YeOldeStonecat
07-23-04, 07:14 AM
Upgrade a large insurance firm yesterday from their 8.1, to the new 9.0 Corp Edition. Smooth upgrade without hiccups, and this place gets hammered with viruses every day....their prior version had earned it's keep!
There were a couple of new features in 9.0 that caught my eye, should be pretty cool to see in action.
They added more rebust POP internet mail sniffing, something the prior versions never "officially" had, since CE is really meant for business networks, therefore usually something like MS Exchange or Lotus Notes is being used. Personally I've always seen the old version catch viruses in POP mail anyways, since it's really only a function of real time file protection...but it makes it sound "more catchy" as a sales point to have it.
I like the "Threat Tracer" feature....can't wait to use that, I see it as being a good feature when installing for the first time on networks that might have a bunch of bugs....point you to the infected machines quickly.
Finally having a "drag and drop" to move clients between servers...as before we had to use a quick registry change on the server, then update clients quickly with a "push" of config.
My experience from the update...
*As always, make sure if you're upgrading an existing Symantec AV Server, uninstall the old management console/tools first, then "upgrade".
*On Win9X clients, they'll need the "Root Certificates" from Windows Update optinal components....before installing or upgrading to 9.0. If you have a lot of those old OS's, download it ahead of time on a server share or something so you can install it quickly.
*It might have been some odd files that this insurance companies main software package, WinTAM, tied in with MS Outlook....but all of them needed to have the old extend.dat file deleted, because Outlook coughed up an error upon launch after upgrading to 9.0. Symantecs excellent support documentation had the error quickly solved by doing a quick search on their site for the error. They even supply a little extend.dat removal tool for those too lazy to "find files", right click==>delete.
Anyways, here's the list of updates/changes.
* POP3 and SMTP Internet email scanning
Lets you configure Symantec AntiVirus clients to scan email body text and attachments that are transported using the POP3 or SMTP protocols. The ports scanned for POP3 and SMTP traffic are configurable.
* Outbound email heuristics scanning
Lets you enable outbound email heuristics scanning, which uses Bloodhound Virus Detection to identify potential threats contained in outgoing messages. This feature helps prevent the spread of threats such as worms that use email clients to replicate and distribute themselves across a network.
* Windows Installer (.msi) client and server installations
Lets you install Symantec AntiVirus clients and servers using Windows Installer technology to support MSI-based installation and deployment.
* Deployment of installations without granting administrator rights on the target computer
Lets you install Symantec AntiVirus from the Microsoft Management Console (MMC) using Elevated Privileges, rather than granting administrative privileges to the user on the target computer.
* Auto-Protect
Replaces and scans faster than Realtime File Protection. Auto-Protect can be loaded on system startup, and then unloaded on system shutdown to help protect against viruses.
* In-memory threat scanning
Lets you scan running processes to identify and handle threats that are loaded into memory.
* Threat Tracer
Lets you identify, by IP address and NetBIOS name, the source of network share-based virus infections on computers that are running Windows NT-based operating systems.
* Forced LiveUpdate for Symantec AntiVirus clients
Provides a way to update virus definitions files when clients on which LiveUpdate is installed are using outdated files.
* Expanded threat detection
Scans for new threats in the following categories: Spyware, Adware, Dialers, Joke Programs, Remote Access programs, Hack Tools, and Trackware. Other threats that do not meet these category requirements are included in the Security Risks category.
* Moving clients between servers
Lets you move clients from one parent server to another using a drag-and-drop operation.
* Symantec VPN Sentry
Prevents users with nonsecure computers from connecting to a corporate network through a VPN connection and ensures that a computer that is attempting to connect is compliant with the corporate security policy.
* Log forwarding
Lets you select the events that clients forward to their parent servers and that secondary servers forward to primary servers.
There were a couple of new features in 9.0 that caught my eye, should be pretty cool to see in action.
They added more rebust POP internet mail sniffing, something the prior versions never "officially" had, since CE is really meant for business networks, therefore usually something like MS Exchange or Lotus Notes is being used. Personally I've always seen the old version catch viruses in POP mail anyways, since it's really only a function of real time file protection...but it makes it sound "more catchy" as a sales point to have it.
I like the "Threat Tracer" feature....can't wait to use that, I see it as being a good feature when installing for the first time on networks that might have a bunch of bugs....point you to the infected machines quickly.
Finally having a "drag and drop" to move clients between servers...as before we had to use a quick registry change on the server, then update clients quickly with a "push" of config.
My experience from the update...
*As always, make sure if you're upgrading an existing Symantec AV Server, uninstall the old management console/tools first, then "upgrade".
*On Win9X clients, they'll need the "Root Certificates" from Windows Update optinal components....before installing or upgrading to 9.0. If you have a lot of those old OS's, download it ahead of time on a server share or something so you can install it quickly.
*It might have been some odd files that this insurance companies main software package, WinTAM, tied in with MS Outlook....but all of them needed to have the old extend.dat file deleted, because Outlook coughed up an error upon launch after upgrading to 9.0. Symantecs excellent support documentation had the error quickly solved by doing a quick search on their site for the error. They even supply a little extend.dat removal tool for those too lazy to "find files", right click==>delete.
Anyways, here's the list of updates/changes.
* POP3 and SMTP Internet email scanning
Lets you configure Symantec AntiVirus clients to scan email body text and attachments that are transported using the POP3 or SMTP protocols. The ports scanned for POP3 and SMTP traffic are configurable.
* Outbound email heuristics scanning
Lets you enable outbound email heuristics scanning, which uses Bloodhound Virus Detection to identify potential threats contained in outgoing messages. This feature helps prevent the spread of threats such as worms that use email clients to replicate and distribute themselves across a network.
* Windows Installer (.msi) client and server installations
Lets you install Symantec AntiVirus clients and servers using Windows Installer technology to support MSI-based installation and deployment.
* Deployment of installations without granting administrator rights on the target computer
Lets you install Symantec AntiVirus from the Microsoft Management Console (MMC) using Elevated Privileges, rather than granting administrative privileges to the user on the target computer.
* Auto-Protect
Replaces and scans faster than Realtime File Protection. Auto-Protect can be loaded on system startup, and then unloaded on system shutdown to help protect against viruses.
* In-memory threat scanning
Lets you scan running processes to identify and handle threats that are loaded into memory.
* Threat Tracer
Lets you identify, by IP address and NetBIOS name, the source of network share-based virus infections on computers that are running Windows NT-based operating systems.
* Forced LiveUpdate for Symantec AntiVirus clients
Provides a way to update virus definitions files when clients on which LiveUpdate is installed are using outdated files.
* Expanded threat detection
Scans for new threats in the following categories: Spyware, Adware, Dialers, Joke Programs, Remote Access programs, Hack Tools, and Trackware. Other threats that do not meet these category requirements are included in the Security Risks category.
* Moving clients between servers
Lets you move clients from one parent server to another using a drag-and-drop operation.
* Symantec VPN Sentry
Prevents users with nonsecure computers from connecting to a corporate network through a VPN connection and ensures that a computer that is attempting to connect is compliant with the corporate security policy.
* Log forwarding
Lets you select the events that clients forward to their parent servers and that secondary servers forward to primary servers.