Download, Installation, and Usage instructions for Symantec (Norton) AntiVirus for Windows 2000/XP/2003, Version 10.1.5

Symantec Endpoint Protection, SEP, is now the recommended antivirus for Windows 2000, XP, and 20003. It is easier to install and configure than SAV 10.2, and provides better protection.

New Features in SAV Version 10

• Smart Scan, which is turned on by default: finds and searches files whose file extensions have been changed, presumably by viruses. For more information, see The SAV CE Client Guide, page 46.
  
  
• Tamper Protection, which is also turned on by default and remains on, even when you turn off File System Auto-Protect. This protects the SAV program files from being changed by viruses and worms; it would be a useful thing for a virus or worm to disable your antivirus program. For more information, see The SAV CE Client Guide, page 47.
  
  
• Positive actions for security risks such as adware and spyware, and inclusion of detection of security risks in all types of scans.
  
  
• Install over previous versions rather than having to uninstall. (Not true for Windows Vista.)

• Windows OS and Hardware Requirements for Version 10.1
• 1. Download Symantec AntiVirus for Windows
• 2. Installing Symantec AntiVirus for Windows
• -- 2a. Installing over SAV or NAV
• -- 2b. Installing for the First Time
• 3. Running LiveUpdate
• The Default Configuration and Actions
• 4. Schedule Regular Full Scans and LiveUpdate
• -- Schedule Regular Automatic Full Scans
• -- Schedule Regular LiveUpdates
• How to Tell if Auto-Protect Is Running
• 5. Run a Manual Scan in Windows
• 6. What to Do If SAV Finds a Virus
• Want to know more?
• Need Additional Help?

There are specific OS requirements for Symantec AntiVirus Version 10.1. (If you have Windows Vista, you must use Symantec AntiVirus 10.2 or Symantec Endpoint Protection.)

• Symantec AntiVirus 10.1 client 32-bit
  • Windows 2000 Professional/Server/Advanced Server
  • Windows XP Home/Professional/Tablet PC
  • Windows XP Home is supported only as an unmanaged client
  • Windows Server 2003 Web/Standard/Enterprise/Datacenter
    
    
• Symantec AntiVirus 10.1 client 64-bit
  • Windows XP 64-bit Edition Version 2003
• Windows Server 2003 x64 Standard/Enterprise/Datacenter

Hardware requirements:

• Symantec AntiVirus client 32-bit
• 128 MB
• 55 MB disk space
• Internet Explorer 5.5 Service Pack 2 or later
  
  
• Terminal Server clients that connect to a computer with antivirus protection have the following additional requirements:
  • Microsoft Terminal Server RDP (Remote Desktop Protocol) client
  • Citrix Metaframe (ICA) client 1.8 or later if using Citrix
    
    
• Symantec AntiVirus antivirus client 64-bit
  • 80 MB
  • 70 MB disk space
  • Internet Explorer 5.5 with Service Pack 2 or later
  • Intel processors that support Intel Extended Memory 64 Technology (Intel EM64T)
  • AMD 64-bit Opteron and Athlon processors
  • Itanium processors with Symantec AntiVirus 10.1.6 and later

Internet Explorer Note: When doing a silent installation, SAV Version 10.1 does not check whether Internet Explorer 5.5 with Service Pack 2 or later is installed on computers when it is required. If the correct version of IE is not available, the installation fails without informing you. I am sorry to say.

SAV CE 10 is no longer available through the Webstore. If you need it for some particular reason, send email to software@uic.edu.

You can install SAV Corporate Edition 10 in Windows 2000/XP/2003 over:

• SAV Corporate Edition 8.0 or later
• Norton AntiVirus Corporate Edition 7.6 or Later
• Symantec Client Security, all versions

So if you were using one of these antivirus software packages, you no longer have to uninstall your old antivirus software before you install your new one.

This installation is easy. Exit all running programs.

1. Double-click on the .exe file you downloaded. The install files will unzip automatically.
   
2. When everything is unzipped, the install program should start automatically.
   1. Click Next> on the splash screen.
   2. Read and accept the license agreement; then follow the instructions to install Symantec AntiVirus.
   3. Select Complete install.
3. Then click Install to begin the install. Wait a long while.
4. Click Finish when the installation finishes.
5. LiveUpdate will run. (See below.) Click Finish to end LiveUpdate.
6. Reboot your computer when/if you're asked to.

Exit all running programs.

1. Double-click on the .exe file you downloaded. The install files will unzip automatically.
   
2. When everything is unzipped, the install program should start automatically.
   1. Click Next> on the splash screen.
   2. Read and accept the license agreement; then follow the instructions to install Symantec AntiVirus.
   3. Select Client Install.
   4. Select Complete install.
   5. We run Unmanaged (unless it's for a machine at work and your department's REACH person tells you otherwise).
   6. Enable Auto-Protect and Run-LiveUpdate; click Next>.
      
   
3. Click Install to begin the installation. Wait a long while.
4. Click Finish when the installation finishes.
5. LiveUpdate will run. (See below.) Click Finish to end LiveUpdate.
6. Reboot your computer when/if you're asked to.

1. While you are connected to the Internet, open Symantec AntiVirus. Start -> Programs -> Symantec Client Security -> Symantec AntiVirus Client or double-click on the gold shield icon in your Windows tray in the bottom right of your monitor screen.
   
   
2. Click Symantec AntiVirus in the left pane, then click the LiveUpdate button in the bottom right of the right pane.
   
   
3. LiveUpdate will open.
   

   Figure 1: Running Windows Live Update Remember that you must be connected to the Internet to run LiveUpdate. Notice that LiveUpdate can update the LiveUpdate and antivirus program as well as the virus definitions.

   
   
   
4. Click Next > to start the Update. The available updates will be listed and the progress of the download will be shown.
   
   
5. When the downloads are finished, the installed NAV components are listed. Click Finish to end LiveUpdate .
   
   
   
6. After you click Finish to end LiveUpdate, the Virus Protection Files will actually be installed; a dialog box will open showing the progress of the process.
7. You will at least have to close LiveUpdate/Symantec AntiVirus and reopen it to see the new dates on your Virus Definitions. I actually had to reboot before my SAV said that I had up-to-date virus definitions, even though it didn't tell me to reboot.
   

Configurations:

Regardless of which type of installation you choose, it appears that SAV ends up with its default configuration; you should probably check your configuration out. Which you should do anyway.

1. Open SAV if necessary, then click on Configure in the left pane in SAV,
2. Then click on the type of scan you want to check below it.
3. Click the Advanced button for the details of the configuration; the Action button for the actions.

The default configuration is:

• All types of scans are turned on; these are: File System Auto-Protect, Internet Email, Lotus Notes Auto-protect, Microsoft Exchange Auto-Protect, and Tamper Protection
• All scans scan all files.
• Auto-Protect: Configure -> File System Auto-Protect -> Advanced
  • Starts at system start
  • Runs on files when they are accessed (opened) or modified
  • Turns itself back on after 30 minutes when you turn it off (say to install something)
  • Backs up files before attempting repair
  • Enables Threat Tracer
  • Additional Advanced Options (both turned on by default)
    • Turns on Heuristics -- searching for viruses and worms by their generic characteristics
    • Reminds you if you turn off your computer with a floppy in your floppy drive
• Internet Email: Configure -> Internet E-mail Auto-Protect -> Advanced
  • Scans files inside compressed files
  • Uses Heuristics
  • Protects incoming and outgoing email, using POP3 or SMTP protocols. Tell it if you use IMAP or SSL-protected POP or SMTP. (They can't be scanned.)
• Microsoft Exchange: Configure -> Microsoft Exchange Auto-Protect -> Advanced
  • Scans files inside compressed files
• Tamper Protection, which protects SAV and LiveUpdate from being tampered with by unauthorized sources. (Viruses have been known to break the antivirus program; that's a wise first step for them.)

Set Internet E-Mail Auto-Protect to Scan SSL Email

There is one thing that you should change:

1. Open Symantec AntiVirus
2. Click Configure -> Internet E-Mail Auto-Protect on the left hand side.
3. Click Enable Internet E-mail Auto-Protect if it isn't already clicked.
4. Click the Advanced button on the right. Click both Allow encrypted POP 3 connections and Allow encrypted SMTP connections.
5. Replace the 110 for the POP3 port with 995, and the replace the 25 for the SMTP port with either either 587 (if you are using Start TLS) or 465 (if you are using SSL and alternate port). (It might be the easiest thing to do is to check your email program and see what you have set for your SMTP outgoing email port.) SAV doesn't check the IMAP port, so it can not check incoming IMAP email.
6. Click OK, OK.
7. Close SAV.

I think you have to restart SAV to change this option.

Actions:

When SAV finds a virus, worm, or expanded security threat -- spyware, adware and the like -- it has two actions that it can take. The first action is intended to fix the problem. It employs the second action when the first action fails.

The default actions are the same for each type of threat for each type of scan, but you can change the actions by scan or by file if you wish:

Configure -> Whichever scan you're interested in Auto-Protect -> Action

• Worms, Viruses, and Macro Viruses:
  • First: Clean
  • Second: Quarantine
• Expanded Security Threat - adware, dialers, hack tools, joke programs, remote access, spyware, trackware, others
  • First: Quarantine and clear any changes to the registry
  • Second: Leave alone but Log

SAV's File System Auto-Protect inspects for expanded threats, for virus-like activity, and for known viruses and worms on a continuous basis as you read or write files. It will also remind you if you shutdown your computer with a diskette in your floppy drive. The file system Auto-Protect will be started automatically every time you start Windows; you can see its yellow shield icon in the system tray on the Windows task bar at the bottom of your screen.

You shouldn't depend entirely on the file system Auto-Protect, however. You should schedule regular scans of your entire hard drive.

And, of course, you should update your virus definitions on a regular bases by scheduling LiveUpdate to run daily. Daily is my recommendation; weekly and by hand every time there is a new virus or worm is the minimum. Daily is easier.

1. Open Symantec AntiVirus: Start -> Programs -> Symantec Client Security -> Symantec AntiVirus Client or double-click on the gold shield icon in your Windows tray in the bottom right of your monitor screen.
2. Click Scheduled Scans in the left pane of the window.
3. If you reboot daily, you might use a startup scan, but the scan can get in the way of your using your computer. I recommend using a scheduled scan, run at a time that you aren't there. Click New Scheduled Scan.
4. Click the radio button beside Full Scan, and click Next >.
5. Type a name and description for the scan in the appropriate boxes, then click Next >.
6. Then click Options. In general, the default advanced settings are just fine, but you might want to increase the scan's priority when your machine is idle -- That's under Throttling. (See figure 4.)
7. Click Save Settings to save the settings for all Full Scans.
8. Click OK, then Save.
   

SAV does not have to be running for a scheduled scan to run, but your computer does have to be on.

You should also schedule LiveUpdate to run on a regular basis. In the past, I recommended running LiveUpdate weekly. Now it makes more sense to run it every day. Symantec still only updates a little more than weekly, but you don't want to wait longer than you need to get the updated virus definitions when a new virus or worm comes out.

Your computer must be on and connected to the Internet to run LiveUpdate.

1. In SAV, select File -> Schedule Updates..., and click Enable scheduled automatic updates. Then click the Schedule... button.
2. These days it's best to run LiveUpdate daily and be sure to pick a time when your computer will be on and connected to the Internet. (See figure 3.)
3. In the Virus Definition Update Schedule dialog, click Daily.
4. Select a time for the update to start from the dropdown list. Late afternoon or evening is better, if your computer is connected to the Internet then, because that's when the updates are released.
5. When you're finished, click OK, OK, and close SAV.
   

Figure 3: Scheduling Regular LiveUpdates in Windows Remember that your computer must be on and connected to the Internet to run LiveUpdate.

Reboot your computer to get Auto-Protect to start up.

You can tell when Auto-Protect is running because you'll see the gold shield in the Windows tray. (Lower right corner of the Windows monitor screen.) When Auto-Protect is turned off, the gold shield with have a red circle with a crossed line over it. (Not the red circle in the illustration below; that is just to help you find it.)

By the way, the blue i on the white background is Zone Alarm Integrity Firewall. You use a firewall too, don't you? There is more on Firewalls including links to downloads at Get and Use a Personal Firewall (and why you should).

Sometimes Auto-Protect will try to protect you from installing programs that you want to install. In this case, turn it off for a short period of time, while you install the program:

• Right-click on the gold shield icon, and un-check Enable Auto-Protect. To turn it back on, right-click it again and check Enable Auto-Protect to select it.
  
  
• Or in Symantec AntiVirus, in the left pane, click Configure, then Auto-Protect. In the right pane, uncheck Enable Auto-Protect. Recheck it to turn it back on.

Double-clicking on the gold shield is an alternate way to open SAV.

After you finish setting everything up, you should run your first manual scan.

Figure 4: Running a Manual Scan in Windows Open Symantec AntiVirus: Start -> Programs -> Symantec Client Security -> Symantec AntiVirus Client. Click Scan, then Quick Scan or Full Scan . Before you run the scan, click the Options button (lower right) to pick the scan options. The default settings will probably do, if you aren't going to be using the computer, you might want to increase the scan's priority when the computer is idle (Throttling). Click OK, then click Scan. A Quick Scan scans system memory and all the common virus and security risk locations on your computer. (Available on unmanaged clients only.) A Full Scan scans system memory, boot sector, and all attached drives, including network drives. Custom user-defined Scan is limited to the files and folders that you specify. You don't have to select the drives or files to search for Quick or Full Scans, though you can select files to skip. If you want to specify which files to scan, use User-defined Scan.

By default, SAV will try to clean up the virus from the infected file. If it's Auto-Protect or a manual scan that finds the file, it will offer the file to you if the first action fails.

It it's a scheduled scan and the first action fails, it will automatically execute the second action, which by default is put it into Quarantine, where you won't accidentally access the file.

You can change these default settings to (1) delete the infected file when it's found, or (2) leave it alone and just log that you've found the the virus, which is called "log only".

(Sorry, these pictures are from an old version; I don't have any viruses. And, no, I don't want any sent to me, thanks.)

When the clean action fails :

1. Run LiveUpdate again: In SAV, File -> LiveUpdate, then follow the prompts. (If there is a new virus definition file, SAV might be able to clean up your file.)
   
   
2. If the file is in Quarantine, in the left pane, click View, then click Quarantine.
   If it's the result of Auto-Protect or a manual scan, the worms, viruses, and security threats will be listed in a Results window (see below).
   
   
   
3. Double-click on the name of the virus or right-click and select Properties to see what the virus is, where it is, what type it is, and the status of the first action (called Set on this window).
   
   
   
4. Right-click on the name of the file you want to clean, and select Clean from the right-click menu.
   
   
5. If SAV cleans your file, you're done. Well, you'll have to move the file back where it came from, and SAV won't remember where that is.
   
   
6. If not, then right-click again and select either Delete Permanently or Move To Quarantine. (You should be cautious about deleting files; move them to quarantine and see whether the next virus update can clean them.)

To delete a file in Quarantine, do the same as above, only click the delete icon, a red X.

There is lots more in the Symantec AntiVirus Corporate Edition Client Guide, and it's totally readable. It's in Chapter 4, beginning at page 75.

Use the SAV online help:

• On the Help menu, click Help Topics.
• On the right pane and in various dialog boxes, click the Help button for context sensitive help. (This is only available when there is something that you can do.)

For general information and documentation on NAV, visit the Symantec Security Response Page: http://www.symantec.com/avcenter/

To search for information about a specific virus: http://www.symantec.com/avcenter/vinfodb.html

And the SAV CE version 10 manuals, in PDF form. The comments on the usefulness of the documents are for people using the SAV Version 10 client as a stand-alone client, unmanaged, though the Client Guide is useful for everyone using SAV Version 10.

• This is the manual you want to use: Symantec AntiVirus Corporate Edition Client Guide (91 pages)
  I recommend that you print this, even though it is 91 pages, and regardless of how you use SAV. It is really helpful, it's easy to follow, and it tells you exactly what SAV does.
  
  
• Symantec AntiVirus Corporate Edition Installation Guide (178 pages)
  Pages 13 - 88 are useful for people who use SAV unmanaged. The rest has to do with installation of networked managed servers and clients.
  
  
• Getting Started with Symantec AntiVirus Corporate Edition (8 pages)
  Skip this one. I know this sounds like it would be really helpful, but it's not unless you are setting up a SAV Network Server or installing the SAV client to use with one.
  
  
• And the Symantec Symantec AntiVirus Product Manuals Page, which has PDF versions of all SAV and NAV versions for all platforms.

If you need additional help downloading or installing the antivirus software, please contact the Client Services Office.