the application with the default configuration values. You can also generate a log ofthe installation events.

You must change directories to the location of the Symantec Protection for SharePoint console installation program file,Symantec Protection 6.0 for SharePoint Servers.msi, in the software package, which is in following folder:

• 64BitSetup/DISK1/Symantec Protection 6.0 for SharePoint Servers.msi (for a 64-bit system)

To install the Symantec Protection for SharePoint console with the default Local System Account as the service logonuser. At the command line type the following:

msiexec /I "Symantec Protection 6.0 for SharePoint Servers.msi" /qn INSTALLDIR="<Installdir>\ProgramFiles\Symantec" TXT_SPSS_DB_NAME=<SPSSDatabaseName>

At the command line type the following:

msiexec /I "Symantec Protection 6.0 for SharePoint Servers.msi" /qn IS_NET_API_LOGON_USERNAME=Domain\user IS_NET_API_LOGON_PASSWORD=password SPINTERNALDB=No INSTALLDIR="<Installdir>\Program Files\Symantec" TXT_SPSS_DB_NAME=<SPSSDatabaseName>

Specify the service logon user as Server\user or Domain\user with the IS_NET_API_LOGON_USERNAME parameter.

Specify the service logon password after the parameter.

IS_NET_API_LOGON_PASSWORD. The default Local System Account is taken as the service logon user if the specifiedpassword is not correct.

Specify the SPSS database name after the parameter.

TXT_SPSS_DB_NAME. From SPSS 6.0.11 onwards, you must set this parameter. SPSS will not get installed properlyif this parameter is not set. SPSS will create database having name specified in this parameter on the server whereSharePoint database exists. All the tables required by SPSS for its working will be created inside this database.

At the command line type the following:

msiexec /I Symantec Protection 6.0 for SharePoint Servers.msi /qn /L C:\<filename>.logINSTALLDIR="<Installdir>\Program Files\Symantec" TXT_SPSS_DB_NAME=<SPSSDatabaseName>

Specify the installation log file name in <filename>.log. The location of the installation log is C:\<filename>.log. You canmodify the location of the log by changing the file location in the command-line entry.

NOTESymantec Protection for SharePoint Servers also supports Microsoft Cluster.

About repairing or modifying Symantec Protection for SharePoint Servers or itscomponentsIf you have the Symantec Protection for SharePoint console and Symantec Protection Engine or either componentinstalled on the computer, you can use the software installer to modify, repair, or remove both or either program.

About installing Symantec Protection for SharePoint Servers

If the current version of Symantec Protection for SharePoint Servers is installed on the computer, the installation programdisplays a modify, repair or remove screen based on the component present on the computer.

37



The installation program does one of the following when you select the modify, repair, or remove option:

Modify Reinstalls the component.Repair Repairs any installation errors.Remove Uninstalls the component of Symantec Protection for SharePoint Servers.

Installation options describes the action that is taken by the Symantec Protection for SharePoint Servers installationprogram when the current version of the product is installed on the computer.

Table 5: Installation options

Installationoption Currently installed on the server Action

Install SymantecProtection 6.0for SharePointServers (FullInstall)

Symantec Protection for SharePoint console andSymantec Protection Engine 7.0

Installed Symantec Protection Engine cannot beupgraded. If you click Cancel, the modify/repair/removepanel for Symantec Protection for SharePoint Serversconsole appears.

Symantec Protection Engine 7.0 Installed Symantec Protection Engine cannot beupgraded. If you click Cancel, installation of SymantecProtection for SharePoint Servers console begins.

Symantec Protection for SharePoint Servers console Installation of Symantec Protection Engine begins. If youclick Cancel or finish installation of Symantec ProtectionEngine, the modify/repair/remove panel of SymantecProtection for SharePoint Servers console is displayed.

Install onlythe SymantecProtectionEngine

Symantec Protection for SharePoint Serversconsole andSymantec Protection Engine 7.0

Installed Symantec Protection Engine cannot beupgraded. Uninstall the current version and run this setupagain.

Symantec Protection Engine 7.0 Installed Symantec Protection Engine cannot beupgraded. Uninstall the current version and run this setupagain.

Symantec Protection for SharePoint Servers console Installation of Symantec Protection Engine begins.Install onlythe SymantecProtection forSharePointServers console

Symantec Protection for SharePoint Serversconsole andSymantec Protection Engine 7.0

The modify/repair/remove panel for Symantec Protectionfor SharePoint Servers console appears.

Symantec Protection Engine 7.0 Installation of Symantec Protection for SharePointconsole begins.

Symantec Protection for SharePoint console The modify/repair/remove panel for Symantec Protectionfor SharePoint console appears.

Upgrading Symantec Protection for SharePoint Servers 5.1.x toversion 6.0.x (SharePoint Server 2010)The Symantec Protection 6.0.x for SharePoint Servers installation program detects version 5.1.x of the product. When itdetects version 5.1.x, it uninstalls Symantec Protection for SharePoint Servers version 5.1.x and then installs SymantecProtection 6.0.x for SharePoint Servers.

Before you upgrade from version 5.1.x to version 6.0.x, you must know the following information:

38



• Based on the SharePoint version, the following software components are required:

Microsoft SharePoint Foundation 2010Microsoft Office SharePoint Server 2010

Microsoft .NET Framework 3.5 or later

• The following ports must be available:– 9455– 9466

Symantec recommends you to perform the following tasks:

• Before you install, back up the web.config file of the SharePoint Central Administration site.• Symantec Protection 6.0.x for SharePoint Servers installation program does not retain any settings from Symantec

Protection for SharePoint Servers version 5.1.x. You must back up all the current Symantec Protection for SharePointServers settings of version 5.1.x before you upgrade to version 6.0.x.After you configure Symantec Protection 6.0.x for SharePoint Servers on any of your SharePoint servers, you can usethe Import/Export settings feature to copy these settings to other SharePoint deployments.

• Back up the quarantine files from Symantec Protection for SharePoint Servers version 5.1.x.

Post-installation tasksThe post-installation tasks are as follows:

• Access the Symantec Protection for SharePoint consoleAccessing the console

• Enable real-time scanningConfiguring real-time scanning

• Install the license for Symantec Protection Engine.This step is required if you did not install the license during installation.Installing the license file

• Register the Symantec Protection Engine with the Symantec Protection for SharePoint consoleRegistering Symantec Protection Engine with Symantec Protection for SharePoint Servers

• Configure Symantec Protection Engine.Accessing the Symantec Protection Engine console

• Enable security risk detectionAbout enabling security risk detection

• Configure Symantec Protection for SharePoint ServersAbout configuring Symantec Protection for SharePoint Servers

For more information, see the Symantec Protection for SharePoint Servers Implementation Guide.

Starting the Central Administration service in a farm environmentWhen you deploy Symantec Protection 6.0 for SharePoint Servers in a farm environment, you must install the console onall the servers in the farm and at least on one server where Central Administration service is running.


To start the Central Administration service on the server:1. open SharePoint Central Administration console.

2. On the Central Administration page, under System Settings click Manage Services in this farm.

3. From the drop-down box near Server, click Change Server.

A list of servers in the farm is displayed.

39



4. Click on the name of a server in the farm.

You can view a list of services that have been started (in green) or stopped (in red) on the selected server.

5. Click Start under Action if the status is Stopped.

6. Access (remotely or directly) the server on which Central Administration service was started.

7. From the command line prompt, once you access the server on which the Central Administration service was started,run IISRESET.

This command restarts the IIS services.

8. Restart the Symantec Protection 6.0 for SharePoint Servers service.

If you do not find Symantec Protection 6.0 for SharePoint Servers in the list of services, you must install SymantecProtection 6.0 for SharePoint Servers on the server.

9. Open SharePoint Central Administration console.

NOTE

By default, when you click SharePoint Central Administration, the first installed Central Administrationconsole opens up. Hence, ensure that you have the correct host name in the URL.

10. On the Central Administration page, click System Settings.

By default, the System Settings option can be seen in the left menu under Central Administration.

11. Click the Symantec Protection 6.0 for SharePoint Servers link to access the Symantec Protection for SharePointconsole.

You can now configure Symantec Protection for SharePoint Servers.

You must repeat these steps for each server in the farm.

Uninstalling Symantec Protection for SharePoint ServersYou can uninstall both components of Symantec Protection for SharePoint Servers from the Windows Control Panel orby using the software installer. You can also silently uninstall the Symantec Protection for SharePoint console from thecommand line.

Uninstalling the Symantec Protection for SharePoint console

Uninstalling Symantec Protection Engine

Uninstalling the Symantec Protection for SharePoint consoleWhen you uninstall Symantec Protection for SharePoint console, the quarantine folder and the respective quarantinetables in the Symantec database remain. You can uninstall the console from the Windows Control Panel, the softwareinstaller, or do a silent uninstall from the command line.

To uninstall the Symantec Protection for SharePoint console from the Windows Control Panel1. Log on to the computer as administrator or as a user with administrator rights.

• A user who configured SharePoint farm using SharePoint Configuration and Technology wizard.• A farm administrator and db_owner of SharePoint configuration and SPSS databases.

NOTE

Uninstallation must be done first on all the servers except Central administration, followed by uninstallationon the server hosting the SharePoint Central administration service.

40



2. Go to Control Panel to uninstall the program.

3. Click Symantec Protection 6.0 for SharePoint Servers.

4. Click Uninstall.

5. Follow the on-screen instructions to complete the uninstallation.

To uninstall the Symantec Protection for SharePoint console by using the software installer1. Log on to the computer on which you plan to uninstall the console as administrator or as a user with administrator

rights.

• A user who configured SharePoint farm using SharePoint Configuration and Technology wizard.• A farm administrator and db_owner of SharePoint configuration and SPSS databases.



4. In the next installer page, click Install only the Symantec Protection for SharePoint console.


The modify/repair/remove panel for Symantec Protection for SharePoint console appears.

6. Select Remove and click Next.

7. In the Remove the Program panel, click Remove.

The Symantec Protection for SharePoint console uninstallation begins.

8. Click Finish.

You can uninstall the Symantec Protection for SharePoint console by clicking the Install Symantec Protection 6.0for SharePoint Servers (Full Install) option also. The modify/repair/remove panel for Symantec Protection Engineappears first. If you click Cancel, the modify/repair/remove panel for Symantec Protection for SharePoint consoleappears.

To silently uninstall the Symantec Protection for SharePoint console1. Change the directory to the location of the Symantec Protection for SharePoint console installation program file,

Symantec Protection 6.0 for SharePoint Servers.msi, in the software package.

The location is 64BitSetup/DISK1/Symantec Protection 6.0 for SharePoint Servers.msi.

2. At the command line, type the following:

msiexec /X "Symantec Protection 6.0 for SharePoint Servers.msi" /qn

This command silently uninstalls the Symantec Protection for SharePoint console with the default Local SystemAccount.

To silently uninstall the Symantec Protection for SharePoint console and log uninstallation events1. Change the directory to the location of the Symantec Protection for SharePoint console installation program file,

Symantec Protection 6.0 for SharePoint Servers.msi, in the software package

The location is 64BitSetup/DISK1/Symantec Protection 6.0 for SharePoint Servers.msi.

41



2. At the command line, type the following:

msiexec /X "Symantec Protection 6.0 for SharePoint Servers.msi" /qn /L C:\<filename>.log

The location of the uninstallation log is C:\<filename>.log. You can modify the location of the log by changing the filelocation in the command-line entry.

Uninstalling Symantec Protection EngineWhen you uninstall Symantec Protection Engine, the license keys remain. If you want to permanently uninstall SymantecProtection Engine, you must manually uninstall the license keys. The default license directories are as follows:

Windows C:\Program Files\Common Files\Symantec Shared\LicensesLinux /opt/Symantec/Licenses

You can uninstall Symantec Protection Engine from the Windows Control Panel, or by using software installer.

To uninstall Symantec Protection Engine on Windows Server:1. log on to the computer as an administrator or as a user with administrator rights.

2. On the Windows Server, in the Programs and Features window, select Symantec Protection Engine 8.0, and thenclick Uninstall

3. Follow the on-screen instructions to complete the uninstallation.

4. For more information about how to uninstall Symantec Protection Engine, see the Symantec Protection EngineImplementation Guide.

To uninstall Symantec Protection Engine by using the software installer1. Log on to the computer on which you plan to uninstall the Symantec Protection Engine as administrator or as a user

with administrator rights.





The modify/repair/remove panel for Symantec Protection Engine appears.

6. Select Remove and click Next.

7. In the Remove the Program panel, click Remove.

Symantec Protection Engine uninstallation begins.

8. Click Finish.

9. You can uninstall the Symantec Protection Engine by clicking the Install Symantec Protection 6.0 for SharePointServers (Full Install) option also. The modify/repair/remove panel for Symantec Protection Engine appears first. If youclick Cancel, the modify/repair/remove panel for Symantec Protection for SharePoint console appears.

About repairing or modifying Symantec Protection for SharePoint Servers or its components10.

42



Using the Symantec Protection for SharePoint console

About the Symantec Protection for SharePoint ConsoleThe Symantec Protection for SharePoint console refers to the administrative interface for Symantec Protection forSharePoint Servers. You can access the Symantec Protection for SharePoint console through the SharePoint CentralAdministration Console.

The integration of the Symantec Protection for SharePoint console into the SharePoint administrative interface makesit easy for regular SharePoint users to navigate. You can access the Symantec Protection for SharePoint console fromany computer on your network that can access the server on which the Symantec Protection for SharePoint console isinstalled. However, you must have the permissions to access the SharePoint Central Administration page. Once you openthe SharePoint Central Administration page, access to the Symantec Protection for SharePoint console is limited to onlydomain administrators or members of the Local Administrators group.

You can ensure that only authenticated users can access and modify Symantec Protection for SharePoint Serverssettings. Set a password so that only users who are aware of this password can gain access to the Symantec Protectionfor SharePoint console.

Configuring a password for the console

Accessing the consoleYou can access the Symantec Protection for SharePoint console through the following ways:

• SharePoint Central Administration page• Internet Information Services (IIS) Manager• Internet Explorer

Access the console from the system on which the Symantec Protection for SharePoint console is installed. You can alsoaccess the console from other computers on the network, but you must be a member of the domain administrator group orthe Local Administrators group. You can change the service logon user name and password for the Symantec Protectionfor SharePoint Servers after you log on.

To access the console through the SharePoint Central Administration page:1. Open SharePoint Central Administration console.

2. Type the user name and password of an account that has domain administrator or local administrator rights.


Symantec Protection for SharePoint Servers link is missing from the SharePoint Central Administration site

4. To access the console through Internet Information Services (IIS) Manager, open Internet Information Services(IIS) Manager.

5. In the left pane, under your server name, select Sites, right-click SharePoint Central Administration v4 > ManageWeb Site and then click Browse.

6. If you are prompted, type the user name and password of the user account with local administrator or domainadministrator rights.

The SharePoint Central Administration page appears in the right pane of the IIS Manager.

43




Symantec Protection for SharePoint Servers link is missing from the SharePoint Central Administration site

8. To access the console through Internet Explorer, do the following to access the Symantec Protection forSharePoint console through the Internet Explorer:

• Determine the port number of the Central Administration page on the server that is running the SymantecProtection for SharePoint console.

• Launch the Central Administration page through the Internet Explorer.• Access the console through the Central Administration page.

To access the console through the SharePoint Central Administration page

9. To determine the port number of the Central Administration page, open Internet Information Services (IIS) Manager.

10. In the left pane, under your server name, select Sites, right-click SharePoint Central Administration v4 and thenclick Browse.

11. From the menu, click Edit Bindings.

In the Site Bindings window, under Port, you can see the TCP port number.

12. To launch the Central Administration page through Internet Explorer, launch the Web browser on any computeron your network that can access the server that is running the Symantec Protection for SharePoint console.

13. Go to the following URL:

http://<servername>:<port>/

where <servername> is the host name or IP address of the server that is running the Symantec Protectionfor SharePoint console and <port> is the TCP port number that is assigned during installation to the CentralAdministration page.

The Central Administration page appears.

To access the console through the SharePoint Central Administration page

Changing the Service Logon Account InformationThe components of Symantec Protection for SharePoint Servers have the following separate entries in the ServicesControl Panel.

SymantecProtection forSharePointconsole

Symantec Protection for SharePoint console is listed as Symantec Protection 6.0 for SharePoint Servers in theServices Control Panel.During the installation, you must type a service logon user name and password. The user account must be amember of the Local Administrators Group on the computer on which the SharePoint server is installed. If the SQLserver is on a separate computer, the user account must be a db_owner of SharePoint content, configuration, andSPSS databases. The user must also have ‘Log on as a service’ right.The user account credentials must be of a user who configured SharePoint farm using SharePoint Configuration andTechnology wizard.The user name must be in the format domain\username or computer\username.To change the service logon account information

SymantecProtectionEngine

Symantec Protection Engine is installed with the local system account as the logon service account by default. Toaccess the Symantec Protection Engine console, you need the virtual administrative account password.Accessing the Symantec Protection Engine console

You can change the service logon account for Symantec Protection for SharePoint Servers through the Services ControlPanel any time after installation. The user account credentials must be of a user who configured SharePoint farm usingSharePoint Configuration and Technology wizard.

44



To change the service logon account information:1. In the Windows Control Panel, double-click Administrative Tools.

2. In the Administrative Tools window, double-click Services.

3. In the list of services, right-click Symantec Protection 6.0 for SharePoint Servers and click Properties.

4. Under the Log On tab, select This account. Type the user name and password.


The user account must be a member of the Local Administrators Group on the computer on which the SharePointserver is installed. If the SQL server is on a separate computer, the user account must be a db_owner of SharePointcontent, configuration, and SPSS databases. The user must also have ‘Log on as a service’ right.


5. Confirm the password by typing it again.

6. Click Ok.

About the Console Home PageIn the home page of the Symantec Protection for SharePoint console, you can view the following:

• Global Settings• Management• Symantec Protection Engine for SPSS• Reports

Navigation LinksClick the navigation links at the top of the page to return to the console home page or to go back to the previous pagefrom anywhere in the Symantec Protection for SharePoint console.

Feature LinksUse the feature links to navigate to the main features of Symantec Protection for SharePoint Servers.

Feature links functions provides the information about the feature links.

45



Table 6: Feature links functions

Link Description

Global Settings Global Settings has the following links:• SharePoint Server Farm Overview: Lists the details of all the registered servers in the farm.

This option is available only in a SharePoint Server farm environment.About SharePoint Server Farm overview

• Real-time scan settings: Lets you configure the real-time scan settings for upload and download ofdocuments from the SharePoint server.Configuring real-time scanning

• Manual scan and scheduled scan settings: Lets you run an immediate (manual) scan, schedulescans of the documents that are stored on the SharePoint server, and configure settings for manualscans and scheduled scans of the SharePoint server content.About manual scans and scheduled scans

• Console settings: Lets you configure password protection for the console.Configuring a password for the console

• Import/Export Settings: Lets you import Symantec Protection for SharePoint Servers settings fromone SharePoint deployment to another SharePoint deployment when you have multiple SharePointconfigurations on your network.About importing and exporting settings

Symantec ProtectionEngine for SPSS

Symantec Protection Engine for SPSS has the following links:• Register a new Symantec Protection Engine: Lets you register a Symantec Protection Engine.

Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers• List and edit all registered Symantec Protection Engine: Lets you add, delete, and edit registered

Symantec Protection Engine.About adding, removing, editing, and viewing registered Symantec Protection Engines

• Global Symantec Protection Engine settings: Lets you configure the auto-check interval for thestatus of registered Symantec Protection Engine, and other settings relevant to all registeredSymantec Protection Engine.Specifying the scanning mode for load balancingChecking for the latest virus definitions

Management Management has the following links:• Log file settings: Lets you set the event logging level and log file location.

About SMTP logging• Email notification settings: Lets you specify and customize email notifications.

Configuring SMTP logging• Quarantine Management: Lets you view a list of all the quarantined files.

About quarantine management

Reports Reports has the following links:• On-demand reports: Lets you examine system, scan process, and Symantec Protection Engine

data in either a report or a pie chart format.Generating an on-demand report

• Schedule reports: Lets you schedule an hourly, daily, weekly, or monthly report. You can generateand distribute the report by email to the specified users.Scheduling a report

Status PaneThe status pane on the console home page provides an overview of the current status of the Symantec ProtectionEngines. You also can view a graphic overview of the maximum and currently used scanning threads for all active onlineSymantec Protection Engines.

46



About the status pane

47



Configuring Symantec Protection for SharePoint Servers

About Configuring Symantec Protection for SharePoint ServersSymantec Protection for SharePoint Servers lets the SharePoint server communicate with Symantec Protection Engineto request virus scanning. Symantec Protection for SharePoint Servers interprets the results that are returned fromSymantec Protection Engine after scanning. You configure Symantec Protection for SharePoint Servers through theconsole. Access the console from the SharePoint server administrative interface.

Accessing the console

Configure the following options through the Symantec Protection for SharePoint console:

• Configuring a password for the console• About SharePoint Server Farm overview• Configuring real-time scanning• About configuring global manual and scheduled scanning options• Scheduling scans• Performing manual scans• Specifying file handling rules• Excluding files with specific extensions from being scanned• Excluding folders from being scanned• Including files with specific extensions to be scanned• Including folders to be scanned• Specifying the location for quarantined documents• Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers• Specifying the scanning mode for load balancing• Checking for the latest virus definitions

Configuring a Password for the ConsoleYou can ensure that only authenticated users can access and modify Symantec Protection for SharePoint Serverssettings by securing the console with a password. When you initially install Symantec Protection for SharePoint Servers,no password is set. You must set the password through the console after installation. The password once set is replicatedfor all the servers in the SharePoint Server Farm environment.

You can also configure a time-out setting. The time-out setting locks the console if there is no activity for the amount oftime that you specify. Users can only unlock the console with the password.

For added security, the console contains a logout feature. The logout feature lets users lock the console when they stepaway from the computer. The console can only be unlocked with the password.

The logout link appears at the top-right of the console.

NOTE

You must set and save the console password for the logout link to appear on the console.

To configure a password for the console

48



1. On the home page of the Symantec Protection for SharePoint console, under Global Settings, click Consolesettings.

2. Check Password protect the Symantec Protection for SharePoint console.

3. In the password field, type the password.

NOTE

Blank passwords are not supported. The maximum length for the password is 25 characters.

4. In the Confirm password field, retype the password that you entered in the password field.

5. In the Timeout box, type the number of minutes of inactivity at which the console locks.

6. Click Save.

About SharePoint Server Farm OverviewYou can view the details of all the registered servers in the SharePoint Server Farm environment. The information abouteach server, server address and its role in the farm, the server's state, and the operating system details are listed in theSharePoint Server Farm Overview page.

If Symantec Protection for SharePoint Server is installed, the details of the product are displayed. The Connection barindicates the status of Symantec Protection Engine if protection engine is enabled. In case Symantec Protection forSharePoint Server is not installed, a message is displayed and you are warned that infected files may get uploaded.

On the Symantec Protection for SharePoint console home page, under Global Settings, click SharePoint Server FarmOverview.

The details like server name, address, and state of all the servers in the farm are displayed. Click the navigation link at thetop of the page to return to the console home page.

Configuring Real-Time ScanningReal-time scanning means that you can specify whether you want files scanned as they are being uploaded to anddownloaded from the SharePoint server. All uploaded files and downloaded files are submitted for scanning, unless thefile type is listed as a default blocked type under Security configuration in the SharePoint Central Administration page. Allthe files that are uploaded or downloaded through WebDAV are also scanned.

When a user attempts to upload a file that contains an unrepairable virus, the user receives a notification that the file isinfected. The file is not stored on the SharePoint server.

When a user attempts to download a file from the SharePoint server that is infected and unrepairable, the file is notpassed to the user. The user receives a notification that access to the file is denied.

How caching works on the SharePoint server

What happens when a file is uploaded

What happens when a file is downloaded

To configure real-time scan settings

49



1. On the Symantec Protection for SharePoint console home page, under Global Settings, click Real-time scansettings.

2. On the Real-time scan settings page, under Number of Threads, click Edit Settings.

3. On the AntiVirus page, in the AntiVirus Settings section, select any of the following options to enable its features:

Scandocuments onupload

Scan files before they are uploaded (stored) on the SharePoint server. Infected files that cannot be repaired are notuploaded to the SharePoint server.This option is disabled by default.

Scandocuments ondownload

Scan files that have already been stored on the SharePoint server before they are downloaded to a requesting user.This option is disabled by default.

Allow usersto downloadinfecteddocuments

Lets users download infected files that cannot be repaired.Do not select this option unless you want to resolve a virus infection.

Warning! If you permit users to download infected files, you may expose your network to virus attacks. Your networkis particularly vulnerable if you are not using real-time virus protection on other areas of your network.

About protecting the servers that are running the Symantec Protection for SharePoint Servers componentsAttempt toclean infecteddocuments

Attempts to repair files that contain viruses.This option is disabled by default.

4. In the Time out duration box, type the amount of time that the virus scanner runs before the scanning process timesout.

The default setting is 300 seconds (5 minutes). You can adjust this duration based on the performance.

5. In the Number of threads box, type the number of threads that real-time scanning processes will use and then clickOk.

The default setting is 5. You can adjust this value based on the performance.

50



6. On the Symantec Protection for SharePoint console home page, under Global Settings, click Real-time scansettings.

7. Select the Bypass scanning when all protection engines are busy check box to continue to upload or downloadfiles even if all the registered protection engines are busy.

8. Select the Bypass scanning when all protection engines are offline or disabled check box to continue to uploador download files even if no registered protection engine is available to scan the file.

9. Select the Scan all content that was bypassed when all protection engines were offline or busy check box toscan all the content that was previously scanned and bypassed while uploading as the protection engines were offlineor disabled.

10. Select the Allow security risk files check box to upload or download files which are otherwise threats to yournetwork.

11. Select the Allow encrypted files check box to upload or download encrypted files which may probably be infectedfiles and are threats to your network.

12. Select the Allow unscannable files check box to upload or download files that cannot be scanned and may bethreats to your network.

13. On the Real-time scan settings page, in the Infection Auto Rescan section, select any of the following options toenable its features. If this feature is enabled, action is taken on all the infected files. The Infection Auto Rescan optionsare available only if Scan documents on upload or Scan documents on download options are enabled.

Allow autorescan

Symantec Protection for SharePoint Servers lets you automatically rescan the files by applying the rules that areconfigured in the manual scan and scheduled scan settings page.

Rescan wheninfected file isdetected

Rescans infected files that are found upon searching the entire SharePoint Server for any file having the same filename as the infected file detected during real-time scanning.

Rescan whensecurity risk fileis detected

Rescans security risk files that are found upon searching the entire SharePoint Server for any file having the samefile name as the infected file detected during real-time scanning.This option is not available if Allow security risk files option is selected.

Rescan whenencrypted file isdetected

Rescans encrypted files that are found upon searching the entire SharePoint Server for any file having the same filename as the infected file detected during real-time scanning.This option is not available if Allow encrypted files option is selected.

Rescan whenunscannable fileis detected

Rescans unscannable files that are found upon searching the entire SharePoint Server for any file having the samefile name as the infected file detected during real-time scanning.This option is not available if Allow unscannable files option is selected.

Scan on entireSharePointServer

Scans the entire SharePoint Server, including paths specified in the Exclude folders list.

If this feature is not enabled then action is taken only during manual and scheduled scan.

14. The parameters for the command line tool CmdSymScan located at <installdir>:\Program Files\Symantec\SharePointare as follows:

Command Parameter Descriptionshow<parameter>

show autorescanthreads Shows the thread counts for auto rescan.

show autorescanqueuecount Shows the default count of queued items for auto rescan.show autorescanblocksec Shows the default block time in seconds for auto rescan.

set <parameter> set autorescanthreads <number> Sets the value of auto rescan threads between 1 and 10.

51



set autorescanqueuecount <number> Sets the default count of queued items for auto rescanbetween 1 and 5,000.

set autorescanblocksec <number> Sets the default block time in seconds for auto rescanbetween 0 and 10,000.

15. Select one of the following:

Save Saves your settings.Restore Reverts your settings to the last saved settings.

NOTE

The settings configured for real-time scanning are replicated across all the servers in the SharePoint ServerFarm environment.

About manual scans and scheduled scansSchedule periodic scans of the document library to ensure that all files have been scanned for viruses. Scheduled scansoccur at the time and frequency that you specify. Both manual scanning and scheduled scanning can occur at the sametime and do not affect real-time scanning of uploaded and downloaded files.

You can also force an immediate (manual) scan of the documents in the document library. The options that you configurefor scheduled scans also apply to manual scans. Perform a manual scan whenever you make configuration changes toSymantec Protection Engine such as changes to mail filter policy settings, container processing limits, or other processinglimits.

You can improve scanning performance by including or excluding certain directories or folders from being scanned. Youcan also specify which file types to omit from scanning or include for scanning. During a manual or scheduled scan, allfiles are submitted for scanning except the files and folders contained in exclusion lists.

You can also limit scanning to only those files that have been added or modified since the last manual scan or scheduledscan. Symantec Protection for SharePoint Servers can compare the time a file was modified or added with the time of thelast scan. This feature lets you conserve scanning resources by omitting files from scanning that have not been modifiedor added since the last scan. When this feature is disabled, all files are scanned during manual scans and scheduledscans.

About Configuring Global Manual and Scheduled Scanning OptionsYou can configure the following options for both scheduled scans and manual scans:

• Excluding files with specific extensions from being scanned• Excluding folders from being scanned• Including files with specific extensions to be scanned• Including folders to be scanned• Specifying the number of threads for scanning• Scanning all file versions in the document library• Scanning those files that have been added or modified since the last completed scan• Specifying the location for quarantined documents• Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers• Reviewing scan statistics

NOTE

In the SharePoint Server Farm environment, you must select a server to schedule a manual scan.

52



The parameters for the command line tool CmdSymScan located at <Installdir>:\Program Files\Symantec\SharePoint letsto start or stop a scan or to set the date of the last manual scan performed.

Command Descriptionstartscan Starts a scanstopscan Stops a scansyncfarm Synchronizes the settings for all the servers in the SharePoint Server Farm environment? Provides help for the available parametershelp Provides help for the available parameterssetdatemanual Sets the date of the last completed scan time with the current date and timeshow ? Lists all the parameters available for the show commandset ? Lists all the parameters available for the set commandclearconsolepassword Clears the console passwordPathToBeExcluded Excludes a specific folder from a manual or scheduled scan.PathToBeIncluded Includes a specific folder to a manual or scheduled scan.

Excluding Files with Specific Extensions From Being ScannedViruses are found only in file types that contain executable code. You can save bandwidth and time by excluding thosefiles types that are not likely to contain viruses from scanning.

The default file extension exclude list displays the extensions for those file types that are not likely to contain viruses andcan be excluded from scanning. You can customize this list.

To exclude files with specific extensions from being scanned1. On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and

scheduled scan settings.

2. Under Exclusion/Inclusion List, on the right pane, in the File extension exclude list box, add or delete the fileextensions that you do not want to scan.

Use a period with each extension in the list. Separate each extension with a semicolon (forexample, .htm;.css;.gif;.aspx).

Inclusion takes priority over exclusion. Ensure that no extensions are configured in file extension include list.

3. Click Save.

Excluding Folders from being ScannedYou can exclude directories or folders from manual scans or scheduled scans.

To exclude document libraries from manual and scheduled scans:1. On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and


2. In the Exclusion/Inclusion List section, the Number of excluded paths list displays the number of selected pathsthat are excluded from a manual or scheduled scan.

3. Click Add exclude path.

In the Exclude folder page, the Exclude/Include Path section under Exclude/Include folders gives the currentexcluded/included paths.

There are no exclude/include folders or paths defined by default.

53



4. In the Microsoft SharePoint Server Folder section, select the folder, directory, or path that you want to exclude from ascan.

5. Scroll down to the bottom of the page and click Add.

You can view the added folder or path in the Exclude/Include Path section.

NOTEInclusion takes priority over exclusion. For more information, see Including folders to be scanned

6. To include a folder or path back into a scan, click the Remove icon against the path.

Including files with specific extensions to be scannedViruses are found only in file types that contain executable code. You can save bandwidth and time by including those filestypes that are likely to contain viruses in scanning.

By default, file extension inclusion list is not configured.

NOTEInclusion takes priority over exclusion. If same extension is specified in both File extension exclude list and Fileextension include list, extension specified in include list is scanned.

To include files with specific extensions to be scanned1. On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and


2. Under Exclusion/Inclusion List, on the right pane, in the File extension include list box, add the file extensions thatyou want to scan..

Type extension name with a dot. Separate each extension with a semicolon. For example, .htm;.css;.gif;.aspx

3. Click Save.

Including folders to be scannedYou can include directories or folders into manual scans or scheduled scans.

NOTEInclusion takes priority over exclusion. If the same path is specified to both include and exclude, the files ininclude path are scanned.

To include folders to be scanned1. On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and


2. In the Exclusion/Inclusion List section, the Number of included paths list displays the number of selected pathsthat are included in a manual or scheduled scan.

3. Click Add include path.

In the Include folder page, the Exclude/Include Path section under Exclude/Include folders gives the currentexcluded/included paths. There are no exclude/include folders or paths defined by default.

4. In the Microsoft SharePoint Server Folder section, select the folder, directory, or path that you want to exclude/include from a scan.

5. Scroll down to the bottom of the page and click Add.

You can view the added folder or path in the Exclude/Include Path section.

54



6. Click the Remove icon against the path to remove a folder or path from the list.

Specifying the Number of Threads for ScanningSymantec Protection for SharePoint Servers sends several documents in parallel for scanning based on the number ofthreads that you specify. This process improves the performance significantly.

To specify the number of threads for scanning1. On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and


2. Under the Optional Settings feature, in the Number of threads box, specify the number of threads that you wantSymantec Protection for SharePoint Servers to use during scanning.

The default number of threads is 10. You can specify any value between 1 and 25. The number of threads that youspecify here is only for manual scans and scheduled scans.


3. Click Save.

Scanning All File Versions in the Document LibraryMicrosoft Windows SharePoint Services lets users keep multiple versions of a document. This option also lets users revertto a previous version.

To scan all file versions in the document library1. On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and


2. Under the Optional Settings feature, in the right pane, check Scan all file versions in the document library.

If you enable the option Scan all file versions in the document library, Symantec Protection Engine scans all versionsof a document.

3. Click Save.

Scanning Those Files that have been Added or Modified since the Last Completed ScanYou can limit scanning to only those files that have been added or modified since the last completed manual scan orscheduled scan. Symantec Protection for SharePoint Servers compares the time a file was modified or added with thetime of the last completed scan. This feature lets you conserve scanning resources by omitting files from scanning thathave not been modified or added since the last scan. When this feature is disabled, all files are scanned during manualscans and scheduled scans.

To scan only those files that have been added or modified since the last completed scan:1. On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and


2. Under the Optional Settings feature, in the right pane, select the Scan only modified or new files since lastcompleted scan check box.

If no manual or scheduled scan has been completed, then this option is inactive. If a previous scan has beencompleted, the end time appears.

55



3. Click Save.

Specifying the Location for Quarantined DocumentsYou can quarantine any of the file types that are detected during a manual scan or scheduled scan. When you specifythe option to "Copy to Quarantine and Delete", Symantec Protection for SharePoint Servers puts a copy of the file in thequarantine folder. Then it deletes the file. This file is not quarantined or deleted if it is checked out by any user. You canaccess and remove files directly from the quarantine folder.

Specifying file handling rules

You can specify the location of the quarantine folder. The default location is as follows: C:\Program Files\Symantec\SharePoint\Quarantine. Whatever location you choose for the quarantine folder, ensure that you omit this folder frombeing scanned by any antivirus scanning program.

To specify the location for quarantined documents1. On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and


2. Under Optional Settings, in the Quarantine folder text box, type the path to the quarantine folder.

Symantec Protection for SharePoint Servers stores infected files that it finds during a scheduled scan or a manualscan in this folder.

The default location is as follows:

C:\Program Files\Symantec\SharePoint\Quarantine\

You can also set the path for the quarantine folder by typing the following at the command line: CmdSymScan setquarantinefolder new path

To view the path for the quarantine folder, type the following at the command line:

CmdSymScan show quarantinefolder

3. Click Save.

Specifying File Handling RulesYou can specify how you want Symantec Protection for SharePoint Servers to process the following types of files that aredetected during a manual scan or scheduled scan:

Infected files Infected files are files that are infected with one or more viruses. You can configure Symantec Protection forSharePoint Servers to attempt to repair the file, log the detection of infected file, delete it, or copy it to quarantineand then delete the infected file under Basic Virus Rule.

Note: Repairing the repairable files in Basic Virus Rules for manual scanning is available only for MicrosoftSharePoint 2010.

Unrepairablevirus files

If you configure Symantec Protection for SharePoint Servers to attempt to repair infected files, you can also specifyhow you want to process an unrepairable, infected file. You can configure Symantec Protection for SharePointServers to log the detection of an unrepairable file, delete an unrepairable infected file or copy it to the quarantineand then delete the unrepairable infected file.

Unscannablefiles

Unscannable files include partial container files, malformed container files, and encrypted container files. You canconfigure Symantec Protection for SharePoint Servers to log the detection of unscannable files (but take no actionwith the file), delete the unscannable file, or copy it to the quarantine and then delete the unscannable file.

56



Encrypted files Infected files are often encrypted to deflect scanning attempts. Encrypted files cannot be decrypted and scannedwithout the appropriate decryption tool. You can configure Symantec Protection for SharePoint Servers to log thedetection of encrypted files (but take no action with the file), delete the encrypted file, copy it to the quarantine andthen delete the encrypted file.An encrypted file is treated as clean by Symantec Protection Engine by default. You must change the settingsmanually on the Symantec Protection Engine UI from Log Only to Block for treating it as an infection.

Files containingsecurity risks

Symantec Protection 6.0 for SharePoint Servers detects files with security risks like spyware, adware, hack tools,dialers, joke programs etc. You can configure Symantec Protection for SharePoint Servers to delete the file thatcontains the security risk, copy it to the quarantine and then delete the file, or log the detection of a security risk, buttake no action with the file.You must also enable security risk detection on Symantec Protection Engine.About enabling security risk detection

Specifying the location for quarantined documents

NOTE

Symantec Protection Engine contains a decomposer that extracts the contents of a container file and scansthe contents for risks. If the container file includes an unrepairable virus, an encrypted file, an unscannablefile, or a file that contains a security risk, that specific file is handled according to its file detection rules. Thedecomposer then re-assembles the container file and sends it back to Symantec Protection for SharePointServers. Symantec Protection for SharePoint Servers considers the file repaired and handles it according to howyou have configured the Basic Virus Rule.

When the rule for an infected file is set to "Copy to Quarantine and Delete", the file is not quarantined or deletedif it is checked out by any user.

You can minimize the likelihood that infected files will be stored on the SharePoint server by choosing to scan files beforethey are uploaded. If the files are found to be infected, they are not uploaded. If the SharePoint server was in operationbefore you added antivirus scanning, you may have infected files already stored on the SharePoint server. Scheduledscans of the SharePoint server should identify any infected files that have been stored on the server.

Scheduling scans

To specify file handling rules1. On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and


2. In the Infected File Detection Rules section, select the actions that you want Symantec Protection for SharePointServers to take for files that are detected during a scan.

3. Click Save.

Reviewing Scan StatisticsYou can view the statistics of an ongoing or completed scan under "Scan Statistics" in the manual and scheduled scanpage. Scan Statistics describes each entry in the scan statistics section.

Table 7: Scan Statistics

Scan statistic Description

Last start time Displays the date and time when the scan started.Ends at/ Isrunning

Displays the date and time when the scan ended.If its an ongoing scan, this field is renamed as "Is running" and displays the time interval that the scan has beenrunning.

57



Scan statistic Description

Last completedscan

Displays the date and time of the last complete scan of the entire document library.

Files collected Displays the total number of files in the document library.Files processed Displays the current number of files that Symantec Protection for SharePoint Servers is processing out of "Files

collected". Symantec Protection for SharePoint Servers checks each file for any exclusions (folder or extension) andsends it for scanning.Once a scan is complete, the files processed will be equal to the files collected.

Exclude byfolder

Displays the number of files that have been excluded by folder.

Exclude byextension

Displays the number of files that are excluded by extension.

Clean files Displays the number of clean files.Unrepairablefiles

Displays the number of unrepairable files.

Repairable files Displays the number of files with repairable viruses.Encrypted files Displays the number of files with encrypted content.Files containingsecurity risks

Displays the number of files that contain security risks.About enabling security risk detection

Unscannablefiles

Displays the number of files that have unscannable content.

Access deniedfiles

Displays the number of files that come under the following categories:• System files with no access permission• Files that have been checked out for editing• Files that are not readable and cannot be scanned by Symantec Protection Engine

Files repairedand replaced

Displays the number of files that have been repaired and replaced in the document library.You must specify the file handling rules accordingly.Specifying file handling rules

Filesquarantined

Displays the number of files that have been quarantined to the quarantine folder.You must specify the file handling rules accordingly.Specifying file handling rulesSpecifying the location for quarantined documents

Files deleted Displays the number of files that have been deleted from the document library.You must specify the file handling rules accordingly.Specifying file handling rules

Files log only Displays the number of logged files.

Scheduling ScansYou can choose how frequently scheduled scans occur, and you can choose the time of day that the scheduled scanstarts. Before you configure a scheduled scan, ensure that you have configured the global manual and scheduledscanning options.

About configuring global manual and scheduled scanning options

You can configure the following scanning options before you enable scheduled scanning:

• Excluding files with specific extensions from being scanned• Excluding folders from being scanned

58



The remaining document libraries on SharePoint server will be scanned during scheduled scans. If you do not excludeany document library, Symantec Protection Engine will scan all document libraries on the SharePoint server.

• Including files with specific extensions to be scanned• Including folders to be scanned

Include the libraries on the SharePoint server that you want to be scanned during scheduled scans• Specifying the number of threads for scanning• Scanning all file versions in the document library

If you enable document versioning on your SharePoint server, multiple versions of a document exists as users cancheck documents in and out. Symantec Protection Engine will scan all versions of the same document.

• Scanning those files that have been added or modified since the last completed scanThis option preserves bandwidth and time during a manual or scheduled scan. Symantec Protection for SharePointServers compares the last modified time with the last scan time. This comparison ensures that only those files whose"last modified time" is after the last scan time are sent for scanning.

You can enable scheduled scanning by selecting the frequency and time that the scans will occur.

To enable or disable scheduled scanning1. On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and


NOTE

In the SharePoint Server Farm environment, you must select a server to schedule a scan.

2. Under Scheduled Scan, select one of the following options:

• Off• Daily• Weekly

The default setting is Off.

3. Type the time (hr:mm) of the day in the 24-hour format to start the scheduled scan.

The default setting is 00:00 A.M.

4. If you select Weekly, select the day or days of the week on which you want the scheduled scan to occur.

5. Click Save.

6. The Next run time displays the date and time of the next scheduled scan.

Performing Manual ScansYou can force an immediate scan of the SharePoint server. All files are sent for scanning irrespective of whether theywere previously scanned or not. Before you perform a manual scan, ensure that you have configured the global manualand scheduled scanning options.

About configuring global manual and scheduled scanning options

To perform a manual scan1. On the Symantec Protection for SharePoint console home page, under Global Settings, click Manual scan and


NOTE

In the SharePoint Server Farm environment, you must select a server to schedule a manual scan.

59



2. Under Manual Scan, on the right pane, click Scan Now.

You can view the date, time, and other statistics like the number of infected files, during and after a manual scan underScan Statistics.

Reviewing scan statistics

About Importing and Exporting SettingsWhen you have multiple SharePoint deployments on your network, you can import Symantec Protection for SharePointServers settings from one SharePoint deployment to another SharePoint deployment. You can import the settings byusing the options available on the Import/Export Settings page.

Before you import the settings, you must save a copy of settings of the SharePoint deployment from which you want toimport the settings. You can use the Export option on the Import/Export Settings page to save a copy of the settings.Symantec Protection for SharePoint Servers saves these settings in an XML file.

Once you save a copy of the settings, you can use the Import option to import the XML file and apply the settings.

NOTE

Symantec recommends that you do not modify the XML file before you import it.

Import settings lists the settings that Symantec Protection for SharePoint Servers imports.

Table 8: Import settings

Settings Description

Real-time scan settings Imports all the settings that you specify under Real-time scan settings.Manual scan and scheduled scan settings Imports all the settings that you specify under Manual scan and scheduled

scan settings.However, Symantec Protection for SharePoint Servers does not import theexclude and include folder path that you specify under Exclusion/InclusionList.

Log file settings Imports all the settings that you specify under Log File settings.Email notification settings Imports all the settings that you specify under Email notification settings.

Symantec Protection for SharePoint Servers also imports all the emailtemplates.

Global Symantec Protection Engine settings Imports all the settings that you specify under Global Symantec ProtectionEngine settings.

Importing settings from a SharePoint deployment

Exporting settings from a SharePoint deployment

Importing Settings from a SharePoint DeploymentWhen you have multiple SharePoint deployments on your network, you can import Symantec Protection for SharePointServers settings from one SharePoint deployment to another SharePoint deployment. Before you import the settings, youmust save a copy of settings of the SharePoint deployment from which you want to import the settings.

Exporting settings from a SharePoint deployment

To import settings from a SharePoint deployment

60



1. On the Symantec Protection for SharePoint console home page, under Global Settings, click Import/ExportSettings.

2. Under Import, click Browse and select the XML file that has the settings that you want to import.

3. Click Import.

About importing and exporting settings

Exporting Settings from a SharePoint DeploymentSymantec Protection for SharePoint Servers lets you save a copy of the settings of a SharePoint deployment. You cansave a copy of the settings when you want to back up all the Symantec Protection for SharePoint Servers settings of aSharePoint deployment. Symantec Protection for SharePoint Servers saves these settings in an XML file. You can lateruse the XML file and import the settings to another SharePoint deployment where you want to apply the same settings.

Importing settings from a SharePoint deployment

To export settings from a SharePoint deployment1. On the Symantec Protection for SharePoint console home page, under Global Settings, click Import/Export

Settings.

2. Click Export and save a copy of the settings.

About importing and exporting settings

Registering Symantec Protection Engine with Symantec Protection forSharePoint ServersSymantec Protection Engine provides the scanning and repair services for Symantec Protection for SharePoint Servers.In a SharePoint Server Farm environment, Symantec Protection Engine must be registered on all the servers.

You can install Symantec Protection Engine on the SharePoint server. You can also install Symantec Protection Engine ona separate server that is not running SharePoint. This lets you move antivirus scanning off-box, thereby reducing the CPUload on the SharePoint server.

If you install Symantec Protection for SharePoint console and Symantec Protection Engine on the same computer andyou have a valid Symantec Protection Engine license file, Symantec Protection Engine is automatically registered withSymantec Protection for SharePoint Servers. If you do not have the license file during installation, you can install thelicense later through the Symantec Protection Engine console. Once you install a valid license file, you must registerSymantec Protection Engine with the Symantec Protection for SharePoint Servers.


About adding, removing, editing, and viewing registered Symantec Protection Engines

You configure Symantec Protection Engine separately from the Symantec Protection for SharePoint console through itsown Web-based administrative interface.


Install and configure Symantec Protection Engine before you register it with Symantec Protection for SharePoint Servers.

Symantec Protection Engine registration fields describes the information that you must provide for each SymantecProtection Engine so that Symantec Protection for SharePoint Servers can pass files for scanning.

61



Table 9: Symantec Protection Engine registration fields

Option Description

Host or IPaddress

Specify a host name or IP address for each Symantec Protection Engine that will provide scanning services forthe SharePoint server. You can install Symantec Protection Engine on the SharePoint server. You can also installSymantec Protection Engine on a separate server that is not running SharePoint. This lets you move antivirusscanning off-box, thereby reducing the CPU load on the SharePoint server. For more information, see the SymantecProtection Engine Implementation Guide.

TCP/IP port Specify a TCP/IP port number through which files are passed to Symantec Protection Engine for scanning. The portnumber must be exclusive to Symantec Protection Engine. This is the port number that you specified during theSymantec Protection Engine installation. The default port is 1344.

Description You can add a description (up to 50 characters) for each Symantec Protection Engine.Enable thisSymantecProtectionEngine

During the registration process, you can choose to enable Symantec Protection Engine. A disabled SymantecProtection Engine is dropped from rotation and is not available for scanning. You can still view the disabledSymantec Protection Engine in the list of registered protection engines.You can enable or disable a registered protection engine after the registration process.About adding, removing, editing, and viewing registered Symantec Protection Engines

Priority Specify a priority for the registered Symantec Protection Engine. The priority determines the volume of files that aresent to the protection engine during a scanning process.You can select any one of the following priorities for the protection engine:• Lowest• Below normal• Normal• Above normal• Highest

Note: The priority setting is applicable only when multiple protection engines are registered.

You can change the priority at any time after the Symantec Protection Engine is registered.

After you register a Symantec Protection Engine, Symantec Protection for SharePoint Servers periodically polls theSymantec Protection Engine for its status and virus definition information. You can set the time interval at which SymantecProtection for SharePoint Servers periodically polls each registered Symantec Protection Engine. You can view the statusand virus definition information on the Symantec Protection for SharePoint console.


You can add a Symantec Protection Engine, remove a Symantec Protection Engine, edit an entry or view the list ofregistered Symantec Protection Engines.

About Adding, Removing, Editing, and Viewing Registered Symantec ProtectionEnginesYou can register a protection engine, remove an existing protection engine, edit an entry, and view the list of registeredSymantec Protection Engines.

To register a new Symantec Protection Engine1. On the Symantec Protection for SharePoint console home page, under Symantec Protection Engine for SPSS, click

Register a new Symantec Protection Engine.

NOTE

In the SharePoint Server Farm environment, you must select a server to register a Symantec ProtectionEngine.

62



2. In the Step 1: Start Registration page, specify the following details about Symantec Protection Engine that you wantto register:

Host or IPaddress

Type the host name or IP address of the computer on which Symantec Protection Engine is running.If the computer on which Symantec Protection Engine is running is configured to have multiple IP addresses, specifythe address on which Symantec Protection Engine listens.

TCP/IP Port Type the port number on which Symantec Protection Engine listens.The port number that you specify here must match the port number that you specified during Symantec ProtectionEngine installation. The default port number for Symantec Protection Engine is 1344 when ICAP is used as thecommunication protocol.

Description Type a description that can be used to identify Symantec Protection Engine.You can type a maximum of 50 number of characters.

3. Click Next.

4. In the Step 2: Complete Registration page, verify the Symantec Protection Engine details.

Click Back to make any modifications.

5. After you verify the details, select the Enable this Symantec Protection Engine check box to activate this SymantecProtection Engine.

6. Select the scanning priority that you want to assign to this Symantec Protection Engine from the drop-down list.

Specifying the scanning mode for load balancing

7. Click Register.

The registered Symantec Protection Engine appears in the Registered Symantec Protection Engines list.

8. To remove a registered Symantec Protection Engine: On the Symantec Protection for SharePoint console home page,under Symantec Protection Engine for SPSS, click List and Edit all registered Symantec Protection Engines.

NOTE

In the SharePoint Server Farm environment, you must select a server to remove a registered SymantecProtection Engine.

9. In the Details column beside the Symantec Protection Engine that you want to remove, click Show.

Details, response data, and statistics of the selected Symantec Protection Engine appear.

10. Click Delete.

11. To edit a Symantec Protection Engine registration: On the Symantec Protection for SharePoint console home page,under Symantec Protection Engine for SPSS, click List and Edit all registered Symantec Protection Engines.

12. In the Details column beside the Symantec Protection Engine that you want to modify, click Show.

Details, response data, and statistics of the selected Symantec Protection Engine appear.

13. Modify any of the Symantec Protection Engine details.

14. Click Save.

15. To view the list of registered Symantec Protection Engines: On the Symantec Protection for SharePoint console homepage, under Symantec Protection Engine for SPSS, click List and Edit all registered Symantec ProtectionEngines.

You can view a list of all registered Symantec Protection Engines with the priority, host name, virus definition date,description, and status.

63



16. In the Details column beside the Symantec Protection Engine whose details that you want to view, click Show.

Details, response data, and statistics of the selected Symantec Protection Engine appears.

Specifying the Scanning Mode for Load BalancingSymantec Protection Engine performance depends on scan volume, the number of client SharePoint servers makingrequests to Symantec Protection Engine, and memory and disk space requirements. If you are processing large trafficvolumes or have multiple clients making virus scanning requests, you can install and configure multiple SymantecProtection Engines to handle the virus scanning load.

You can specify how you want the scanning load to be distributed by selecting a scanning mode. The scanning modes areas follows:

Cycle mode Scanning is distributed evenly across all registered Symantec Protection Engines using a continuousrepeating sequence. In a standalone or single-server farm environment, this option is available only if multipleprotection engines are registered; but in a farm environment, this option is available even if one protectionengine is registered.

Priority mode Scanning is distributed to Symantec Protection Engines based on priority. When you register a SymantecProtection Engine, you specify the priority.Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers

If you enable both modes, the priority mode takes precedence. If both the registered protection engines have the samepriority, then the cycle mode option takes precedence.

To specify the scanning mode for load balancing1. On the Symantec Protection for SharePoint console home page, under Symantec Protection Engine for SPSS, click

Global Symantec Protection Engine settings.

2. Under Select Modes, on the right pane, select the scanning mode that you want to use for load balancing.

NOTE

By default, the cycle mode is enabled in a SharePoint Sever Farm environment.

3. Click Save.


Checking for the Latest Virus DefinitionsVirus definition files contain the necessary information for Symantec Protection Engine to detect and eliminate viruses.Updated virus definitions files are supplied by Symantec regularly and whenever a new virus threat is discovered. Virusdefinition files are dated and have a version number so that when virus definitions change, Symantec software candetermine the most current set of definitions.

When new virus definition files are available, Symantec LiveUpdate technology automatically downloads the files andinstalls them in the proper location on the computer that is running Symantec Protection Engine. If an error occurs duringthis process or there is a problem with the new virus definition files, Symantec Protection Engine attempts to roll back tothe previous virus definitions and continue scanning. Occasionally, if you are running more than one Symantec ProtectionEngine, the versions of the virus definition files that are in use may temporarily differ until LiveUpdate has had a chance toupdate definitions for all of the protection engines.


When you enable the auto-check feature, Symantec Protection for SharePoint Servers regularly polls the registeredprotection engines to verify that they are online. Symantec Protection for SharePoint Servers also determines whetherthe registered Symantec Protection Engines have the latest definitions. You can specify how often you want SymantecProtection for SharePoint Servers to perform an auto-check.

64



Symantec Protection for SharePoint Servers also has a feature that you can use to perform an on-demand check ofdefinitions.

The latest virus definition version and date number among the Symantec Protection Engines is registered with SymantecProtection for SharePoint Servers. View the virus definition version and date number that is registered with SymantecProtection for SharePoint Servers under Latest Virus Definitions.

You can configure Symantec Protection for SharePoint Servers to remove a Symantec Protection Engine if its virusdefinition files is older than the registered virus definition files. You must specify a threshold time within which the virusdefinition files must be made the latest. For a Symantec Protection Engine with an old virus definition version anddate, Symantec Protection for SharePoint Servers first generates a warning message on the console page. SymantecProtection for SharePoint Servers logs this warning message and sends out an email notification. If the virus definitionfiles are not updated within the threshold time, the Symantec Protection Engine is taken offline.

Virus definitions checking options describes the options to check the status of registered protection engines and their virusdefinition versions.

Table 10: Virus definitions checking options

Option Description

Refresh Immediately polls all registered Symantec Protection Engines for the latest virus definition amongthem. Symantec Protection for SharePoint Servers registers the latest virus definition date andversion number and displays this information.

Symantec Protection Engine autocheck

Polls all registered protection engines automatically at the specified auto check interval for theonline or offline status, latest virus definition date, and version.

Auto check interval (in seconds) The interval (in seconds) that Symantec Protection for SharePoint Servers polls the registeredprotection engines for their status and virus definition dates. The default value is 60 seconds.

Email notification interval (inminutes)

The interval (in minutes) after which email notifications are sent.The default value is 5 minutes.

Take a Symantec ProtectionEngine offline if its virus definitionis not the latest

Takes a protection engine offline if the virus definition on the Symantec Protection Engine is olderthan the registered virus definition with Symantec Protection for SharePoint Servers.

Threshold time before takenoffline (hours)

The time interval (hours) within which the virus definition files on the Symantec Protection Enginemust be updated. Symantec Protection for SharePoint Servers takes the Symantec ProtectionEngine offline if the virus definition files are not updated within the threshold time. The default valueis 3 hours.

NOTE

The auto-check settings configured for Symantec Protection Engine are replicated across all the servers in theSharePoint Server Farm environment.

To manually check for the latest virus definitions1. On the Symantec Protection for SharePoint console home page, under Symantec Protection Engine for SPSS, click

Global Symantec Protection Engine settings.

NOTE

In the SharePoint Server Farm environment, you must select a server where you want to refresh the latestvirus definitions.

2. Under Latest Virus Definitions, on the right pane, click Refresh.

Symantec Protection for SharePoint Servers polls the registered protection engines for the latest virus definitionamong them. This value is then displayed above the Refresh button.

65



3. To automatically check for the latest virus definitions: On the Symantec Protection for SharePoint console home page,under Symantec Protection Engine for SPSS, click Global Symantec Protection Engine settings.

4. Under Auto-Check Options, on the right pane, select the Symantec Protection Engine auto check check box.

5. In the Auto-check interval (in seconds) box, type the interval (in seconds) in which you want the auto-check processto occur. Symantec Protection for SharePoint Servers polls the registered protection engines at the interval that youspecify for their statuses, and their virus definition versions.

The default setting is 60 seconds. You can enter a value between 20 and 360.

6. In the Email notification (in minutes) box, type the interval after which you want email notifications to be sent to therecipient address specified while configuring the Email Notification Settings.

The default setting is 5 minutes.

7. Select the Take a Symantec Protection Engine offline if its virus definition is not the latest check box to take aSymantec Protection Engine that does not have the latest definitions out of rotation.

Symantec Protection for SharePoint Servers compares its virus definition version with the version on each registeredSymantec Protection Engine. If any Symantec Protection Engine has a virus definition older than the registered virusdefinition, that protection engine is taken offline.

8. Click Save.

66



Configuring Symantec Protection Engine

Accessing the Symantec Protection Engine ConsoleThe Symantec Protection Engine console is a Web-based interface that lets you manage Symantec Protection Engine.The interface is provided through a built-in HTTPS server. You can access the interface by using a virtual administrativeaccount that you set up at installation. You can access the Symantec Protection Engine console by using a Web browseron any computer on your network that can access the server that is running Symantec Protection Engine.

NOTE

Symantec Protection Engine no longer supports accessing the console through an HTTP server.

If you did not install the license file at the time of installation, the License page automatically appears the first time that youaccess the Symantec Protection Engine console. This License page is the only page that is active. If at least one validscanning license is installed, the Home page automatically appears.

Each time that you start a new browser session and open the console, the Home page appears. As long as the browsersession continues to run, each time that you open the Symantec Protection Engine console, you return to the page thatyou were on when you logged out or when the session times-out.


To access the console1. Launch a Web browser on any computer on your network that can access the server that is running Symantec

Protection Engine.

2. Go to the following URL:

https://<servername>:<port>/

where <servername> is the host name or IP address of the server that is running Symantec Protection Engine and<port> is the port number that you selected during installation for the built-in Web server.

The default port number is 8004.

3. If a Security Alert dialog box appears, click Yes to confirm that you trust the integrity of the applet, and then click Yesto display the Web page.

4. In the Login Name box, type a valid login name.

5. In the EnterPassword box, type the password for the administrative account.

6. Press Enter.

On successful login, Administrator is displayed on the upper right-hand side corner of the Symantec Protection Engineconsole.

7. To access the console with Symantec Protection Engine-based authentication: Launch a Web browser on anycomputer on your network that can access the server that is running Symantec Protection Engine.

8. In a Web browser, type the following address:




67




10. In the Login Name box, type a valid login name.

11. In the Password box, type the password for the administrative account.

12. Press Enter.

On successful login, Administrator is displayed on the upper right-hand side corner of the Symantec Protection Engineconsole.

13. To access the console with Windows Active Directory-based authentication: Launch a Web browser on any computeron your network that can access the server that is running Symantec Protection Engine.

14. In a Web browser, type the following address:





16. In the Login Name box, type a valid login name in the Domain\Username format.

17. In the Password box, type the password for your Windows Active Directory login name.

18. Press Enter.

On successful login, the login name is displayed on the upper right-hand side corner of the Symantec ProtectionEngine console.

About Communication Protocol SettingsYou must configure Symantec Protection Engine to use ICAP as the communication protocol. At installation, ICAP is thedefault communication protocol.


Configuring ICAP-Specific SettingsAfter installation, you must configure several ICAP-specific options.

Configuration options for ICAP describes the configuration options for ICAP.

68



Table 11: Configuration options for ICAP

Option Description

Bind address Symantec Protection Engine detects all of the available IP addresses that are installed on the host. By default,Symantec Protection Engine accepts scanning requests on (binds to) all of the scanning IP addresses that itdetects. You can configure up to 64 IP addresses as scanning IP addresses.You can specify whether you want Symantec Protection Engine to bind to all of the IP addresses that it detects, oryou can restrict access to one or more interfaces. If you do not specify at least one IP address, Symantec ProtectionEngine binds to all of the scanning IP addresses that it detects.If Symantec Protection Engine fails to bind to any of the selected IP addresses, an event is written to the log as acritical error. Even if Symantec Protection Engine is unable to bind to any IP address, you can access the console.However, scanning functionality is unavailable.

Note: You can use 127.0.0.1 (the loopback interface) to let only the clients that are running on the same computerconnect to Symantec Protection Engine.

Port number The port number must be exclusive to Symantec Protection Engine. You must use the same port number for all ofthe scanning IP addresses that you want to bind to Symantec Protection Engine.The default port number is 1344. If you change the port number, use a number that is equal to or greater than 1024.No other program or service should use this port number.

Note: This setting must match the port number you enter for the Symantec Protection Engine when you register itwith Symantec Protection for SharePoint Servers.

Scan policy Symantec Protection for SharePoint Servers controls the scan policy. Use the default settings.When an infected file is found, Symantec Protection Engine attempts to repair infected files and delete unrepairablefiles from archive or container files.

Enable trickle This setting is not applicable for the SharePoint server and should be left at the default setting.

Note: Symantec Protection for SharePoint Servers will not function properly if you activate data trickling.

To configure ICAP-specific options1. On the Symantec Protection Engine console, click Configuration.

2. Under Views, click Protocol.

3. In the content area under Select Communication Protocol, click ICAP.

The configuration settings are displayed for the selected protocol. You must manually stop and start the service if youchange the protocol setting through the Symantec Protection Engine console.

4. Under ICAP Protocol Configuration, in the Bind address box, type a bind address, if necessary.

By default, Symantec Protection Engine binds to all interfaces. You can restrict access to a specific interface by typingthe appropriate bind address.

5. In the Port number box, type the TCP/IP port number that Symantec Protection for SharePoint Servers uses to passfiles to Symantec Protection Engine for scanning.

The default setting for ICAP is port 1344.

6. Use the default Scan policy setting.

The default setting is Scan and repair or delete.

69



7. On the toolbar, select one of the following:

Save Saves your changes.You can continue to make changes in the administrative interface until you are ready to apply them.

Apply Applies your changes.Your changes are not implemented until you apply them.

To configure ICAP options8. In the console on the primary navigation bar, click Configuration.

9. In the sidebar under Views, click Protocol.

10. In the content area under Select Communication Protocol, click ICAP.

11. In the Manual Restart Required dialog box, click OK

12. Under ICAP Configuration, in the Bind address table, select the scanning IP addresses that you want to bind toSymantec Protection Engine. Check Select All to select every IP address in the Bind address table.

Only four IP addresses appear in the Bind address table. Click the scroll bar to view additional IP addresses.

By default, Symantec Protection Engine binds to all interfaces.

13. In the Port number box, type the TCP/IP port number that the client application uses to pass files to SymantecProtection Engine for scanning.

The default setting for ICAP is port 1344. If you change the port number, use a number that is equal to or greaterthan 1024. No other program or service should use this port number. You must use the same port number for everyscanning IP addresses that you want to bind to Symantec Protection Engine.

14. In the Scan policy list, select how you want Symantec Protection Engine to handle infected files.

The default setting is Scan and repair or delete.

15. On the toolbar, select one of the following options:

Save Saves your changes.Use this option to continue making changes in the console untilyou are ready to apply them.


Ways to Control Which File Types are ScannedSymantec Protection for SharePoint Servers lets you save bandwidth and time by specifying the file types that are passedto Symantec Protection Engine for scanning during manual scans and scheduled scans. You can configure the SymantecProtection for SharePoint console to include or exclude certain file types from scanning using an inclusion/exclusion list.Symantec Protection for SharePoint Servers makes this initial determination of whether to send the file for scanning basedon the file extension of the top-level file.

NOTE

The inclusion/exclusion list on the Symantec Protection for SharePoint console applies only to files thatare scanned during manual scans and scheduled scans. All files that are downloaded or uploaded to theSharePoint server are submitted for scanning regardless of file type. (You must configure Symantec Protectionfor SharePoint Servers to submit files for scanning on download and upload.)

Excluding files with specific extensions from being scanned

Including files with specific extensions to be scanned

70



All top-level files that are sent to Symantec Protection Engine are scanned regardless of file extension. SymantecProtection Engine is configured by default to scan all files. There is a file extension exclude list and a file type excludelist on the Symantec Protection Engine as well. However, priority is given to the extension exclude list that you configurethrough the Symantec Protection for SharePoint console. All files that are sent to Symantec Protection Engine arescanned regardless of file extension. It is recommended that you let Symantec Protection Engine scan all files regardlessof file extension.

To scan all files regardless of extension1. In the console on the primary navigation bar, click Policies.

2. In the sidebar under Views, click Scanning.

3. In the content area under Files to Scan, click Scan all files.


Save Saves your changes.This option lets you continue making changes in the console until you are ready to apply them.


About Licensing Symantec Protection EngineYou activate key features for Symantec Protection Engine, including scanning for threats and security risks, by installingthe appropriate license. You must install the licenses through the Symantec Protection Engine console if you did not installit during installation.

NOTE

If you have multiple Symantec Protection Engines, you must install the license for each protection enginethrough its console.

For complete scanning functionality and definition updates, you need the following licenses:

Product licenses Product licenses activate scanning functionality.The AV Scanning license activates the threat and the security risk scanning features.

Content licenses Content licenses let you receive product updates.The AV Content license lets you receive updated threat and security risk definitions. Updated definitions ensure thatyour server is protected from risks.

The first time that you open the console after installation, only the License view is active. You must install the AV Scanninglicense to access the Configuration, Reports, Monitors, and System pages in the console.

About License ActivationYou can activate scanning features and definitions updates for Symantec Protection Engine with licenses. A separatelicense must be installed for each feature. If you purchase additional product features from Symantec as they becomeavailable for Symantec Protection Engine, these features will require a new license.

Symantec issues a serial number for each type of license that you purchase. This serial number is required to registeryour product and your maintenance agreement. The serial number is provided on a license certificate, which is mailedseparately and arrives in the same time frame as your software. For security reasons, the license certificate is notincluded in the Symantec Protection Engine software distribution package.

If you do not have a serial number

71



License activation involves the following process:

Obtain alicense file fromSymantec.

To request a license file, you must have the license serial number for each license that you want to activate. Afteryou complete the registration process, Symantec sends you the appropriate license file by email.Obtaining a license file

Install thelicense file.

You must install the content and product licenses on each server on which you run Symantec Protection Engine.When you install the licenses, you can enable the scanning processes and update your product and its associatedcontent.Installing the license file

If You Do Not Have a Serial NumberYour license certificate contains the serial numbers for the licenses that you have purchased. The license certificateshould arrive within three to five business days of when you receive your software.

If you do not receive the license certificate, contact Symantec Customer Service at 800-721-3934 or your reseller to checkthe status of your order.

If you have lost your license certificate, contact Symantec License Administration.

Where to get more information

Obtaining a License FileEach license certificate or upgrade certificate has a serial number. The serial number is used to request a license file andto register for support. To request a license file, you must have the serial number for the license.

The serial number is printed on the license certificate that is mailed to you. The format of a serial number is a letterfollowed by 10 digits, for example, F2430482013.

If you purchased multiple types of licenses but register them separately, Symantec sends you a separate license file foreach license. You must install each license file separately. If you register multiple licenses at the same time, Symantecsends you a single license file that contains all of your licenses.

The license file that Symantec sends to you is contained within a .zip file. The .slf file that is contained within the .zip file isthe actual license file. Ensure that your inbound email environment permits .zip email message attachments.

WARNING

License files are digitally signed. If you try to edit a license file, you will render it invalid.

To obtain a license file1. In a Web browser, type the following address:

https://licensing.symantec.com

Your Web browser must use 128-bit encryption to view the site.

2. If a Security Alert dialog box appears, click OK.

3. Follow the procedures on the Symantec Licensing Portal to register your license and request your license file.

Symantec sends you an email message that contains the license file in an attachment. If the email message doesnot arrive within two hours, an error might have occurred. Try again to obtain the license file through the Symantecwebsite. If the problem continues, contact Symantec Technical Support.

Where to get more information

72

https://licensing.symantec.com



Installing the License FileA license file contains the information that is required to activate one or more features in a product. A license file is alsorequired to update the product and its associated content. A license file might contain one or more types of licenses. Thenumber of licenses it contains depends on whether you registered the license serial numbers separately or at the sametime.

Obtaining a license file

You can install the license file through the console. If you disabled the console, you can install the license file by copying itto a specific directory location.

NOTE

You must restart Symantec Protection Engine manually after saving the license files.

To install the license file through the console1. When you receive the email message from Symantec that contains the license file, save the file that is attached to the

email message to the computer from which you will access the Symantec Protection Engine console.

2. Access the Symantec Protection Engine console.


3. In the console on the primary navigation bar, click System.

If no license has been installed, when you open the console, the System tab is selected by default.

4. In the sidebar under Views, click License.

5. Under Tasks, click Install License.

6. In the Install License window, click Browse.

7. In the Load File window, browse to the folder location where you saved the license file, select it, and then click Open.

8. In the Install License window, click Install.

A status message indicates that the license was successfully installed.

To install the license file without using the console9. Based on the operating system, save the license file that you receive in an email message from Symantec in the

following location:

Windows 64-bit C:\Program Files (x86)\Common Files\Symantec Shared\LicensesWindows 2008/2012 C:\ProgramData\Symantec Shared\LicensesLinux /opt/Symantec/Licenses

Keeping Your Product and Protection Up-to-DateYou can update the Symantec Protection Engine content. The content updates ensure that your network is up-to-datewith the most current antivirus and DDR/URL definitions. You can update Symantec Protection Engine with the latestdefinitions without any interruption in scanning.

About Definition UpdatesDefinition files contain the necessary information to detect and eliminate risks, such as viruses and adware. Symantecsupplies updated definition files at least every week and whenever a new risk is discovered.

You can update risk definitions using LiveUpdate, Rapid Release, or Intelligent Updater.

73



Symantec Protection Engine automatically uses the most current definitions files for scanning. However, if a problem isdiscovered with the current definitions, you can revert (roll back) to the previous set of antivirus or URL/DDR definitions.

When you perform a content update, Symantec Protection Engine downloads and installs the most current definitions.If an error occurs, Symantec Protection Engine tries to roll back to the previous definitions. If the rollback is successful,Symantec Protection Engine continues scanning using the previous definitions. If the rollback is unsuccessful, scanning isdisabled. You must have a valid license to update definitions.


About LiveUpdateWhen you install or upgrade Symantec Protection Engine, LiveUpdate is enabled by default to run every two hours. Youcan modify this schedule, or you can run LiveUpdate manually.

When Symantec Protection Engine performs a LiveUpdate, the definitions that are downloaded are automatically selectedas the active definitions. However, you can revert to the previous version of the antivirus definitions. The definition setthat you choose remains active until the next LiveUpdate runs. The definition set that is downloaded by LiveUpdate thenbecomes the active definition set.


Symantec Protection Engine uses Symantec Java LiveUpdate technology. To run LiveUpdate, you must have the 64-bitJava Runtime Environment (JRE) 8.0 Update 232 or later but earlier than 261.

Configuring LiveUpdate to occur automatically

Performing LiveUpdate on demand

Configuring LiveUpdate to Occur AutomaticallyYou can schedule LiveUpdate to occur automatically at a specified time interval to ensure that Symantec ProtectionEngine always has the most current definitions. When you install a valid AV Content license, Symantec Protection Engineautomatically attempts to perform a LiveUpdate. To continue receiving automatic updates, you must schedule LiveUpdate.

When LiveUpdate is scheduled, LiveUpdate runs at the specified time interval that is relative to the LiveUpdate basetime. The default LiveUpdate base time is the time that Symantec Protection Engine was installed. You can change theLiveUpdate base time by editing the configuration file. If you change the scheduled LiveUpdate interval, the intervaladjusts based on the LiveUpdate base time.

For more information about modifying configuration files, see the Symantec Protection Engine Implementation Guide.

To configure LiveUpdate to occur automatically:1. In the console on the primary navigation bar, click System.

2. In the sidebar under Views, click LiveUpdate Content.

3. In the content area under LiveUpdate Content, check Enable scheduled LiveUpdate.

The default setting is enabled.

4. In the LiveUpdate interval drop-down list, select the interval.

You can choose from 2, 4, 8, 10, 12, or 24-hour intervals. The default setting is 2 hours.

74






Performing LiveUpdate On DemandYou can run LiveUpdate on demand to force an immediate update of definitions. If you have scheduled LiveUpdate, thenext scheduled LiveUpdate attempt occurs at its scheduled time.

To perform LiveUpdate on demand:1. In the console on the primary navigation bar, click System.

2. In the sidebar under Views, click LiveUpdate Content.

3. Under Definition Details, select a definitions set that you want to update.

4. Under Tasks, click LiveUpdate Content.

About Rapid ReleaseYou can configure Symantec Protection Engine to obtain uncertified definition updates with Rapid Release. You canconfigure Symantec Protection Engine to retrieve Rapid Release definitions every 5 minutes to every 120 minutes.

Rapid Release definitions are created when a new threat is discovered. Rapid Release definitions undergo basic qualityassurance tests by Symantec Security Response. However, they do not undergo the intense testing that is required for aLiveUpdate release. Symantec updates Rapid Release definitions as needed to respond to high-level outbreaks. RapidRelease definitions might be made available before the LiveUpdate definitions quality assurance process is complete.Rapid Release definitions provide a quick response to new threats and security risks.

You can augment Rapid Release definitions later on by more robust detection capabilities in certified definitions.

WARNING

Rapid Release definitions do not undergo the same rigorous quality assurance tests as LiveUpdate definitions.Symantec encourages users to rely on the full quality-assurance-tested definitions whenever possible. Ensurethat you deploy Rapid Release definitions to a test environment before you install them on your network.

If you use a proxy or firewall that blocks FTP communications, the Rapid Release feature does not function. Yourenvironment must allow FTP traffic for the FTP session to succeed.

The Rapid Release definitions that are downloaded are automatically selected as the active definitions. However, you canrevert to the previous version of the antivirus definition set. The definition set that you choose remains active until the nextdefinition update runs.

Rapid Release does not support URL and DDR definition updates. You must update URL and DDR definitions usingLiveUpdate.

About LiveUpdate

Configuring Rapid Release updates to occur automatically

Performing Rapid Release updates on demand

Configuring Rapid Release Updates to Occur AutomaticallyYou can schedule Rapid Release updates to occur automatically at a specified time interval to ensure that SymantecProtection Engine always has the most current definitions. Scheduled Rapid Release updates are disabled by default.

75



To receive automatic Rapid Release updates, you must enable and schedule Rapid Release. When Rapid Release isscheduled, Rapid Release runs at the specified time interval that you select.

Configuring Rapid Release updates to occur automatically:1. On the Symantec Protection Engine administrative interface, in the left pane, click System.

2. Under Views, click Rapid Release Content.

3. In the content area under Rapid Release Content, check Enable scheduled Rapid Release to enable automaticdownloads of Rapid Release definitions.

This option is disabled by default.

4. In the Rapid Release interval box, to specify the interval between which you want Symantec Protection Engine todownload Rapid Release definitions, do any of the following steps:

• Type the interval.• Click the up arrow or down arrow to select the interval.

You can select any number between 5 minutes and 120 minutes. The default value is 30 minutes.


Save Saves your changes.You can continue to make changes in the administrative interface until you are ready to apply them.


Performing Rapid Release Updates On DemandYou can run Rapid Release on demand to force an immediate update of definitions. If you have scheduled Rapid Release,the next scheduled Rapid Release try occurs at its scheduled time.

To perform Rapid Release updates on demand:1. In the console on the primary navigation bar, click System.

2. In the sidebar under Views, click Rapid Release Content.

3. Under Tasks, click Rapid Release Content.

Enabling Security Risk DetectionSymantec Protection Engine can detect security risks. Security risks are the programs that do any of thefollowing:

• Provide unauthorized access to computer systems• Compromise data integrity, privacy, confidentiality, or security• Present some type of disruption or nuisance

These programs can put your employees and your organization at risk for identity theft or fraud if they: log keystrokes;capture email and instant messaging traffic; and harvest personal information, such as passwords and loginidentifications.

Security risks can be introduced into your system unknowingly when users: visit a website; download shareware orfreeware software programs; click links or attachments in email messages; or through instant messaging clients. Securityrisks can also be installed after or as a by-product when a user agrees to an end user license agreement from anothersoftware program.

Security risk categories lists the categories of security risks that Symantec Protection Engine detects.

76



Table 12: Security risk categories

Category Description

Spyware Standalone programs that can secretly monitor system activity and detect passwords and other confidentialinformation and then relay the information back to a remote computer.

Adware Standalone or appended programs that gather personal information through the Internet and relay it back to aremote computer without the user's knowledge.Adware might monitor browsing habits for advertising purposes. It can also deliver advertising content.

Other risks Other risks include the following:• Hacking tools

Programs that are used to gain unauthorized access to a user's computer. For example, a keystroke loggertracks and records individual keystrokes and sends this information to a remote computer. The remote user canperform port scans or vulnerability scans. Hack tools might also be used to create viruses.

• DialersPrograms that use a computer, without the user's permission or knowledge, to dial out through the Internet to a900 number or FTP site, typically to accrue charges.

• Joke programsPrograms that alter or interrupt the operation of a computer in a way that is intended to be humorous orbothersome.For example, a joke program might move the Recycling Bin away from the mouse when the user attempts toclick on it.

• Remote access programsPrograms that let a remote user gain access to a computer over the Internet to gain information, attack, or alterthe host computer.

• TrackwareStandalone or appended applications that trace a user's path on the Internet and relay the information to aremote computer.

If a security risk is detected, Symantec Protection Engine applies the Infected files detection rule that you configured onthe Symantec Protection for SharePoint console; however, security risks cannot be repaired.

Specifying file handling rules

To enable security risk detection:1. In the console on the primary navigation bar, click Policies.

2. In the sidebar under Views, click Scanning.

3. In the content area under Security Risk Scanning, check the security risks that you want Symantec ProtectionEngine to detect.




5. On a Windows server, go to the configuration.xml file in the default location of C:\Program Files\Symantec\ProtectionEngine\.

6. Set the "EnableNonViralThreatCategoryResp" parameter in the configuration.xml file to true.

7. Stop and start the Symantec Protection Engine for changes to be implemented.


77



Monitoring Symantec Protection for SharePoint Serversactivity

Ways to Monitor Symantec Protection for SharePoint Servers ActivityYou can obtain information about Symantec Protection for SharePoint Servers activity in the following ways:

Examine theSymantecProtection forSharePointconsole homepage

You can obtain the current status of registered Symantec Protection Engines, the current number of availablescanning threads, and the status of the threads.About the status pane

Activate SMTPlogging

You can activate Simple Mail Transfer Protocol (SMTP) logging capabilities so that notification email messages aresent to specified recipients for chosen events.About SMTP logging

Examine theSymantecProtectionEngineresponse data

You can view the scan statistics for each registered Symantec Protection Engine.To view the list of registered Symantec Protection Engines

View the logs You can view log entries for selected types of events.About monitoring scanning activity

Generatereports andschedule reportsby mail

You can manually generate log reports for protection engines, scan processes, or the system for any date range.You can also schedule the generation of these reports by email to specified recipients.Generating an on-demand reportScheduling a report

Examine thescan statistics

You can see the scan statistics after every manual scan or scheduled scan.Reviewing scan statistics

Examine theSymantecProtectionEngine logs andreports

Symantec Protection Engine has its own monitoring tools as well. You can activate logging and alerting optionsin the Symantec Protection Engine to supplement those that are available through the Symantec Protection forSharePoint console.See the Symantec Protection Engine Implementation Guide for more information.

A number of options are available for managing the logs and statistics. You can specify the log level for each loggingsource, specify how long log entries are maintained on the system, and specify the logging destination path.


NOTE

The monitoring and logging options that you configure in the Symantec Protection for SharePoint console areseparate from the options that are available through the Symantec Protection Engine console. Activate loggingand monitoring options for Symantec Protection for SharePoint Servers and Symantec Protection Engine basedon your organization needs.


78



About the Status PaneThe status pane at the bottom of the home page lets you monitor up-to-date metrics on the registered SymantecProtection Engines. You can also examine the number of scanning threads in use at any time.

The status pane updates itself automatically every 10 seconds when you visit the Symantec Protection for SharePointconsole home page.

Status pane information describes the information that is displayed in the status pane.

Table 13: Status pane information

Information Description

SymantecProtectionEngines Status

Displays the current status of all registered Symantec Protection Engines.The scan overview includes the following information:• Total number of registered Symantec Protection Engines (online, offline, and disabled)• Total number of disabled Symantec Protection Engines

You can manually disable a registered Symantec Protection Engine. The Symantec Protection Engine isdropped out of rotation but you can enable it at any point of time.About adding, removing, editing, and viewing registered Symantec Protection Engines

• Total number of active online Symantec Protection Engines• Total number of offline Symantec Protection Engines

Connections Gives a graphic overview of the maximum and currently used scanning threads for all active online SymantecProtection Engines.The vertical bar displays the following information:• Maximum number of threads available for scanning

The number that appears at the end of the vertical bar specifies the total number of available threads for allactive online protection engines.

• Number of threads currently available for scanningThe green portion of the vertical bar displays the number of threads currently available out of the total number ofscanning threads.

• Number of threads currently being used for scanningThe red section of the vertical bar displays how many available threads are currently used for an ongoing scan.

Note: If you are running more than one Symantec Protection Engine, these values are the cumulative total.

About SMTP loggingSymantec Protection for SharePoint Servers provides Simple Mail Transfer Protocol (SMTP) logging capabilities. WhenSMTP logging is configured, an email notification is sent to a specified recipient for chosen events. You can select thelogging level for events related to system, scan process, and Symantec Protection Engine.


You can also select the email notification level so that Symantec Protection for SharePoint Servers sends an emailnotification only for the events whose level you specify. You can provide separate destination information for each type ofmessage. Default message text is included, but you can customize individual messages.


79



NOTE

The SMTP logging that you configure for the Symantec Protection for SharePoint Servers is separate from theSMTP logging that is available through the Symantec Protection Engine console. You can activate either or bothof these features to meet the needs of your organization.


Symantec Protection for SharePoint Servers logs events from the following event sources:

• Scan Process• Symantec Protection Engines• System

You can set the logging level to None, Error, Warning, Information, or Verbose for each event source.

Types of events for SMTP logging lists the types of events for which email notification messages are generated.

Table 14: Types of events for SMTP logging

Event source Logging level Description

Scan Process Verbose Logs verbose information related to virus scanning(for example, a scan has started or ended). This levelalso includes all of the events that are logged at theInformation, Warning, and Error levels.

Information Logs information that is related to virus scanning (forexample, a file was scanned and no virus was found,scan statistics information). This level also includes allof the events that are logged at the Warning and Errorlevels.

Warning Logs warnings that are related to virus scanning (forexample, a virus was found and the file was repairedor was unable to be repaired, unscannable content,encrypted content, and files containing security risks).This level also includes all of the events that are loggedat the Error level.

Error Logs errors that are related to virus scanning (forexample, an error occurred while a file was beingscanned).

None Does not log any event.SymantecProtectionEngine

Verbose Logs verbose information that is related to the SymantecProtection Engine (for example, the protection enginecheck starts, and the protection engine check ends). Thislevel also includes all of the events that are logged at theInformation, Warning, and Error levels.

Information Logs information that is related to the SymantecProtection Engine (for example, the protection enginecheck is successful). This level also includes all of theevents that are logged at the Warning and Error levels.

Warning Logs warnings that are related to the SymantecProtection Engine (for example, the protection engine isoffline, the virus definitions are too old, or the protectionengine check failed). This level also includes all of theevents that are logged at the Error level.

80



Event source Logging level Description

Error Logs errors that are related to the Symantec ProtectionEngine (for example, a protection engine handling error).

None No events are logged.System Verbose Any settings change made on the Symantec Protection

for SharePoint console is logged when you click Enter onthe page.

Information Information that is related to system functionality (forexample, Symantec Protection for SharePoint Servershas started or stopped) and any settings change madeon the Symantec Protection for SharePoint console arelogged. This level also includes all of the events that arelogged at the Error level.

Warning There are no warning events for the system eventsource.Any settings change made on the Symantec Protectionfor SharePoint console is logged when you click Enter onthe page.

Error Errors that are related to system functionality (forexample, an internal run-time error occurred, or an errorwhile checking the IP or host name of the SymantecProtection Engine) and any settings change made on theSymantec Protection for SharePoint console are logged.

None Any settings change made on the Symantec Protectionfor SharePoint console is logged when you click Enter onthe page.

Configuring SMTP LoggingTo configure SMTP logging, you must do the following tasks, in this order:

• Enable the email notification system.• Identify an SMTP server and port number for forwarding the log messages.• Provide the default origin and destination information for the SMTP messages.• Select the event categories for which SMTP messages must be generated.

You can choose separate sender and recipient email addresses for each event category.

You can also customize the message for each type of event.


To enable or disable the email notification system:1. On the Symantec Protection for SharePoint console, under Management, click Email notification settings.

2. Under Global Email Settings, select the Enable email notification system check box. If this option is not selected,no email notifications are sent for logged events.

3. To identify an SMTP server and port number: On the Symantec Protection for SharePoint console, underManagement, click Email notification settings.

4. Under Global Email Settings, in the SMTP Server Host or IP Address box, type the IP address or the host name ofthe SMTP server that will forward the SMTP messages.

In the SMTP Server Port box, type the port number on which the SMTP server listens. It can be any number between1 and 32456. The default setting is 25.

81



5. If the email server requires authentication, do all of the following:

User Name Type the user name.Password Type the password.

6. To provide the default origin and destination information for SMTP messages: On the Symantec Protection forSharePoint console, under Management, click Email notification settings.

7. Under Global Email Settings, in the From Address box, type the default originating email address.

Format the email address according to your company email policies. For example:

<username>@<domainname>

where <username> is the sender's user name, and <domainname> is the appropriate domain name.

8. In the Email Server Display Name box, type the server name that you want to appear in the SMTP messages thatare generated by the Symantec Protection for SharePoint Servers.

The name must be identifiable by the recipient as relating to Symantec Protection for SharePoint Servers.

If you do not specify an Email Server Display Name, the From Address appears in the From field for SMTP messagesby default.

9. In the To Address box, type the email address of the default recipient to whom the email notifications are sent.

Type multiple recipient email addresses on separate lines. You can specify a maximum of 20 recipient emailaddresses.

10. Click Save.

11. To select the events for which SMTP messages should be generated: On the Symantec Protection for SharePointconsole, under Management, click Email notification settings.

12. Select the Enable the email notification system check box.

This option enables SMTP logging for all event categories by default.

13. Under Virus Found Notification Settings, the Enable Notification option is selected by default. Clear the optionif you do not want to set up this feature. You can also determine when you want the email notifications to be sent byselecting any one of the following options:

Always send anemail notification

Sends emails if an infected file is detected and also when an infected file is repaired.

Send an emailnotification whenan infected file isdetected

Sends an email only when an infected file is detected.

Send an emailnotification whenan action istaken on aninfected file

Sends an email only when an action is taken on an infected file.

82



14. Do one of the following:

To use thedefault emailsender andrecipientaddress

Select the Use default email sender and recipient check box.

To specify adifferent emailsender andrecipient

Do all of the following:• Clear the Use default email sender and recipient check box.• In the From Address box, type the email address that you want to appear in the From field in the email

message.• In the Email Address Display Name box, type the email address display name.• In the To Address box, type the email recipient address.

You can specify a maximum of 20 email recipients. Separate multiple entries with a line space.

15. Click Edit Email Template to customize the SMTP message.


16. Click Save.

17. Repeat steps 3 through 6 for the following event categories:

• Symantec Protection Engine Notification Settings• Manual/Scheduled Scan Notification Settings• Information Notification Settings• Scanning Process Notification Settings• Error Notification Settings.

18. Under Level of Notification, select the notification level for this notification from the drop-down list.

This option applies to all of the notification settings except Virus Found Notification Settings.

Symantec Protection for SharePoint Servers sends email notifications of the selected type for each event category.

19. Click Save.

NOTE

The settings configured for Email Notifications Settings page are replicated across all the servers in theSharePoint farm environment.

Customizing SMTP MessagesWhen you configure SMTP logging, email notifications are sent for the event categories that you enabled. Defaultmessage text is included for each type of event, but you can customize individual messages. You can use keywords tocustomize the messages.

Each event category has the following default SMTP email templates and trigger events:

83



Table 15: Event categories and their default SMTP templates and events

Event category Default SMTP template Event that triggers a notification

Virus foundnotification

Virus Found Mail A virus is found during a real-time scan, manual scan, orscheduled scan (Warning).

SymantecProtectionEnginenotification

Protection Engine Notify Mail • The virus definition is older than the registered virusdefinitions with Symantec Protection for SharePointServers. (Warning)

• Symantec Protection Engine has gone offline(Warning)

• The check of Symantec Protection Engine is OK.(Information)

• Symantec Protection Engine is online. (Information)• Start checking Symantec Protection Engine (Verbose)• The check of Symantec Protection Engine is

complete.(Verbose)

Manual/Scheduled Scannotification

Manual/Schedule Scan Summary Mail At the end of a manual scan or scheduled scan, a mailthat contains the scan summary is sent. (Information)

Informationnotification

System Notify Mail • Start and stop of Symantec Protection for SharePointServers (Information)

• Start of SharePoint Administration system(Information)

• Symantec Protection for SharePoint console as aSharePoint sub-system is being loaded.(Information)

ScanningProcessnotification

Scan Process Notify Mail • An error has occurred during a scan process. (Error)• A scan process is aborted. (Warning)• Unscannable content is found. (Warning)• Encrypted content is found. (Warning)• Files containing security risk is found. (Warning)• A scan process has started. (Verbose)• A scan process has ended. (Verbose)

Error notification Error Notify Mail An undefined error was found (Error)

About KeywordsEach default SMTP template has default text in the message body. You can customize the template by adding or deletingkeywords.

Keywords to customize the Virus Found Mail template lists the keywords that are available in the Virus Found Mailtemplate.

Table 16: Keywords to customize the Virus Found Mail template

Keywords Description

Date (%DataTimeStamp%) Displays the date and time that the event occurred.Description (%Description%) Describes the status of the file after a scan.File size (%FileSize%) Displays the size of the file.Infection count (%InfectCount%) Gives the number of infections within the file. In container files, there can be more than one

infected file.

84




Mail Server (%SendServer%) Displays the host name or IP address of the mail server.Mail Server Port(%SendServerPort%)

Displays the port number of the mail server.

Mail address Recipient (%SendTo%)

Displays the recipient email address that is entered in the To Address email address box for theselected event.

Mail address Sender (%SendFrom%)

Displays the originating email address that is entered in the From Address email address box forthe selected event

Request Mode (%RequestMode%)

Describes the type of request that is sent to Symantec Protection Engine. For any file, the firstrequest type is a "scan." Based on the results, a second "clean" request is sent.

Scan mode (%Mode%) Displays whether the scan is a real-time scan, manual scan, or a scheduled scan.Scan result (%Result%) Describes the action taken on the file (for example, infected but cleaned, deleted).Scan time (%ScanTime%) Displays the amount of time that Symantec Protection Engine took to scan the file.Source of notify (%Source%) Displays the server (host name or IP address) that is the subject of the event.Type of notify (%Notifytype%) Displays the type of event (information, warning, or error).URL/File Name (%URL%) Displays the path name of the file.Virus information (%VirusString%) Displays details about the selected event (for example, virus details, action taken).

Keywords to customize the Protection Engine Notify Mail template lists the keywords that are available in the ProtectionEngine Notify Mail.

Table 17: Keywords to customize the Protection Engine Notify Mail template


Date (%DataTimeStamp%) Displays the date and time that the event occurred.Mail Server (%SendServer%) Displays the host name or IP address of the mail server.Mail Server Port(%SendServerPort%)





Displays the originating email address that is entered in the From Address email address box forthe selected event.

Protection engine host (%Host%) Displays the host name or IP address of the Symantec Protection Engine.Protection engine information(%EngineInfo%)

Displays the Symantec Protection Engine statistics including its software version, virus definitiondate, and revision number.

Protection engine port (%Port%) Displays the port number of the Symantec Protection Engine.Protection engine State (%State%) Displays the current state of the Symantec Protection Engine (online, offline, or disabled).Scan result (%Result%) Gives the result of the event. An example is Symantec Protection Engine check was successful.Source of notify (%Source%) Displays the server (host name or IP address) that is the subject of the event.Type of command(%Commandtype%)

Displays the type of command. An example is "Checking" when it is checking the status of theSymantec Protection Engine.

Type of notify (%Notifytype%) Displays the type of event (information, warning, or error).

Keywords to customize the Manual/Schedule Scan Notify Mail template lists the keywords that are available in Manual/Schedule Scan Mail.

85



Table 18: Keywords to customize the Manual/Schedule Scan Notify Mail template


Clean Files (%CleanFilesCount%) Displays the number of clean files after the manual or scheduled scan.Date (%DataTimeStamp%) Displays the date and time that the event occurred.Deleted Files(%DeletedFilesCount%)

Displays the number of files that were deleted after the manual or scheduled scan.

Encrypt Files (%EncryptFilesCount%)

Displays the number of encrypted files found during the manual or scheduled scan.

End Time Manual Scan(%EndTime%)

Displays the time at which the scan was completed.

Errors Files (%ErrorsFilesCount%) Displays the number of files with errors found during the manual or scheduled scan.Exclude by extension(%ExcludeExtFilesCount%)

Shows how many files were excluded from the scan because their file extension was in the fileextension exclusion list.

Exclude by folder(%ExcludeFolderCount%)

Displays how many paths or directories were excluded from the scan.

Files found (%CollectedFilesCount%)

Displays the number of files that were found in the SharePoint document libraries.

Infected Files(%InfectedFilesCount%)

Displays the number of infected files found during the manual or scheduled scan.

Item Text (%ItemText%) Gives the result of the event.Mail Server (%SendServer%) Displays the host name or IP address of the mail server.Mail Server Port(%SendServerPort%)





Displays the originating email address that is entered in the From Address email address box forthe selected event

Processed Files(%ProcessedFilesCount%)

Displays the number of files that were processed from the collected files.

Quarantined Files(%QuarantinedFilesCount%)

Displays the number of files that were quarantined as a result of a manual scan or scheduledscan.

Repairable Files(%RepairableFilesCount%)

Displays the number of repairable files found during the manual scan or scheduled scan.

Repaired Files(%RepairedFilesCount%)

Displays the number of files that were repaired during the manual scan or scheduled scan.

Security Risk Files(%SecurityFilesCount%)

Displays the number of files containing security risks found during the manual scan or scheduledscan.

Source of notify (%Source%) Displays the server (host name or IP address) that is the subject of the event.Start Time Manual Scan(%StartTime%)

Shows the start time of the manual scan.

Type of Scan Schedule/Manual(%ScanRuntype%)

Displays the scan type (manual scan or scheduled scan).

Unscannable Files(%UnscannableFilesCount%)

Displays the number of unscannable files found during the manual or scheduled scan.

86



Keywords to customize the System Notify Mail template lists the keywords that are available in the System Notify Mailtemplate.

Table 19: Keywords to customize the System Notify Mail template


Date(%DataTimeStamp%)

Displays the date and time that the event occurred.

Item ID(%ItemID%)

Unique ID given to the event.

Item Text(%ItemText%)

Displays a description of the event. An example is "Symantec Protection for SharePoint Servers is started."

Item Type(%ItemType%)

Displays the type of event (information, warning, or error).

Mail Server(%SendServer%)

Displays the host name or IP address of the mail server.

Mail Server Port(%SendServerPort%)


Mail addressRecipient(%SendTo%)

Displays the recipient email address that is entered in the To Address email address box for the selected event.

Mail addressSender(%SendFrom%)

Displays the originating email address that is entered in the From Address email address box for the selected event.

Source of notify(%Source%)

Displays the server (host name or IP address) that is the subject of the event.

Keywords to customize the Schedule Report send mail template lists the keywords that are available in the ScheduleReport send mail template.

Table 20: Keywords to customize the Schedule Report send mail template


Date (%DataTimeStamp%) Displays the date and time that the event occurred.End Time Manual Scan(%EndTime%)

Displays the end date for the report data range.

Job Name (%JobName%) Displays the report name.Mail Server (%SendServer%) Displays the host name or IP address of the mail server.Mail Server Port(%SendServerPort%)






87




Report Status (%ReportStatus%) Displays whether the report has been generated or not. If there is no data in the specified daterange, then the appropriate message appears here.

Report name (%Reportname%) Displays the selected report source and report definition for the report. For example, ProtectionEngines-All Log Items.

Source of notify (%Source%) Displays the server (host name or IP address) that is the subject of the event.Start Time Manual Scan(%StartTime%)

Displays the start date for the report data range.

Keywords for customizing the Scan Process Mail template lists the keywords that are available in the Scan Process Mailtemplate.

Table 21: Keywords for customizing the Scan Process Mail template


Date (%DataTimeStamp%) Displays the date and time that the event occurred.Description (%Description%) Describes the status of the file after a scan.File size (%FileSize%) Displays the size of the file.Mail Server (%SendServer%) Displays the host name or IP address of the mail server.Mail Server Port(%SendServerPort%)






Request Mode (%RequestMode%)

Describes the type of request that is sent to the Symantec Protection Engine. For any file, the firstrequest type is a "scan." Based on the results, a second "clean" request is sent.

Scan mode (%Mode%) Displays whether the scan is a real-time scan, manual scan, or a scheduled scan.Scan result (%Result%) Describes the action taken on the file (for example, infected but cleaned, deleted).Scan time (%ScanTime%) Displays the amount of time that Symantec Protection Engine took to scan the file.Source of notify (%Source%) Displays the server (host name or IP address) that is the subject of the event.Type of notify (%Notifytype%) Displays the type of event (information, warning, or error).URL/File Name (%URL%) Displays the path name of the file.Username Displays the username of the user who has performed the action.User Action Displays the action performed (Upload/Download).

Keywords for customizing the Error Notify Mail template lists the keywords that are available in the Error Notify Mailtemplate.

Table 22: Keywords for customizing the Error Notify Mail template


Date (%DataTimeStamp%) Displays the date and time that the event occurred.Error ID (%ErrorID%) Displays the error code number.

88




Error Module (%ErrorModule%) Displays the exact program module where the error has occurred.This information is meant for debugging purposes. You can view this information in the WindowsEvent Viewer as well.

Error Source (%ErrorSource%) Displays the source of the error. This information is meant for debugging purposes. You can viewthis information in the Windows Event Viewer as well.

Error Stack (%ErrorStack%) Displays the error stack information. This information is meant for debugging purposes. You canview this information in the Windows Event Viewer as well.

Error Text (%ErrorText%) Displays the error message.Mail Server (%SendServer%) Displays the host name or IP address of the mail server.Mail Server Port(%SendServerPort%)






Source of notify (%Source%) Displays the server (host name or IP address) that is the subject of the event.Scan time (%ScanTime%) Displays the amount of time that Symantec Protection Engine took to scan the file.Source of notify (%Source%) Displays the server (host name or IP address) that is the subject of the event.

To customize SMTP messages:1. On the Symantec Protection for SharePoint console, under Management, click Email notification settings.

2. Under any event category, click Edit Email Template.

The Modify Email Template page appears.

3. In the Modify Email Template page, modify the subject text.

4. To add a variable, in the Value Keyword list, click the drop-down menu, select the keyword that you want to insert,and then click Add.

The variable is appended to the end of the subject. Cut and paste the variable to the desired location in the subject.

5. In the message body text, modify the existing text.

6. To add a variable from the Value Keyword list to the message body, click the drop-down menu, select the keyword thatyou want to insert, and then click Add.

The variable is appended to the bottom of the message. Cut and paste the variable to the desired location in themessage body. You can add text to identify the variable in the message.

7. Click Save to save your changes or click Cancel to discard the changes and go to the email notifications page.

8. Repeat steps 2 through 7 for each type of event category for which you want to customize the message.

About Monitoring Scanning ActivityThe Symantec Protection for SharePoint Servers log files contain all log entries for all types of events. You can configurethe location of the log file folder. The monitoring tools that are available through the Symantec Protection for SharePointconsole let you organize and view only the log entries that you want to see.

Event sources and logs describes how log entries are first organized by the types of event sources

89



Table 23: Event sources and logs

Event source Description of logs

Scanning Process log Displays logs related to virus scanningSymantec Protection Engine log Displays logs related to the registered Symantec Protection EnginesSystem log Displays logs related to system functionality

You can specify a logging level (None, Error, Warning, Information, and Verbose) for each event source and a maximumstorage time for the logs. You can further limit the display to only certain types of entries, or you can choose to display alllogs for the selected event.

Symantec Protection for SharePoint Servers displays the event source log data in a detailed report format or as a piechart. You can also export and save the displayed log entries to a file. You can schedule the generation of reports tospecified email recipients.

Configuring the Log File Folder LocationYou can configure the location where Symantec Protection for SharePoint Servers logs the Scanning Process, SymantecProtection Engine, and System events.

To configure the log file folder location:1. On the Symantec Protection for SharePoint console, under Management, click Log File settings.

2. Under Global Log File Settings, on the right pane, specify the path for the log file folder in the Log file location box.

The default log file location is <Installdir>:\Program Files\Symantec\SharePoint\Logfiles.

You can also set the path for the log file folder by typing the following at the command line:

CmdSymScan set logfilefolder <parameter>

To view the path of the log file folder, type the following at the command line:

CmdSymScan show logfilefolder

In a SharePoint farm environment, you cannot edit the default log file location.

3. Click Save.

Setting the Logging Level for Each Event SourceEvents related to each event source (Scanning Process, Symantec Protection Engine, and System) are logged to the logfile folder. You can configure the logging level for each event source so that events of only the specified type are logged.

NOTE

The settings configured for log files are replicated across all the servers in the SharePoint farm environment.

Types of events for SMTP logging

To set the logging level for each event source:1. On the Symantec Protection for SharePoint console, under Management, click Log File settings.

2. Under Scanning Process Log File Settings, on the right pane, under Log file level, in the drop-down list, select theevent logging level.

By default, the logging level is Information for Scanning Process Log File Settings.

90



3. Click Save.

4. Repeat steps 2 through 3 for Symantec Protection Engine Log File Settings and System Log File Settings.

By default, the logging level is Warning for Symantec Protection Engine Log File Settings and Information for SystemLog File Settings.

Setting the Maximum Storage Time for Log FilesYou can specify how long the log files are stored on the server. The default storage time is one month for each eventsource (Scanning Process, Symantec Protection Engine, and System). After the threshold is met, log files are over-writtenwith new logs. If no new logs are created after the threshold is met, the old log files remain.

NOTE

The settings configured for log files are replicated across all the servers in the SharePoint farm environment.

To set the maximum storage time for the log files:1. On the Symantec Protection for SharePoint console, under Management, click Log File settings.

2. Under Scanning Process Log File Settings, on the right pane, under Maximum storage time, from the drop-down list,select the time frame threshold to store log files.

The default setting is one month.

3. Click Save.

4. Repeat steps 2 through 3 for Symantec Protection Engine Log File Settings and System Log File Settings.

Generating an On-Demand ReportYou can manually generate and analyze reports for a specified date range. You must select a report source (ProtectionEngines, Scan Processes, and System) and define the log data you want displayed. Symantec Protection for SharePointServers generates only detailed reports of all logs for Protection Engines and System.

With the Scan Processes report source, you can generate a report of any of the following:

• Pie chart report of real-time statistics (Scan Statistic (Real-time))• Pie chart report of manual scan and scheduled scan statistics (Scan Statistic (Manual + Schedule))• Pie chart report of automatic rescan statistics (Scan Statistic (Auto Re-scan))• Pie chart report of real-time scan, auto rescan, manual scan, and scheduled scan statistics (Scan Statistic (All))• Detailed report of all logs (Detailed)• List of all the infections found is generated and bar graph for a few of the latest infections found is displayed during

real-time scan, auto rescan, manual scan, and scheduled scan (Infections found (all))• List of all the infections found is generated and bar graph for a few of the latest infections found is displayed during

manual scan and scheduled scan (Infections found (manual/scheduled))• List of all the infections found is generated and bar graph for a few of the latest infections found is displayed (Infections

found (Auto Re-scan))• List of all the infections found is generated and bar graph for a few of the latest infections found is displayed during

real-time scanning (Infections found (real-time scanning))

The color legend explains what each color in the pie chart represents. Symantec Protection for SharePoint Serversdisplays a numerical statistical report beneath the pie chart.

To generate an on-demand report

91



1. On the Symantec Protection for SharePoint console, under Report, click On-demand reports.

2. In the right pane, under Report Date Range, from the SharePoint Server drop-down list, select a server where yourwant the on-demand report to be generated.

This option is available only for a SharePoint farm environment.

3. Select the From and To date range for the report that you want to generate.

4. From the Report Source drop-down list, select a report source.

5. Select a Report Definition based on the data that you want to view.

For Protection Engines and System, Symantec Protection for SharePoint Servers generates detailed reports of AllLogs data only.

For Scan Processes, select Scan Statistics (Real-time), Scan Statistics (Manual + Schedule), Scan Statistics (AutoRe-scan), Scan Statistics (All), Infections found (all), Infections found (Auto Re-scan), Infections found (manual/scheduled), Infections found (real-time scanning) or Detailed.

6. Click Show Report.

You can save the report in a .pdf, .xls, .rtf, or .txt format.

7. In the report display, from the Format drop-down list, select a format.

8. Click the icon with a floppy disk graphic to save the report.

9. Click the Printer icon to print the report.

NOTE

Reports are generated only if the logging levels are Information or Verbose.

Scheduling a ReportYou can schedule regular generation of reports and have them automatically emailed to you. This feature makes remotemonitoring of your SharePoint document library possible. You must first configure email notifications before you try toschedule a report by email.

Configuring SMTP logging

To schedule reports, you must do the following tasks:1. Select a schedule.

2. Select from the default schedules or create a new schedule.

3. Select a report data range.

Symantec Protection for SharePoint Servers collects data from within this specified date range.

4. Select a report source (Protection Engines, Scan Processes, or System) and report definition.

These options determine the content of your scheduled report.

92



5. Select a report format.

6. Activate report generation by mail.

7. Specify the sender and recipient's email address.

8. Edit the default schedule report email template and save it.

9. Click Copy to copy the created report. This option is available only if there are two or more servers with SymantecProtection for SharePoint Servers installed.

NOTE

The SharePoint Server Farm users must select a server to create a scheduled report.

10. To select a schedule: On the Symantec Protection for SharePoint console, under Report, click Schedule reports.

11. On the right pane, click Create schedule report.

12. In the Name box, type the name that you want to identify this schedule report.

13. From the Schedule drop-down list, you can select one of the following default schedules:

• Daily (Every night at midnight)• Monthly (Last day of the month at midnight)• Weekly (Every Friday at midnight)

14. Click Edit to make changes to the default schedules.

NOTE

If you edit any schedule, all reports that use the schedule are affected.

If you click Delete, the entire schedule is deleted.

15. Click New to create a new schedule.

Specify the following information for a new schedule:

New Schedulename

Type a scheduler name that will easily identify this schedule.

Schedule Type Select one of the following schedule types:• Hourly: In the Run the schedule every drop-down list, select the hourly interval.• Daily: In the Repeat after this number of days box, type the daily interval.• Weekly: Under On the following days, check the days of the week on which you want to generate the report.• Day of Month: Under Months and On day of month, select the month and the day of the month that you want to

generate the report.Select the option Last Day under On day of month to schedule the report on the last day of the selectedmonths.

• Once: There are no extra options to select for this schedule type.

Start Time(hh:mm)

Specify the time that Symantec Protection for SharePoint Servers starts generating the report.

Start Date (mm/dd/yyy)

Select the date that Symantec Protection for SharePoint Servers begins generating the report.

End Date (mm/dd/yyy)

Select the date after which Symantec Protection for SharePoint Servers should not generate reports.If you check "Never ends", the report generation will not end.If you select "Once" as the schedule type, the end date is not applicable.

16. Click Save to save the schedule you created.

You can view this schedule in the Schedule drop-down list along with other default schedules.

93



NOTE

If you click Delete, the entire schedule is deleted.

17. To select a report data range, report source, and report format: Once you have selected a schedule, under Reportdata range, select a report data range from the drop-down list.

Symantec Protection for SharePoint Servers collects data from within the specified data range and generates a report.

18. Under Report Source, from the drop-down list, select one of the following:

• Protection Engines• Scan Processes• System

19. Under Report Definition, select an entry based on the data you want in the report.

For Protection Engines and System, Symantec Protection for SharePoint Servers generates detailed reports of AllLogs data (Detailed) only.

For Scan Processes, select from any of the following:

Scan Statistics (Real-time), Scan Statistics (Manual + Schedule), Scan Statistics (All), Scan Statistics (Auto Re-scan),Detailed, (Infections found (all)), (Infections found (Auto Re-scan)), (Infections found (manual/scheduled)), (Infectionsfound (real-time scanning)) or Detailed.

20. Under Report format, click the drop-down list and select one of the following report types:

• Adobe (pdf)• Excel (xls)• Word (rtf)• Text (txt)

21. To activate report generation by email: Select the Activate this report generation check box to have the reportgenerated and distributed by email.

If this option is not selected, generated reports are not distributed by email.

22. Select the Use default email sender and recipient check box if you want to use the default sender and recipientemail addresses as was specified in Global Email Settings under Email notification settings.

23. Clear the Use default email sender and recipient check box if you want to specify different sender and recipientaddresses.

24. In the From Address box, type the default originating email address.

Format the email address according to your company email policies. For example:

<username>@<domainname>

where <username> is the sender's user name, and <domainname> is the appropriate domain name.

25. In the Email Address Display Name box, type the server name that you want to appear in the SMTP messages thatare generated by the Symantec Protection for SharePoint Servers.

The name must be easily identifiable by the recipient as relating to Symantec Protection for SharePoint Servers.

26. In the To Address box, type the email address of the default recipient to whom the email notifications are sent.

Type multiple recipient email addresses on separate lines. You can specify a maximum of 20 recipient emailaddresses.

94



27. Click Save.

If you click Delete, the entire schedule report is deleted.

28. To edit the default scheduled report mail template: On the Symantec Protection for SharePoint console, underManagement, click Email notification settings.

29. Under Information Notification Settings, click Edit Email Template to customize the SMTP message.

The Modify Email Template page appears.

30. Under Template, click the drop-down menu and select Schedule Report Send Mail.

31. In the Modify Email Template page, modify the subject text.

32. To add a variable, in the Value Keyword list, click the drop-down menu, select the keyword that you want to insert,and then click Add.

The variable is appended to the end of the subject. Cut and paste the variable to the desired location in the subject.

About keywords

33. In the message body text, modify the existing text.

34. Click Save to save the settings or click Cancel to discard the changes and go to the email notifications page.

About Quarantine ManagementSymantec Protection for SharePoint Servers provides you the option to quarantine the infected files that are found duringa manual scan or a scheduled scan. This file is not quarantined or deleted if it is checked out by any user. A copy of eachof these files is available in the quarantine directory. You can view a list of all these quarantined files on the QuarantineManagement page. The Quarantine Management page also lets you view file information such as file name, user name,server name, and quarantine location. You can also view the date and time of quarantine, reason for quarantine, and thefile size. At a later stage, you can analyze the quarantined file.

Based on your analysis, you can take one of the following appropriate actions:

Restore the quarantined file When you restore the quarantined file, Symantec Protection for SharePoint Serversrestores the file at the location where you first uploaded the file on SharePoint. It alsorestores all the metadata that is associated with the file. Symantec Protection forSharePoint Servers thus ensures that no important data that is related to the file islost due to the file being quarantined.

Note: Restoring the quarantined files in Quarantine Management is available only forMicrosoft SharePoint 2010.

Delete the quarantined file When you delete the quarantined file, Symantec Protection for SharePoint Serversdeletes the file from the quarantine directory and also deletes any associatedmetadata.

Restoring quarantined files

Deleting quarantined files

Restoring Quarantined FilesSymantec Protection for SharePoint Servers provides you the option to quarantine the infected files that are found duringa manual scan or a scheduled scan. This file is not quarantined or deleted if it is checked out by any user. When a file isquarantined, Symantec Protection for SharePoint Servers creates a copy of each of the file in the quarantine directory. Italso retains any metadata that is associated with the file. This metadata is not lost until you delete the quarantined file.You can view a list of all the quarantined files on the Quarantine Management page.

95



When you restore the quarantined file, Symantec Protection for SharePoint Servers restores the file at the location whereyou first uploaded it. It also restores all the metadata that is associated with the file. Symantec Protection for SharePointServers thus ensures that no important data that is related to the file is lost due to the file being quarantined.

NOTE

Restoring the quarantined files in Quarantine Management is available only for Microsoft SharePoint 2010.

To restore a quarantined file1. On the Symantec Protection for SharePoint console home page, under Management, click Quarantine Management.

2. On the Quarantine Management page, select the check box next to the file that you want to restore.

In the SharePoint Server farm environment, you must select a server to view a list of quarantined files.

3. Click Restore Selection to restore the selected files.


Deleting Quarantined FilesSymantec Protection for SharePoint Servers provides you the option to quarantine the infected files that are found duringa manual scan or a scheduled scan. This file is not quarantined or deleted if it is checked out by any user. When a file isquarantined, Symantec Protection for SharePoint Servers creates a copy of each of the file in the quarantine directory. Italso retains any metadata that is associated with the file. This metadata is not lost until you delete the quarantined file.You can view a list of all the quarantined files on the Quarantine Management page.

Symantec Protection for SharePoint Servers provides the option to delete a quarantined file. When you delete thequarantined file, Symantec Protection for SharePoint Servers deletes the file from the quarantine directory and alsodeletes any associated metadata.

To delete a quarantined file1. On the Symantec Protection for SharePoint console home page, under Management, click Quarantine Management.

2. On the Quarantine Management page, select the check box against the file that you want to delete.

In the SharePoint server farm environment, you must select a server to view a list of quarantined files.

3. Click Delete Selection to delete to the selected files.


96



Troubleshooting Symantec Protection for SharePoint Servers

Symantec Protection for SharePoint Servers Link Is Missing from theSharePoint Central Administration SiteAfter the first installation of the product or after a Microsoft SharePoint upgrade, the link to Symantec Protectionfor SharePoint Servers might not appear. If this issue occurs, try the following steps:

• Determine if you have installed the Symantec Protection for SharePoint console on the correct server in a farmenvironment.About deployment options (single-server and farm environments)

• Access the console through the Internet Explorer and ensure that you have the correct server name and port numberin the URL.See To access the console through Internet Information Services (IIS) Manager

• Determine whether the Symantec Protection for SharePoint Servers service is installed and started.See To determine whether the Symantec Protection for SharePoint Servers service is installed and started

• Reload Symantec Protection for SharePoint Servers.• Restart the SharePoint server.• Reset the Internet Information Services (IIS) Manager.

See To reset the Internet Information Services (IIS) Manager

To determine whether the Symantec Protection for SharePoint Servers service is installed and started1. Navigate to the Computer Management.

2. In the Computer Management window, in the left pane, expand Services and Applications, and then click Services.

3. In the right pane, scroll down to Symantec Protection for SharePoint Servers.

The status of the Symantec Protection for SharePoint Servers service appears in the Status column. If the SymantecProtection for SharePoint Servers service is stopped, nothing appears in the Status column.

Right-click on Symantec Protection for SharePoint Servers and select Start to restart the service.

4. To reset the Internet Information Services (IIS) Manager: From the command prompt, run IISRESET.

Unable to Access the Symantec Protection Engine ConsoleTo access the Symantec Protection Engine console, launch a Web browser on any computer on your network that canaccess the server that is running Symantec Protection Engine.

Ensure that you type https instead of http. The default port number is 8004. However, ensure that you enter the sameport number that you configured while installing Symantec Protection Engine.


Installing only Symantec Protection Engine using the installation wizard

Symantec Protection Engine Registration FailsIf you receive an error message "Cannot connect to host or IP address" when you try to register a SymantecProtection Engine, do the following steps:

• Determine whether the Symantec Protection Engine service is started

97



To determine whether the Symantec Protection Engine service is started• Determine whether a valid license is installed

To determine whether a valid Symantec Protection Engine license is installed

To determine whether the Symantec Protection Engine service is started1. Navigate to the Computer Management.


3. In the right pane, scroll down to Symantec Protection Engine.

The status of the Symantec Protection Engine service appears in the Status column. If the Symantec ProtectionEngine service status is stopped, nothing appears in the Status column.

4. Right-click on Symantec Protection Engine and select Start to restart the service.

To determine whether a valid Symantec Protection Engine license is installed5. Open the Symantec Protection Engine console.

6. On the primary navigation bar, click System.

If no license has been installed, when you open the console, the System tab appears by default.

7. Once you install a valid license, access the Symantec Protection for SharePoint console and try to register theSymantec Protection Engine again.


Installing the license file


Slow Server Response or High Server LoadSymantec Protection for SharePoint Servers allocates a specified number of threads for concurrent scans. Scan requestsare processed concurrently during manual scans or scheduled scans which causes scans to complete faster.For example,if you specify five threads, then five documents are scanned simultaneously. When the number of threads exceeds 25,you will notice a slow server response or a higher server load.

To reduce the number of threads:

1. From the Symantec Protection for SharePoint console home page, under Global Settings, click Manual andscheduled scan.

2. Under Optional Settings, reduce the number entered in the box Number of threads.

3. The recommended number of threads for an optimal performance is 10.

4. Click Save.

No reports are generatedSymantec Protection for SharePoint Servers does not generate reports (on-demand reports or scheduled reports)when there is no data in the log files for the specified report type and data range. The absence of data in the logfiles can be due to any of the following reasons:

• No significant event has occurred for the report source, report definition, and data range that you specifiedCheck the log files folder to verify if events are logged for the date range, and report source you specified.About SMTP logging

• The log file level is set at a higher logging level

98



If the scanning process log file level is set at Warning but only events that come under Information or Verbose haveoccurred, then the log file will contain no data. Try lowering the log file level to Verbose and generate a report again.Setting the logging level for each event source

• The log files have been deleted after the maximum storage durationThe maximum storage duration for log files is one month by default. The log files are over-written with new event logsafter the maximum storage duration. You can increase the maximum storage duration limit also.Setting the maximum storage time for log files

Connection failed error messageIf an error message Symantec Protection 6.0 for SharePoint Servers connection failed. Please check that the'Symantec Protection 6.0 for SharePoint Servers' service is started or contact your administrator. appears whenthe Symantec Protection 6.0 for SharePoint Servers service is restarted, try the following:

• Verify if the Symantec Protection 6.0 for SharePoint Servers service is started.• If the service is started, refresh the Internet Explorer browser.• Verify if the service logon user account has the necessary permissions.

1. To verify if the Symantec Protection for SharePoint Servers service is started, navigate to the ComputerManagement.



The status of the Symantec Protection for SharePoint Servers service appears in the Status column. If the SymantecProtection for SharePoint Servers service status is stopped, nothing appears in the Status column. Right-click onSymantec Protection for SharePoint Servers and select Start to restart the service.

To verify if the service logon user account has the necessary permissions,:1. In the Computer Management window, in the left pane, expand Services and Applications, and then click Services.


3. Right-click on Symantec Protection for SharePoint Servers and select Properties.

4. Click the Log on tab.

The current log on user account is selected under "Log on as". If the SQL server is on a separate computer, the useraccount must be a db_owner of SharePoint content, configuration, and SPSS databases. The user must also have‘Log on as a service’ right.

5. Select This account and specify the user name and password for the account used to log on to the SymantecService.

The user account must be a member of the Local Administrators Group on the computer on which the SharePointserver is installed. If the SQL server is on a separate computer, the user account must be a db_owner of SharePointcontent, configuration, and SPSS databases. The user must also have ‘Log on as a service’ right.



99



6. Type the password again in the Confirm password box.

7. Click Ok.

Failure sending mail error messageIf an error message "Error in Email System: Failure sending mail" appears in the Email notification settings page,try the following steps:

• Verify the accuracy of the Global Email Settings details in the Email notification settings page.Configuring SMTP logging

• Read the System logs to determine the cause of the error.The default location is <installdir>:\Program Files\Symantec\SharePoint\Logfiles\system.

• Read the entries in Symantec AntiVirus in the Event Viewer.

Unable to remember the console passwordIf you forget the console password, you can reset the password. The command line tool CmdSymScan lets you removethe password. It is located at the location <installdir>:\Program Files\Symantec\SharePoint.

Type the following command in the command prompt:

cmdsymscan clearconsolepassword

You are not prompted for a password again.

Error 1722 when installing Symantec Protection EngineTo troubleshoot this error message, try the following steps:

1. Change the values of the TEMP and TMP environment variables to a different temporary folder.

2. Try installing Symantec Protection Engine once again.

Scanning process error messagesYou may encounter error messages in the log files while performing a manual scan or a real time scan. You need tochange the settings of the backlog size.

The following are the error messages in the log files:

• An error was detected during the scanning process. Error: Protection Engine: 500 Server Error. Please contactyour administrator to verify this message.

• The scanning process was aborted. Message: Protection Engine: 0. Please contact your administrator toverify this message.

• The scanning process was aborted. Message: . Please contact your administrator to verify this message.

1. To scan process error messages on a Windows server, go to the configuration.xml file in the following defaultlocation:

C:\Program Files\Symantec\Scan Engine\

100



2. Set the ConnectionBacklog value parameter in the configuration.xml file to 128.

3. Stop and start Symantec Protection Engine to implement the changes.

Unable to view information on the SharePoint Server Farm overviewpageWhen you install Symantec Protection for SharePoint console on a new server or central administration server, you maynot view any information on the SharePoint Server Farm overview page. To view the information on the SharePointServer Farm overview page, you need to restart Symantec Protection for SharePoint Servers service on all the serverswhere you have installed it.

101



Appendix Materials

102



Error codes

About error codes and messagesSymantec Protection for SharePoint Servers has several error codes and messages that are logged into the Event log,displayed on the console, and sent by email.

Possible errors, codes, and their description describes the error codes, its type, the action taken by Symantec Protectionfor SharePoint Servers, and the message shown on the console.

Table 24: Possible errors, codes, and their description

Error Code Action Message Comments/Solution

2041 Mail and Event Log entry Symantec Protection 6.0 forSharePoint Servers is stopping.Type: Information

The Symantec Protection forSharePoint Servers service isstopping.

2042 Mail and Event Log entry Symantec Protection 6.0 forSharePoint Servers has stopped.Type: Information

The Symantec Protection forSharePoint Servers service hasstopped.

2043 Mail and Event Log entry Symantec Protection 6.0 forSharePoint Servers is starting.Type: Information

The Symantec Protection forSharePoint Servers service isstarting.

2044 Mail and Event Log entry Symantec Protection 6.0 forSharePoint Servers has started.Type: Information

The Symantec Protection forSharePoint Servers service hasstarted.

4066 Mail, Event Log entry and GUImessage

Check for protection engine failed.Error: Error TextType: Error

Undefined error while checking forSymantec Protection Engine.

4956 GUI message Please check that the SymantecProtection 6.0 for SharePoint Serversservice is started or contact youradministrator.Type: Information

The connection between theSharePoint server and SymantecProtection for SharePoint consolecannot be established.Check the services. Restart theservices if they have stopped.

5001 Mail, and Event Log entry Function check protection enginestate, ‘error text’Type: Error

An undefined error has occurredwhile checking the SymantecProtection Engine status.

8003 Mail, Event Log entry and GUImessage

All virus scanners are at maximumload. Please try again later. Thefile has not been saved. Pleasecontact your administrator for moreinformation.Type: Error

All registered Symantec ProtectionEngines are at their maximum load.By default, the thread count forSymantec Protection Engine dependson the hardware configuration ofcomputer.Modify the maximum number ofavailable threads through theSymantec Protection Engineconsole. For more information, seethe Symantec Protection EngineImplementation Guide.

103