Symantec Endpoint Protection Evaluation Guide - PDF
Encounter the Error "Database Population FAILED", during the SCSP/DCS:SA management server installation progress. "Database Population Failed" When Installing Critical System Protection. TECH June 20th, catchsomeair.us Problem. During the installation of the SCSP Managenent Server, it fails while creating the database with the error "Database population.
Companies can efficiently manage security and gain the confidence that their assets and business are protected. Symantec Endpoint Protection offers the following benefits: Multiple integrated security technologies provide better protection for all clients in a corporate network that includes remote users and laptops, with multiple integrated security technologies.
Multiple security components are managed centrally. Central management provides administrators with a comprehensive security view for the client and simplifies overall security management. An integrated solution with centralized management and response allows customers to see a more comprehensive view of the client level.
"Database Population Failed" When Installing Critical System Protection
This solution responds quickly to outbreaks by retrieving and deploying integrated updates from a centralized management console. Enables a quicker response time. Central management of integrated antivirus and antispyware, firewall, and intrusion prevention gives administrators the ability to respond quickly against multiple types of security threats. Reduces the support costs. All security components at the client level are from a single security vendor, which is less expensive than managing several security products from multiple vendors.
Since all components are from a single vendor and can be installed, updated, and reported on from same place, Symantec Endpoint Protection eliminates cross-vendor interoperability issues. Symantec Endpoint Protection is available through the Symantec network of corporate resellers and national distributors. About Symantec Endpoint Protection Symantec Endpoint Protection protects endpoint computing devices from virus threats and risks, and provides three layers of protection to your endpoint computing devices.
Proactive Threat Protection identifies and mitigates the threats that are based on the threat's behavior. Antivirus and Antispyware Protection identifies and mitigates the threats that try to or have gained access to your computers by using the signatures that Symantec creates.
About Network Threat Protection Network Threat Protection consists of firewall and intrusion prevention software to protect your endpoint computing devices. The firewall supports the rules that are written for both specific ports and specific applications, and uses stateful inspection of all network traffic. Therefore, for all network traffic that is client-initiated, you only have to create an outbound rule to support that traffic. Stateful inspection automatically permits the return traffic that responds to the outbound traffic.
Symantec assumes that you construct your firewall rules such that all traffic that is not permitted is denied. The firewall does not support IPv6.
Symantec Mail Security Planning Guide - PDF
The intrusion prevention engine supports checking for port scans and denial-of-service attacks, and protects against buffer overflow attacks. This engine also supports the automatic blocking of malicious traffic from infected computers. About Proactive Threat Protection Proactive Threat Protection identifies threats, such as worms, viruses, Trojan horses, and programs that log keystrokes based on the behavior of processes on the computer. TruScan proactive threat scans identify these threats by their actions and characteristics, not by traditional security signatures.
Proactive threat scans analyze the threat's behavior against hundreds of detection modules to determine whether the active processes are safe or malicious. This technology can immediately detect and mitigate the unknown threats by their behavior without traditional signatures or patches. On supported bit operating systems, Proactive Threat Protection also lets you control read, write, and execute access to hardware devices, files, and registry keys. If necessary, you can refine the control to specific, supported operating systems.
About Antivirus and Antispyware Threat Protection Antivirus and Antispyware Threat Protection prevents infections on computers by scanning the boot sector, memory, and files for viruses, spyware, and security risks. Antivirus and Antispyware Threat Protection uses the virus and the security risk signatures that are found in virus definitions files. This protection also protects your computers by blocking security risks before they can install if doing so would not leave the computer in an unstable state.
Antivirus and Antispyware Threat Protection includes Auto-Protect, which detects viruses and security risks when they try to access memory or install themselves. Auto-Protect also scans for security risks such as adware and spyware. When it finds security risks, it quarantines the infected files, or removes and repairs the side effects of the security risks. You can also disable scanning for security risks in Auto-Protect. Auto-Protect can repair complicated risks, such as sheathed user mode risks rootkits.
Auto-Protect can also repair the persistent security risks that are difficult to remove or that reinstall themselves. You can configure Antivirus and Antispyware Threat Protection to scan incoming messages for threats and security risks, as well as outgoing messages for known heuristics.
Scanning outgoing helps to prevent the spread of threats such as worms that can use clients to replicate across a network. Auto-Protect for Web-based Internet programs is blocked from installation on server-based operating systems. For example, you cannot install this feature on Windows Server About Symantec Symantec is a global leader in infrastructure software. Symantec enables businesses and consumers to have confidence in a connected world.
The company helps customers protect their infrastructure, information, and interactions by delivering software and the services that address risks to security, availability, compliance, and performance. Headquartered in Cupertino, Calif.
More information is available at the following URL: System installation requirements Installation process overview About Desktop firewalls and communications ports Installing and configuring Symantec Endpoint Protection Manager Logging on to the Symantec Endpoint Protection Manager Console System installation requirements Symantec software requires specific protocols, operating systems and service packs, software, and hardware.
All computers to which you install Symantec software should meet or exceed the recommended system requirements for the operating system that is used. Installation to or from the directory names that contain double-byte characters is not supported.
Symantec Endpoint Protection Manager, Console, and database Table lists the minimum requirements for the computers on which to install the Symantec Endpoint Protection Manager and Console, and the database. Itanium is not supported. Operating system The following operating systems are supported: The following operating systems are supported: Windows XP supports a limited number of concurrent users if the clients are in "push" mode.
Use "pull" mode on Windows XP servers for up to clients. For more information, search for Symantec Endpoint Protection Manager Microsoft SQL Server is optional. The Symantec Endpoint Protection Manager includes an embedded database. Other requirements The following other requirements must be met: Internet Information Services server 5. If you use Microsoft Clustering Services, you must install the client on the local volume. If the target computers do not have the correct version of Internet Explorer, the installation fails without informing you.
Installation process overview The Installation Guide for Symantec Endpoint Protection and Symantec Network Access Control contains detailed information about each procedure in the installation process. Table summarizes the process to install Symantec Endpoint Protection. Table Installation overview Procedure Install Symantec Endpoint Protection Manager Description Decide on the computer to which you want to install the software and the type of database that you want to use.
Then, run the installation program from the CD.
The program first installs the manager software. It then installs and configures the database. Those clients are assigned to the Temporary group and use the default policies. If there are a large number of computers in your production environment, you may want to create custom security policies first.
You can then create custom client installation packages before deploying to the clients. At the end of the database configuration, you are asked if you want to run the Migration and Deployment Wizard. This wizard creates and then pushes out a default client software installation package.
See Creating client installation packages on page Deploy the client software Decide how you want to deploy the client software. You can deploy the client software in several different ways.
For ease of use, you can use the Migration and Deployment Wizard after you install the manager to deploy the default protection. Alternately, you can use the Migration and Deployment Wizard from the Start menu at any time. Log on to Symantec Endpoint Protection Manager console To log on, you can use the Start menu and the admin user name, with the password that you set during installation.
Locate your group in the console Configure LiveUpdate for site updates Configure LiveUpdate for client updates On the Clients page, the group that you created when you installed appears under View Clients. You need to configure LiveUpdate properties for the site you have installed. See About LiveUpdate Policies on page At a minimum, you should configure and test an Antivirus and Antispyware Policy for your clients. You may also want to configure a Firewall Policy and policies for the other types of protection.
See Evaluating policies on page About Desktop firewalls and communications ports If your servers and clients run firewall software, you must open certain ports so that communication between the management servers and clients is possible. Alternatively, you can permit the application Rtvscan. Also, remote server and client installation tools require that TCP port be opened. Management servers and clients use the default ephemeral port range for TCP to for network communications.
The ephemeral port range that is used, however, rarely exceeds 5, The ephmeral port range is configurable for most operating systems. Most firewalls use stateful inspection when filtering TCP traffic, so incoming TCP responses are automatically allowed and routed back to the original requester. Therefore you do not have to open the ephemeral TCP ports when you configure your firewall software.
Table lists the network protocols and ports that management servers and clients require for communicating and network installations. This port is the default, which can be changed. This port number is configurable. Port is the default port. This port is not configurable on Symantec Endpoint Protection Manager. The first part installs Symantec Endpoint Protection Manager. The second part installs and configures the Symantec Endpoint Protection Manager database.
In the first, you can accept all defaults. In the second part, you must select the type of configuration you want for the Symantec Endpoint Protection Manager, Simple or Advanced, based on the number of clients the server supports.
The Simple configuration, intended for a server that supports less than clients, automatically creates an embedded database and uses the default values for most settings with minimal input from you. The Advanced configuration, intended for administrators in larger environments, lets you specify settings specific to your environment.
Management software does not include Symantec Endpoint Protection or any other client software that is managed. To install Symantec Endpoint Protection Manager 1 Insert the installation CD and start the installation if it does not start automatically.
Wait for the Management Server Configuration Wizard panel to appear, which can take up to 15 additional seconds. Perform the steps in the following section appropriate to the configuration type you selected, Simple or Advanced. A system check is performed to determine if the system meets the minimal requirements for available memory and drive space.
If it does not, a warning dialog is displayed indicating that the server may not perform as expected with the resources available. You can choose to continue or cancel the configuration. Optionally, provide an address. The password specified is used for the Symantec Endpoint Protection Manager admin account, as well as the encryption password necessary for disaster recovery. After installation, the encryption password does not change, even if the password for the admin account is changed.
Document this password when you install Symantec Endpoint Protection in your production environment. You need it for disaster recovery purposes and for adding optional Enforcer hardware. Symantec Consulting Services provide on-site technical expertise from Symantec and its trusted partners. Symantec Consulting Services offer a variety of prepackaged and customizable options that include assessment, design, implementation, monitoring and management capabilities, each focused on establishing and maintaining the integrity and availability of your IT resources.
Educational Services provide a full array of technical training, security education, security certification, and awareness communication programs. Select your country or language from the site index.
Key features New features Functional overview Architecture Where to get more information Key features Symantec Mail Security offers enterprises an easy-to-deploy, comprehensive gateway-based security solution through the following features: Antispam technology Symantec's state-of-the-art spam filters assess and classify as it enters your site.
Antivirus technology Virus definitions and engines protect your users from -borne viruses. Content Compliance These features help administrators enforce corporate policies, reduce legal liability, and ensure compliance with regulatory requirements. Group policies and filter policies An easy-to-use authoring tool lets administrators create powerful, flexible ad hoc filters for users and groups. Table New features for Symantec Mail Security all users Category Threat protection features Inbound and outbound content controls Features Improved firewall Sender Authentication Improved virus protection True file type recognition for content compliance filtering Keywords filtering within attachments, keyword frequency filtering Regular expression filtering Description Protects against directory-harvest attacks, denial-of-service attacks, spam attacks, and virus attacks.
Additional virus verdicts protect against suspected viruses, spyware, and adware and quarantine messages with suspicious encrypted attachments. This feature tcan be effective in defeating virus attacks before conventional signatures are available. View a list of available virus-definition updates. Automatically detects file types without relying on file name extensions or MIME types. Scan within attachments to find keywords from dictionaries you create or edit.
Specify a number of occurrences to look for. Use regular expressions to further customize filter conditions by searching within messages and attachments. Support for Enterprise Vault and third-party archival tools Specify conditions that result in being sent to an archival address or disk location. Reports can be exported for offline analysis and ed. Expanded administration capabilities Message tracking IP-based access control Control over Quarantine size limits View a trail of detailed information about a message, including the filtering processing applied to a message.
Control which hosts and networks can access your Control Center. Specify user-based and total limits, configure automatic message deletions. Enhanced localization capabilities Support for non-ascii character sets Support for double-byte character sets.
Language autodetection of messages for Quarantine and of subject encodings for message handling. Support for non-ascii LDAP source descriptions. Each Symantec Mail Security host can be deployed in the following ways: You can deploy Scanners on exisiting or groupware server s.
Deployed as a Control Center, a Symantec Mail Security host allows you to configure and manage filtering, SMTP routing, system settings, and all other functions from a Web-based interface. Multiple Scanners can be configured and monitored from your enterprise-wide deployment of Symantec Mail Security, but only one Control Center can be deployed to administer all the Scanner hosts.
The Control Center provides information on the status of all Symantec Mail Security hosts in your system, including system logs and extensive customizable reports. Use the Control Center to configure both system-wide and host-specific details. The Control Centrer also hosts the Spam and Suspect Virus Quarantines to isolate and store spam and virus messages, respectively.
End users can view their quarantined spam messages and set their preferences for language filtering and blocked and allowed senders. Alternatively, you can configure Spam Quarantine for administrator-only access. Symantec Mail Security provides neither mailbox access for end users nor message storage. It is not intended for use as the only MTA in your infrastructure. Architecture Figure shows how a Symantec Mail Security installation processes an message, assuming the sample message passes through the Filtering Engine to the Transformation Engine without being rejected.
How to make a complete backup of Symantec Critical System Protection (SCSP).
Figure Symantec Mail Security architecture Messages proceed through the installation in the following way: The Filtering Hub accepts a copy of the message for filtering. The Filtering Engine determines each recipient's filtering policies. Virus and configurable heuristic filters determine whether the message is infected. Content Compliance filters scan the message for restricted attachment types, regular exessions, or keywords as defined in configurable dictionaries.
Spam filters compare message elements with current filters published by Symantec Security Response to determine whether the message is spam. At this point, the message may also be checked against end-user defined Language settings.
The Transformation Engine performs actions per recipient based on filtering results and configurable Group Policies. Where to get more information The Symantec Mail Security documentation set consists of the following manuals: You can visit the Symantec Web site for more information about your product.
The following online resources are available: General deployment considerations Deployment models General deployment considerations This section provides information about integrating Symantec Mail Security into your network. Multiple Scanner scenarios are common for organizations with heightened system failover needs or high mail scanning throughput requirements.
Symantec Mail Security provides neither mailbox access for end users nor message storage; it is not suitable for use as the only MTA in your infrastructure. Configuring Scanners During installation, you can use a wizard to add a Scanner.
Depending on your filtering requirements and messaging environment, you may want to deploy multiple Scanners and administer them via a single Control Center. In such cases, you can dedicate Scanners to specific functions. For example, you might want one Scanner to filter inbound mail and another to filter outbound mail. You can force internal mail through Symantec Mail Security to avoid propagation of viruses and spam generated by mass-mailing worms that may have been picked up by individuals via Web browsing or downloading.
These services convert the data to formats compatible with Spam Quarantine, Scanner, and Control Center data stores while minimizing impact on directory infrastructure. Authentication Synchronization Replication LDAP source is used to authenticate end-user access to Spam Quarantine and resolve aliases for quarantined messages.
User, group, and distribution-list data from the LDAP source and is used to populate and update Control Center database tables for later replication to Scanners. Membership in groups and aliases is validated or otherwise resolved. New and updated entries are cached in the Control Center's database. User, group, and distribution-list data are used to expand aliases, validate message recipients, recognize directory harvest attacks, and filter messages for group policies.
User, group, and distribution-list data are converted to database files that can be used to look up nested relationships among them; new and updated data are replicated to Scanners. While the same source may also be used for synchronization purposes, no other LDAP directories may be used for authentication. This is especially important with regard to Spam Quarantine. It also resolves group and distribution-list memberships, rejecting inconsistent entries.
Synchronization supports both full and change-based synchronization. In planning deployments administrators should be aware of how the two types of synchronization affect performance.
Database Population FAILED when install the SCSP server on a SQL Server cluster
Full sychronization - Symantec Mail Security employs full sychronization between an LDAP source and a Control Center whenever Control Center configuration or maintenance requires that data stores be refreshed.
Because group and distribution-list memberships must be resolved for each individual entry, full synchronization can take time to process, depending on the number of members in groups and distribution lists. Symantec Mail Security reduces initial synchronization overhead by independently processing members end usersgroups, and distribution lists in parallel. Change-based synchronization Symantec Mail Security employs change-based synchronization between full synchronizations to improve performance.
Change-based synchronization reduces the need to perform full synchronizations by updating only those entries that have changed since the last full synchronization. Replication This process replicates entries from the Control Center to Scanner hosts. Replication resolves nested relationships such as those used to expand distribution or alias lists.
Replication is not change-based. In order to avoid the overhead associated with looking up each database entry as in full synchronizationreplication first converts Control Center group and alias membership data into 20 20 Planning your deployment General deployment considerations Load balancing Adjusting MX records database files that contain relationship tables.
Fewer data-store lookups are thus needed to resolve nested relationships among users, groups, and distribution lists when directory data are replicated to attached and enabled Scanner hosts. Time-to-replication is comparable to change-based rather than full synchronization. Once replicated, group and alias entries can be expanded to their full member directories in response to mail events. Symantec Mail Security is not intended to be used for load balancing.
You must implement multiple Scanners to perform load balancing. The records must point incoming messages to the system. This allows them to send spam directly to the old server, bypassing your spam filtering. To prevent spammers from circumventing the new spam-filtering servers, you should do one of the following: Block off the MTA from the Internet using a firewall.
You can then map from the old server to Symantec Mail Security. When naming Symantec Mail Security, ensure that the name you choose does not imply its function. Their default configuration performs well in installations with a single Scanner and low volume traffic.
In installations where multiple Scanners or large amounts of spam are processed, increasing the amount of RAM allocated to Tomcat and 21 Planning your deployment Deployment models 21 Deployment models increasing the number of listener and consumer threads in MySQL improves performance. You can deploy Symantec Mail Security in the following ways: Basic gateway deployment Multi-tier gateway deployment Post-gateway deployment Basic gateway deployment This is the simplest deployment model.