Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Symantec AntiVirus 9

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS >> Symantec AntiVirus 9 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Symantec AntiVirus 9 - 2.Aug.2005 10:03:00 AM   
Guest
 Since I installed ISA 2004 and SP1 on SBS 2003 my Symantec Antivirus 9 doesn't seem to work on my client computers. Any word on this? Workarounds, patches, etc?
  Post #: 1
RE: Symantec AntiVirus 9 - 2.Aug.2005 10:19:00 AM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Stephen,

What do you mean by not working?

Thanks!
Tom

(in reply to Guest)
Post #: 2
RE: Symantec AntiVirus 9 - 2.Aug.2005 10:31:00 AM   
Guest
 Tom,
Thanks for the reply. Well, first on my client computers XP started saying it couldn't find any virus protection. Then on my server when I open up the Symantec System Center Consol and try to start a manual scan on a client computer it says, "Symantec AntiVirus could not start a manual scan on the following server(s) and/or client(s) because the machines could not be communicated with. Please make sure that each machine is up and has Symantec AntiVirus is running." (Interesting grammar [Smile] )

Does that explain it a little more?

Thanks again!
Stephen

(in reply to Guest)
  Post #: 3
RE: Symantec AntiVirus 9 - 2.Aug.2005 10:34:00 AM   
11210

 

Posts: 8
Joined: 2.Aug.2005
Status: offline 		Ok, I registered now. Thanks again!

Stephen

(in reply to Guest)
Post #: 4
RE: Symantec AntiVirus 9 - 2.Aug.2005 10:46:00 AM   
11210

 

Posts: 8
Joined: 2.Aug.2005
Status: offline 		I found some info here that doesn't look too promising

http://www.isaserver.org/software/ISA/Anti-Virus/Symantec-AntiVirus-for-ISA-Server /Comments/

(in reply to Guest)
Post #: 5
RE: Symantec AntiVirus 9 - 2.Aug.2005 12:02:00 PM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Stephen,

OK, I think I don't understand how the ISA firewall is invovled with this.

What Symantec software is installed on the ISA firewall?

What is the nature of the communications between the various components of the Symantec AV solution you're using?

Thanks!
Tom

(in reply to Guest)
Post #: 6
RE: Symantec AntiVirus 9 - 2.Aug.2005 1:41:00 PM   
jonathan_vella

 

Posts: 21
Joined: 15.Jan.2004
From: Malta
Status: offline 		Stephen,

have you tried installing one client by giving the server's IP address instead of the server's name?
Also, have you tried to analize ISA real-time logs for any unusual denied activity?
I have installed both SAV 9 and 10 on configurations identical to yours without any issues...as a last resource, you can always try and re-install the SAV server and all of it's required components.

Regards,

Jonathan

(in reply to Guest)
Post #: 7
RE: Symantec AntiVirus 9 - 2.Aug.2005 2:16:00 PM   
HandyAndy

 

Posts: 29
Joined: 1.Aug.2005
From: Kernersville, NC USA
Status: offline 		Hi Dr. T,

If you would like to poke around in my Server which is running SBS 2003 SP1 and SAV 9.0.2.1000 I would be more than happy to give you admin access. I just tried to do a manual remote scan of one of the workstations and got the same result. Let me know where to send the credentials if you would like to have a look.
HA

ps it is interesting to note that the signature updates go through and the console communicates with the clients without issue, only the manual scan seems to be effected.

[ August 02, 2005, 02:19 PM: Message edited by: HandyAndy [SBS-MVP] ]

(in reply to Guest)
Post #: 8
RE: Symantec AntiVirus 9 - 2.Aug.2005 3:05:00 PM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Andy,

What I need to know is something about the Symantec software.

Is this some sort of client/server application?

What's installed on the ISA firewall in this setup?

What's installed on the client systems behind the ISA firewall?

Thanks!
Tom

(in reply to Guest)
Post #: 9
RE: Symantec AntiVirus 9 - 2.Aug.2005 3:26:00 PM   
HandyAndy

 

Posts: 29
Joined: 1.Aug.2005
From: Kernersville, NC USA
Status: offline 		Hi Tom,

On the client machine there is the antivirus app that runs basically standalone, but it is configured via a console on the antivirus server.

This server can be installed on any computer, but usually in SBSland it gets installed on the SBS/ISA server. The AV server pushes updates and configuration info to the client and this fucntion see to work ok. In the console you can also select a wks or wks's and then select start manual scan, this is the fucntion that is being blocked.


Here is the error

(in reply to Guest)
Post #: 10
RE: Symantec AntiVirus 9 - 2.Aug.2005 9:38:00 PM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Andy,

Great! OK, now I get it. I'm not used to services being installed on the ISA firewall, so its a bit of a U-turn for me in terms of mindset.

OK, what you can do is enable the real-time logging feature and then run the command that's not working. Then check to see what protocols/ports are being blocked from the Local Host Network to the client.

HTH,
Tom

(in reply to Guest)
Post #: 11
RE: Symantec AntiVirus 9 - 4.Aug.2005 4:21:00 PM   
HandyAndy

 

Posts: 29
Joined: 1.Aug.2005
From: Kernersville, NC USA
Status: offline 		Not ignoring you Dr. Tom, when I try to get the realtime monitoring it runs for a few seconds and then says too much data.
I am tryign to track down where the local to local traffic is coming from. Bizillions of entires

[ August 04, 2005, 04:52 PM: Message edited by: HandyAndy [SBS-MVP] ]

(in reply to Guest)
Post #: 12
RE: Symantec AntiVirus 9 - 4.Aug.2005 10:40:00 PM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Andy,

Local to local? That sounds somewhat BAD.

I can't think of a scenario where Local Host to Local Host connections might be made.

Thanks!
Tom

(in reply to Guest)
Post #: 13
RE: Symantec AntiVirus 9 - 5.Aug.2005 9:05:00 AM   
HandyAndy

 

Posts: 29
Joined: 1.Aug.2005
From: Kernersville, NC USA
Status: offline 		Yes it is driving me nuts.
Here about 2 seconds of activity

And this is the 2 errors that fill the monitor
Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload Source Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Error Information Log Record Type Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL
0.0.0.0 SignatureImporterThread: No Proxy SBS2K3P gw01entry01.gw01.dis.symantec.com TCP Internet - - - - - - 0 0 1138 0 12204 The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. 0x0 0x0 Web Proxy Filter 8/5/2005 8:54:55 AM 192.168.160.2 2848 SSL-tunnel Failed Connection Attempt 192.168.160.2 anonymous gw01entry01.gw01.dis.symantec.com:2848

Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload Source Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Error Information Log Record Type Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL
192.168.160.2 SBS2K3P - TCP - Yes - 60713 0 0 0 0x0 0x0 0x0 Firewall 8/5/2005 8:54:55 AM 192.168.160.2 8080 Unidentified IP Traffic Initiated Connection 192.168.160.2 Local Host Local Host - -

Any ideas?

(in reply to Guest)
Post #: 14
RE: Symantec AntiVirus 9 - 7.Aug.2005 10:38:00 AM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Andy,

Wowza! [Smile]

There are pretty interesting entries [Big Grin]

One thing clear here is that you need to extend your SSL tunnel port range. It looks like the Symantec site requires TCP 2848 for the SSL connection. There's complete explanation in the book on how to extend the SSL tunnel port range.

This might fix the other problems too.

HTH,
Tom

(in reply to Guest)
Post #: 15
RE: Symantec AntiVirus 9 - 7.Aug.2005 6:14:00 PM   
HandyAndy

 

Posts: 29
Joined: 1.Aug.2005
From: Kernersville, NC USA
Status: offline 		Hi Dr. Tom,

Well I found an article by one of my favorite authors, that explained the problem and pointed to a couple of tools to use to resolve it. I used the gui tool which worked like a charm and you were right it also solved the other problem. I thought I would share that article with everyone here Extending SSL Port Range Article not that I don't want to get a hold of your new book, I just was not wanting to have to wait for delivery to solve my problem :>)

[ August 07, 2005, 06:14 PM: Message edited by: HandyAndy [SBS-MVP] ]

(in reply to Guest)
Post #: 16
RE: Symantec AntiVirus 9 - 8.Aug.2005 7:31:00 AM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Andy,

Good job! Thanks!

Tom

(in reply to Guest)
Post #: 17
RE: Symantec AntiVirus 9 - 8.Aug.2005 7:04:00 PM   
11210

 

Posts: 8
Joined: 2.Aug.2005
Status: offline 		Tom and Andy,

Thanks a lot for the help. I'll try this when I get the chance.

Stephen

(in reply to Guest)
Post #: 18
RE: Symantec AntiVirus 9 - 9.Aug.2005 6:14:00 AM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Stephen,

Let us know how it works out for you.

Thanks!
Tom

(in reply to Guest)
Post #: 19

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS >> Symantec AntiVirus 9 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts