Rutgers Antivirus Delivery Service

Rutgers Antivirus Delivery Service FAQ

Rutgers Antivirus Delivery Service 7

Symantec Endpoint Protection Client / Symantec AntiVirus

Symantec Endpoint Protection Troubleshooting

Symantec Endpoint Protection Administration

Malware Remediation



What is RADS?

RADS, or the Rutgers Antivirus Delivery Service, is a wrapper for facilitating the distribution of commercial antivirus software to the Rutgers University community. The main goal of RADS is to remove previous installations of antivirus software installed by older versions of RADS and then install the latest antivirus solution while providing a reasonable level of troubleshooting information if needed.

Back to top

What are the requirements for RADS?

In order to run RADS, you must:

  • be running a version of Windows from XP or greater.
  • have the .NET Framework 3.5 installed (automatically installed if not)
  • be able to reach the internet (specifically rads.rutgers.edu) at runtime
  • meet system requirements for Symantec Endpoint Protection. See AV-Requirements below.
Note that the .NET Framework is included with Windows 7 and available on Windows Update with older OSes.

Back to top

How does RADS work?

RADS 7 is composed essentially of 2 main parts. The first part is what is called the bootstrapper. This is an MFC-based application that checks for and deploys basic requirements for the main RADS application. The bootstrapper will ensure that the .NET Framework 3.5 is installed and, if not, deploy the redistributable runtime. Then it will launch the main RADS application.

The main RADS application is a .NET Forms app that will remove Trend Micro OfficeScan versions 7.3 - 10.5 prior to installing Symantec Endpoint Protection (SEP). Due to there being an independent installer for 32 and 64 bit systems, RADS will download the correct installer automatically from rads.rutgers.edu.

The above 2 executables, the .NET Framework 3.5 redistributable package, and some configuration files are compressed into a 7-zip SFX archive and made available for download to the University. The SFX archive will auto-extract the components into %TEMP% and launch the bootstrapper.

Back to top

What's new in RADS 7?

RADS 7 is a complete rebuild of RADS that relies on the .NET Framework. The other major difference is that RADS no longer deploys Trend Micro OfficeScan, and now deploys Symantec Endpoint Protetion client which is also known as Symantec Antivirus or SAV for short. More information on SEP can be found in this FAQ sheet. Use the navigation at the top of the page to find answers to your SEP-related questions. Additional information can be found on Symantec's support page.

Back to top

What can I expect from RADS?

We do our best to build RADS in a way that is simple and intuitive to our users. We simply do not posess the resources to walk through the installation with everyone. The best we can do is provide this tutorial below, which provides a detailed set of screenshots for each major portion of the RADS application.

Back to top

Where can I get RADS?

Please visit our download page.

Back to top

Who can I contact?

Well, that depends. Due to the nature of SEP, your department may be running its own domain and therefore have its own set of policies. In general, avsupport will usually be able to answer your questions.

  • For trouble with RADS: Contact avsupport
  • For trouble with SEP: Contact your department UCM or avsupport
  • For generic PC trouble: Contact your Help Desk

Back to top

What are the system requirements for SEP/SAV?

Detailed system requirements can be seen by clicking the thumbnail below.

Back to top

What is SEP?

Symantec Endpoint Protection is a complete, managed security solution providing anti-malware, firewall and intrusion prevention on servers and workstation computers. SEP connects to a top-level server in order to receive policy settings and pattern files. Pattern files or virus definitions, are files used by an antivirus application to detect known malware. In addition, SEP also has functionality to detect and prevent certain behavior that is indictative of malware -- useful for when a threat has yet to appear in a pattern file.

Back to top

What is all this about "policy"?

With Symantec Endpoint Protection, clients receive policy settings from a central server managed by Rutgers OIT. These policy settings include permissions and even detailed behavior of the client such as when to perform a scan. Anyone installing RADS is automatically put into the 'Default' policy group, which is essentially an unmanaged client. The user has complete freedom over the client installed on their system, which means it in the hands of the user to properly secure their system with any additional settings required such as port-forwarding rules.

Back to top

It says my client is out of date. How do I update?

You may see a notification similar to one of the above. To update your Symantec Endpoint Protection client manually, follow the instructions below to initiate LiveUpdate.

  1. Right click the SEP icon in your system tray to bring up the SEP Client Context Menu

    Choose Open Symantec Endpoint Protection.
  2. From the main client console view, choose LiveUpdate on the left-hand side.

  3. Wait for LiveUpdate to complete.

If, after performing LiveUpdate, your client still does not report that it is up to date, you may need to restart you computer.

Back to top

How do I configure port-forwarding with the SEP firewall?

The Administration Guide (PDF) covers all of the details of the firewall. It is worth reading if you have any specific questions about how to configure the firewall.

For an example of how to open ports (e.g. - for applications and gaming), follow these instructions:

  1. Open the SEP Console by right clicking the SEP Icon in the system tray and selecting Open Symantec Endpoint Protection from the context menu.
  2. In the SEP Console, next to Network Threat Protection, click Options. On the menu that comes up, click Configure Firewall Rules.
  3. On the Firewall rules page, click Add... to create a new firewall rule.
  4. Create a name for your new rule. And select Allow this traffic. Then click the tab for Ports and Protocols.
  5. On the Ports and Protocols page, choose your Protocol from the dropdown (e.g. TCP). In the Remote Ports field enter a single port, a list of ports separated by commas, a range of ports using a dash, a list of ranges or combinations of all. Then click OK to create the rule.
Of course this is only an example. Your specific configuration likely differs. There is great flexibility in this firewall and what has been shown here is only a tiny fraction of what can be done. You can, for example, schedule ports to open and close according to time of day or monitor applications for port usages rather than opening up specific ports explicitly. Please read the Administration Guide (PDF) for a detailed explanation of capabilities.

Back to top

How do I add or remove Network Threat Protection (firewall)?

In some cases, the Network Threat Protection module (firewall + intrusion prevention) can cause issues with a user's internet connection. Disabling the service is only temporary. When your system restarts, the service will be re-enabled. To remove Network Threat Protection, you'll need to access the installation wizard through Add/Remove Programs on XP or Programs and Features on Vista/7.

  1. Open Add/Remove Programs from the Control Panel on XP. On Vista/7 press Start and type 'Programs and Features' to quickly access the Programs and Features dialog.
  2. Find 'Symantec Endpoint Protection' in the list of installed programs. Click the item and select 'Change'. The install wizard will start.
  3. Continue through the wizard ensuring that the radio button for 'Modify' is checked. The continue. You will be presented with the feature selection dialog.
  4. Click the button next to 'Network Threat Protection' and select 'This feature will not be installed'.
  5. Finish through the wizard to uninstall the component.
In some cases the wizard may fail. You should restart your computer and retry.

The same process can be used to install or uninstall this component or other components.

Back to top

How do I uninstall the Mac client?

Unfortunately you cannot uninstall the Mac client without a separate tool. Download that tool from us right here.

Back to top

What is the Symantec Intrusion Prevention browser add-on?

With SEP 12.1, Symantec provides a browser add-on for Firefox and Internet Explorer (Chrome not supported as of this writing) that attempts to prevent malicious scripts from running. You will typically be asked if you would like to enable the add-on when starting the browser for the first time after installing or uprgrading to SEP 12.1.

While we recommend enabling any features that can improve the security of the machine, it is not a required feature and is completely up to user discretion whether the add-on should be enabled.

Google's Chrome browser is not supported at the time of this writing. Symantec recommends Norton SafeWeb as an alternative.

More information on the add-on can be found in Symantec's Knowledge base.

Back to top

What do the various client icons mean?

Back to top

What processes/services are associated with SEP?

The following document on Symantec's website explains the various processes and services associated with both SEPM and SEP clients.
SEP Processes and Services
For SEP clients, the critical services are:

Display NameService Name
Symantec Endpoint ProtectionSymantec AntiVirus
Symantec Event ManagerccEvtMgr
Symantec Management ClientSmcService
Symantec Settings ManagerccSetMgr

Back to top

SEP will not install. What is wrong? What can I do?

There are many different scenarios that may arise to prevent the Symantec Endpoint Protection client from successfully installing onto a given computer. In some cases, malware specifically coded to block the installation of common antivirus programs may already be present on the system. In other cases, a corrupted environment, file locks and pending operations may be preventing the Windows Installer from succesfully loading SEP onto a given system. Each case may be different and there may not be a catch-all solution to the problem.
One possible solution to the problem spurs from Live Update failing to complete the installation. For that, we recommend the following operation:

  1. Download an alternative package for your particular architecture (this will save download times over running RADS).
  2. Remove Symantec Endpoint Protection and Symantec Live Update from your computer if they are present. This can be done from Add or Remove Programs on XP or Programs and Features on Vista/7
  3. Restart your computer
  4. Install LiveUpdate 3.4.
  5. Install SEP from the package you downloaded in step 1.

In some cases, there may be incompatible DLLs in the PATH that cause conflicts with the self-extractor and thus prevent the SEP installation package from successfully extracting and running. To resolve this issue, follow these steps:
  1. Obtain a file archiving tool if you do not have one already. We recommend 7-zip.
  2. Download an alternative package for your particular architecture.
  3. Treating the EXE as an archive, extract it to a folder using your preferred archiving tool. See the documentation on your archiving tool if you do not know how to do that.
  4. Open the folder where you extracted the package.
  5. Launch setup.exe

Another common case is that older versions of Symantec software were previously installed on the system, but failed to remove themselves cleanly -- leaving various registry keys and configuration options lingering in Windows and throwing off the SEP installer. The recommended solution in this case is to run Symantec's CleanWipe utility which performs manual uninstallation steps for a handful of Symantec products.
  1. Download CleanWipe
  2. Extract the zip and thoroughly read the readme file within
  3. Run CleanWipe
  4. Restart your computer
  5. Install SEP
One potential solution for preventing these lingering issues in the first place is to use a more advanced uninstallation application such as CCleaner.
Additional Information:
For issues uninstalling Trend Micro OfficeScan, view this page: How do I remove old or new versions of Trend Micro products?

List of antivirus removal instructions: Common Antivirus Applications - Removal Instructions

Back to top

What is SEPM? How are SEP clients administered?

The Symantec Endpoint Protection Manager (SEPM) is the console used to administer policy on Symantec Endpoint Protection clients. Only OIT system administrators and departmental UCMs have access to this system.

Back to top

What is a SEPM domain?

The Symantec Endpoint Protection management console allows for segretating sets of clients from each other in the form of "domains". These are similar in concept to Active Directory domains, but are generally unrelated.

SEPM Domains contain a unique list of user and administrator accounts and a unique set of policies. They are ideal for allowing departmental UCMs and UCSs full control over their SEP deployments without having to manage their own server infrastructure. Only the super-administrator of the SEP management server can pass between domains. Each domain administrator is restricted to his or her own domain environment.

Back to top

I would like to run my own domain. How do I do so?

We are working to allow administrators to run their own domains with unique policy. Currently this is a manual process. Please contact avsupport to request your own domain.

Back to top

How do I log into my domain?

After pointing your browser to the SEPM console, you will need to specify the credentials that you were provided. Press the 'Options >>' button to expose the Domain input box.

| |
Enter the name of your domain and click 'Log On' to sign in. In some browser, you can simply hit enter from one of the input areas.

Back to top

Is there a different SEPM console than the web console?

You can install a java-based console on your computer. This console is browser-independent and will provide a unified management experience that avoids browser quirks. Download the SEPM Console here.

Back to top

How do I obtain a SEP installation package specific for my domain?

If you are the administrator of a SEPM domain and you want to start deploying SEP to your clients, you are going to want to ensure that those clients will join successfully to your domain. To do that, you will need to generate an installation package from the SEPM and then deploy that package to your clients. For a detailed explanation from the source visit the Symantec documentation page here.

View the Installation Guide for Symantec™ Endpoint Protection and Symantec Network Access Control
Also Administration Guide for Symantec™ Endpoint Protection and Symantec Network Access Control
In the Installation Guide section 2-5 details the process of exporting client installation packages.

A brief tutorial is posted here.

  1. Log in to your domain through the SEPM:
  2. Click the Admin button on the left:
  3. At the bottom of the Admin window click 'Install Packages':
  4. Right click the package you want to deploy and select Export:
  5. Choose the policy you want your package to deploy with:
  6. If you are using the java console, specify the Export folder where you want to save the package and then click OK.
  7. If you are using the web console, click OK and wait for the package to be built. When it is done, you will be presented with a download link to obtain your package.

Back to top

How do I move a client from one SEPM domain to another?

Unfortunately, this cannot be done from within the console. OIT has provided the SyLink Replacer tool that makes this process easier. Alternatively, you may wish to view this thread for a similar tool and more information.

Essentially you need to take the SyLink.xml configuration file from a client already connected to the domain you want to move to and replace it on the clients you want to move to the new domain. The config file is locked while SEP is running so you need to disable the service and kill the process in order to release the lock so the file can be replaced. In the future, OIT will provide a way to obtain a SyLink.xml configuration file without needing an existing SEP client to take it from.

Back to top

What are the unique files in a SEP package?

Between x86 and x64 versions of the SEP package exported from the SEPM, there are many unique binary files. For x86 packages exported with different group policies, there are only 2 files that matter:

  • serdef.dat - Proprietary Symantec data file that defines the intial and default policy of the client
  • SyLink.xml - Standard XML file that defines various client settings such as the SEPM public key, the SEPM URL/IP Address and the Domain and Group the client will connect up to on the SEPM.

Back to top

Where can I obtain the Symantec Endpoint Recovery Tool (SERT)?

Download the tool from us. Please visit the Alt Downloads page to obtain the required PIN.

Back to top

What tools are available for removing malware?

Symantec provides a support tool that includes the Symantec Power Eraser. You can download the tool as part of the Support Tool from this link and you can access the link at any time from the SEP console by clicking 'Help and Support' at the top right and selecting the option for 'Download Support Tool'.

After launching the Support Tool and agreeing to the Terms of Use, check the box for Symantec Power Eraser and continue through the wizard to launch the tool.


Alternatively, you can access the standalone Power Eraser here.

Additional Tools

In addition to the Symantec Power Eraser, the Office of Information Technology officially endorses the use of the following freely available tools: We also host these tools from our website, but they may not be the latest version:

Back to top

FAQ Last Updated: Wednesday, February 20, 2013, 10:07 AM