Installation of Symantec AntiVirus Corporate Edition 10.0 Rev.

7 27/Mar/06

The assumption is that you are going to install this package on a series of maxSTATIONs, with one of
them designated as the AntiVirus Server, and the rest of the stations as its clients. In a customers system,
there can be multiple anti-virus servers, with each server responsible for different clients. For instance, if
there are multiple Units, there may be a server per Unit, with all of the maxSTATIONs supporting a Unit
assigned to that server. Each server would have its own Server Group name and separate password.

The Server and the Clients can be maxSTATION Version 3.x with Windows 2000, or maxSTATION 4.x
with Windows XP. This Symantec product does not work with Windows NT, so it cannot be used with
maxSTATION Version 2.x.

In maxSTATIONs, this package has been tested with Windows 2000 with Service Pack 4 and Windows
XP with Service Packs 1 and 2.

Before you begin the installation of Symantec AntiVirus Corporate Edition (hereafter called SAV or
SAVCE throughout the document), there is one more thing to check: the version of Internet Explorer
that is installed in each maxSTATION. Every station, whether Client or Server, requires at least I.E.
version 5.5. Windows 2000 included I.E. 5.0, and Windows XP includes I.E. 6.0. For any station, install
Internet Explorer 6.0 SP1 if the station has an IE revision older than 5.5. Thus, to perform the
installation, you will require not only the Symantec AntiVirus Corporate Edition Version 10.0 CD, but
you may require a correct Windows Service Pack CD, as well as Internet Explorer 6.0 SP1 CD for those
maxSTATIONs with an older I.E. version. Once the conditions above have been satisfied (and installed if
necessary), proceed with the installation.

NOTE ONE: before you begin the installation, you MUST disable automatic logon after reboot. The
reason for this: after an install is complete, it is expected that the PC will be rebooted before the
installation really is complete; it is also expected that after the station is rebooted, you will immediately
log in as Administrator in order to complete the installation. If the PC first logs in as another user, such as
operator, the installation will NOT be completed correctly. So: if automatic login has been applied to a
maxSTATION, disable it, complete all of the installation steps below, and then re-enable auto login again.

NOTE TWO: if the maxSTATIONs have version 4.x, and Windows XP, you should perform an
additional step at each maxSTATION before installing this software. Log on as Administrator; go to
(Start | All Programs | MAX Administrative Tools | StartupConfig); uncheck the entry Run As Service
next to Core SBP Functions at the top of the window; perform a Save and Exit; confirm that you want
to save the change; and then reboot the maxSTATION. This will prevent the maxDNA services from
starting up during the installation. AFTER all of the installation steps have been performed completely,
log on as Administrator, run StartupConfig again, re-check the same entry (Run As Service next to
Core SBP Functions), save and exit, then reboot again to re-enable the maxDNA services.

NOTE THREE: if the maxSTATIONs have Windows XP, it is assumed that you will install
maxSTATION software prior to performing these steps. If you have not yet installed maxSTATION,
please see Appendix A, Allowing Network Access Sharing, before continuing.

NOTE FOUR: if any maxSTATIONs have Windows XP or Windows 2000, and they have previously
had the MS Windows Hardening steps performed on them, then their Default Shares have been disabled.
If that is the case, Symantec AntiVirus cannot be installed until those shares have been re-enabled. See
Appendix B, Re-enabling Default Shares, before continuing.
Part I: Installing the Symantec System Center on the AntiVirus Server maxSTATION.

Before you begin, see Appendix C, Documenting Important Information. Write down the information,
and then use that information when called for in subsequent parts of this procedure.

At the maxSTATION designated as the Server:

1. Log in as Administrator.

2. Insert the SAVCE CD; on the screen, youll see the SAVCE window after autorun.

3. Select Install Administrator Tools.

4. Select Install Symantec System Center.

5. You will see Welcome to the InstallShield Wizard for Symantec System Center; click Next>.

6. Click I accept the terms of the license agreement; then click Next>.

7. You will be shown the Select Components window, with all components checked;
Uncheck Alert Management System Console; this is not used (needs Internet access)
Uncheck Symantec Client Firewall Snap-In; this isnt supplied with SAV 10.0
Uncheck AV Server Rollout Tool; there are no secondary servers to load
Then click Next>.

8. You will then see the destination folder; click Next>.

9. You will then see Ready to Install the Program; click Install.
Installation will proceed.

10. You will then see InstallShield Wizard Completed; click Finish.

11. You must restart the Server. Remove the CD before initiating the restart.

This completes the installation of the Symantec System Center.

Part II: Installing Symantec AntiVirus on the AntiVirus Server maxSTATION

1. Log in as Administrator.

2. Insert the SAVCE CD; on the screen, youll see the SAVCE window after autorun.

3. Select Install Symantec AntiVirus.

4. Select Deploy AntiVirus Server.

5. You will see Welcome to the Symantec AntiVirus Setup; click Next>.

6. In the Install window, Symantec AntiVirus Server should already be selected; click Next>.

7. You are asked about the terms of the license agreement. Select I agree; click Next>.
8. You are asked to select items. Server program should be checked. Alert Management System
should not be checked. Click Next>.

9. Select Computers is the next window. Under Network, you should see the name of this computer.
Click on its name, then click the Add> button. Then click Next>.

10. The next window is Server Summary. Your computers name should be selected. Click Next>.

11. The next window is Select Symantec AntiVirus Server Group. Youll see, highlighted, Symantec
AntiVirus 1. Replace that with the name you have chosen for your group. Click Next>. You will
see a Setup Message telling you that your named group is a new group. Click Yes.

12. The next window is Enter Username and Password for the Server Group.
Username: type in a unique username that is used only for this (anti-virus) purpose. NOTE that this
username, and the password, are both case-sensitive.
Password: type in the password you have chosen for your group.
Confirm: retype the password.

13. Next is Server Startup Options. This is applicable only for Netware installations. Just click Next>.

14. Next is Using the Symantec System Center Program. The window tells you that you need the
AntiVirus Management Snap-In. You have already done that. Click Next>.

15. Next is the Setup Summary. Click Finish.

16. Now you will see the Setup Progress, with an hourglass denoting busy. This will take minutes to
perform.

17. You will see a message box about your Old Virus Definition File. Just click on Close; youll
download the latest file later.

18. The Setup Progress window will show that your computers installation has completed. Click
Close.

19. You must now restart the Server. Remove the CD, and reboot the computer.

Part III: Enabling Symantec AntiVirus through the Windows Firewall Windows XP SP 2

If the Anti-virus Server is running Windows XP with Service Pack 2 (maxSTATION version 4.1 or
newer), you must perform the following additional steps; otherwise, you can skip to Part IV.

1. Log in as Administrator.

2. Select Start | Control Panel. Double-click on Windows Firewall.

3. Select the Exceptions tab at the top of the window.

4. Push the Add Program button. You will see the Add a Program window.

5. Push the Browse button.

6. Browse to C:\Program Files\Symantec AntiVirus\ - OR - C:\Program Files\SAV\. You may find either
folder, but not both.
7. Double-click on Rtvscan.exe. The Browse window will close, and youll return to Add a Program.
Click on OK.

8. Repeat the above steps 4 to 7 for 3 additional Symantec programs. The steps will be repeated for
three other folders and programs contained in those folders.

Location Double-click on

C:\Program Files\ Symantec\LiveUpdate\ LuComServer_2_6.exe

C:\Program Files\Symantec\Symantec System Center\ NscTop.exe

C:\Windows\System32\CBA\ pds.exe

9. When you have added the four programs to the Exceptions List, you have completed this step.

10. Click OK in the Windows Firewall window.

11. Close Control Panel

Part IV: Declaring your Server to be a Primary Server

NOTE that this step is performed only once once the primary server has been established, you dont
need to do this again.

At the AntiVirus Server, do the following:

1. Log in as Administrator.

2. Select Start | Programs | Symantec System Center Console | Symantec System Center Console (in
Windows XP, Select Start | All Programs | Symantec Center Console | Symantec Center Console).

3. Expand Symantec System Center.

4. Click on System Hierarchy. You will see your Server Group, with status Locked, listed in the right-
hand pane of the window.

5. Expand System Hierarchy.

6. Click on your Server Groups name. Do not select the Servers name.

7. Right-click on your group name. Select Unlock Server Group.

8. Enter your anti-virus group username and password. Do not check Remember this user name and
password for me. Click OK.

9. You will now see your server name. Right-click the name. From the pulldown menu, select Make
Server a Primary Server. You will be asked, Do you want to make this server the Primary? Click
on Yes.

10. Close out the System Center Console. You do not need to save the console settings.
Part V: Installing Symantec AntiVirus on the Client Stations

Note: every client maxSTATION to which you will install AntiVirus should be logged in as user
Administrator. In addition, just as a reminder: every client with Windows XP SP2 should have
maxSTATION services disabled before proceeding (see NOTE TWO on page 1).

At the AntiVirus Server, do the following:

1. Log in as Administrator.

2. Select Start | Programs | Symantec System Center Console | Symantec System Center Console (in
Windows XP, Select Start | All Programs | Symantec Center Console | Symantec Center Console).

3. Expand Symantec System Center.

4. Click on System Hierarchy. You will see your Server Group, with status Locked, listed in the right-
hand pane of the window.

5. Unlock the Server Group. Right-click the Server Groups name, select Unlock Server Group from
the menu, and enter the Server Group user name and password.

6. Expand System Hierarchy.

7. Click on your Server Groups name. Do not select the Servers name.

8. Under the Tools pull down menu, click on ClientRemoteInstall.

9. You will see a new window, Client Remote Installation.

10. You will see Welcome to the Client Remote Install Utility; click Next>.

11. You will see Select Install Source Location; leave the default location selected; click Next>.

12. You will see the Select Computers window. In the left-hand pane, expand Microsoft Windows
Network; then expand your workgroup, to see a list of all of your active maxSTATIONs.

13. In the left-hand pane, click on a maxSTATION that will be installed; in the right-hand pane, click on
the name of your Server. Then click Add>. Repeat this step for each maxSTATION that will be
installed at this time. You do not have to install to all of them at this time; you can always come back
to this set of steps, to add more stations later.

14. After you have added the client(s), click Finish.

15. You will see a new window, Status of Remote Client Installation(s). This window shows the status
of download to each of the clients, with a progress bar while the installation software is in the step
Copying files When all of the selected stations have been downloaded, and installation has been
initiated, then you click on Done.

16. Normally, for each station on the list, initial contact is made by the Server to a Client for permission
to install; then the files are copied; then the program msiexec.exe is started, with three instances
running at each client station. If there is a problem in establishing initial contact, or in file
dissemination, then you should repeat the install process for each station that didnt get the files.
17. Once installation has been initiated at a client maxSTATION, it can take minutes to reach completion.
One way to determine that the installation is actually done is to call up the Windows Task Manager (a
shortcut is <CTL><SHIFT><ESC>) at each Client maxSTATION. After Task Manager is up, click
on Processes, then click (twice) on Image Name (this will put the processes in alphabetical
order), and then observe the number of instances of msiexec.exe running. Initially, there will be three
instances; when installation is essentially complete, there will be only one instance shown. Symantec
tech support reports that there is a small possibility that the installation program (a Microsoft
program) is not reliable; thus, you need to check to make sure that the installation was successful at
each client station to which you downloaded. You may, upon completion of the installation, get a
notice that the anti-virus definition files are out of date. Just click Close. Later, youll be updating
them.

18. After installation is complete at each client maxSTATION, restart the station, and then log on as
Administrator again. When you log in, you can call up the Windows Task Manager again, to look for
defwatch.exe, rtvscan.exe, and vptray.exe. These tasks are all present when installation was
successful.

19. If the installation failed at a client maxSTATION, as user Administrator at that station you can look at
the Event Log maintained by Windows to determine whether there was a problem. For example: if a
client had too old a version of Internet Explorer, then the Event Log will have an event explaining
that the Symantec installation failed because of that. The Event Log is an Administrative Tools
function, reachable through Start | Programs on Windows NT, Start | Control Panel on Windows 2000
and XP.

This completes the installation of Symantec AntiVirus to the Clients. Did you remember to re-enable auto
logon if the station had it previously? Did you remember to re-enable the maxDNA services from
StartupConfig? See the NOTEs on the first page for reminders. Do this for the AntiVirus Server station
as well as all of the Client stations.

Part VI: Enabling Symantec AntiVirus through the Windows Firewall Windows XP SP 2

If the Anti-virus Client stations are running Windows XP with Service Pack 2 (maxSTATION version 4.1
or newer), you must perform the following steps at each Client maxSTATION; otherwise, you can skip to
Part VII.

1. Log in as Administrator.

2. Select Start | Control Panel. Double-click on Windows Firewall.

3. Select the Exceptions tab at the top of the window.

4. Push the Add Program button. You will see the Add a Program window.

5. Push the Browse button.

6. Browse to C:\Program Files\Symantec AntiVirus\ - OR - C:\Program Files\SAV\. You may find either
folder, but not both.

7. Double-click on Rtvscan.exe. The Browse window will close, and youll return to Add a Program.
Click on OK.

8. Repeat the above steps 4 to 7 for an additional Symantec program.

 Location Double-click on

C:\Program Files\ Symantec\LiveUpdate\ LuComServer_2_6.exe

9. When you have added the two programs to the Exceptions List, you have completed this step.

10. Click OK in the Windows Firewall window.

11. Close Control Panel

Part VII: Enabling the AntiVirus Shield on the System Tray of the Client maxSTATIONs

By default, SAV runs invisibly at the client stations; however, it is better to give an indication that SAV
is running. To activate the shield indication, perform the following steps:

1. At the AntiVirus Server, log on as Administrator.

2. Select Start | Programs | Symantec System Center Console | Symantec System Center Console.

3. Expand Symantec System Center.

4. Click on System Hierarchy. You will see your Server Group, with status Locked, listed in the right-
hand pane of the window.

5. Expand System Hierarchy.

6. Right-click on your Server Groups name; from the menu, select Unlock Server Group. You will be
asked for the Groups user name and password; enter them, then click OK.

7. Below the Server Group in the hierarchy, you will see the name of your Server. Right-click on that
name. Hover over All Tasks, then Symantec AntiVirus to expand the AntiVirus menu.

8. One of the menu items is Client Administrator Only Options. Click on that.

9. You will see a new window appear; under the General tab, click on the checkbox next to Show
Symantec AntiVirus icon on desktop, and click OK.

10. Close out the Symantec System Center. You can save the console settings.

11. Confirm that the shield is now shown at all client maxSTATIONs.

This completes the enabling of the shield at the client maxSTATIONs.

Part VIII: Updating the Virus Definition files

As was previously discussed, since a maxSTATION is not connected to the Internet, there isnt a way to
use Live Update to get the latest virus definition files. Instead, you will use the Intelligent Updater to get
the latest virus definition files. The easiest way to perform this step is to use an Internet-connected
computer to download the packed file; store the file on a thumb drive; and then load the file from the
thumb drive on to the Server. The packed file can vary in size from 7MB to 21MB, so it will not fit on a
floppy disk.
The assumption is that you have a thumb drive that can attach via USB to both a computer with Internet
access and to the maxSTATION that is acting as an anti-virus server. Be sure to set that up, if you have
not done so yet. If either computer has Windows 2000 or Windows XP for its operating system, you can
just plug in the thumb drive and permit Windows to auto-detect the device and to install a device driver
for it.

At the computer with Internet access, perform the following steps. In most of the steps, the result of the
step will be to call up a new page.

1. Point your web browser to www.symantec.com.

2. Click on Downloads in the Top Links section in the middle of the page.

3. The Symantec Downloads page will appear. Click on Virus Definitions and Security Updates
under the Small Business column.

4. The download virus definitions page will appear.

5. Click on Download Virus Definitions (Intelligent Updater Only).

6. Scroll down to the box on the lower left of the new page. Select Symantec AntiVirus Corporate
Edition; then click on Download Updates.

7. Click on the name of the file with the xdb suffix. You want to Save it to the computer. When you
click on Save, you will be shown a Save As dialog box. Click on Save to initiate the download and to
store the file on the PC. The file that you just downloaded will either be called something like
(name).xdb, or (name).zip. If the suffix is .zip, you have to manually rename the file to use the
suffix .xdb, because that is the correct suffix that will be recognized by SAV.

8. At the PC, plug in the thumb drive, copy the .xdb file to the drive, and then remove the drive.

9. At the maxSTATION that is the anti-virus Server, you must log in as either Administrator or Engineer.
You cannot log in as Operator, because you will not be able to access the Start Menu in order to run
Windows Explorer.

10. Plug the thumb drive into the anti-virus Server.

11. Copy the .xdb file to the folder C:\Program Files\Symantec AntiVirus (might be c:\Program
Files\SAV).

12. Remove the thumb drive from the maxSTATION. Use Appendix Ds form to document the date and
the person who performed the update.

The Symantec software on the Server will automatically discover the .xdb file that you just copied there,
and process it. After the file has been processed, it will automatically be sent to all of the client
maxSTATIONs that are managed by this Server. This entire process can take several minutes.
Appendix A Allowing Network Access Sharing

The following steps need to be performed ONLY if two conditions are true:

Your PCs are running Windows XP Service Pack 2.

Your PCs do not have maxSTATION software installed in them yet.

In order for Symantec AntiVirus to be installed at the client stations, you must make a security change to
each client station. Since this change is already performed during installation of maxSTATION software,
this change need be done only if you are installing the anti-virus software before you are installing
maxSTATION software.

At each client station:

1. Log on as Administrator.

2. Go to Start | Control Panel | Administrative Tools.

3. Double-click on Local Security Policy.

4. Under the Local Policies section of the tree, Select Security Options.

5. Scroll down to Network Access: Sharing and Security Model for local accounts.

6. Right-click on that entry, then select Properties.

7. By default, the entry will be Guest only local users authenticate as Guest. Change the setting
to Classic local users authenticate as themselves.
Appendix B Re-enabling Default Shares

The following steps need to be performed ONLY if the maxSTATIONs have had the MS Windows
Hardening step #10 (disabling default shares) performed on them due to a previous Initial Protection
procedure. Symantec AntiVirus requires that, for installation, the (hidden) default shares must be enabled
at the Server station as well as any Client stations.

These default shares can be enabled via the following procedure.

Only if the maxSTATION is running either Windows XP or Windows 2000, do the following:

1. As user Administrator, navigate to the Microsoft Security Updates CDs MSWindows Hardening
folder.

2. In the folder, double-click on the file called Enable_Default_Shares.reg to install the Registry
fix.

Upon completion of this entire installation procedure, the default shares need to be re-disabled. Follow
the instructions in the MS Windows Hardening document step #10.
Appendix C Documenting Important Information

Write down the date of installation and password assignment _______________________________.

Write down the name of the customer plant _______________________________.

Write down the Unit Number, if there is a Server per Unit _______________________________.

Write down the name of the AntiVirus Server PC _______________________________.

Write down the name of the AntiVirus Server Group _______________________________.

Write down the username to be used for the Server Group _______________________________.

Write down the password for the user name for the Group _______________________________.

Dont forget the password rules:

a) Password should be at least 6 characters long.

b) Password should contain alpha, numeric, and special characters (such as ! # $ % & / \ < > ).

c) Password should not spell any English word.

d) Passwords formed from Passphrases are easier to remember. You might substitute an occasional
vowel with a special character.

Example: MS287PMS&M is easier to remember as My Server number 287 Protects My

System and Me.
Appendix D AntiVirus Updates Performed

Date ______________ Name _______________________________

Date ______________ Name _______________________________

Date ______________ Name _______________________________

Date ______________ Name _______________________________

Date ______________ Name _______________________________

Date ______________ Name _______________________________

Date ______________ Name _______________________________

Date ______________ Name _______________________________

Date ______________ Name _______________________________

Date ______________ Name _______________________________

Date ______________ Name _______________________________

Date ______________ Name _______________________________

Date ______________ Name _______________________________

Date ______________ Name _______________________________

Date ______________ Name _______________________________

Date ______________ Name _______________________________

Date ______________ Name _______________________________