| Author |
Message |
epigram
Guest
|
 Posted:
Mon Jan 17, 2005 7:24 pm Post subject:
Windows Firewall Config for Symantec AV Corp version 9 |
|
|
I'm trying to define custom exceptions in the Windows XP firewall from my
SBS to allow my Symantec AV Corp (version 9) clients and servers to
communicate correctly. I have documents from MS and Symantec that talk
about how to do this, but I'm having trouble with the Symantec docs. The
symantec doc is
http://service1.symantec.com/SUPPORT/ent-security.nsf/c9b1ac1936fbf63488256e77006521df/7346c9f9933898dd88256ec9007c1ea0?OpenDocument&src=bar_sch_nam
This document has a link to two other documents where they explain which
ports and programs you need to create exceptions for.
It looks like I've got to do create two types of exceptions. Some for the
Symantec EXEs and some for the ports the clients/server use to communicate
with each other.
The program exceptions that I plan to put in "Windows Firewall: Define
program exceptions" in the Windows Firewall/Domain Profile (in the Group
Policy Object Editor) are:
"%PROGRAMFILES%\Symantec
AntiVirus\VPC32.exe:localsubnet:enabled:Symantec_Client_UI" - This one isn't
listed in the symantec document, but it is the client app that is running on
all the PCs. Not sure if I need this or not.
"%PROGRAMFILES%\Symantec
AntiVirus\Rtvscan.exe:localsubnet:enabled:Symantec_Client_Scan" - This one
is listed in the symantec document.
"%PROGRAMFILES%\Symantec\LiveUpdate\Lucomserver.exe:localsubnet:enabled:Symantec_LiveUpdate_Client"
- This one is listed in the symantec document.
The ports are really what are confusing me. The port exceptions that I plan
to put "Windows Firewall: Define port exceptions" Windows Firewall/Domain
Profile are:
"2967:UDP:localsubnet:enabled:Symantec_Client_RtvScan_Port" - This is the
port that allows Symantec System Center to manage the Symantec Client
Security clients and also what Rtvscan uses
"137:UDP:localsubnet:enabled:Symantec_Remote_Client_Install_Port1" - This is
one of the ports required to remotely install the Symantec Client Security
client from the server
"138:UDP:localsubnet:enabled:Symantec_Remote_Client_Install_Port2" - This is
one of the ports required to remotely install the Symantec Client Security
client from the server
Any feedback on my approach (or a better one to take) would be much
appreciated!
Thanks |
|
| Back to top |
|
 |
Allen M
Guest
|
| Posted:
Mon Jan 17, 2005 7:24 pm Post subject:
Re: Windows Firewall Config for Symantec AV Corp version 9 |
|
|
I read the Symantec document from the link below and am not having any
issues. I've recent;y upgraded all our XP workstations to SP2 and have no
problems. My parent server still goes out and gets the latestes virus
definitions and pushes them out to the clients. My other servers pull their
updates from the parent server also. Did you download and install Symantecs
SP1 for Windows XP SP2 and applied it to all your workstations? I would
probably do this first before making all them other changes.
"epigram" <nospam@spammy.com> wrote in message
news:1105986353.a4c94aea91b930fc954756052d04fc5e@bubbanews...
| Quote: | I'm trying to define custom exceptions in the Windows XP firewall from my
SBS to allow my Symantec AV Corp (version 9) clients and servers to
communicate correctly. I have documents from MS and Symantec that talk
about how to do this, but I'm having trouble with the Symantec docs. The
symantec doc is
http://service1.symantec.com/SUPPORT/ent-security.nsf/c9b1ac1936fbf63488256e77006521df/7346c9f9933898dd88256ec9007c1ea0?OpenDocument&src=bar_sch_nam
This document has a link to two other documents where they explain which
ports and programs you need to create exceptions for.
It looks like I've got to do create two types of exceptions. Some for the
Symantec EXEs and some for the ports the clients/server use to communicate
with each other.
The program exceptions that I plan to put in "Windows Firewall: Define
program exceptions" in the Windows Firewall/Domain Profile (in the Group
Policy Object Editor) are:
"%PROGRAMFILES%\Symantec
AntiVirus\VPC32.exe:localsubnet:enabled:Symantec_Client_UI" - This one
isn't listed in the symantec document, but it is the client app that is
running on all the PCs. Not sure if I need this or not.
"%PROGRAMFILES%\Symantec
AntiVirus\Rtvscan.exe:localsubnet:enabled:Symantec_Client_Scan" - This one
is listed in the symantec document.
"%PROGRAMFILES%\Symantec\LiveUpdate\Lucomserver.exe:localsubnet:enabled:Symantec_LiveUpdate_Client"
- This one is listed in the symantec document.
The ports are really what are confusing me. The port exceptions that I
plan to put "Windows Firewall: Define port exceptions" Windows
Firewall/Domain Profile are:
"2967:UDP:localsubnet:enabled:Symantec_Client_RtvScan_Port" - This is the
port that allows Symantec System Center to manage the Symantec Client
Security clients and also what Rtvscan uses
"137:UDP:localsubnet:enabled:Symantec_Remote_Client_Install_Port1" - This
is one of the ports required to remotely install the Symantec Client
Security client from the server
"138:UDP:localsubnet:enabled:Symantec_Remote_Client_Install_Port2" - This
is one of the ports required to remotely install the Symantec Client
Security client from the server
Any feedback on my approach (or a better one to take) would be much
appreciated!
Thanks
|
|
|
| Back to top |
|
|
neo [mvp outlook]
Guest
|
| Posted:
Mon Jan 17, 2005 7:24 pm Post subject:
Re: Windows Firewall Config for Symantec AV Corp version 9 |
|
|
Actually you need to create 2 UDP port exceptions for Corporate Edition.
Those 2 ports are 2967 and 38293. These two ports do the majority of the
work. (e.g. Virus Definition Transport Method (VDTM), reporting back on
status, .etc) You don't have to worry about making a hole if clients are
using FTP to acquire definitions from Symantec or your own internal
liveupdate server. (so you can skip the lucomserver unless using a 3rd party
firewall software package like Symantec's firewall.)
As for the remainder of ports, the question is: will you be doing a push
install from the server to client? If yes, then you have to allow
file/print. If you always go to the client and run the installer from the
VPHome share, then you don't need to open file/print on the desktops.
(FWIW, I do open file/print so I can do central management of workstations
from the server segment(s).)
"epigram" <nospam@spammy.com> wrote in message
news:1105986353.a4c94aea91b930fc954756052d04fc5e@bubbanews...
| Quote: | I'm trying to define custom exceptions in the Windows XP firewall from my
SBS to allow my Symantec AV Corp (version 9) clients and servers to
communicate correctly. I have documents from MS and Symantec that talk
about how to do this, but I'm having trouble with the Symantec docs. The
symantec doc is
http://service1.symantec.com/SUPPORT/ent-security.nsf/c9b1ac1936fbf63488256e77006521df/7346c9f9933898dd88256ec9007c1ea0?OpenDocument&src=bar_sch_nam
This document has a link to two other documents where they explain which
ports and programs you need to create exceptions for.
It looks like I've got to do create two types of exceptions. Some for the
Symantec EXEs and some for the ports the clients/server use to communicate
with each other.
The program exceptions that I plan to put in "Windows Firewall: Define
program exceptions" in the Windows Firewall/Domain Profile (in the Group
Policy Object Editor) are:
"%PROGRAMFILES%\Symantec
AntiVirus\VPC32.exe:localsubnet:enabled:Symantec_Client_UI" - This one
isn't listed in the symantec document, but it is the client app that is
running on all the PCs. Not sure if I need this or not.
"%PROGRAMFILES%\Symantec
AntiVirus\Rtvscan.exe:localsubnet:enabled:Symantec_Client_Scan" - This one
is listed in the symantec document.
"%PROGRAMFILES%\Symantec\LiveUpdate\Lucomserver.exe:localsubnet:enabled:Symantec_LiveUpdate_Client"
- This one is listed in the symantec document.
The ports are really what are confusing me. The port exceptions that I
plan to put "Windows Firewall: Define port exceptions" Windows
Firewall/Domain Profile are:
"2967:UDP:localsubnet:enabled:Symantec_Client_RtvScan_Port" - This is the
port that allows Symantec System Center to manage the Symantec Client
Security clients and also what Rtvscan uses
"137:UDP:localsubnet:enabled:Symantec_Remote_Client_Install_Port1" - This
is one of the ports required to remotely install the Symantec Client
Security client from the server
"138:UDP:localsubnet:enabled:Symantec_Remote_Client_Install_Port2" - This
is one of the ports required to remotely install the Symantec Client
Security client from the server
Any feedback on my approach (or a better one to take) would be much
appreciated!
Thanks
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in