Configuring Windows XP Firewall for Symantec Antivirus Client
If you install Symantec AntiVirus Client on a Windows XP system with Windows Firewall activated, which is automatically activated if you install Service Pack 2 on the system, and need to manage the system from a Symantec AntiVirus Coroprate Edition 8.0 server, then you need to add an exception to the Windows XP Firewall settings on the client to allow it to be managed from the antivirus server. To do so, take the following steps while logged in under the Administrator account or another account in the Administrators group.- Click on Start.
- Select Control Panel.
- Double Click on Security Center.
- At the bottom of the Windows Security Center window, you will see "Manage security settings for" with "Windows Firewall" listed below it. Click on Windows Firewall.
- In the Windows Firewall window, make sure that "Don't allow exceptions" is not checked and click on the Exceptions tab.
- At the Exceptions window, click on Add Port.
- At the Add a Port window type a description in the Name field, e.g. Symantec AntiVirus Client Management, RTVSCAN, since rtvscan.exe is the actual program listening on the port, or whatever else you wish and then put 2967 in the Port number field and click on UDP to select it.
- Click on the Change scope button.
- At the Change Scope window, click on Custom list to select it and put in the IP address of the Symantec Antivirus Server followed by "/255.255.255.255", i.e. use a subnet mask that specifies just that one system, e.g. "192.168.0.8/255.255.255.255" and then click on OK.
- Then click on OK again to close the Add a Port window and then OK to close the Windows Firewall Window.
netsh firewall set portopening command entered at a command line. The example below presumes the IP address of the Syamantec AntiVirus server is 192.168.0.8. C:\Documents and Settings\Administrator>netsh firewall set portopening protocol = UDP port = 2967 name = "Symantec AntiVirus Client Management" mode = ENABLE scope = CUSTOM 192.168.0.8 For viewing what ports are open from a command line prompt, see Obtaining Information About the Windows XP Firewall from the Command Line .
Until port 2967 is opened on the client system, if, on the server, you right-click on a system within the Symantec System Center and choose "All Tasks", then "Symantec AntiVirus" and then "Start Manual Scan", you will see an error window open with the message "The requested operation will not be performed on the following Server Groups and/or machines because their topology information could not be retrieved from the Symantec System Center Topology Service."
If you pick "View Virus List" instead of "Start Manual Scan", you will see a Symantec AntiVirus Management Snap-In window open with the message below:
Symantec AntiVirus could not communicate with ".
Operation stopped. If you select "Virus History", you will see the message below.
| Symantec AntiVirus Management Snap-In |
| Symantec AntiVirus could not collect all the log data from the selected computer(s). Please verify that Symantec AntiVirus is running on these computers. [ OK ] |
But once you have modified the firewall settings on the client system to allow the antivirus server to connect to port 2967 on it, you should no longer encounter those errors and should be able to start a manual scan, view the virus list, etc.
Note, if the virus definitions on the client are out-of-date, you may have to wait up to 60 minutes until the server pushes out new updates. You can modify this setting, by taking the following actions on the server.
- Right-click on the server within the Symantec System Center.
- Select "All Tasks".
- Select "Symantec AntiVirus".
- Select "Virus Definition Manager".
- Click on the "Settings" button next to "Update virus definitions from parent server".
- Change the "Check for updates" value to be the maximum number of minutes you want to wait for the server to push out new definitions to clients.
No comments:
Post a Comment