Symantec™ Protection Engine
for Cloud Services 7.0
Symantec™ Protection Engine for Cloud Services
Release Notes
The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.
Documentation version: 7.0
Legal Notice
Copyright © 2012 Symantec Corporation. All rights reserved.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs.
The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,
PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
Symantec Corporation 350 Ellis Street
Mountain View, CA 94043
Technical Support
Symantec Technical Support maintains support centers globally. Technical Support’s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates.
Symantec’s support offerings include the following:
■ A range of support options that give you the flexibility to select the right amount of service for any size organization
■ Telephone and/or Web-based support that provides rapid response and up-to-the-minute information
■ Upgrade assurance that delivers software upgrades
■ Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis
■ Premium service offerings that include Account Management Services For information about Symantec’s support offerings, you can visit our Web site at the following URL:
www.symantec.com/business/support/
All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy.
Contacting Technical Support
Customers with a current support agreement may access Technical Support information at the following URL:
www.symantec.com/business/support/
Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem.
When you contact Technical Support, please have the following information available:
■ Hardware information
■ Available memory, disk space, and NIC information
■ Operating system
■ Version and patch level
■ Network topology
■ Router, gateway, and IP address information
■ Problem description:
■ Error messages and log files
■ Troubleshooting that was performed before contacting Symantec
■ Recent software configuration changes and network changes
Licensing and registration
If your Symantec product requires registration or a license key, access our technical support Web page at the following URL:
www.symantec.com/business/support/
Customer service
Customer service information is available at the following URL:
www.symantec.com/business/support/
Customer Service is available to assist with non-technical questions, such as the following types of issues:
■ Questions regarding product licensing or serialization
■ Product registration updates, such as address or name changes
■ General product information (features, language availability, local dealers)
■ Latest information about product updates and upgrades
■ Information about upgrade assurance and support contracts
■ Information about the Symantec Buying Programs
■ Advice about Symantec's technical support options
■ Nontechnical presales questions
Support agreement resources
If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows:
Asia-Pacific and Japan
Europe, Middle-East, and Africa
Symantec™ Protection
Engine for Cloud Services
7.0 Release Notes
This document includes the following topics:
■ About Symantec Protection Engine for Cloud Services ■ What's new in Symantec Protection Engine
■ System requirements ■ Resolved issues ■ Known issues
■ Where to get more information
About Symantec Protection Engine for Cloud Services
Symantec™ Protection Engine for Cloud Services is hereafter referred to as Symantec™ Protection Engine.
Symantec Protection Engine is a carrier-class content and URL scanning engine. Symantec Protection Engine provides content scanning and URL filtering capabilities to any application on an IP network, regardless of its platform. Any application can pass files or URLs to Symantec Protection Engine for scanning. Symantec Protection Engine accepts scan requests from the client applications that use any of the following protocols:
■ The Internet Content Adaptation Protocol (ICAP), version 1.0, as presented in RFC 3507 (April 2003)
■ A proprietary implementation of remote procedure call (RPC)
You can use the Symantec Protection Engine software development kit (SDK) or build your own connector to integrate Symantec Protection Engine with your application. The SDK supports version 1.0 of ICAP, as presented in RFC3507 (April 2003). Symantec also has developed connector code for some third-party applications to seamlessly integrate with Symantec Protection Engine.
The Symantec Protection Engine Software Developers Guide provides information about how to create customized integrations with ICAP.
What's new in Symantec Protection Engine
Table 1-1describes the new features in Symantec Protection Engine. Table 1-1 New features
Description Feature
Previously, Symantec Scan Engine exposed a limited set of static non-viral categories like Adware, Spyware, and Other Risks. Also, viral threats did not have any categories associated with them. From version 7.0 onwards, Symantec Protection Engine categorizes viral and non-viral threats more accurately. Hence, previously unknown or new non-viral threats that were reported under the generic 'Other Risks' category, would now be categorized more accurately. Enhanced categorization of
threats
You can now access the Symantec Protection Engine console using the following two types of authentication modes: ■ Symantec Protection Engine-based authentication mode
This legacy authentication method requires users to enter the Symantec Protection Engine administrator password to access the console.
■ Windows Active Directory-based authentication mode Only users from the authorized Windows Active Directory security group can access the Symantec Protection Engine console using their Active Directory credentials.
Note:For non-Windows platforms, users only have the Symantec Protection Engine-based authentication mode for accessing console.
Windows Active Directory-based Authentication mode
Symantec™ Protection Engine for Cloud Services 7.0 Release Notes What's new in Symantec Protection Engine
Table 1-1 New features (continued) Description Feature
The Administrator can now create multiple user accounts for managing Symantec Protection Engine. This feature is available only in Symantec Protection Engine-based authentication mode.
Manage user accounts
Customers who use Symantec LiveUpdate™ Administrator (LUA) to download definitions to their local LiveUpdate server for distribution, must update their product catalog in the LUA. To download new definitions, you must add "Symantec Protection Engine 7.0" to the product catalog in the LUA. New Product Catalog for
Symantec Protection Engine
Symantec Protection Engine now provides granular policies to handle unscannable files (malformed and encrypted containers), along with statistical reports.
Better handling of Unscannable files
You can now exclude files from scanning that exceed the configured file size threshold value.
Scan exclusion policy based on file size
You can now choose to scan files in-place that are less than the configured file size threshold value. This feature is only available over RPC protocol.
In-place scan policy based on file size
From version 7.0, Symantec Protection Engine is capable of retaining cumulative scan data since installation in addition to retaining data since last restart.
View cumulative scan data on home page
From version 7.0 onwards, the data from the Resources page can now be saved in log files for futher analysis.
Resource consumption logging
Symantec Protection Engine 7.0 is equipped with strong cipher support.
Stronger ciphers for password
While previously Symantec Scan Engine used to block access to infected MS Office files, Symantec Protection Engine 7.0 can now repair and delete threats. Thus, you will be able to retrieve your clean Office files.
Enhanced scanning for MS Office documents
You can configure Symantec Protection Engine to display a custom security notice that contains common security-related information to all users before they log in to the Symantec Protection Engine console.
Security notice
9 Symantec™ Protection Engine for Cloud Services 7.0 Release Notes
Table 1-1 New features (continued) Description Feature
You can integrate Symantec Protection Engine events with System Center Operations Manager (SCOM).System Center Operations Manager is a central repository that can receive critical events, errors, warnings, and other information from your Symantec Protection Engine servers.
Support for System Center Operations Manager 2007(SCOM) Pack
Symantec Protection Engine 7.0 supports the following new platforms:
■ Windows Server 2008 Japanese (32-bit and 64-bit) ■ Windows Server 2008 R2 Japanese (64-bit) ■ Windows Server 2012 (64-bit)
New platform support
Symantec Protection Engine 7.0 now supports JRE 7.0 Java™ 2SE Runtime
Environment (JRE) 7.0
System requirements
For a full description of the system requirements, see the Symantec Protection
Engine Implementation Guide.
Resolved issues
Table 1-2details the resolved issues in Symantec Protection Engine 7.0.
Symantec™ Protection Engine for Cloud Services 7.0 Release Notes System requirements
Table 1-2 Resolved issues
Description Etrack
Category
The SNMP trap feature is corrected for grammatical errors and duplicate events. 2486886
Logging
The SNMP trap feature is corrected for grammatical errors.
2746424
The SNMP trap feature is corrected for grammatical errors.
2746426
In high load scenarios, the log file now does not log the Client IP address and the event identifier fields.
2746400
The Agent Address field in the SNMP traps now displays the IP address specified in the log bind address field.
2746423
11 Symantec™ Protection Engine for Cloud Services 7.0 Release Notes
Table 1-2 Resolved issues (continued) Description Etrack
Category
Symantec Protection Engine now shuts down gracefully, and does not generate the following error: Graceful approach failed, shutting
down Symantec Scan Engine abruptly.
2746405 Functional
The FilerPerformanceThreshold parameter is now available through the filtering.xmlfile.
2746414
The FileSizeScanThreshold parameter is now available through the filtering.xml file.
2746412
Files above the FileSizeScanThreshold value are now not copied to the local temporary directory.
2746403
Under high load conditions, infections inside containers with a depth of more than 25 levels are now detected correctly.
2746409
The extra OPTIONS request is now not executed every time a file is scanned. 2746429
The ssecls utility does not have memory leak issues in case of unlicensed and unreachable Symantec Protection Engine servers. 2746430
The ScanClientStreamStart API in the C SDK has no memory leak issues.
2746431
The Command Line Scanner correctly reports the disposition in scenarios where it failed to delete the infected file.
2746435
The ScanClientStreamStart API memory leak issue is fixed in the example.cpp sample. 2746438
Java CLS now does not produce an error when scanning large files (~1GB).
2746440
Java API now does not modify the path of the file to scan if the path had a path structure different from that of the local operating system.
2746445
Symantec™ Protection Engine for Cloud Services 7.0 Release Notes Resolved issues
Table 1-2 Resolved issues (continued) Description Etrack
Category
2632290 The Symantec Protection Engine CSDK command line scanner on Linux now does not generate the double free or corruption (!prev) error if the -log option is used during a scan. Network Security Analyzer now does not report that Symantec Protection Engine uses weak SSL Ciphers.
1792894
The Symantec Protection Engine login screen is now centered in the browser window. 2757400
UI
The default Access Denied message for URL filtering is now updated.
2757456
The notification for URL filtering is now updated.
2757538
The Symantec Protection Engine
Implementation Guide now details the exact supported JRE update versions for JRE 1.5, 1.6, and 1.7.
2732767 Documentation
The Symantec Protection Engine
Implementation Guide now provides detailed information on how to configure Symantec Protection Engine to pick up definitions from internal LU websites.
2809126
The sample code is corrected in the Symantec Protection Engine C SDK Guide.
2571852
The ScanClientStreamStart API documentation now provides a detailed description for the return code 7. 2507159
Known issues
The following are the known issues in Symantec Protection Engine 7.0:
■ When the policy is set to delete the file if it is encrypted, malformed or having file attribute policy violation, Symantec Protection Engine deletes top level files that are encrypted. However, top level files that are malformed or having file attribute policy violation will not be deleted
13 Symantec™ Protection Engine for Cloud Services 7.0 Release Notes
■ On Solaris 11, Symantec Protection Engine supports the following JRE versions:
■ JRE 1.5 (Update 13 and later)
■ JRE 1.6 (Update 21 and later)
■ JRE 1.7 (Updates 1, 2, and 3)
Where to get more information
For the latest documentation set, go to the following URL:
http://www.symantec.com/business/support/index?page=content &key=61688&channel=DOCUMENTATION
Symantec™ Protection Engine for Cloud Services 7.0 Release Notes Where to get more information
