You want to know if Symantec Endpoint Protection (SEP) is supported with Celerra AntiVirus Agent Connector (CAVA) and how to configure them to work together.

Symantec Endpoint Protection is supported with CAVA when configured correctly.

The Common AntiVirus Agent is a program that runs on a Windows host system to provide antivirus scanning options for EMC Network Attached Storage (NAS) devices. You can configure it to use several different manners to provide the scanning service to the NAS device, including one in which it requests its host operating system's Symantec Endpoint Protection (SEP) client software to scan the NAS residing files over the network.

The EMC documentation for Event Enabler provides the necessary steps, which are included in this article.

CAVA 8.4.2 is certified for use with version 14.0.1 (14 RU1) and later.
 

1. Install the Symantec Endpoint Protection client software. The Symantec documentation provides specific installation steps.
2. Disable Tamper Protection.
   See Disable Tamper Protection.
3. Open the Windows Registry Editor and navigate to the following:
   • For 32-bit operating systems:
     HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan
   • For 64-bit operating systems:
     HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan
   • For 64-bit operating systems running 14.3 RU5+
     HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan
     
     
4. Right-click RealTimeScan and click New > DWORD Value to set the RealTimeScan value.
5. In the Value name text box, type DisableAlertSuppression.
6. In Value data, type a value of 01.
7. Click OK.
8. Re-enable Tamper Protection.
    

Set Symantec Endpoint Protection options

1. Open the Symantec Endpoint Protection client.
2. Next to Virus and Spyware Protection, click Options.
3. Click Change Settings.
4. Click the Auto-Protect tab.
5. Under the File Types section, click All Types.
6. Under the Options section, ensure that:
   • Scan files on remote computers is checked
   • Only when files are executed is unchecked
7. Click Advanced.
8. Under the Scan files when section, select Scan when a file is accessed or modified.
9. Click OK, and then click OK again.

 
Note that with this implementation, EMC's CAVA agent relies upon Symantec Endpoint Protection to remediate any files that it determines are threats. If files are determined to be threats but cannot be remediated (through being cleaned, deleted or quarantined), those files are still served out by the EMC Network Attached Storage device to clients requesting access to files.

It is important to note that if the Symantec Endpoint Protection client is used to perform the scanning is a client managed by a Symantec Endpoint Protection Manager server, the scanning of network files will need to be enabled within the group policy for the client within the Symantec Endpoint Protection Manager and not just on the client itself.

The following information comes from Page 20 of EMC® Celerra® Network Server, Release 6.0:

Using Celerra AntiVirus Agent P/N 300-009-952 REV A01

The CAVA virus-checking client

The virus-checking (VC) client is the agent component of the Celerra Network Server software on the Data Mover. The VC client interacts with the AV engine, which processes requests from the VC client. Scanning is supported only for CIFS access. While the scan or other related actions are taking place, access to the file from any CIFS client is blocked.

• Queues and communicates filenames to CAVA for scanning.
• Provides and acknowledges event triggers for scans. Possible event triggers include:
  • A file is renamed on a Celerra Network Server
  • A file is copied or saved to a Celerra Network Server.
  • A file is modified and closed on a Celerra Network Server 
• Requests a virus check by sending the universal naming convention (UNC) pathname to CAVA.
• Allows the AV engine to perform the correct user-defined action on the file when the file is discovered to contain a virus. User-defined actions may include:
  • Curing or repairing the file
  • Renaming the file
  • Changing the file extension
  • Moving the file to a quarantined area
  • Deleting or purging the file

Note: The AV engine maintains full access to the file being scanned while performing the user-defined action on the file. After completion, the AV engine returns control of the file to the VC client.

• If CAVA reports that the file was successfully scanned, the Celerra Network Server allows the file to be available to the client.
• If multiple instances of CAVA have been installed, the VC client sends scanning requests to the CAVA servers in a round-robin method.