How to deploy virus definitions to an isolated network
search cancel

How to deploy virus definitions to an isolated network

book

Article ID: 220070

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange Protection Engine for Cloud Services Protection Engine for NAS

Issue/Introduction

Mail security for Microsoft Exchange or Protection Engine have been deployed to an isolated network without internet access, and we need a method to update virus definitions on an ongoing basis.

Resolution

This document describes a process to make available definitions inside the isolated (dark) network where there is no public internet access. This document is applicable to products like Protection Engine for NAS, Protection Engine for Cloud Services and Mail Security for Microsoft Exchange. The examples below will be provided for Protection Engine, but the same instructions can be used for SMSMSE if the product is substituted.

 

There are three options described to meet this need:

  1. LiveUpdate Administrator (LUA) Server connected to both public facing network and dark network:

 

  1. LUA server is deployed in the public facing network and one web server (IIS or Tomcat) is deployed in the dark network:
  2. One LUA server deployed in the public facing network and second one inside the dark network. The second LUA provides only the distribution center and does not download definitions automatically:

 

The first option is generally preferred if possible as it eliminates the need for manual copying of the definition packages to the internal network, but it does require a front end server that can access both the internal and the external networks, which may not be feasible in all environments due to security policies.

 

For all 3 options, LiveUpdate Administrator (LUA) must be configured to download and distribute definitions for your products

  1. Install Live Update Administrator (LUA)
  2. Perform the Product Catalog update under Configure -> My Symantec Products -> Update Symantec Product Catalog
  3. Add the product and version to be added. For this example we will be using Symantec Protection Engine 8.2, but you can add as many products as needed for your environment.
  4. Once the product has been added, you'll see a list similar to the following:

 

  1. Create the Download schedule. Give a meaningful Name and description.

  1. Select the product(s) you want to download the definitions for.
  2. Select Test Status as Skip Test
  3. Select a schedule for definition download.
  4. Now create a Distribution Schedule. Give a meaningful name and description
  5. Add the products to be published and select the distribution list
  6. Under Select Schedule – select After Download Schedule and add the download schedule created in step 5.
  7. Verify that all three green checkmarks display In my products.

 

  1. Under the Download & Distribute menu, select the download schedule created in step 5, and select Run Now to manually download and distribute the definitions for the first time. In the future this will happen on the selected schedule without the need to manually run it.

  1. Monitor the download and publishing in the Activity Monitor to ensure the download and distribution complete successfully.



Option 1: LiveUpdate Administrator (LUA) Server connected to both public facing network and dark network

  1. The virus definition files are published in the folder C:\Program Files(x86)\Symantec\LiveUpdate Administrator\clu-prod
  2. In the Security properties, Add the group IIS_USRS with following permissions as shown
  3. Next, install IIS server on the same LUA Server. For detailed directions see Microsoft Support
  4. Launch IIS server and Add Website
  5. Give the Site name and physical path: c:\Program Files(x86)\Symantec\LiveUpdate Administrator\clu-prod
  6. Under Pass-Through Authentication, Click Connect As.... and select Application user or specific user based on your configuration and organization security
  7. Check the pass through authentication
  8. Select the internal LAN IP where you have connected the SPE pool of machines. Ensure that this website is accessible from this inside network only.
  9. Set following, Allow Directory Browsing
  10. Add following MIME Types so that you can download the files. Set “application/octet-stream” for following extension types
    .7z,
    .m35,
    .flg,
    .x86
  11. Try accessing this website ( example. http://10.255.1.196/ ) for the LUA machine itself. You should see the browser listing.
  12. Try clicking so that you can download the file. If files are not getting downloaded, please check the permissions, mime types etc.

 

Option 2: Setup local web server inside the Dark Network

 

  1. Install Source LUA in public facing network and configure for scheduled download and publishing
  2. Install Destination webserver (either Tomcat or IIS) inside the dark network
  3. On Source LUA Server, copy from definitions from the folder <Drive Letter>:\Program Files\Symantec\LiveUpdate Administrator\clu-prod to a removable media. (Path may vary slightly by OS)
  4. On Destination local web server, copy from the definitions on the removable media to
    1. For IIS server <Drive Letter>:\Inetpub\wwwroot\clu-prod
    2. For Tomcat/Apache  htdocs\clu-prod folder
  5. This should be accessible as https://<LUA_Server_IP>:80/clu-prod

 

Option 3: Setup LUA inside the Dark Network

 

  1. Install Source LUA in public facing network and configure for scheduled download and publishing
  2. Install Destination LUA inside the Dark network. This LUA server will be used only to host definitions.
  3. On Source LUA Server, copy from definitions from the folder <Drive Letter>:\Program Files\Symantec\LiveUpdate Administrator\clu-prod to a removable media. (Path may vary slightly by OS)
  4. On Destination LUA Server, copy from the removable media to folder <Drive Letter>:\Program Files\Symantec\LiveUpdate Administrator\clu-prod
  5. This should be accessible as https://<LUA_Server_IP>:7070/clu-prod


Configure your client application to download definitions from the source chosen above.