You want to know if Symantec Endpoint Protection (SEP) is supported with Celerra AntiVirus Agent Connector (CAVA) and how to configure them to work together.
Symantec Endpoint Protection is supported with CAVA when configured correctly.
The Common AntiVirus Agent is a program that runs on a Windows host system to provide antivirus scanning options for EMC Network Attached Storage (NAS) devices. You can configure it to use several different manners to provide the scanning service to the NAS device, including one in which it requests its host operating system's Symantec Endpoint Protection (SEP) client software to scan the NAS residing files over the network.
The EMC documentation for Event Enabler provides the necessary steps, which are included in this article.
Symantec Endpoint Protection resides on an AV server and interfaces with CAVA version 126.96.36.199 (or later) for Symantec Endpoint Protection versions 12.1 and later. CAVA 8.4.2 is certified for use with version 14.0.1 (14 RU1) and later.
Install the Symantec Endpoint Protection client software. The Symantec documentation provides specific installation steps.
Open the Windows Registry Editor and navigate to the following:
For 32-bit operating systems: HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan
For 64-bit operating systems: HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan
Right-click RealTimeScan and click New > DWORD Value to set the RealTimeScan value.
In the Value name text box, type DisableAlertSuppression.
In Value data, type a value of 01.
Re-enable Tamper Protection.
Set Symantec Endpoint Protection options
Open the Symantec Endpoint Protection client.
Next to Virus and Spyware Protection, click Options.
Click Change Settings.
Click the Auto-Protect tab.
Under the File Types section, click All Types.
Under the Options section, ensure that:
Scan files on remote computers is checked
Only when files are executed is unchecked
Under the Scan files when section, select Scan when a file is accessed or modified.
Click OK, and then click OK again.
Note that with this implementation, EMC's CAVA agent relies upon Symantec Endpoint Protection to remediate any files that it determines are threats. If files are determined to be threats but cannot be remediated (through being cleaned, deleted or quarantined), those files are still served out by the EMC Network Attached Storage device to clients requesting access to files.
It is important to note that if the Symantec Endpoint Protection client being used to perform the scanning is a client managed by a Symantec Endpoint Protection Manager server, the scanning of network files will need to be enabled within the group policy for the client within the Symantec Endpoint Protection Manager and not just on the client itself.
Using Celerra AntiVirus Agent P/N 300-009-952 REV A01
The CAVA virus-checking client
The virus-checking (VC) client is the agent component of the Celerra Network Server software on the Data Mover. The VC client interacts with the AV engine, which processes requests from the VC client. Scanning is supported only for CIFS access. While the scan or other related actions are taking place, access to the file from any CIFS client is blocked.
Queues and communicates filenames to CAVA for scanning.
Provides and acknowledges event triggers for scans. Possible event triggers include:
A file is renamed on a Celerra Network Server
A file is copied or saved to a Celerra Network Server.
A file is modified and closed on a Celerra Network Server
Requests a virus check by sending the universal naming convention (UNC) pathname to CAVA.
Allows the AV engine to perform the correct user-defined action on the file when the file is discovered to contain a virus. User-defined actions may include:
Curing or repairing the file
Renaming the file
Changing the file extension
Moving the file to a quarantined area
Deleting or purging the file
Note: The AV engine maintains full access to the file being scanned while performing the user-defined action on the file. After completion, the AV engine returns control of the file to the VC client.
If CAVA reports that the file was successfully scanned, the Celerra Network Server allows the file to be available to the client.
If multiple instances of CAVA have been installed, the VC client sends scanning requests to the CAVA servers in a round-robin method.
Imported Document ID: TECH158216
Subscribing will provide email updates when this Article is updated. Login is required.