Symantec Protection for SharePoint Servers Implementation Guide

(1)

SharePoint® Servers 6.0.4

Implementation Guide

(2)

The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

Documentation version: 6.0.4

Legal Notice

Symantec, the Symantec Logo, the Checkmark Logo and are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,

PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

(3)

http://www.symantec.com

(4)

Symantec Technical Support maintains support centers globally. Technical Support’s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates.

Symantec’s support offerings include the following:

■ A range of support options that give you the flexibility to select the right amount of service for any size organization

■ Telephone and/or Web-based support that provides rapid response and up-to-the-minute information

■ Upgrade assurance that delivers software upgrades

■ Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis

■ Premium service offerings that include Account Management Services For information about Symantec’s support offerings, you can visit our website at the following URL:

www.symantec.com/business/support/

All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy.

Contacting Technical Support

Customers with a current support agreement may access Technical Support information at the following URL:

Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem.

When you contact Technical Support, please have the following information available:

(5)

■ Operating system

■ Version and patch level

■ Network topology

■ Router, gateway, and IP address information

■ Problem description:

■ Error messages and log files

■ Troubleshooting that was performed before contacting Symantec

■ Recent software configuration changes and network changes

Licensing and registration

If your Symantec product requires registration or a license key, access our technical support Web page at the following URL:

Customer service

Customer service information is available at the following URL:

Customer Service is available to assist with non-technical questions, such as the following types of issues:

■ Questions regarding product licensing or serialization

■ Product registration updates, such as address or name changes

■ General product information (features, language availability, local dealers)

■ Latest information about product updates and upgrades

■ Information about upgrade assurance and support contracts

■ Information about the Symantec Buying Programs

■ Advice about Symantec's technical support options

■ Nontechnical presales questions

(6)

contact the support agreement administration team for your region as follows:

[email protected] Asia-Pacific and Japan

[email protected] Europe, Middle-East, and Africa

(7)

Technical Support

... 4

Chapter 1 Introducing Symantec™ Protection for SharePoint®

Servers

... 11

About Symantec Protection for SharePoint Servers ... 11

What's new ... 12

Components of Symantec Protection for SharePoint Servers ... 12

How Symantec Protection for SharePoint Servers works ... 13

About real-time scanning ... 14

About scheduled scanning and manual scanning ... 15

What happens when a file is scanned ... 17

About scanning policies in the Symantec Protection Engine ... 18

About logging and email notifications ... 19

About on-demand reports and scheduled reports ... 20

About handling large scanning volumes ... 21

About deployment options (standalone and farm environments) ... 22

About deploying Symantec Protection for SharePoint Servers in a standalone SharePoint environment ... 22

About deploying Symantec Protection for SharePoint Servers in a farm environment ... 23

About supported platforms ... 23

How Symantec Protection Engine protects against viruses ... 24

Where to get more information ... 25

Chapter 2 Installing Symantec Protection for SharePoint

Servers

... 27

Before you install ... 27

About protecting the servers that are running the Symantec Protection for SharePoint Servers components ... 28

About preventing conflicts with other products ... 28

About stopping IIS during installation ... 29

System requirements ... 29

(8)

System requirements for Symantec Protection for SharePoint

console only ... 31

System requirements for Symantec Protection Engine ... 32

About installing Symantec Protection for SharePoint Servers ... 36

About the installation options ... 39

About installing Symantec Protection for SharePoint Servers (integrated installation) ... 40

Installing only Symantec Protection Engine using the installation wizard ... 45

About installing only the Symantec Protection for SharePoint console ... 50

About repairing or modifying Symantec Protection for SharePoint Servers or its components ... 54

Upgrading Symantec Protection for SharePoint Servers version 5.1.x to version 6.0.x ... 56

Post-installation tasks ... 57

Starting the Central Administration service in a farm environment ... 58

Uninstalling Symantec Protection for SharePoint Servers ... 59

Uninstalling the Symantec Protection for SharePoint console ... 60

Uninstalling Symantec Protection Engine ... 62

Chapter 3 Using the Symantec Protection for SharePoint

console

... 65

About the Symantec Protection for SharePoint console ... 65

Accessing the console ... 66

Changing the service logon account information ... 68

About the console home page ... 70

Navigation links ... 70

Feature links ... 70

Status pane ... 72

Chapter 4 Configuring Symantec Protection for SharePoint

Servers

... 73

About configuring Symantec Protection for SharePoint Servers ... 73

Configuring a password for the console ... 74

About SharePoint Server Farm overview ... 75

Configuring real-time scanning ... 76

About manual scans and scheduled scans ... 80

(9)

Scheduling scans ... 89

Performing manual scans ... 91

About importing and exporting settings ... 91

Importing settings from a SharePoint deployment ... 92

Exporting settings from a SharePoint deployment ... 93

Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers ... 93

About adding, removing, editing, and viewing registered Symantec Protection Engines ... 96

Specifying the scanning mode for load balancing ... 98

Checking for the latest virus definitions ... 99

Chapter 5 Configuring Symantec Protection Engine

... 103

Accessing the Symantec Protection Engine console ... 103

About communication protocol settings ... 105

Configuring ICAP-specific settings ... 105

Ways to control which file types are scanned ... 108

About licensing Symantec Protection Engine ... 109

About license activation ... 110

If you do not have a serial number ... 111

Obtaining a license file ... 111

Installing the license file ... 112

About keeping your product and protection up-to-date ... 113

About definition updates ... 113

About LiveUpdate ... 114

Configuring LiveUpdate to occur automatically ... 114

Performing LiveUpdate on demand ... 115

About Rapid Release ... 115

Configuring Rapid Release updates to occur automatically ... 116

Performing Rapid Release updates on demand ... 117

About enabling security risk detection ... 118

Chapter 6 Monitoring Symantec Protection for SharePoint

Servers activity

... 121

Ways to monitor Symantec Protection for SharePoint Servers activity ... 121

About the status pane ... 123

About SMTP logging ... 124

Configuring SMTP logging ... 127

Customizing SMTP messages ... 131

About monitoring scanning activity ... 141

(10)

Setting the logging level for each event source ... 142

Setting the maximum storage time for log files ... 143

Generating an on-demand report ... 144

Scheduling a report ... 145

About quarantine management ... 149

Restoring quarantined files ... 150

Deleting quarantined files ... 151

Chapter 7 Troubleshooting Symantec Protection for

SharePoint Servers

... 153

About troubleshooting common issues ... 153

Symantec Protection for SharePoint Servers link is missing from the SharePoint Central Administration site ... 154

Unable to access the Symantec Protection Engine console ... 155

Symantec Protection Engine registration fails ... 155

Slow server response or high server load ... 156

No reports are generated ... 156

Connection failed error message ... 157

Failure sending mail error message ... 158

Unable to remember the console password ... 158

Error 1722 when installing Symantec Protection Engine ... 159

Scanning process error messages ... 159

Unable to view information on the SharePoint Server Farm overview page ... 159

Appendix A

Error codes

... 161

About error codes and messages ... 161

(11)

Introducing Symantec™

Protection for SharePoint®

Servers

This chapter includes the following topics:

■ About Symantec Protection for SharePoint Servers

■ What's new

■ Components of Symantec Protection for SharePoint Servers

■ How Symantec Protection for SharePoint Servers works

■ About deployment options (standalone and farm environments)

■ How Symantec Protection Engine protects against viruses

■ Where to get more information

About Symantec Protection for SharePoint Servers

Symantec™ Protection for SharePoint® Servers provides virus scanning and repair services for the following SharePoint products:

■ Windows SharePoint Services 2.0 (WSS 2.0)

■ Windows SharePoint Services 3.0 (WSS 3.0)

■ SharePoint Portal Server 2003 (SPS 2003)

■ Microsoft Office SharePoint Server 2007 (MOSS 2007)

■ Microsoft SharePoint Foundation 2010

1

(12)

■ Microsoft Office SharePoint Server 2010

■ Microsoft SharePoint Foundation 2013

■ Microsoft Office SharePoint Server 2013

In addition to virus scanning and repair services, Symantec Protection for SharePoint Servers provides logging, monitoring, and reporting of infected documents on the SharePoint server.

What's new

Table 1-1describes the new features in Symantec Protection for SharePoint Servers.

Table 1-1 New features Description Feature

You can install Symantec Protection for SharePoint Servers on SharePoint 2013.

SharePoint 2013 Support

Symantec Scan Engine is now referred as Symantec Protection Engine. Symantec Protection for SharePoint Servers has the latest version of Symantec Protection Engine 7.0 for virus scanning and repair services.

For more information, see the Symantec Protection Engine

Implementation Guide.

Integration with the latest Symantec Protection Engine 7.0

Components of Symantec Protection for SharePoint

Servers

Symantec Protection for SharePoint Servers includes the following components, which you can install and configure separately:

Provides virus scanning and repair services

You can install Symantec Protection Engine on the SharePoint server. You can also install Symantec Protection Engine on a separate server that is not running SharePoint. This lets you move antivirus processing off-box, thereby reducing the CPU load on the SharePoint server. The latest version of Symantec Protection Engine 7.0 is included in the software package.

(13)

Provides a means for users to configure how Symantec Protection Engine and the SharePoint server should communicate with each other, handle infected files, and monitor scanning activity. The Symantec Protection for SharePoint console refers to the administrative console of Symantec Protection for SharePoint Servers. You can configure how Symantec Protection for SharePoint Servers handles the communication between the Symantec Protection Engine and the SharePoint server through this console. Symantec Protection for SharePoint Servers also interprets the results that are returned from the protection engine after scanning.

See“About deploying Symantec Protection for SharePoint Servers in a standalone SharePoint environment”on page 22.

See“About deploying Symantec Protection for SharePoint Servers in a farm environment”on page 23.

See“About deployment options (standalone and farm environments)” on page 22.

Symantec Protection for SharePoint console

How Symantec Protection for SharePoint Servers

works

Symantec Protection for SharePoint Servers provides the following types of scanning:

■ Real-time scanning of files as they are uploaded and downloaded from the SharePoint server

See“About real-time scanning”on page 14.

■ Scheduled scans and manual scans of the files that are stored on the SharePoint server

See“About scheduled scanning and manual scanning”on page 15. In addition to scanning, Symantec Protection for SharePoint Servers does the following:

■ Monitors scanning activity by its logging and email notification feature See“About logging and email notifications”on page 19.

(14)

About real-time scanning

Files are scanned in real time as they are uploaded and downloaded from the SharePoint server. You can configure to scan files on upload, download, or both. All files that are uploaded or downloaded are submitted for scanning, regardless of file type. Symantec Protection for SharePoint Servers also supports scanning of files that are uploaded to document library, calendars, contacts, lists, and so on.

Note:If scanning fails for any reason during a real-time scan (for example, if the Symantec Protection Engine goes offline or reaches its scanning threshold), the scan is terminated. The scan request is not re-submitted until a user tries to upload or download the file.

You can configure the following options for real-time scanning:

■ Scan documents on upload.

■ Scan documents on download.

■ Allow users to download infected documents.

■ Attempt to clean infected documents.

You must set up real-time scanning to ensure protection of your SharePoint server before you let users start uploading or downloading files. For the most secure configuration, select the Scan documents on upload, Scan documents on

download, and Attempt to clean infected files options.

Warning:Selecting the option Allow users to download infected documents can put your organization at risk. Irreparable files might contain viruses that can infect your computer. SharePoint security ensures that only administrators can download the irreparable files if this option is not enabled.

See“Configuring real-time scanning”on page 76.

How caching works on the SharePoint server

The SharePoint server caches the scanning results for each stored file. The cached information includes the date and the revision number of the virus definitions that were used to perform the scan. The cached information also includes the status of the file (whether the file is clean or infected).

(15)

If another user requests access to that same file and the virus definitions have not changed, a redundant scan is avoided. Individual cache entries are updated whenever a stored file is changed.

What happens when a file is uploaded

When you try to upload a file to the SharePoint server, the file is submitted first to Symantec Protection Engine for scanning. If the file contains a virus that cannot be repaired, the file is not stored on the SharePoint server. You receive a notification that the file is infected and cannot be uploaded. If you configure the SharePoint server to attempt to clean infected files and if the infected file is a repairable file, then it is repaired and uploaded to the SharePoint server.

What happens when a file is downloaded

When you try to download a stored file, Symantec Protection for SharePoint Servers verifies the following information about the file:

■ If the file was scanned on upload

■ The status of the file (for example, if the file is clean)

■ Whether the virus definition that were used during the latest scan are the most current

If the file is infected, or if the virus definitions are not the most current, the file is submitted to Symantec Protection Engine for scanning. Based on the scan results, the file is handled according to the settings that you specify. See“Configuring real-time scanning”on page 76.

If the file is clean and was scanned with the latest definitions, the file is not rescanned. It is automatically downloaded to you. If you configure the SharePoint server to attempt to clean infected files and if the infected file is a repairable file, then it is repaired and downloaded to the server.

If the file contains a virus that cannot be repaired, the file is not downloaded to the user. You receive a notification that the file is infected and cannot be downloaded. (You can configure Symantec Protection for SharePoint Servers to permit users to download infected files. However, the most secure configuration is to disable this option. Files that contain viruses pose a risk to your organization. You are denied access to infected files by default.)

About scheduled scanning and manual scanning

(16)

been previously scanned are scanned in a timely manner. Regular scans also ensure that scanning is kept up to date as virus definitions change. Scheduled scans occur at the time and frequency that you specify.

You can force an immediate (manual) scan of the documents that are stored on the server. The options of Exclusion List, Optional Settings, and Infected File

Detection Rules that you configure for scheduled scans also apply to manual

scans. You can either perform a manual scan or a scheduled scan along with real-time scanning without any adverse effects.

See“About manual scans and scheduled scans”on page 80.

During scheduled scans and manual scans, all files are submitted for scanning, regardless of whether they were scanned previously or not. Only files in the Exclude folders list and the File extension exclude list are omitted from scanning. If a scan request fails because the protection engine is unavailable, the scan request is sent to the next protection engine, which is available and registered.

You can configure the following options for manual scans and scheduled scans:

■ Excluding files with specific extensions from being scanned

See“Excluding files with specific extensions from being scanned”on page 82.

■ Excluding folders from being scanned

See“Excluding folders from being scanned”on page 83.

■ Specifying the number of threads for scanning

See“Specifying the number of threads for scanning”on page 83.

■ Scanning all file versions in the document library

See“Scanning all file versions in the document library”on page 84.

■ Scanning only those files that were added or modified from the last scan See“Scanning those files that have been added or modified since the last completed scan”on page 84.

■ Specifying the location for quarantined documents

See“Specifying the location for quarantined documents”on page 85.

■ Specifying file handling rules

See“Specifying file handling rules”on page 86.

■ Reviewing scan statistics

(17)

Preserving bandwidth and time during manual and scheduled

scans

You can designate which directories on the SharePoint server are scanned during scheduled scans and manual scans. You can scan all directories on the SharePoint server, or you can exclude certain directories from scanning.

You can control which file types are scanned during manual scans and scheduled scans by specifying the file types passed to Symantec Protection Engine. You can save bandwidth and time by excluding those files types that are not likely to contain viruses and can be excluded from scanning. Based on the file extension,Symantec Protection for SharePoint Servers makes an initial determination, about whether to pass a file to Symantec Protection Engine for scanning.

You can limit scanning to only those files that have been added or modified since the last manual or scheduled scan. Symantec Protection for SharePoint Servers can compare the time a file was modified or added with the time of the last scan. This feature lets you conserve scanning resources by omitting files from scanning that have not been modified or added since the last scan. When this feature is disabled, all files are scanned during manual scans and scheduled scans.

Quarantining infected files

Symantec Protection for SharePoint Servers can quarantine the infected files that are found during a scheduled scan or manual scan. A copy of each infected item is forwarded to a quarantine directory. You can view a list of all these quarantined files in the Quarantine Management page. You can view, restore, or delete the quarantined file based on your analysis. The default quarantine location is C:\Program Files\Symantec\SharePoint\Quarantine.

What happens when a file is scanned

After the Symantec Protection for SharePoint console and Symantec Protection Engine are installed and properly configured, files are passed to Symantec Protection Engine for analysis.

If Symantec Protection Engine does not find a virus in a file, Symantec Protection Engine indicates that the file is clean.

(18)

Separate logging and alerting features are available through the Symantec Protection for SharePoint console and Symantec Protection Engine. You can activate logging and alerting options in Symantec Protection Engine to supplement those logging and alerting options that are available through the Symantec Protection for SharePoint console. The Symantec Protection for SharePoint console sends an email notification and records a log entry when an infection is found. Records a log

entry that an infection was found

If the file can be repaired, Symantec Protection Engine repairs it and passes a clean file back to Symantec Protection for SharePoint Servers. Configure the SharePoint antivirus settings to accept these repaired files so that infected files are replaced with repaired files on the SharePoint server.

See“Configuring real-time scanning”on page 76. Attempts to repair

the infected file

When a container file or archive file is submitted for scanning, Symantec Protection Engine decomposes the container file and scans each embedded file individually. If the container file contains unrepairable files, Symantec Protection Engine deletes the

unrepairable files from the container or the archive file. The remaining clean contents are forwarded to the SharePoint server. Symantec Protection for SharePoint Servers handles this container file as a repaired file. (Configure the SharePoint antivirus settings to accept repaired files so that infected files can be replaced with repaired files.)

Note:When a top-level file (a file that is not embedded in a container file) is infected and cannot be repaired, Symantec Protection Engine indicates it to Symantec Protection for SharePoint Servers and the SharePoint server. The SharePoint server denies access to the infected file by default. The file is deleted from the SharePoint server if you have configured it to do so.

See“Registering Symantec Protection Engine with Symantec Protection for SharePoint Servers”on page 93.

Deletes unrepairable infected files from the container files

About scanning policies in the Symantec Protection Engine

When Symantec Protection Engine scans a file for viruses, it applies the scanning policies that you configure in the Symantec Protection Engine console. For example, you can limit the resources that Symantec Protection Engine uses by only scanning certain types of files.

(19)

you configure for handling infected files (that is, blocking or deleting files) are applied.

The following scanning policies are available through the Symantec Protection Engine console:

Symantec Protection Engine uses a decomposer to extract the embedded files from a container file, scan all of the files, and reassemble the container file once scanning is complete. For overly large container files, this process can require a significant amount of resources. You can use these settings to control the resources that Symantec Protection Engine uses to process large container files and to prevent these overly large container files from being stored on the SharePoint server. You can specify the maximum amount of time spent in decomposing a container file, the maximum file size for individual files in a container file, maximum number of nested levels to be decomposed, and the maximum number of bytes that are read when determining whether a file is MIME-encoded.

You can restrict the amount of resources that are used to process large container files.

These mail policy settings are applied to all MIME-encoded messages. If MIME-encoded messages are posted for user access on the SharePoint server, you can use the mail policy settings in Symantec Protection Engine to filter email based on attachment file size or file name, message origin, total message size, or message subject line.

Note:Mail policy settings do not affect nonMIME-encoded file types that are passed to Symantec Protection Engine for scanning. When a mail filter policy is violated, Symantec Protection Engine only applies the action to MIME-encoded messages.

You can establish a mail policy to filter mail and mail attachments based on a number of attributes.

For more information, see the Symantec Protection Engine Implementation Guide.

About logging and email notifications

(20)

See“About monitoring scanning activity”on page 141. The default location of the log files is <installdir>:\Program Files\Symantec\SharePoint\Logfiles.

Symantec Protection for SharePoint Servers provides Simple Mail Transfer Protocol (SMTP) logging capabilities. When SMTP logging is configured, an email notification is sent to a specified recipient for chosen events.

To configure SMTP logging, you must do the following:

■ Enable the email notification system.

■ Identify an SMTP server and port number for forwarding the log messages.

■ Provide the default origin and destination information for the SMTP messages.

■ Select the event categories for which SMTP messages should be generated. You can choose separate sender and recipient email addresses for each event category.

See“Configuring SMTP logging”on page 127.

You can also select the email notification level so that Symantec Protection for SharePoint Servers sends an email notification only for the events whose level you specify. You can provide separate recipient information for each type of message. Default message text is included, but you can customize individual messages.

See“Customizing SMTP messages”on page 131.

About on-demand reports and scheduled reports

You can manually generate and analyze reports for a specified date range. You must select a report source (Protection Engines, Scan Processes, or System) and define the log data you to display. You can generate a detailed report of all logs or pie chart reports. Symantec Protection for SharePoint Servers displays a numerical statistical report beneath the pie chart.

See“Generating an on-demand report”on page 144.

You can configure Symantec Protection for SharePoint Servers to generate reports and distribute them by email to specified recipients at a scheduled time. From the options available, select hourly, daily, weekly, monthly, or once to schedule the reports.

(21)

To schedule reports, you must do the following tasks:

■ Select a schedule.

Choose from the default schedules or create a new schedule.

■ Select a report data range.

Symantec Protection for SharePoint Servers retrieves data from within this specified date range.

■ Choose a report source (Protection Engines, Scan Processes, or System) and report definition.

These options determine the content of your scheduled report.

■ Select a report format.

■ Activate report generation by mail.

Specify the sender and recipient's email address. See“Scheduling a report”on page 145.

About handling large scanning volumes

In a simple Symantec Protection for SharePoint Servers configuration, a single Symantec Protection Engine handles the scanning and the repair services for the SharePoint server. However, larger traffic volumes can require multiple protection engines to handle virus scanning. If you process large traffic volumes or have multiple clients making virus scanning requests, you can install and configure multiple protection engines to handle the scanning load.

If you install multiple protection engines to handle increased loads, you must register each Symantec Protection Engine with Symantec Protection for SharePoint Servers. Each Symantec Protection Engine must be installed on a separate computer on your network.

When you use multiple protection engines, you can specify how you want the scanning load to be distributed by selecting a scanning mode.

The scanning modes are as follows:

(22)

Scanning is distributed to Symantec Protection Engines based on priority. You specify the priority when you register a Symantec Protection Engine with Symantec Protection for SharePoint Servers. See“To register a new Symantec Protection Engine”on page 96. See“To edit a Symantec Protection Engine registration”on page 97. Priority mode

If you enable both modes, the priority mode takes precedence. If both the registered protection engines have the same priority, then the cycle mode takes precedence. See“Specifying the scanning mode for load balancing”on page 98.

About deployment options (standalone and farm

environments)

Symantec Protection for SharePoint Servers includes the following components that can be installed separately or together:

■ Symantec Protection for SharePoint console

■ Symantec Protection Engine

See“Components of Symantec Protection for SharePoint Servers”on page 12. See“About the installation options”on page 39.

You must install Symantec Protection for SharePoint Servers and its components in different ways based on the following SharePoint environments:

■ Standalone environment

■ Farm environment

About deploying Symantec Protection for SharePoint Servers in a

standalone SharePoint environment

(23)

Symantec Protection 6.0 for SharePoint Servers does not support a SharePoint standalone configuration with Microsoft SQL Server Desktop Engine or Windows Internal Database.

About deploying Symantec Protection for SharePoint Servers in a farm

environment

In a SharePoint farm environment, based on the SharePoint version used, deploy Symantec Protection for SharePoint Servers on the following servers:

Install the Symantec Protection for SharePoint console on each front-end Web server in the farm.

The other component, which is the Symantec Protection Engine, can be installed on the same server as the Symantec Protection for SharePoint console or on a separate server. Windows SharePoint Services 2.0

SharePoint Portal Server 2003

Install the Symantec Protection for SharePoint console on each front-end Web server in the farm and at least on one server where Central Administration service is running.

You can install the Symantec Protection for SharePoint console on the other Application servers in the farm to run on-demand or scheduled scans on these servers, if desired. However, you can run these scans from the front-end servers as well.

The other component, which is Symantec Protection Engine, can be installed on the same server as the Symantec Protection for SharePoint console or on a separate server. Windows SharePoint Services 3.0

Microsoft Office SharePoint Server 2007

About supported platforms

You can install the Symantec Protection for SharePoint console on the following platforms:

■ Microsoft Windows Server 2003

See“System requirements for Symantec Protection for SharePoint console only”

(24)

See“About installing only the Symantec Protection for SharePoint console”

on page 50.

Symantec Protection Engine runs on the following platforms:

■ Sun™ Solaris™

■ Red Hat Linux™

■ Microsoft Windows 2000 Server

You can deploy Symantec Protection Engine in any environment that is running any combination of these platforms.

See“System requirements for Symantec Protection Engine”on page 32. See“Installing only Symantec Protection Engine using the installation wizard”

on page 45.

How Symantec Protection Engine protects against

viruses

Symantec Protection for SharePoint Servers sends the files to Symantec Protection Engine for virus scanning and repair. Symantec Protection Engine detects viruses, worms, and Trojan horses in all major file types (for example, Windows files, DOS files, and Microsoft Word and Excel files). Symantec Protection Engine includes a decomposer that handles most compressed and archive file formats and nested levels of files.

Symantec Protection Engine provides protection against container files that can cause denial-of-service attacks (for example, container the files that are overly large, that contain large numbers of embedded compressed files, partial container files, or that have been designed to use resources maliciously and degrade performance). Symantec Protection Engine detects security risks such as adware, dialers, hacking tools, joke programs, remote access programs, spyware, and trackware.

(25)

Where to get more information

In addition to this guide, Symantec Protection for SharePoint Servers includes Help topics that you can access through the Help table of contents and index. You can also search for keywords in the Help.

Context-sensitive Help is available on each page.

You can visit the Symantec website for more information about your product. The following online resources for Symantec Protection for SharePoint Servers are available:

http://www.symantec.com/business/support/ index.jsp

Provides access to the technical support Knowledge Base, newsgroups, contact information, downloads, and mailing list subscriptions

http://www.symantec.com/business/index.jsp Provides product news and updates

http://www.symantec.com/security_response/ index.jsp

(26)

(27)

Installing Symantec

Protection for SharePoint

Servers

This chapter includes the following topics:

■ Before you install

■ System requirements

■ About installing Symantec Protection for SharePoint Servers

■ Upgrading Symantec Protection for SharePoint Servers version 5.1.x to version 6.0.x

■ Post-installation tasks

■ Uninstalling Symantec Protection for SharePoint Servers

Before you install

Do the following tasks before you install Symantec Protection for SharePoint Servers or its components:

■ Provide antivirus protection for the servers on which the Symantec Protection for SharePoint Servers components run.

See“About protecting the servers that are running the Symantec Protection for SharePoint Servers components”on page 28.

■ Exclude certain directories from scanning by any other antivirus product that is running on the computers on which you install the components.

See“About preventing conflicts with other products”on page 28.

2

(28)

■ Plan to install the Symantec Protection for SharePoint console at a time when Microsoft Internet Information Server (IIS) can be stopped temporarily. See“About stopping IIS during installation”on page 29.

■ Ensure that the computer on which you plan to install the console and Symantec Protection Engine meets the minimum system requirements. You can install both components together or on separate computers. See“System requirements”on page 29.

■ Ensure that the ports 9455, 9466, and 9477 are available.

■ For a SharePoint standalone deployment, ensure that SharePoint is not configured with Microsoft SQL Server Desktop Engine or Windows Internal Database.

Symantec Protection 6.0 for SharePoint Servers does not support a SharePoint standalone configuration with Microsoft SQL Server Desktop Engine or Windows Internal Database.

■ Symantec recommends that you back up the web.config file of the SharePoint Central Administration site.

About protecting the servers that are running the Symantec Protection

for SharePoint Servers components

Before you install Symantec Protection Engine and the Symantec Protection for SharePoint console, consider to install additional antivirus protection such as Symantec AntiVirus™ Corporate Edition to protect the servers on which these components run.

By design, Symantec Protection Engine scans only the files that are passed to it from Symantec Protection for SharePoint Servers. Symantec Protection for SharePoint Servers does not protect the operating systems of the computers on which Symantec Protection Engine and SharePoint Server run. Because both of these servers potentially handle viruses, they are vulnerable without real-time virus protection.

To achieve comprehensive virus protection with Symantec Protection for SharePoint Servers, it is important to protect the Symantec Protection Engine server and the SharePoint server from virus attacks. To protect the host computers, install an antivirus program on these servers in addition to the Symantec Protection for SharePoint Servers components.

About preventing conflicts with other products

(29)

antivirus product that is running on the host computer to exclude certain directories from scanning.

Table 2-1lists the directories to exclude from scanning. Table 2-1 Directories to exclude from scanning

Server Directories

The server on which Symantec Protection Engine runs.

Windows:<Installdir>\temp

These directories are the temporary directories that Symantec Protection Engine uses for scanning.

Linux® and Solaris™: <Installdir>/temp

The server on which Symantec Protection for SharePoint console runs. Symantec Protection for SharePoint Servers uses it as the default quarantine directory .

<Installdir>\Program Files\Symantec\ SharePoint\Quarantine

About stopping IIS during installation

During the installation, the Microsoft Internet Information Server (IIS) must be stopped temporarily. During the time that it takes to complete the installation, no access to IIS services is available. You must plan to install the Symantec Protection for SharePoint console when Microsoft IIS can be stopped temporarily. Microsoft IIS restarts automatically after the installation is complete.

System requirements

You can choose to install both components of Symantec Protection for SharePoint Servers together on the same computer or on different computers. The Symantec Protection for SharePoint console and Symantec Protection Engine are supported on both 32-bit and 64-bit computers for Windows 2003 Server and Windows 2008 Server.

(30)

See“System requirements for Symantec Protection for SharePoint console only”

on page 31.

See“System requirements for Symantec Protection Engine”on page 32.

System requirements for Symantec Protection for SharePoint Servers

integrated installation

Table 2-2describes the minimum system requirements to install the Symantec Protection for SharePoint console and Symantec Protection Engine on the same server.

Table 2-2 Minimum system requirements for Symantec Protection for SharePoint console and Symantec Protection Engine

Details Requirement

■ Processor and Memory: As per the requirements of the version of Microsoft SharePoint

■ Disk space: 6 GB

■ One network interface card (NIC) running TCP/IP with a static IP address

■ Internet connection to update antivirus definitions Hardware

requirements

Symantec Protection for SharePoint Servers runs on the following platforms:

(31)

Table 2-2 Minimum system requirements for Symantec Protection for SharePoint console and Symantec Protection Engine (continued)

Details Requirement

Any of the following Microsoft SharePoint Server editions: ■ Windows SharePoint Services 2.0 (WSS 2.0) with Service Pack 3

(SP 3)

■ SharePoint Portal Server 2003 (SPS 2003) with Service Pack 3 (SP 3)

■ Windows SharePoint Services 3.0 (WSS 3.0) ■ Microsoft Office SharePoint Server 2007 Any of the following Web browsers:

■ Microsoft Internet Explorer® 6.0 (with the most recent service pack that is available) or higher.

The following software components:

■ Microsoft .NET Framework 2.0 SP1 or higher ■ Microsoft ASP.NET 2.0 AJAX Extensions 1.0 ■ Central Admin Site ASP.NET Version 2.0 or higher Software

requirements

System requirements for Symantec Protection for SharePoint console

only

Table 2-3describes the minimum system requirements to install the Symantec Protection for SharePoint console.

Table 2-3 Minimum system requirements for the Symantec Protection for SharePoint console

Details Requirement

■ Processor and Memory: As per the requirements of the version of Microsoft SharePoint

■ Disk space: 512 MB (may vary depending on how long you choose to maintain log files)

(32)

Table 2-3 Minimum system requirements for the Symantec Protection for SharePoint console (continued)

Details Requirement

The Symantec Protection for SharePoint console runs on the following platforms:

■ Windows Server 2003 with Service Pack 2 or later ■ Windows Server 2008 with Service Pack 2 or later You can use any of the following editions of Windows Server: ■ Windows Server 2003 Standard/Enterprise/Data Center SP2/R2 ■ Windows Server 2008 Standard/Enterprise/Data Center SP2/R2 Operating system

Any of the following Microsoft SharePoint Server editions: ■ Windows SharePoint Services 2.0 (WSS 2.0) with Service Pack 3

(SP 3)

■ SharePoint Portal Server 2003 (SPS 2003) with Service Pack 3 (SP 3)

■ Windows SharePoint Services 3.0 (WSS 3.0) ■ Microsoft Office SharePoint Server 2007 Any of the following Web browsers:

■ Microsoft Internet Explorer® 6.0 (with the most recent service pack that is available) or higher.

The following software components:

■ Microsoft .NET Framework 2.0 SP1 or higher ■ Microsoft ASP.NET 2.0 AJAX Extensions 1.0 ■ Central Admin Site ASP.NET Version 2.0 or higher Software

requirements

System requirements for Symantec Protection Engine

You can install Symantec Protection Engine on Windows, Linux, and Solaris. See“System requirements to install Symantec Protection Engine on Windows”

on page 33.

See“System requirements to install Symantec Protection Engine on Solaris”

on page 34.

See“System requirements to install Symantec Protection Engine on Linux”

(33)

System requirements to install Symantec Protection Engine

on Windows

The following are the system requirements to install Symantec Protection Engine on Windows:

■ Windows Server 2008 SP2 (32-bit and 64-bit) ■ Windows Server 2008 R2 (64-bit)

■ Windows Server 2012 (64-bit)

Ensure that your operating system has the latest service patches available.

Operating system

Intel or AMD Server Grade Single Processor Quad Core systems or higher

Processor

4 GB of RAM or higher Memory

5 GB of hard disk space Disk space

■ Network interface card (NIC) running TCP/IP with a static IP address

■ Internet connection to update definitions ■ 100 Mbps Ethernet link (1 Gbps recommended) Hardware

■ JRE 6.0 (update 25 or later), or JRE 7.0 (update 03 or later) It is recommended to use JRE 7.0 (update 03 or later).

Note:Symantec Protection Engine supports only 32-bit versions of Java Runtime Environment. Symantec Protection Engine cannot be installed with 64-bit JRE versions.

■ Microsoft Visual C++ 2010 (SP1 or later) redistributable package (x86)

■ One of the following Web browsers to access the Symantec Protection Engine console:

■ Microsoft Internet Explorer 8 or later

Use Microsoft Internet Explorer to access the Symantec Protection Engine console from a Windows client computer. ■ Mozilla Firefox® 10 or later

Use Mozilla Firefox to access the Symantec Protection Engine console from a Solaris or Linux client computer.

(34)

System requirements to install Symantec Protection Engine

on Solaris

The following are the system requirements to install Symantec Protection Engine on Solaris:

Solaris 10 and 11

Ensure that your operating system has the latest patches available. Operating system

UltraSPARC Processor

4 GB of RAM or higher Memory

■ Internet connection to update definitions ■ 100 Mbps Ethernet link (1 Gbps recommended) Hardware

■ JRE 6.0 (update 25 or later), or JRE 7.0 (update 03 or later) It is recommended to use JRE 7.0 (update 03 or later). If you install the self-extracting JRE, ensure that you note the installation location. You must provide the location of the JRE if the installer is unable to detect it.

■ Mozilla Firefox 10 or later

(35)

System requirements to install Symantec Protection Engine

on Linux

The following are the system requirements to install Symantec Protection Engine on Linux:

■ Red Hat Enterprise Linux Server 5.7 (32-bit and 64-bit) and later ■ Red Hat Advanced Linux Server 5.7 (32-bit and 64-bit) and later ■ Red Hat Enterprise Linux Server 6.2 (32-bit and 64-bit) and later ■ Red Hat Advanced Linux Server 6.2 (32-bit and 64-bit) and later ■ SUSE Linux Enterprise Server 11 (32-bit and 64-bit)

Ensure that your operating system has the latest service patches available.

Operating system

Intel or AMD Server Grade Single Processor Quad Core systems or higher

Processor

4 GB RAM or higher Memory

(36)

■ Ensure that the following packages are installed: ■ GNU sharutils-4.6.1-2 or later

Use this package to expand the Rapid Release packages. ■ ncompress-4.2.4-44 or later

Use this package to expand the Rapid Release packages. ■ GNU C Library (glibc)

■ Initscripts

This package is required for Red Hat Linux only. ■ aaa_base package

This package is required for SUSE only.

■ JRE 6.0 (update 25 or later), or JRE 7.0 (update 03 or later) It is recommended to use JRE 7.0 (update 03 or later). Install the JRE using Red Hat Package Manager (RPM). Ensure that you note the installation location. You must provide the location of the JRE if the installer is unable to detect it.

■ Mozilla Firefox 10 or later

Use Microsoft Internet Explorer to access the Symantec Protection Engine console from a Windows client computer. The Web browser is only required for Web-based administration. You must install the Web browser on a computer from which you want to access the Symantec Protection Engine console. The computer must have access to the server on which Symantec Protection Engine runs.

Note:If any of the package binary is already present on the computer and if the installer is still unable to find it, you can add the path to the binary in LD_LIBRARY_PATH environment variable.

Software

About installing Symantec Protection for SharePoint

Servers

(37)

Provides the virus scanning and repair services.

The latest version of Symantec Protection Engine 7.0 is included in the software package.

Symantec Protection Engine

Provides you a means to configure how Symantec Protection Engine and the SharePoint server communicate with each other. The console also lets you configure how Symantec Protection for SharePoint Servers handles infected files and monitors scanning activity. Symantec

Protection for SharePoint console

You can install these components separately or together.

Based on the SharePoint farm environment and SharePoint version used, you must install the Symantec Protection for SharePoint console on all front-end servers in the farm and at least on one server where Central Administration service is running.

See“About deployment options (standalone and farm environments)”on page 22. During installation, Symantec Protection for SharePoint Servers installs both components together or separately based on the installation option that you choose.

See“About the installation options”on page 39.

The Symantec Protection for SharePoint Servers installation program checks for previous versions of the product and does one of the following:

Based on the installation option you choose, the installation program performs a full installation of Symantec Protection for SharePoint Servers and its components.

(38)

The installation program does one of the following when it detects a previous version of Symantec Protection for SharePoint Servers or any of its components:

■ Symantec Protection for SharePoint Servers (version 5.1): If the installation program detects an older version of Symantec Protection for SharePoint Servers, it uninstalls Symantec Protection for SharePoint Servers version 5.1.x and then installs Symantec Protection 6.0 for SharePoint Servers. The installation program does not retain any settings from the older version of the product. ■ Symantec Protection for SharePoint Servers

(version 6.0): If the installation program detects Symantec Protection for SharePoint Servers version 6.0, it upgrades the product to Symantec Protection 6.0.x for SharePoint Servers. The installation program retains all the settings from the older version of the product.

■ Symantec Protection Engine 7.0: If the installer detects Symantec Protection Engine 7.0, it upgrades the product to Symantec Protection Engine 7.0.x.

■ Symantec Scan Engine 5.1.x or 5.2.x: If the installer detects Symantec Scan Engine 5.1.x or 5.x.2, it upgrades the product to 7.0.x. ■ Symantec Scan Engine 4.3: If the installer

detects Symantec Scan Engine 4.3, it does not let you proceed with the installation unless you uninstall the previous version. A previous version of either component

is detected

During a fresh installation of Symantec Protection Engine, you can enter the file path of a valid license for automatic license activation. Symantec Protection for SharePoint Servers automatically registers the Symantec Protection Engine if you enter the license file path during a full installation. When you provide the license of Symantec Protection Engine during the installation process, you eliminate the need to register it through the Symantec Protection for SharePoint console.

(39)

Symantec Protection Engine installs a virtual administrative account during installation. Do not forget the password for this account because it is the only account that you can use to manage Symantec Protection Engine. You can change the password in the console, but to do so you must have the old password. See“Accessing the Symantec Protection Engine console”on page 103.

If you do not have the license file at the time of installation, you can activate the license later through the Symantec Protection Engine console.

See“About licensing Symantec Protection Engine”on page 109.

The installation program installs the Symantec Protection for SharePoint console using the service logon details that you enter during the installation procedure. You can change the service logon details after installation. You can also password protect the console so that unauthenticated users cannot access or modify the settings.

See“Accessing the console”on page 66.

You can use the silent installation or remote installation feature for multiple installations on your network.

See“Installing the Symantec Protection for SharePoint console using the silent installation feature”on page 53.

See“About installing Symantec Protection for SharePoint Servers using remote installation”on page 45.

About the installation options

On a Windows platform, the software installer displays the following options:

Installs both Symantec Protection Engine and the Symantec Protection for SharePoint console. See“About installing Symantec Protection for SharePoint Servers (integrated installation)” on page 40.

Install Symantec Protection 6.0 for SharePoint Servers (Full Install)

Installs Symantec Protection Engine only. This installation is useful if you want to move antivirus scanning off-box, thereby reducing the CPU load on the SharePoint Server.

See“Installing only Symantec Protection Engine using the installation wizard”on page 45. Install only the Symantec Protection

(40)

Installs the administrative console for Symantec Protection for SharePoint Servers

See“About installing only the Symantec Protection for SharePoint console”on page 50. Install only the Symantec Protection

for SharePoint console

On a Linux/Solaris platform, you can install Symantec Protection Engine only. Because only Symantec Protection Engine is supported on Linux or Solaris.

About installing Symantec Protection for SharePoint Servers (integrated

installation)

When you perform an integrated installation, you install both the Symantec Protection for SharePoint console and Symantec Protection Engine on the same server. Before you begin the installation procedure, ensure that your server meets the minimum system requirements. You must also ensure that the SharePoint server and all applicable updates are installed, configured, and working correctly before you begin installation.

For more information, see the Microsoft documentation.

See“System requirements for Symantec Protection for SharePoint Servers integrated installation”on page 30.

You can do a consolidated install of Symantec Protection for SharePoint Servers or install either component separately using the software installer. However, you cannot do an integrated install using the silent install feature. You can install the Symantec Protection for SharePoint console and Symantec Protection Engine separately using the silent install feature.

See“Installing Symantec Protection for SharePoint Servers using the installation wizard”on page 40.

See“Installing the Symantec Protection for SharePoint console using the silent installation feature”on page 53.

For more information about how to install Symantec Protection Engine using the silent install feature, see the Symantec Protection Engine Implementation Guide.

Installing Symantec Protection for SharePoint Servers using

the installation wizard

You can install Symantec Protection for SharePoint Servers from the software package using an installation wizard.

(41)

Panel. Symantec Protection Engine is listed as a separate entry in the Services Control Panel.

The Symantec Protection for SharePoint Servers service starts automatically when the installation is complete. Installation activities are recorded in the Windows Application Event Log and System log files at the default location C:\Program Files\Symantec\SharePoint\Logfiles.

Note:Before you install Symantec Protection for SharePoint Servers, ensure that the ports 9455, 9466, and 9477 are available.

To install Symantec Protection for SharePoint Servers using the installation wizard

1

Log on to the computer on which you plan to install the product as administrator or as a user with administrator rights.

The logon user must also be one of the following:

■ A user who configured SharePoint farm using SharePoint Configuration and Technology wizard.

■ A farm administrator and db_owner of SharePoint configuration database.

2

Run the Symantec Protection for SharePoint Servers software installer.

3

On the main page, click Install.

4

In the next installer screen window, click Install Symantec Protection 6.0

for SharePoint Servers (Full Install).

Symantec Protection Engine is installed first, then the Symantec Protection for SharePoint console is installed.

The installer first checks if the computer has J2SE Runtime Environment (JRE) 5.0 Update 15 or a later version. If not, the installation process stops. You must manually install J2SE Runtime Environment (JRE) 5.0 Update 15 or a later version and then continue with the installation of Symantec Protection Engine.

5

In the Required Components window, follow the on-screen instructions.

6

On the Symantec Protection Engine License Setup page, click Browse to browse to select the appropriate license file.

For more information on how to obtain a license file, see the Symantec

Protection Engine Implementation Guide. You can also install the license at

(42)

7

Click Next.

Symantec Protection Engine installation begins.

8

In the Welcome panel, click Next.

9

In the License Agreement panel, indicate that you agree with the terms of the Symantec Software License Agreement, and then click Next.

If you do not indicate that you agree, the installation is canceled.

10

In the Destination Folder panel, select the location to install Symantec Protection Engine, and then click Next.

The default location is C:\Program Files\Symantec\Protection Engine for 32-bit Windows platform, and C:\Program Files (x86)\Symantec\Protection Engine for 64-bit Windows platform.

11

In the UI Authentication method panel, select one of the following:

■ Symantec Protection Engine-based authentication

■ Windows Active Directory-based authentication

For more information, see Symantec Protection Engine Implementation Guide.

(43)

13

If you select Symantec Protection Engine-based authentication, in the

Administrative UI Setup panel, configure the following options:

Type a password for the administrator account that you intend to use to manage Symantec Protection Engine. Administrator

Password

Confirm the password by typing it again. Confirm Administrator

Password

Type the port number on which the Web-based console listens.

If you change the port number, use a number that is greater than 1024 that is not in use by any other program or service. The default port number is 8004. You can disable the console by typing 0. If you disable the console, you can configure Symantec Protection Engine by editing the configuration file.

Administrator Port

Type the Secure Socket Layer (SSL) port number on which encrypted files are transmitted for increased security. The default SSL port number is 8005. If this port is already in use, select an SSL port that is not in use by any other program or service. Use a port number that is greater than 1024.

SSL Port

14

If you selectWindows Active Directory-based authentication, do the following in the order listed below:

■ In the UI Authentication method panel, select Windows Active

Directory-based authentication, and then click Next.

■ In the Windows Active Directory-based Authetication Settings panel, in the Group Name box, type a valid security group name in the Domain\Groupname format.

■ Click Next.

If the group name is incorrect, a Group Name Validation screen appears. Click Back to try the security group name again.

Alternatively, click Next to continue the installation without a valid group name.

The Symantec Protection Engine service starts after installation but you cannot access the console. Once the installation is complete, you must go to configuration.xml and enter the user name to access the console.

(44)

Type the port number on which the Web-based console listens. If you change the port number, use a number that is greater than 1024 that is not in use by any other program or service. The default port number is 8004. You can disable the console by typing 0. If you disable the console, you can configure Symantec Protection Engine by editing the configuration file. Administrator

Port

Type the Secure Socket Layer (SSL) port number on which encrypted files are transmitted for increased security. The default SSL port number is 8005. If this port is already in use, select an SSL port that is not in use by any other program or service. Use a port number that is greater than 1024. SSL Port

15

Click Next.

16

In the URL filtering panel, select the provided option to enable URL filtering feature and downloading of URL definitions.

17

In the Ready to Install the Program panel, click Install.

18

Click Finish to complete installation of Symantec Protection Engine. Once installation of Symantec Protection Engine is complete, the installation of Symantec Protection for SharePoint console automatically begins.

19

20

21

In the Customer Information panel, in the User Name box, type the account name under which you are installing the Symantec Protection for SharePoint console.

22

In the Organization box, type the name of your organization.

23

Select who will have access to the console after installation.

You can limit access to the account under which the console is installed, or you can let all users access the console.

(45)

25

Specify the user name and password for the account that is used to log on to the Symantec Service.

The user account must be a member of the Local Administrators Group on the computer on which the SharePoint server is installed. If the SQL server is on a separate computer, the user account must be a member of the Local Administrators Group on that computer as well.

The user account must be of a user who configured SharePoint farm using SharePoint Configuration and Technology wizard.

The user name must be in the format domain\username or computer\username.

26

Click Next.

27

In the SharePoint Services Stop Information panel, indicate whether you agree to stop Microsoft IIS and Microsoft SharePoint Server services. If you do not want to stop IIS, select I do not agree that the services can be

stopped. This option does not allow the installation to proceed.

28

Click Next.

29

In the Ready to Install the Program panel, click Install to begin the installation.

30

Click Finish when installation is complete.

About installing Symantec Protection for SharePoint Servers

using remote installation

Symantec Protection for SharePoint Servers supports the remote installation of the entire product or any of its components through Systems Center Configuration Manager 2007 SP2.

For more information, see the appropriate Microsoft documentation.

Ensure that the server on which you plan to remotely install Symantec Protection for SharePoint Servers or its components meets the minimum system

requirements.

See“System requirements”on page 29.

Installing only Symantec Protection Engine using the installation wizard

(46)

Install and configure Symantec Protection Engine before you configure the Symantec Protection for SharePoint console.

You must ensure that the computer on which you install Symantec Protection Engine meets the system requirements.

See“System requirements for Symantec Protection Engine”on page 32. During installation, you can choose the authentication mode for accessing the Symantec Protection Engine console. If you choose Symantec Protection Engine-based authentication then Symantec Protection Engine installs an administrator account. Symantec recommends that you remember the password for this account as it is the only account used to manage Symantec Protection Engine. If you want to change the password in the console, you must have the old password.

If you choose Windows Active Directory-based authentication, Symantec Protection Engine allows users from the authorized Windows Active Directory security group to access the console.

You can install the Symantec Protection Engine by using the software installer on a Windows 2000 Server or Windows 2003 Server or Windows 2008 Server. For more information about how to install Symantec Protection Engine, see

Symantec Protection Engine Implementation Guide.

To install Symantec Protection Engine with Symantec Protection Engine-based authentication

1

Log on to the computer on which you plan to install the product as administrator or as a user with administrator rights.

2

Run the Symantec Protection for SharePoint Servers software installer.

3

On the main page, click Install.

4

In the next installer screen window, click Install only the Symantec

Protection Engine.

(47)

5

On the Symantec Protection Engine License Setup page, click Browse to browse to select the appropriate license file.

For more information on how to obtain a license file, see the Symantec

Protection Engine Implementation Guide. You can also install the license at

a later time through the Symantec Protection Engine console. See“About licensing Symantec Protection Engine”on page 109.

6

Click Next.

Symantec Protection Engine installation begins.

7

8

9

In the Destination Folder panel, select the location to install Symantec Protection Engine, and then click Next.

The default location is C:\Program Files\Symantec\Scan Engine for 32-bit Windows platform, and C:\Program Files (x86)\Symantec\Scan Engine for 64-bit Windows platform.

10

In the UI Authentication method panel, select Symantec Protection