Rutgers Antivirus Delivery Service FAQ
Rutgers Antivirus Delivery Service 7
Symantec Endpoint Protection Client / Symantec AntiVirus
Symantec Endpoint Protection Troubleshooting
Symantec Endpoint Protection Administration
What is RADS?
RADS, or the Rutgers Antivirus Delivery Service, is a wrapper for facilitating
the distribution of commercial antivirus software to the Rutgers University
community. The main goal of RADS is to remove previous installations of antivirus
software installed by older versions of RADS and then install the latest antivirus
solution while providing a reasonable level of troubleshooting information if needed.
What are the requirements for RADS?
In order to run RADS, you must:
- be running a version of Windows from XP or greater.
- have the .NET Framework 3.5 installed (automatically installed if not)
- be able to reach the internet (specifically rads.rutgers.edu) at runtime
- meet system requirements for Symantec Endpoint Protection. See AV-Requirements below.
Note that the .NET Framework is included with Windows 7 and available on Windows Update with older OSes.
How does RADS work?
RADS 7 is composed essentially of 2 main parts. The first part is what is called the bootstrapper. This is
an MFC-based application that checks for and deploys basic requirements for the main RADS application. The
bootstrapper will ensure that the .NET Framework 3.5 is installed and, if not, deploy the redistributable runtime.
Then it will launch the main RADS application.
The main RADS application is a .NET Forms app that will remove Trend Micro OfficeScan versions 7.3 - 10.5 prior to
installing Symantec Endpoint Protection (SEP). Due to there being an independent installer for 32 and 64 bit systems,
RADS will download the correct installer automatically from rads.rutgers.edu.
The above 2 executables, the .NET Framework 3.5 redistributable package, and some configuration files are compressed
into a 7-zip SFX archive and made available for download to the University. The SFX archive will auto-extract the
components into %TEMP% and launch the bootstrapper.
What's new in RADS 7?
RADS 7 is a complete rebuild of RADS that relies on the .NET Framework. The other major difference
is that RADS no longer deploys Trend Micro OfficeScan, and now deploys Symantec Endpoint Protetion client
which is also known as Symantec Antivirus or SAV for short. More information on SEP can be found in this
FAQ sheet. Use the navigation at the top of the page to find answers to your SEP-related questions. Additional
information can be found on Symantec's support page.
What can I expect from RADS?
We do our best to build RADS in a way that is simple and intuitive to our users. We simply do
not posess the resources to walk through the installation with everyone. The best we can do is provide
this tutorial below, which provides a detailed set of screenshots for each major portion of the RADS
Where can I get RADS?
Please visit our download page.
Who can I contact?
Well, that depends. Due to the nature of SEP, your department may be running its own domain and therefore
have its own set of policies. In general, avsupport will
usually be able to answer your questions.
- For trouble with RADS: Contact avsupport
- For trouble with SEP: Contact your department UCM or avsupport
- For generic PC trouble: Contact your Help Desk
What are the system requirements for SEP/SAV?
Detailed system requirements can be seen by clicking the thumbnail below.
What is SEP?
Symantec Endpoint Protection is a complete, managed security solution providing anti-malware, firewall and
intrusion prevention on servers and workstation computers. SEP connects to a top-level server in order to
receive policy settings and pattern files. Pattern files or virus definitions, are files used by an antivirus
application to detect known malware. In addition, SEP also has functionality to detect and prevent certain behavior
that is indictative of malware -- useful for when a threat has yet to appear in a pattern file.
What is all this about "policy"?
With Symantec Endpoint Protection, clients receive policy settings from a central server managed by Rutgers OIT.
These policy settings include permissions and even detailed behavior of the client such as when to perform a scan.
Anyone installing RADS is automatically put into the 'Default' policy group, which is essentially an unmanaged client.
The user has complete freedom over the client installed on their system, which means it in the hands of the user to
properly secure their system with any additional settings required such as port-forwarding rules.
It says my client is out of date. How do I update?
You may see a notification similar to one of the above. To update your Symantec Endpoint Protection
client manually, follow the instructions below to initiate LiveUpdate.
- Right click the SEP icon in your system tray to bring up the SEP Client Context Menu
Choose Open Symantec Endpoint Protection.
From the main client console view, choose LiveUpdate on the left-hand side.
Wait for LiveUpdate to complete.
If, after performing LiveUpdate, your client still does not report that it is up to date, you may need
to restart you computer.
How do I configure port-forwarding with the SEP firewall?
The Administration Guide (PDF) covers all of the details of the firewall.
It is worth reading if you have any specific questions about how to configure the firewall.
For an example of how to open ports (e.g. - for applications and gaming), follow these instructions:
- Open the SEP Console by right clicking the SEP Icon in the system tray and selecting Open Symantec Endpoint Protection
from the context menu.
- In the SEP Console, next to Network Threat Protection, click Options. On the menu
that comes up, click Configure Firewall Rules.
- On the Firewall rules page, click Add... to create a new firewall rule.
- Create a name for your new rule. And select Allow this traffic. Then click the tab for
Ports and Protocols.
- On the Ports and Protocols page, choose your Protocol from the dropdown (e.g. TCP). In
the Remote Ports field enter a single port, a list of ports separated by commas,
a range of ports using a dash, a list of ranges or combinations of all. Then click OK to create the rule.
Of course this is only an example. Your specific configuration likely differs. There is great flexibility in this
firewall and what has been shown here is only a tiny fraction of what can be done. You can, for example, schedule
ports to open and close according to time of day or monitor applications for port usages rather than opening
up specific ports explicitly. Please read the Administration Guide (PDF)
for a detailed explanation of capabilities.
How do I add or remove Network Threat Protection (firewall)?
In some cases, the Network Threat Protection module (firewall + intrusion prevention) can cause issues with
a user's internet connection. Disabling the service is only temporary. When your system restarts, the service
will be re-enabled. To remove Network Threat Protection, you'll need to access the installation wizard through
Add/Remove Programs on XP or Programs and Features on Vista/7.
- Open Add/Remove Programs from the Control Panel on XP. On Vista/7 press Start and type 'Programs and Features' to quickly access the Programs and Features dialog.
- Find 'Symantec Endpoint Protection' in the list of installed programs. Click the item and select 'Change'. The install wizard will start.
- Continue through the wizard ensuring that the radio button for 'Modify' is checked. The continue. You will be presented with the feature selection dialog.
- Click the button next to 'Network Threat Protection' and select 'This feature will not be installed'.
- Finish through the wizard to uninstall the component.
In some cases the wizard may fail. You should restart your computer and retry.
The same process can be used to install or uninstall this component or other components.
How do I uninstall the Mac client?
Unfortunately you cannot uninstall the Mac client without a separate tool. Download that tool
from us right here.
What is the Symantec Intrusion Prevention browser add-on?
With SEP 12.1, Symantec provides a browser add-on for Firefox and Internet Explorer (Chrome not supported as of this writing) that attempts
to prevent malicious scripts from running. You will typically be asked if you would like to enable the add-on
when starting the browser for the first time after installing or uprgrading to SEP 12.1.
While we recommend enabling any features that can improve the security of the machine, it is not a required
feature and is completely up to user discretion whether the add-on should be enabled.
Google's Chrome browser is not supported at the time of this writing. Symantec recommends Norton SafeWeb
as an alternative.
More information on the add-on can be found in Symantec's Knowledge base.
What do the various client icons mean?
What processes/services are associated with SEP?
The following document on Symantec's website explains the various processes and services associated with both SEPM and SEP clients.
SEP Processes and Services
For SEP clients, the critical services are:
|Display Name||Service Name|
|Symantec Endpoint Protection||Symantec AntiVirus|
|Symantec Event Manager||ccEvtMgr|
|Symantec Management Client||SmcService|
|Symantec Settings Manager||ccSetMgr|
SEP will not install. What is wrong? What can I do?
There are many different scenarios that may arise to prevent the Symantec Endpoint Protection
client from successfully installing onto a given computer. In some cases, malware specifically
coded to block the installation of common antivirus programs may already be present on the system.
In other cases, a corrupted environment, file locks and pending operations may be preventing the
Windows Installer from succesfully loading SEP onto a given system. Each case may be different and
there may not be a catch-all solution to the problem.
One possible solution to the problem spurs from Live Update failing to complete the installation.
For that, we recommend the following operation:
- Download an alternative package
for your particular architecture (this will save download times over running RADS).
- Remove Symantec Endpoint Protection and Symantec Live Update from your computer if they are present.
This can be done from Add or Remove Programs on XP or Programs and Features on Vista/7
- Restart your computer
- Install LiveUpdate 3.4.
- Install SEP from the package you downloaded in step 1.
In some cases, there may be incompatible DLLs in the PATH that cause conflicts with the self-extractor
and thus prevent the SEP installation package from successfully extracting and running. To resolve this issue, follow these steps:
- Obtain a file archiving tool if you do not have one already. We recommend 7-zip.
- Download an alternative package
for your particular architecture.
- Treating the EXE as an archive, extract it to a folder using your preferred archiving tool. See the documentation on your
archiving tool if you do not know how to do that.
- Open the folder where you extracted the package.
- Launch setup.exe
Another common case is that older versions of Symantec software were previously installed on the system, but failed
to remove themselves cleanly -- leaving various registry keys and configuration options lingering in Windows
and throwing off the SEP installer. The recommended solution in this case is to run Symantec's CleanWipe utility
which performs manual uninstallation steps for a handful of Symantec products.
- Download CleanWipe
- Extract the zip and thoroughly read the readme file within
- Run CleanWipe
- Restart your computer
- Install SEP
One potential solution for preventing these lingering issues in the first place is to use a more
advanced uninstallation application such as CCleaner
For issues uninstalling Trend Micro OfficeScan
, view this page:
How do I remove old or new versions of Trend Micro products?
List of antivirus removal instructions:
Common Antivirus Applications - Removal Instructions
What is SEPM? How are SEP clients administered?
The Symantec Endpoint Protection Manager (SEPM) is the console used to administer policy on
Symantec Endpoint Protection clients. Only OIT system administrators and departmental UCMs have
access to this system.
What is a SEPM domain?
The Symantec Endpoint Protection management console allows for segretating sets of clients from each other
in the form of "domains". These are similar in concept to Active Directory domains, but are generally
SEPM Domains contain a unique list of user and administrator accounts and a unique set of policies. They
are ideal for allowing departmental UCMs and UCSs full control over their SEP deployments without having to
manage their own server infrastructure. Only the super-administrator of the SEP management server can pass
between domains. Each domain administrator is restricted to his or her own domain environment.
I would like to run my own domain. How do I do so?
We are working to allow administrators to run their own domains with unique policy. Currently
this is a manual process. Please contact avsupport
to request your own domain.
How do I log into my domain?
After pointing your browser to the SEPM console, you will
need to specify the credentials that you were provided. Press the 'Options >>' button to expose the Domain
Enter the name of your domain and click 'Log On' to sign in. In some browser, you can simply hit enter from one of
the input areas.
Can I use the RADS package to deploy to my Domain?
It is not advised. The RADS installer deploys a SEP package that is configured to join to the Default domain. This
is the RADS domain managed by NBCS staff. Other SEPM administrators will not have access to manage clients or policy in this
SEPM administrators should use the SEPM console to export installation packages for their respective domains. Any administrator that has
used the RADS package to deploy clients will be creating a lot of additional work for themselves in order to reclaim those clients. Moving
clients from one domain to another can be a complex task.
Is there a different SEPM console than the web console?
You can install a java-based console on your computer. This console is browser-independent and will
provide a unified management experience that avoids browser quirks. Download the SEPM Console here.
How do I obtain a SEP installation package specific for my domain?
If you are the administrator of a SEPM domain and you want to start deploying SEP to your clients, you are going
to want to ensure that those clients will join successfully to your domain. To do that, you will need to generate
an installation package from the SEPM and then deploy that package to your clients. For a detailed explanation
from the source visit the Symantec documentation page here.
View the Installation Guide for Symantec™ Endpoint Protection and Symantec Network Access Control
Also Administration Guide for Symantec™ Endpoint Protection and Symantec Network Access Control
In the Installation Guide section 2-5 details the process of exporting client installation packages.
A brief tutorial is posted here.
- Log in to your domain through the SEPM:
- Click the Admin button on the left:
- At the bottom of the Admin window click 'Install Packages':
- Right click the package you want to deploy and select Export:
- Choose the policy you want your package to deploy with:
- If you are using the java console, specify the Export folder where you want to save the package and then click OK.
- If you are using the web console, click OK and wait for the package to be built. When it is done, you will be presented with a download
link to obtain your package.
How do I move a client from one SEPM domain to another?
Unfortunately, this cannot be done from within the console. OIT has provided the SyLink Replacer tool that makes this process
easier. Alternatively, you may wish to view this thread for a similar tool and more information.
Essentially you need to take the SyLink.xml configuration file from a client already connected to the domain you want to move to and
replace it on the clients you want to move to the new domain. The config file is locked while SEP is running so you need to disable the service
and kill the process in order to release the lock so the file can be replaced. In the future, OIT will provide a way to obtain a SyLink.xml configuration file
without needing an existing SEP client to take it from.
What are the unique files in a SEP package?
Between x86 and x64 versions of the SEP package exported from the SEPM, there are many unique binary files.
For x86 packages exported with different group policies, there are only 2 files that matter:
- serdef.dat - Proprietary Symantec data file that defines the intial and default policy of the client
- SyLink.xml - Standard XML file that defines various client settings such as the SEPM public key, the
SEPM URL/IP Address and the Domain and Group the client will connect up to on the SEPM.
Where can I obtain the Symantec Endpoint Recovery Tool (SERT)?
Download the tool from us. Please visit the Alt Downloads
page to obtain the required PIN.
What tools are available for removing malware?
Symantec provides a support tool that includes the Symantec Power Eraser.
You can download the tool as part of the Support Tool from this link and you can access the link at any time from the SEP console by clicking
'Help and Support' at the top right and selecting the option for 'Download Support Tool'.
through the wizard to launch the tool.
Alternatively, you can access the standalone Power Eraser here.
In addition to the Symantec Power Eraser, the Office of Information Technology officially endorses the
use of the following freely available tools:
We also host these tools from our website, but they may not be the latest version:
FAQ Last Updated: Thursday, June 12, 2014, 1:52 PM