Results 1 to 8 of 8

Thread: Symantec AV SSC

  1. #1
    Junior Member
    Join Date
    Oct 2005
    Posts
    3

    Symantec AV SSC

    hello

    i am using symantec anti virus corporate edition version 10.
    for some reason in the SSC a lot of the clients shows as if they are offline.
    i can ping these machines and connect to them via netbios.
    also, a few of the machines have update problems and only after adding port 2967 to the exeptions of the XP SP2 firewall they get updated.
    nothing has changed in the configuration so i dont know why i need to add this port all of a sudden to the clients.

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Havent upgraded to 10 yet

    But they seem to have alot of documentation and trouble shooting on thier sitehttp://www.symantec.com/techsupp/ent...topics_ts.html

    http://service1.symantec.com/SUPPORT...ent_tutweb_nam

    this looks like it may help

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    From Symantec Platinum support:

    Other server-to-server communications
    In server-to-server communication, the sending Symantec AntiVirus server picks a random port, starting at TCP 1025 and moving up from that point. From that point, traffic is returned on that random port. To allow communication to pass through a firewall or gateway, create rules to allow any port to accept TCP communication on 2967 and 38293 and to allow outbound TCP communication from ports 2967 and 38293:

    TCP Allow 2967 to *
    UDP Allow 38293 to *
    TCP Allow * to 2967
    UDP Allow * to 38293
    Cheers:
    DjM

  4. #4
    Junior Member
    Join Date
    Oct 2005
    Posts
    3
    the question is why do i need to add these ports all of a sudden?
    AV server and clients are located in a flat LAN.
    also why do machines appear as offline when they are not.

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Because the firewall is blocking communication with the Symantec AV server????

    As to why...phone symantec and ask them...

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #6
    Junior Member
    Join Date
    Oct 2005
    Posts
    3
    the XP SP2 FW was always activated on the clients and there was never a problem.

    i am thinking it might be to do with one of the latest Microsoft security updates as this is the only thing that has been installed on the clients/servers.

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    You mentioned that you have SAV 10 clients, however, did you install the Ver 10 SSC? If you try to manage ver10 clients with a ver 9 console bad things will happen.

    Now, as for communications, they rely on NetBIOS so if you have any NetBIOS traffic blocked, they will not be able to speak to the parent server(s).

    Second, the FW ports listed above assumes that you have ACLs in the path between the clients and the parent server. Only pay attention to that info if that is the case. Now, from time to time, I have seen busted installs where the client appears in the console but when visiting the workstation, they show as unmanaged. This would explain the communication issue when they cross your perimeter and check in with the Symantec servers and Symantec cannot initiate an inbound connection to you (that's a good thing).

    Third, SAV10 is a huge POS. Yes. It is a perfect example of bloatware that came from a rushed development cycle and a piss poor QA cycle. However, that's another post.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #8
    Senior Member
    Join Date
    Apr 2004
    Posts
    157

    Post

    As an additional info, if your workstations are in an unmanaged state as thehorse13 mentioned, you can try to copy & paste the GRC.DAT file from the server (located at \\server\vphome\) to this folder on the workstation:
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5
    (the path may vary a little after the '..\Symantec\' folder...)

    The workstation should pick up this file automatically and re-connect to the server, when ever it's due to check for updates, or if you simply re-start the AntiVirus service.

    Hope that helps.

    / SawPer

    ps. But your problem sure sounds like the XP firewall issue, try to disable it temporarily to see if it helps...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •