This page gives best practices to install the legacy product Symantec Endpoint Protection for Macintosh (SEP for Mac) 11.x on Mac OS X Server.
It is recommended that you use the newest Symantec Endpoint Protection version. As of SEP 12.1, Macintosh OS X Server is fully supported. SEP 11.x is considered End of Life (EOL), and all support ends on January 5, 2015.
For your convenience, the following tips are provided for tuning installations on OS X servers or workstations.
Symantec has not informally or formally tested SEP 11.x for Mac with Xsan or Xserve RAID. Symantec cannot recommend using SEP for Mac in this way.
SEP 11.x for Mac on Mac OS X Server should not be seen as a replacement for antivirus software on client computers.
These guidelines also apply to SAV for Mac, which is no longer supported.
To tune performance, set up Auto-Protect to scan only very specific areas of your storage. Target places like: FTP directory, WebDAV directories, Shared Items, and user directories. Do this using the "ONLY in" option in the Symantec Auto-Protect Preference Pane on the Safe Zones tab (SAV for Mac), or in the Antivirus and Antispyware policy, under Mac Settings, File System Auto-Protect, General Scan details.
As of Mac OS X 10.4, Auto-Protect scans files that are written to a mounted network share from the client running Auto-Protect. In some network configurations, this can cause degraded performance and reliability. Excluding mounted shares using SafeZones will resolve these type of issues. Universal SafeZones on Network drives can lower performance when you copy files from one computer to another or save files to a network share. By excluding the network share via SafeZones, it will improve file transfer times and stop Auto-Protect related error messages. However, every exclusion set poses a security risk, particularly on a server that may be hosting content for multi-platforms, so this should be considered before excluding all shares outright.
Note: Safe Zones and Centralized Exceptions can exclude files and folders or include files or folders, not both. To use Centralized Exceptions via the SEPM, "Scan everywhere except in specific folders" must be checked in Antivirus / Antispyware policy, under Mac Settings, File System Auto-Protect. See Technical Information for documentation.
Turn off the scanning of compressed files to increase performance.
Mac OS X Server bundles antivirus and antispam with the mail service. If you enable mail service, make sure that this directory is not scanned: /private/var/spool/imap
Never scan directories with database files (such as MySQL, FileMaker, etc.). You will want to exclude these directories.
To keep SEP or SAV for Mac current, set up LiveUpdate to launch for the root account; if managed, ensure a LiveUpdate schedule is established via LiveUpdate policy (SEP for Mac) or send it a schedule (SAV for Mac). If unmanaged, use symsched via command line in Terminal. By scheduling LiveUpdate for the root account, SEP or SAV for Mac is updated no matter which account is logged on (see Technical Information).