SPE For NAS Getting Started Guide

Symantec™ Protection Engine
for Network Attached Storage

Getting Started Guide
v7.5.3
Symantec™ Protection Engine for Network Attached
Storage Getting Started Guide
The software described in this book is furnished under a license agreement and may be used
only in accordance with the terms of the agreement.
Documentation version: 2.0
Legal Notice
Copyright © 2016 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo, the Checkmark Logo and are trademarks or registered
trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other
names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be
reproduced in any form by any means without prior written authorization of Symantec
Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED

CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH
DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL
NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION
WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE
INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE
WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in
Commercial Computer Software or Commercial Computer Software Documentation", as
applicable, and any successor regulations. Any use, modification, reproduction release,
performance, display or disclosure of the Licensed Software and Documentation by the U.S.
Government shall be solely in accordance with the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com
Getting Started
This document includes the following topics:
■ About Symantec™ Protection Engine for Network Attached Storage
■ Why you need virus protection for Web proxy/caching
■ How Symantec Protection Engine protects against threats in a messaging

environment
■ What's new in Symantec Protection Engine
■ About supported protocols for Symantec Protection Engine
■ Components of Symantec Protection Engine
■ Before you install Symantec Protection Engine
■ System requirements
■ Where to get more information
About Symantec™ Protection Engine for Network

Attached Storage
Symantec™ Protection Engine for Network Attached Storage is hereafter referred
to as Symantec Protection Engine.
Symantec Protection Engine is a carrier-class content and URL scanning engine.
Symantec Protection Engine provides content scanning and URL filtering capabilities
to any application on an IP network, regardless of its platform. Any application can
pass files or URLs to Symantec Protection Engine for scanning.
Symantec Protection Engine accepts scan requests from the client applications
that use any of the following protocols:
Getting Started 4
Why you need virus protection for Web proxy/caching
■ Symantec Protection Engine Native protocol
Note: From version 7.0, Native protocol has been deprecated. Symantec
recommends the use of either ICAP or RPC protocol.
■ The Internet Content Adaptation Protocol (ICAP), version 1.0, as presented in

RFC 3507 (April 2003)
■ A proprietary implementation of remote procedure call (RPC)
You can use the Symantec Protection Engine software development kit (SDK) or
build your own connector to integrate Symantec Protection Engine with your
application. The SDK supports version 1.0 of ICAP, as presented in RFC3507 (April
2003). Symantec also has developed connector code for some third-party
applications to seamlessly integrate with Symantec Protection Engine.
The Symantec Protection Engine Software Developers Guide provides information
about how to create customized integrations with ICAP.
See “Components of Symantec Protection Engine” on page 12.
About the connector code

The connector code handles the communication between the Symantec Protection
Engine and the messaging or caching solution. It sends the scanning requests to
the Protection Engine, and it interprets the scanning results.
The connector code is either developed by the software vendor of the messaging
or caching solution or by Symantec. Depending on your messaging or caching
solution, you might need to obtain the connector code from the software vendor.
In some cases, the software vendor integrates the connector code into its product
before distribution.
For more information about the connector for your messaging or caching solution,
see the appropriate documentation.
Why you need virus protection for Web proxy/caching

The HTTP gateway is an underprotected area of most networks. Corporate security
efforts have heavily focused on more traditional areas through which viruses can
enter. Enterprises typically have focused security around known viruses that enter
the network through more common means, such as CD-ROM or email, so hackers
now exploit the Web as a means to enter corporate networks. Many new threats
target port 80, which is usually open on corporate firewalls so that users can browse
the Web.
Getting Started 5
How Symantec Protection Engine protects against threats in a messaging environment
Dedicated virus scanning for Web traffic is recommended for the following reasons:
■ Scanning Web traffic lets you catch and block threats at the gateway, rather
than multiple times at each desktop. Users can potentially disable desktop
protection, which can leave your network vulnerable to attack.
■ Because many people now use Web-based email, email-born viruses that would
otherwise be caught by antivirus scanning at the SMTP gateway can slip through
to infect the network.
■ The industry trend has been to Web-enable many application environments to
include the use of technologies like ActiveX, JavaScript, and Java applets to
enhance the user experience. Many new threats are associated with these Web
technologies. Malicious mobile code viruses, such as Nimda and Code Red,
have entered networks as executables (for example, ActiveX, JavaScript, or
Visual Basic Scripts) that appear to be part of safe Web content.
■ The industry trend has been to Web-enable many application environments to
include the use of technologies like ActiveX applet to enhance the user
experience. Many new threats are associated with these Web technologies.
Malicious mobile code viruses, such as Nimda and Code Red, have entered
networks as executables (for example, ActiveX, JavaScript, or Visual Basic
Scripts) that appear to be part of safe Web content.
■ Once a threat has been cached, malicious code can potentially be passed to
other users on the network, which can compromise additional computers and
data on the network.
■ Malicious code can result in lost, stolen, or corrupted files, which can result in
costly downtime to the enterprise.
How Symantec Protection Engine protects against

threats in a messaging environment
Symantec Protection Engine can detect the following types of risks:
■ Threats (such as viruses, worms, and Trojan horses)
■ Security risks (such as adware and malware)
■ Denial-of-service attacks
Symantec Protection Engine protects your mail system from messages and
attachments that overload the system and cause denial-of-service. This includes
container files that are overly large, that contain large numbers of embedded
compressed files, or that are designed to maliciously use resources and degrade
performance. You can specify the maximum amount of time that the Protection
Getting Started 6
What's new in Symantec Protection Engine
Engine devotes to decompose a file and its contents, the maximum file size for
container files, and the maximum number of nested levels to be decomposed for
scanning.
Symantec Protection Engine for Messaging uses the following technologies to
protect your messaging environment from threats:
Definitions Symantec engineers track reported outbreaks of risks (such

as viruses, Trojan horses, worms, adware, and spyware) to
identify new risks. After a risk is identified, information about
the risk (a signature) is stored in a definition file. The virus
definitions file contains the necessary information to detect
and eliminate the virus.
Heuristics Symantec Protection Engine uses Symantec Bloodhound™

heuristics technology to scan for threats for which no known
definitions exist. Bloodhound heuristics technology scans for
unusual behaviors (such as self-replication) to target
potentially infected documents. Bloodhound technology is
capable of detecting as much as 80 percent of new and
unknown executable file threats. Bloodhound-Macro
technology detects and repairs over 90 percent of new and
unknown macro viruses. Bloodhound requires minimal
overhead since it examines only programs and the documents
that meet stringent prerequisites. In most cases, Bloodhound
can determine in microseconds whether a file or document
is likely to be infected. If it determines that a file is not likely
to be infected, it moves to the next file.
Container file decomposer Symantec Protection Engine contains a decomposer that

extracts container files so that they can be scanned for risks.
The decomposer continues to extract container files until it
reaches the maximum that you specify.
Automatic product and virus Symantec LiveUpdate technology ensures that your network
definitions updates is not at risk of infection from newly discovered viruses. The
updates are handled automatically without having the restart
services or redeploy software. This ensures no interruption
in scanning services during the updates.
You can also update risk definitions using Rapid Release or
Intelligent Updater.

Table 1-1 describes the new features in Symantec Protection Engine.
Getting Started 7
Table 1-1 New features
Feature Description
New platform support Symantec Protection Engine 7.5.3 supports

the following new platform:
■ SUSE Linux Enterprise Server 12

(64-bit)
Support for Rapid Release v5 packages on Symantec Protection Engine 7.5.3 now
Windows platforms supports the Rapid Release v5 definitions
on Windows platforms.
Support to block the file based on its true type Now with Symantec Protection Engine 7.5.3,
you can block the file based on its true type.
FTP protocol support for LiveUpdate Earlier, only HTTP was supported for
LiveUpdate. Now, you can use FTP protocol
to download definitions from the desired
(local) server.
For more information, see the following KB

article:
https://support.symantec.com/
en_US/article.INFO3193.html
New platform support Symantec Protection Engine 7.5.2 supports

the following new platforms:
■ Red Hat Enterprise Linux Server 5.11

(32-bit and 64-bit) and later
■ Red Hat Enterprise Linux Server 6.6
(32-bit and 64-bit) and later
Getting Started 8
Table 1-1 New features (continued)
Feature Description
Core 1.5 definitions support Symantec Protection Engine 7.5.2 is now

incorporated with core 1.5 definitions
support. You can now update Symantec
Protection Engine with the latest Antivirus
definitions package, which has reduced
considerably in size (approximately 280
MB). Thus, LiveUpdate, Rapid Release,
Intelligent Update can now run to obtain the
updated antivirus definitions with core 1.5
definitions support feature.
Note: Although the core 1.5 definition
packages are shipped with SPE v7.5.2
onwards, the previous antivirus definition
packages shipped with SPE v7.5.x also
support the core 1.5 definitions seamlessly.
SHA256RSA certificate support Symantec Protection Engine now generates

user interface server certificate using
SHA256RSA algorithm. This certificate is
used for secure communication between
Symantec Protection Engine user interface
and Symantec Protection Engine user
interface server.
Removal of support for JRE 6.0 Support for JRE 6.0 is removed in Symantec
Protection Engine 7.5.2.
HTTP support for local reputation server Symantec Protection Engine 7.5.2 now
supports “HTTP” protocol for server URL
configuration setting for local reputation
server.
Getting Started 9
Feature Description
New hypervisor support Symantec Protection Engine is certified to

run on the following hypervisors:
■ Windows 2012 Hyper-V

■ Windows 2008 R2 Hyper-V
■ Unix Xen 3.4.3
See “System requirements to install

Symantec Protection Engine on Windows”
on page 18.
See “System requirements to install

Symantec Protection Engine on Solaris”
on page 19.
See “ System requirements to install

Symantec Protection Engine on Linux”
on page 20.
Removal of Java dependency for LiveUpdate Symantec Protection Engine implements a

definitions update version of LiveUpdate that is not built upon
Java, thus removing the dependency of
Java for definitions update.
Note: The liveupdate.xml file is now
used instead of the liveupdate.conf file.
Symantec Insight™ Symantec Insight™ is a file-based detection

technology that classifies files as good or
bad by examining properties, usage
patterns, or users of a given file rather than
scanning it.
Removal of Java dependency in Symantec You can now install and configure Symantec
Protection Engine Protection Engine without the dependency
on Java.
Cluster mode support Symantec Protection Engine can now scan

files from storage devices configured in a
cluster.
Getting Started 10
Feature Description
Microdef packages Microdefs is a technology used to reduce

the virus definition download size on client
machines. To reduce the transfer size,
microdefs create a difference between the
new definition file and the source definition
file. Using microdefs, a difference or a patch
file is created for each file in the definitions
set. The patch files are applied to the
definitions set currently installed on the
client machine to update them to the latest
released definitions set.
LogConverter utility The LogConverter utility converts the

Symantec Protection Engine log files into a
readable format. This utility converts input
log file(s) into text, HTML (-h switch) and
CSV (-c switch) formats. The default output
format is text.
XMLModifier utility The XMLModifier utility is used to configure

options in Symantec Protection Engine
when operating in the Core server only
mode.
Security improvements for silent installation Prior to Symantec Protection Engine 7.5.0,
the response file, required to initiate the
silent installation, had to be located in the
temp directory of the user. This meant that
any user had access to the file.
From version 7.5.0, as part of security

improvements, the
response/no-ask-questions file must be
present in the home directory of the user.
New Product Catalog for Symantec Protection Customers who use Symantec
Engine LiveUpdate™ Administrator (LUA) to
download definitions to their local
LiveUpdate server for distribution, must
update their product catalog in the LUA. To
download new definitions, you must add
Symantec Protection Engine 7.5 to the
product catalog in the LUA.
Getting Started 11
About supported protocols for Symantec Protection Engine
See “About Symantec™ Protection Engine for Network Attached Storage”

on page 3.
About supported protocols for Symantec Protection

Engine
Table 1-2 lists the supported protocols that client applications can use to send scan
requests to Symantec Protection Engine.
Table 1-2 Supported protocols
Protocol Description
Native protocol Symantec Protection Engine implements a TCP/IP protocol to

provide scanning functionality to client applications. This protocol
(Deprecated)
is text-based, like HTTP or SMTP. It uses ASCII commands and
responses to communicate between the client and the server.
To scan a file, a client connects to the default IP port. It sends

the file to be scanned and then reads the results of the scan. After
the client receives the scan results, the client and server
disconnect and must initiate a new connection to scan each
subsequent file.
Internet Content ICAP is a lightweight protocol for executing a remote procedure

Adaptation Protocol call on HTTP messages. ICAP is part of an architecture that lets
(ICAP) corporations, carriers, and ISPs dynamically scan, change, and
augment Web content as it flows through ICAP servers. The
protocol lets ICAP clients pass HTTP messages to ICAP servers
for adaptation. Adaptation might include some sort of
transformation or other processing, such as scanning or content
filtering. The server executes its transformation service on the
messages and responds to the client, usually with modified
messages. The adapted messages might be either HTTP requests
or HTTP responses.
Getting Started 12
Components of Symantec Protection Engine
Table 1-2 Supported protocols (continued)
Protocol Description
A proprietary remote Remote procedure call (RPC) is a client/server infrastructure that

procedure call (RPC) increases the interoperability and portability of an application.
protocol RPC lets the application be distributed over multiple platforms.
The use of RPC frees the developer from having to be familiar
with various operating systems and network interfaces.
Symantec Protection Engine uses a proprietary scanning protocol

with the MS-RPC protocol to interface with client applications.
This protocol is supported only on Windows 2003 Server/Windows
2008 Server/Windows 2012 Server. Any appropriate client can
use RPC to communicate with Symantec Protection Engine to
request the scanning and repairing of files.
For more details on the supported protocols, see Symantec Protection Engine
Implementation Guide.

Table 1-3 lists the components that are included in the Symantec Protection
Engine.zip file.
Table 1-3 Product components
Component Description Folder name
Symantec Protection The software that you install to Symantec_Protection_Engine\

Engine protect your network from threats
(such as viruses), security risks
(such as adware and spyware),
and unwanted content.
Silent installation The files that you can use to Symantec_Protection_Engine\

perform a silent installation or Silent_Install\
upgrade. Also includes response
files for Red Hat.
The files that you can use to

perform a silent installation or
upgrade. Also includes response
files for Red Hat and Solaris.
Getting Started 13
Table 1-3 Product components (continued)
Command-line scanner The software that acts as a client Command_Line_Scanner\

to Symantec Protection Engine
through the Symantec Protection
Engine application programming
interface (API). The
command-line scanner lets you
send files to Symantec Protection
Engine to be scanned.
Symantec Protection The tools and documentation that Symantec_Protection_

Engine software you can use to create the Engine_SDK\
developer's kit customized integrations that use
ICAP.
Symantec Central The tool that you use to Tools\Central_Quarantine\

Quarantine server quarantine infected files that
cannot be repaired when you use
the ICAP protocol or RPC
protocol. Symantec Central
Quarantine server lets you isolate
unrepairable files so that threats
cannot spread.
LiveUpdate™ The utility that you use to Tools\LiveUpdate_Admin\

Administration Utility configure one or more intranet
FTP, HTTP, or LAN servers to
act as internal LiveUpdate
servers. LiveUpdate lets
Symantec products download
program and definition file
updates either directly from
Symantec or from a LiveUpdate
server.
For more information, see the

LiveUpdate Administrator's Guide
in the Symantec Protection
Engine.zip file.
Getting Started 14
System Center You can integrate Symantec Tools\SCOM\

Operations Manager Protection Engine events with Management_Pack
2007 and 2012 (SCOM) System Center Operations
Pack Manager (SCOM).System Center
Operations Manager is a central
System Center
repository that can receive critical
Operations Manager
events, errors, warnings, and
2012 (SCOM) Pack
other information from your
Symantec Protection Engine
servers.
Preconfigured rules are

automatically created when you
import the management pack.
System Center Operation
Manager Agent monitors
Windows Event log for Symantec
Protection Engine events based
on criteria mentioned in rules of
Management pack. When a rule
is triggered, the Operations
Manager 2012 Agent collects
data about the event and
forwards it to the System Center
Operations Manager.
For more information, see the

Symantec™ Protection Engine
Management Pack Integration
Guide in the Symantec Protection
Engine product zip file.
SSIM SIPI Installers The datapackage.sip file is Tools\SSIM_SIPI_

located in the Installers\SPE\datapackage.sip
SSIM_SIPI_Installers
directory in the Symantec
Protection Engine product zip file.
You can use the
datapackage.sip file to
configure SPE events in
Symantec Security Information
Manager.
Getting Started 15
Before you install Symantec Protection Engine
MIB file The Management Information Tools\MIB\symantecprotection

Base (MIB)file (symantec engine.mib
protectionengine.mib) is
located in the MIB directory in the
Symantec Protection Engine
product zip file. You can use this
file to configure SNMP alerts.
LiveUpdate Log Config The LiveUpdate Log Config folder Tools\LiveUpdate_Log_Config\

files contains the various configuration
files to enable LiveUpdate
logging on all platforms.
Adobe Acrobat Reader is required to view the reports that are generated in .pdf
format. You can download Adobe Acrobat Reader from http://www.adobe.com/.

Install Symantec Protection Engine on a computer that meets the system
requirements. Before you install Symantec Protection Engine, install and configure
the operating system software and applicable updates for your server. Also ensure
that your operating system software and server work correctly. For more information,
see the documentation for your server.
See “System requirements” on page 18.
Before you install Symantec Protection Engine, take the following steps:
■ On Windows operating system, if you want to use Windows Active
Directory-based authentication method to access the Symantec Protection
Engine console, you must ensure the following:
■ Create or identify an existing security group in the Active Directory that would
be authorized to access the Symantec Protection Engine console.
■ The server (on which you plan to install Symantec Protection Engine) belongs
to the same domain or has trust relationship with the Active Directory, that
contains the security group authorized to access the Symantec Protection
Engine console.
■ Install Java 2SE Runtime Environment (JRE) 7.0 (update 80 or later) or JRE
8.0 (update 66 or later) on the server.
Getting Started 16
Note: Symantec Protection Engine supports only 32-bit versions of Java Runtime
Environment. Symantec Protection Engine cannot be installed with 64-bit JRE
versions.
■ Disable any third-party antivirus products that are running on the server on which
you plan to install Symantec Protection Engine. You can turn on antivirus
protection after installation is complete.
Symantec Protection Engine scans the files that client applications pass to
Symantec Protection Engine. Symantec Protection Engine does not protect the
computer on which it runs. Since Symantec Protection Engine processes the
files that might contain threats, the server on which it runs is vulnerable if it has
no real-time protection.
Use an antivirus program to protect the server on which Symantec Protection
Engine runs, such as Symantec Endpoint Protection. To prevent scanning
conflicts, configure the antivirus program not to scan the temporary directory
that Symantec Protection Engine uses for scanning.
■ Review the deployment considerations and recommendations. These
recommendations can enhance your overall performance.
After you complete the installation, perform the post-installation tasks.
Migrating to version 7.5.3

While installing Symantec Protection Engine, you can choose to upgrade from the
previous version to version 7.5.3.
Table 1-4 describes the upgrades that Symantec Protection Engine supports.
Getting Started 17
Table 1-4 Supported upgrades
Previous version number Description
7.5.x Symantec Protection Engine 7.5.3 supports an upgrade from

version 7.5.x (releases prior to 7.5.3).
You can select whether to upgrade the product and preserve

your existing settings or to perform a clean upgrade. If you
choose to do a clean upgrade, the installer removes the
previous version, and then installs the newer version as a
full installation, without preserving any previous settings.
Note: Ensure that LiveUpdate is not in progress before
upgrading from 7.5.x (releases prior to 7.5.3) to 7.5.3. If in
progress, please wait for it to complete, before the upgrade.
Note: Deployment and Application name settings will be

preserved in a clean upgrade from SPE 7.5.x (releases prior
to 7.5.3) to SPE 7.5.3.
For more information, see the Symantec Protection Engine

for Network Attached Storage - Upgrade Matrix.
7.0.x Symantec Protection Engine supports an upgrade from

version 7.0.x.
5.1/5.2 Symantec Protection Engine does not support direct upgrades

from version 5.1 or 5.2. You must first upgrade to version
7.0.x and then further upgrade to version 7.5.3.
4.3.x and earlier Symantec Protection Engine does not support direct upgrades
from version 4.3.x. To install version 7.5.3, you must first
either uninstall 4.3.x or upgrade to 5.2.x, then upgrade to
7.0.x, and then further upgrade to version 7.5.3.
You must stop the Symantec Protection Engine service before you upgrade the
software.
If you want to upgrade from version 5.2/5.1 and use security certificates, take the
following actions:
■ If you use the default security files that Symantec Protection Engine generated,
delete the keystore.public and keystore.private before you perform the upgrade
installation.
■ If you use custom security files, you can retain the custom security files.
Symantec Protection Engine automatically uses the existing files when you
upgrade.
Getting Started 18
System requirements
System requirements
Before you install Symantec Protection Engine, verify that your server meets the
minimum system requirements.
See “System requirements to install Symantec Protection Engine on Solaris”
on page 19.
System requirements to install Symantec Protection Engine on

Windows
The minimum system requirements to install Symantec Protection Engine on
Windows are as follows:
Operating system ■ Windows Server 2008 SP2 (32-bit and 64-bit)
■ Windows Server 2008 R2 (64-bit)

■ Windows Server 2008 Japanese (32-bit and 64-bit)
■ Windows Server 2008 R2 Japanese (64-bit)
■ Windows Server 2012 (64-bit)
■ Windows Server 2012 Japanese (64-bit)
Ensure that your operating system has the latest service patches
available.
Processor Intel or AMD Server Grade Single Processor Quad Core systems or
higher
Memory 4 GB RAM or higher
Disk space 5 GB of hard disk space
10 GB of hard disk space for using URL Filtering feature
Hardware ■ Network interface card (NIC) running TCP/IP with a static IP address
■ Internet connection to update definitions
■ 100 Mbps Ethernet link (1 Gbps recommended)
Getting Started 19
System requirements
Software ■ Install Java 2SE Runtime Environment (JRE) 7.0 (update 80 or later)
or JRE 8.0 (update 66 or later) on the server.
Note: You must install JRE only if you plan to operate Symantec
Protection Engine in the Core server with user interface mode.
Note: Symantec Protection Engine supports only 32-bit versions

of Java Runtime Environment. Symantec Protection Engine cannot
be installed with 64-bit JRE versions.
■ Microsoft Visual C++ 2010 (SP1 or later) redistributable package
(x86)
■ One of the following Web browsers to access the Symantec
Protection Engine console:
■ Microsoft Internet Explorer 10 or later
Use Microsoft Internet Explorer to access the Symantec
Protection Engine console from a Windows client computer.
■ Mozilla Firefox 24 or later
Use Mozilla Firefox to access the Symantec Protection Engine
console from a Solaris or Linux client computer.
console from a Linux client computer.
The Web browser is required only for Web-based administration.

You must install the Web browser on a computer from which you
want to access the Symantec Protection Engine console. The
computer must have access to the server on which Symantec
Protection Engine runs.
Hypervisor support ■ VMware® vSphere Hypervisor™ version 5.1 or later

■ Xen 3.4.3 (installed on RHEL 5.4 x64)
The following Windows guest operating systems have been certified

on Hyper-V:
■ Windows Server 2008 SP2 (32-bit and 64-bit)

■ Windows Server 2008 Japanese (32-bit and 64-bit)
■ Windows Server 2012 (64-bit)
System requirements to install Symantec Protection Engine on Solaris

The minimum system requirements to install Symantec Protection Engine on Solaris
are as follows:
Getting Started 20
System requirements
Operating system Solaris 10 and 11
available.
Processor UltraSPARC
Software ■ Java 2SE Runtime Environment (JRE) 7.0 (update 80 or later)

If you install the self-extracting JRE, ensure that you note the
installation location. You must provide the location of the JRE if the
installer is unable to detect it.

System requirements to install Symantec Protection Engine on Linux

The minimum system requirements to install Symantec Protection Engine on Linux
are as follows:
Getting Started 21
System requirements
Operating system ■ Red Hat Enterprise Linux Server 5.7 (32-bit and 64-bit) or later
■ Red Hat Enterprise Linux Advanced Server 5.7 (32-bit and 64-bit)
or later
■ Red Hat Enterprise Linux Server 5.11 (32-bit and 64-bit) or later
■ SUSE Linux Enterprise Server 11 (32-bit and 64-bit)
■ SUSE Linux Enterprise Server 12 (64-bit)
available.
Processor Intel or AMD Server Grade Single Processor Quad Core systems or
higher
Getting Started 22
System requirements
Software ■ Ensure that the following packages are installed:

■ 32-bit zlib library package
■ GNU sharutils-4.6.1-2 or later
Use this package to expand the Rapid Release packages.
■ 32-bit GNU libuuid-2.17.2-6 or later
■ ncompress-4.2.4-44 or later
Use this package to expand the Rapid Release packages.
■ 32-bit GNU C Library (glibc)
■ Initscripts
This package is required for Red Hat Linux only.
■ aaa_base package
This package is required for SUSE only.
■ Java 2SE Runtime Environment (JRE) 7.0 (update 80 or later) or
JRE 8.0 (update 66 or later) on the server.
Install JRE using Red Hat Package Manager (RPM). Ensure that
you note the installation location. You must provide the location of
the JRE if the installer is unable to detect it.
console from a Linux client computer.

Note: If any of the above package binary is already present on the

computer and if the installer is still unable to find it, you can add the
path to the binary in LD_LIBRARY_PATH environment variable.
Getting Started 23
Where to get more information
Hypervisor support ■ VMware® vSphere Hypervisor™ version 5.1 or later

■ Xen 3.4.3 (installed RHEL 5.4 x64)
The following Linux guest operating systems have been certified on

Hyper-V:
■ Red Hat Enterprise Linux Server 5.7 (32-bit and 64-bit)

■ Red Hat Enterprise Linux Server 6.2 (32-bit and 64-bit)
■ SUSE Linux Enterprise Server 11 (32-bit and 64-bit)
Where to get more information

Symantec Protection Engine includes an online Help system. You can access topics
through the Help table of contents and index, and you can search for keywords.
Context-sensitive help is available for each page in the Symantec Protection Engine
console.
You can visit the Symantec Web site for more information about our product.
The following online resources are available:
Provides access to the technical support www.symantec.com/techsupp/ent/

Knowledge Base, newsgroups, contact enterprise.html
information, downloads, and mailing list
subscriptions
Provides information about registration, http://customersupport.symantec.com/

frequently asked questions, how to respond to
error messages, and how to contact Symantec
License Administration
Provides product news and updates www.enterprisesecurity.symantec.com
Provides access to the Virus Encyclopedia, www.symantec.com/security_response/

which contains information about all known index.jsp
threats, information about hoaxes, and access
to white papers about threats

SPE For NAS Getting Started Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SPE For NAS Getting Started Guide

Uploaded by

Copyright:

Available Formats

Symantec™ Protection Engine

for Network Attached Storage

Documentation version: 2.0

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED

■ About Symantec™ Protection Engine for Network Attached Storage

■ Why you need virus protection for Web proxy/caching

■ How Symantec Protection Engine protects against threats in a messaging

■ What's new in Symantec Protection Engine

■ About supported protocols for Symantec Protection Engine

■ Components of Symantec Protection Engine

■ Before you install Symantec Protection Engine

■ Where to get more information

About Symantec™ Protection Engine for Network

■ Symantec Protection Engine Native protocol

■ The Internet Content Adaptation Protocol (ICAP), version 1.0, as presented in

About the connector code

Why you need virus protection for Web proxy/caching

How Symantec Protection Engine protects against

Definitions Symantec engineers track reported outbreaks of risks (such

Heuristics Symantec Protection Engine uses Symantec Bloodhound™

Container file decomposer Symantec Protection Engine contains a decomposer that

What's new in Symantec Protection Engine

Table 1-1 New features

New platform support Symantec Protection Engine 7.5.3 supports

■ SUSE Linux Enterprise Server 12

For more information, see the following KB

New platform support Symantec Protection Engine 7.5.2 supports

■ Red Hat Enterprise Linux Server 5.11

Table 1-1 New features (continued)

Core 1.5 definitions support Symantec Protection Engine 7.5.2 is now

SHA256RSA certificate support Symantec Protection Engine now generates

Table 1-1 New features (continued)

New hypervisor support Symantec Protection Engine is certified to

■ Windows 2012 Hyper-V

See “System requirements to install

See “System requirements to install

See “ System requirements to install

Removal of Java dependency for LiveUpdate Symantec Protection Engine implements a

Symantec Insight™ Symantec Insight™ is a file-based detection

Cluster mode support Symantec Protection Engine can now scan

Table 1-1 New features (continued)

Microdef packages Microdefs is a technology used to reduce

LogConverter utility The LogConverter utility converts the

XMLModifier utility The XMLModifier utility is used to configure

From version 7.5.0, as part of security

See “About Symantec™ Protection Engine for Network Attached Storage”

About supported protocols for Symantec Protection

Table 1-2 Supported protocols

Native protocol Symantec Protection Engine implements a TCP/IP protocol to

To scan a file, a client connects to the default IP port. It sends

Internet Content ICAP is a lightweight protocol for executing a remote procedure

Table 1-2 Supported protocols (continued)

A proprietary remote Remote procedure call (RPC) is a client/server infrastructure that

Symantec Protection Engine uses a proprietary scanning protocol

Components of Symantec Protection Engine

Table 1-3 Product components

Component Description Folder name

Symantec Protection The software that you install to Symantec_Protection_Engine\

Silent installation The files that you can use to Symantec_Protection_Engine\

The files that you can use to

Table 1-3 Product components (continued)

Component Description Folder name

Command-line scanner The software that acts as a client Command_Line_Scanner\