search cancel

Installing and configuring the Central Quarantine

book

Article ID: 151579

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

How to Install the Central Quarantine console and server, and how to configure groups to use the Central Quarantine?

Cause

Unable to Configure Central Quarantine

Resolution

A few things to remember before you install:

Symantec Endpoint Protection and Symantec Network Access Control come with the optional administration components that you can use to help you administer clients and servers. Symantec Endpoint Protection includes both Central Quarantine and LiveUpdate management servers.

Installing and configuring the Central Quarantine

The Quarantine Server receives virus and security risk submissions from Symantec Endpoint Protection clients and forwards these submissions to Symantec. The Quarantine Console lets you manage the Quarantine Server and these submissions. If you determine that your network requires a central location for all quarantined files, you can install the Central Quarantine.

The Central Quarantine is composed of the Quarantine Server and the Quarantine Console. The Quarantine Console and the Quarantine Server can be installed on the same or different supported Windows computers.

Note: If you install the Quarantine Server or Quarantine Console from the individual installation folders on the CD, run Setup.exe rather than run the .msi file. Using Setup.exe ensures that all of the files that Windows Installer requires are installed on the destination computer before the .msi installation package runs.

Note: Install the Quarantine Console first and then install the Quarantine Server. If you do not follow this order, the AMS is not properly configured. If you do not follow this order and want to properly configure AMS, associate AMS with the Quarantine Server with the Alerting Properties. Then restart the Quarantine Server.

Installing the Quarantine Console

The Quarantine Console lets you manage submissions to the Quarantine Server.

To install the Quarantine Console

  1. On the computer on which the Symantec Endpoint Protection Manager Console is installed, insert the installation CD into the CD-ROM drive. If your computer is not set automatically to run a CD, you must manually run Setup.exe.
  2. In the main panel, click Install Other Administrator Tools > Install Central Quarantine Console.
  3. Follow the on-screen instructions to complete the installation.


Installing the Quarantine Server

The Quarantine Server receives virus submissions. The Quarantine Server requires a restart after installation.

To install the Quarantine Server

  1. On the computer on which you want to install the Quarantine Server, insert the installation CD into the CD-ROM drive. If your computer is not set automatically to run a CD, you must manually run Setup.exe.
  2. Click Install Other Administrator Tools > Install Central Quarantine Server.
  3. In the Welcome panel, click Next.
  4. In the License Agreement panel, click I accept the terms in the license agreement, and then click Next.
  5. In the Destination Folder panel, do one of the following:
    - To accept the default destination folder, click Next.
    - Click Change, locate and select a destination folder, click OK, and then click Next.
  6. In the Setup Type panel, select the following:
    - Internet based (Recommended), and then click Next. The E-mail based option is no longer supported.
  7. In the Maximum Disk Space panel, type the amount of disk space to make available on the server for Central Quarantine submissions from clients, and then click Next.
  8. In the Contact Information panel, type your company name, your Symantec contact ID/account number, and contact information, and then click Next.
  9. In the Web Communication panel, change the gateway address if necessary, and then click Next.
    By default, the Gateway Name field is filled in with the gateway address.
  10. In the Alerts Configuration panel, check Enable Alerts to use AMS, and then click Next. (AMS is not longer used with SEP/SNAC.)
  11. In the Ready to Install the Program panel, click Install, and then follow the on-screen prompts to complete the installation.
  12. Write down the IP address or host name of the computer on which you installed the Quarantine Server and the port number. This information is required when you configure client programs to forward items to the Central Quarantine.


Configuring groups to use the Central Quarantine

To configure Central Quarantine network communications, you must specify the port on which the Quarantine Server listens. You must also create and apply an Antivirus Policy to a group that specifies the Quarantine Server computer and port. You configure the Quarantine Server listening port with the Symantec Quarantine Console and you create the Antivirus Policy with the Symantec Endpoint Protection Manager Console.

Note: The Quarantine Console user interface lets you select the IP protocol or the SPX protocol and specify the port number to configure. This IP protocol and port number is TCP. Do not select SPX. Also, the TCP port number that you enter is not what appears for the Quarantine server's listening port when displayed with tools like netstat -a. For example, if you enter port number 33, netstat -a displays
TCP port 8448. The hexadecimal numbers and the decimal numbers misconvert and transpose. For more details, see 'Quarantine Server appears to be using a different port than it is configured to use

To configure the Quarantine Server

  1. In the Symantec Central Quarantine console, in the left pane, in the Console Root tree, right-click Symantec Central Quarantine, and then click Properties.
  2. On the General tab, under Protocols, check Listen on IP. SPX is no longer supported.
  3. In the Listen on IP Port box, type the port number on which to listen for client submissions. This port number is TCP/IP. Do not enter an IANA well-known port number without doing research to see if it is used in your network. For example, do not enter port number 21 because it is reserved for FTP communications.
  4. Click OK.


To configure an Antivirus Policy (SAV)

  1. In the Symantec Endpoint Protection Manager Console, click Policies.
  2. In the View Policies pane, click Antivirus and Antispyware.
  3. In the Tasks pane, click Add an Antivirus and Antispyware Policy. You can also edit an existing policy.
  4. In the Antivirus and Antispyware Policy window, in the left pane, click Submissions.
  5. Under Quarantined Items, check Allow client computers to automatically submit quarantined items to a Quarantine Server.
  6. In the Server name box, type the fully qualified domain name or IP address of the Quarantine Server.
  7. In the Port number box, accept or change the default port number.
  8. In the Retry box, accept or change the retry interval when client to Quarantine Server communications fail.
  9. Click OK.
  10. On the Assign Policy warning dialog, click Yes.
  11. Select the groups for the policy, and then click Assign.
  12. Click Yes to confirm the policy changes.


For configuring SEP clients to submit quarantined items to a Quarantine Server, please see 'Setting up Symantec Endpoint Protection clients to forward infected files to a Central Quarantine Server.' 


References
Installation Guide for Symantec™ Endpoint Protection and Symantec Network Access Control