Best Practices for initial installation and testing of Symantec Protection Engine 8.2.2 with EMC CAVA

book

Article ID: 237009

calendar_today

Updated On:

Products

Protection Engine for NAS

Issue/Introduction

Information is needed regarding best practices for implementing Symantec Protection Engine (SPE) for NAS with EMC Celerra Anti-Virus Agent (CAVA) 3.6.x

Resolution

NOTE: Before beginning, verify that each machine where you plan to install Protection Engine for NAS 8.2.2 meets the System Requirements. In addition, BROADCOM always recommends installation in a test environment to identify performance issues before deployment to production systems..

NOTE: The 64-bit API library provides support for the use of the 64-bit version of the EMC Event Enabler with Protection Engine.  Windows does not allow a 64-bit process, like the 64-bit version of EMC Event Enabler, to load a 32-bit dll.  If a 64-bit version of EMC Event Enabler is used, please check with EMC support to confirm that it includes the 64-bit Symantec API library.  

  1. For High Availability, install and license the latest build of Protection Engine 8.2.x for NAS on at least two computers which meet the system requirements.
  2. Assign virus checking rights.
  3. On each server that Protection Engine is installed on be sure to perform the following functions:

    - From Symantec Endpoint Protection client or Symantec Endpoint Security agent, remove all components except Core Files and Threat Defense for Active Directory.
    - Exclude the Protection Engine TEMP scanning directory from all local file system utilities such as antivirus, backups, etc.
    - Install and configure the Celerra Anti-Virus Agent (CAVA) on the Protection Engine servers
    - Test the Protection Engine and CAVA functionality by accessing files
    - Perform any fine tuning of Protection Engine and CAVA as needed

 

To identify the current location of the temporary scanning directory of Protection Engine

  1. In the bash or cmd prompt, use the cd command to navigate to the install folder of Protection Engine. By default, this path is:
    Windows: C:\Program Files\Symantec\Scan Engine
    Linux: /opt/SYMCScan/bin

  2. To query the location, type:
    Windows: xmlmodifier.exe -q //configuration/Resources/System/TempDir/@value configuration.xml
    Linux: ./xmlmodifier -q //configuration/Resources/System/TempDir/@value configuration.xml

 

To perform initial configuration of Symantec Protection Engine 8.2.2 for NAS

  1. At the command line, navigate to the installation location of Protection Engine.
  2. To set protocol, type:
    Windows: xmlmodifier.exe -s //configuration/ProtocolSettings/Protocol/@value "ICAP" configuration.xml
    Linux: ./xmlmodifier -s //configuration/ProtocolSettings/Protocol/@value "ICAP" configuration.xml

  3. To set ICAP port, type:
    Windows: xmlmodifier.exe -s //configuration/ProtocolSettings/ICAP/Port/@value 1344 configuration.xml
    Linux: ./xmlmodifier -s //configuration/ProtocolSettings/ICAP/Port/@value 1344 configuration.xml

  4. Click Policies > Filtering > Container Handling
  5. In the 'Time to Extract file meets or exceeds' field, type: 30
  6. To set 'Maximum extract depth', type:
    Windows: xmlmodifier.exe -s //filtering/Container/MaxExtractDepth/@value 5 filtering.xml
    Linux: ./xmlmodifier -s //configuration/ProtocolSettings/ICAP/Port/@value 1344 configuration.xml

  7. Click Allow access to the file and generate a log entry
  8. Uncheck 'Deny partial containers'
  9. Uncheck 'Block malformed containers'
  10. Uncheck 'Delete encrypted containers'
  11. Click Policies> Files
  12. Uncheck 'Block files with the following names (one per line):'
  13. Uncheck 'Block files with the following sizes (one per line):'
  14. At the command line, type the following command:
    Windows: xmlmodifier.exe -s //policies/ThreatPolicies/Actions/HonorReadOnly/@value false policy.xml
    Linux: ./xmlmodifier -s //policies/ThreatPolicies/Actions/HonorReadOnly/@value false policy.xml

  15. Restart the Symantec Scan/Protection Engine service to make the changes effective.

 

 

Additional Information

Legacy version?

 

EMC Unity?

As of this writing, EMC has not certified EMC Unity for use with SPE for NAS. Support has heard anecdotal reports that this works for at least one customer in the field, without known issues unique to EMC Unity over any other EMC CAVA environment.