Antivirus FAQ

Rutgers Antivirus FAQ

Rutgers Antivirus Software

Symantec Endpoint Protection Client / Symantec AntiVirus

Symantec Endpoint Protection Troubleshooting

Symantec Endpoint Protection Administration

Malware Remediation

Does Rutgers offer free antivirus?

Yes! Rutgers currently has an agreement with Symantec to offer the Endpoint Protection security suite that covers all Faculty and Staff at the University.

Where can I get free antivirus software?

Please visit the Software Portal to download an antivirus package that is suitable for your computing environment.

Does OIT recommend any other free antivirus software?

For users that cannot or choose not to install Symantec Endpoint Protection, OIT recommends the built-in Windows Defender for Windows OS. For Mac OS, OIT recommends users consider using ClamXav. For Linux OIT recommends ClamAV.

Who can I contact for support?

Well, that depends. Due to the nature of SEP, your department may be running its own domain and therefore have its own set of policies. In general, avsupport will usually be able to answer your questions.

What happened to RADS?

RADS, or the Rutgers Antivirus Delivery Service, has been deprecated due to its diminished utility in the modern IT environment. All antivirus packages will be distributed through the University Software Portal.

What are the system requirements for SEP/SAV?

Detailed system requirements can found in this Symantec KB article.

What is SEP?

Symantec Endpoint Protection is a complete, optionally managed security solution providing anti-malware, firewall and intrusion prevention on servers and workstation computers. SEP connects to a top-level server in order to receive policy settings and pattern files. Pattern files are used by an antivirus application to detect known malware. In addition, SEP also has functionality to detect and prevent certain behavior that is indictative of malware -- useful for when a threat has yet to appear in a pattern file.

What does the term "policy" refer to in this context?

With Symantec Endpoint Protection, clients receive policy settings from a central server managed by Rutgers OIT. These policy settings include permissions and even detailed behavior of the client such as when to perform a security scan. Anyone installing the base SEP package will automatically be put into the 'Default' policy group, which is essentially an unmanaged client. The user has complete freedom over the client installed on their system, which means it in the hands of the user to properly secure their system with any additional settings required such as port-forwarding rules.

It says my client is out of date. How do I update?

To update your Symantec Endpoint Protection client manually, follow the instructions below to initiate LiveUpdate.

  1. Right click the SEP icon in your system tray to bring up the SEP Client Context Menu
  2. Choose Open Symantec Endpoint Protection.
  3. From the main client console view, choose LiveUpdate on the left-hand side.
  4. Wait for LiveUpdate to complete.

If, after performing LiveUpdate, your client still does not report that it is up to date, you may need to restart you computer.

How do I configure port-forwarding with the SEP firewall?

The Administration Guide covers all of the details of the firewall. It is worth reading if you have any specific questions about how to configure the firewall.

For an example of how to open ports (e.g. - for applications and gaming), follow these instructions:

  1. Open the SEP Console by right clicking the SEP Icon in the system tray and selecting Open Symantec Endpoint Protection from the context menu.
  2. In the SEP Console, next to Network Threat Protection, click Options. On the menu that comes up, click Configure Firewall Rules.
  3. On the Firewall rules page, click Add... to create a new firewall rule.
  4. Create a name for your new rule. And select Allow this traffic. Then click the tab for Ports and Protocols.
  5. On the Ports and Protocols page, choose your Protocol from the dropdown (e.g. TCP). In the Remote Ports field enter a single port, a list of ports separated by commas, a range of ports using a dash, a list of ranges or combinations of all. Then click OK to create the rule.
Of course this is only an example. Your specific configuration likely differs. There is great flexibility in this firewall and what has been shown here is only a tiny fraction of what can be done. You can, for example, schedule ports to open and close according to time of day or monitor applications for port usages rather than opening up specific ports explicitly. Please read the Administration Guide for a detailed explanation of capabilities.

How do I add or remove Network Threat Protection (firewall)?

In some cases, the Network Threat Protection module (firewall + intrusion prevention) can cause issues with a user's internet connection. Disabling the service is only temporary. When your system restarts, the service will be re-enabled. To remove Network Threat Protection, you'll need to access the installation wizard through Add/Remove Programs on XP or Programs and Features on Vista/7.

  1. Open Add/Remove Programs from the Control Panel on XP. On Vista/7 press Start and type 'Programs and Features' to quickly access the Programs and Features dialog.
  2. Find 'Symantec Endpoint Protection' in the list of installed programs. Click the item and select 'Change'. The install wizard will start.
  3. Continue through the wizard ensuring that the radio button for 'Modify' is checked. The continue. You will be presented with the feature selection dialog.
  4. Click the button next to 'Network Threat Protection' and select 'This feature will not be installed'.
  5. Finish through the wizard to uninstall the component.
In some cases the wizard may fail. You should restart your computer and retry.

The same process can be used to install or uninstall this component or other components.

How do I uninstall the Mac client?

Unfortunately you cannot uninstall the Mac client without a separate tool. Download that tool from the Software Portal.

What is the Symantec Intrusion Prevention browser add-on?

With SEP 12.1, Symantec provides a browser add-on for Firefox and Internet Explorer (Chrome not supported as of this writing) that attempts to prevent malicious scripts from running. You will typically be asked if you would like to enable the add-on when starting the browser for the first time after installing or uprgrading to SEP 12.1.

While we recommend enabling any features that can improve the security of the machine, it is not a required feature and is completely up to user discretion whether the add-on should be enabled.

Google's Chrome browser is not supported at the time of this writing. Symantec recommends
Norton SafeWeb as an alternative.

More information on the add-on can be found in Symantec's Knowledge base.

What processes/services are associated with SEP?

The following document on Symantec's website explains the various processes and services associated with both SEPM and SEP clients.
SEP Processes and Services
For SEP clients, the critical services are:

Display NameService Name
Symantec Endpoint ProtectionSymantec AntiVirus
Symantec Event ManagerccEvtMgr
Symantec Management ClientSmcService
Symantec Settings ManagerccSetMgr

SEP will not install. What is wrong? What can I do?

There are many different scenarios that may arise to prevent the Symantec Endpoint Protection client from successfully installing onto a given computer. In some cases, malware specifically coded to block the installation of common antivirus programs may already be present on the system. In other cases, a corrupted environment, file locks and pending operations may be preventing the Windows Installer from succesfully loading SEP onto a given system. Each case may be different and there may not be a catch-all solution to the problem.
One possible solution to the problem spurs from Live Update failing to complete the installation. For that, we recommend the following operation:

  1. Download an alternative package for your particular architecture (this will save download times over running RADS).
  2. Remove Symantec Endpoint Protection and Symantec Live Update from your computer if they are present. This can be done from Add or Remove Programs on XP or Programs and Features on Vista/7
  3. Restart your computer
  4. Install LiveUpdate 3.4.
  5. Install SEP from the package you downloaded in step 1.

In some cases, there may be incompatible DLLs in the PATH that cause conflicts with the self-extractor and thus prevent the SEP installation package from successfully extracting and running. To resolve this issue, follow these steps:
  1. Obtain a file archiving tool if you do not have one already. We recommend 7-zip.
  2. Download an alternative package for your particular architecture.
  3. Treating the EXE as an archive, extract it to a folder using your preferred archiving tool. See the documentation on your archiving tool if you do not know how to do that.
  4. Open the folder where you extracted the package.
  5. Launch setup.exe

Another common case is that older versions of Symantec software were previously installed on the system, but failed to remove themselves cleanly -- leaving various registry keys and configuration options lingering in Windows and throwing off the SEP installer. The recommended solution in this case is to run Symantec's CleanWipe utility which performs manual uninstallation steps for a handful of Symantec products.
  1. Download CleanWipe
  2. Extract the zip and thoroughly read the readme file within
  3. Run CleanWipe
  4. Restart your computer
  5. Install SEP
One potential solution for preventing these lingering issues in the first place is to use a more advanced uninstallation application such as CCleaner.
Additional Information:
For issues uninstalling Trend Micro OfficeScan, view this page: How do I remove old or new versions of Trend Micro products?

List of antivirus removal instructions: Common Antivirus Applications - Removal Instructions

What is SEPM? How are SEP clients administered?

The Symantec Endpoint Protection Manager (SEPM) is the console used to administer policy on Symantec Endpoint Protection clients. Only OIT system administrators and departmental UCMs have access to this system. Please contact antivirus support to obtain access.

What is a SEPM domain?

The Symantec Endpoint Protection management console allows for segretating sets of clients from each other in the form of "domains". These are similar in concept to Active Directory domains, but are generally unrelated.

SEPM Domains contain a unique list of user and administrator accounts and a unique set of policies. They are ideal for allowing departmental UCMs and UCSs full control over their SEP deployments without having to manage their own server infrastructure. Only the super-administrator of the SEP management server can pass between domains. Each domain administrator is restricted to his or her own domain environment.

I would like to run my own domain. How do I do so?

We are working to allow administrators to run their own domains with unique policy. Currently this is a manual process. Please contact avsupport to request your own domain.

How do I log into my domain?

After pointing your browser to the SEPM console, you will need to specify the credentials that you were provided. Press the 'Options >>' button to expose the Domain input box.
Enter the name of your domain and click 'Log On' to sign in. In some browser, you can simply hit enter from one of the input areas.

Is there a different SEPM console than the web console?

You can install a java-based console on your computer. This console is browser-independent and will provide a unified management experience that avoids browser quirks. Download the SEPM Console here.

How do I obtain a SEP installation package specific for my domain?

If you are the administrator of a SEPM domain and you want to start deploying SEP to your clients, you are going to want to ensure that those clients will join successfully to your domain. To do that, you will need to generate an installation package from the SEPM and then deploy that package to your clients. For a detailed explanation from the source visit the Symantec documentation page here.

View the Installation Guide for Symantec™ Endpoint Protection and Symantec Network Access Control
Also Administration Guide for Symantec™ Endpoint Protection and Symantec Network Access Control
In the Installation Guide section 2-5 details the process of exporting client installation packages.

A brief tutorial is posted here.

  1. Log in to your domain through the SEPM
  2. Click the Admin button on the left
  3. At the bottom of the Admin window click 'Install Packages'
  4. Right click the package you want to deploy and select Export
  5. Choose the policy you want your package to deploy with
  6. If you are using the java console, specify the Export folder where you want to save the package and then click OK.
  7. If you are using the web console, click OK and wait for the package to be built. When it is done, you will be presented with a download link to obtain your package.

How do I move a client from one SEPM domain to another?

Unfortunately, this cannot be done from within the console. OIT has provided the SyLink Replacer tool that makes this process easier. Alternatively, you may wish to view this thread for a similar tool and more information.

Essentially you need to take the SyLink.xml configuration file from a client already connected to the domain you want to move to and replace it on the clients you want to move to the new domain. The config file is locked while SEP is running so you need to disable the service and kill the process in order to release the lock so the file can be replaced. In the future, OIT will provide a way to obtain a SyLink.xml configuration file without needing an existing SEP client to take it from.

Where can I obtain the Symantec Endpoint Recovery Tool (SERT)?

Download the tool from the Software Portal.

What are some of the items in the SEP Tools and Documents package?

  • Central Quarantine
  • CleanWipe
  • DevViewer
  • SEP Remote Monitoring
  • ITAnalytics
  • JAWS
  • LiveUpdate Administrator
  • MoveClient
  • Offline Image Scanner
  • Push Deployment Wizard
  • Quarantine Extraction Tool
  • Security Virtual Appliance
  • SEP Integration Component for Altiris
  • SEPprep
  • SEP Support Tool
  • Shared Insight Cache Server
  • SyLink Drop
  • Symantec Client Firewall Migration
  • SymHelp
  • Virtual Image Exception

What tools are available for removing malware?

Symantec provides a support tool that includes the Symantec Power Eraser. You can download the tool as part of the Support Tool from this link and you can access the link at any time from the SEP console by clicking 'Help and Support' at the top right and selecting the option for 'Download Support Tool'.

After launching the Support Tool and agreeing to the Terms of Use, check the box for Symantec Power Eraser and continue through the wizard to launch the tool.

Alternatively, you can access the standalone Power Eraser here.

Additional Tools

In addition to the Symantec Power Eraser, the Office of Information Technology officially endorses the use of the following freely available tools: