Focus on Virus
RE: Symantec AV reporting metrics. Jun 09 2006 02:16PM
paul murgatroyd org uk
Depending on how you have your SAV infrastructure configured, you can get away with installing the agents just on the primary servers, however the data received is better if you install the agent on each parent too.

Normally, AV definition information, client versions, etc. come from the Parent servers registry and the virus information comes from the Primary.

However, you don't have to install 10.1 onto all the servers.. just the reporting one. So its as major a task as it sounds.

Agreed again on the SQL backend. For a smaller deployment, the built in MSDE is absolutely fine (and will cope with a large deployment without too much issue) but SQL is recommended for larger enterprises. SQL2005 can also be used if required.

If you have a platinum support account with us, you can download 10.1 as part of your contract from the Platinum website, otherwise you will have to contact either our sales channel or your gold support contact for a demo version.

And finally, yes.. 10.1 is affected by the latest vulnerability. The patches are here: http://www.symantec.com/techsupp/enterprise/products/sav_ce/sav_ce_10.1/
files.html

hth.

p.

-------- Original Message --------

> Return-Path: <focus-virus-return-3630-bugtraq=murgatroyd.org.uk (at) securityfocus (dot) com [email concealed]> Fri Jun 09 14:29:33 2006

> Received: from outgoing.securityfocus.com [205.206.231.26] by padme.x-entiahost.com with SMTP;

> Fri, 9 Jun 2006 14:29:33 +0100

> Received: from outgoing.securityfocus.com by outgoing.securityfocus.com

> via smtpd (for [72.232.29.58] [72.232.29.58]) with ESMTP; Fri, 9 Jun 2006 06:22:48 -0700

> Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])

> by outgoing2.securityfocus.com (Postfix) with QMQP

> id E539114F857; Fri, 9 Jun 2006 06:53:46 -0600 (MDT)

> Received: (qmail 1796 invoked from network); 9 Jun 2006 13:17:01 -0000

> Mailing-List: contact focus-virus-help (at) securityfocus (dot) com [email concealed]; run by ezmlm

> Precedence: bulk

> List-Id: <focus-virus.list-id.securityfocus.com>

> List-Post: <mailto:focus-virus (at) securityfocus (dot) com [email concealed]>

> List-Help: <mailto:focus-virus-help (at) securityfocus (dot) com [email concealed]>

> List-Unsubscribe: <mailto:focus-virus-unsubscribe (at) securityfocus (dot) com [email concealed]>

> List-Subscribe: <mailto:focus-virus-subscribe (at) securityfocus (dot) com [email concealed]>

> Delivered-To: mailing list focus-virus (at) securityfocus (dot) com [email concealed]

> Delivered-To: moderator for focus-virus (at) securityfocus (dot) com [email concealed]

> Subject: RE: Symantec AV reporting metrics.

> To: serge.vondandamo (at) wanadoo (dot) fr [email concealed]

> Cc: focus-virus (at) securityfocus (dot) com [email concealed], "'sekure'" <sekure (at) gmail (dot) com [email concealed]>

> X-Mailer: Lotus Notes Release 5.0.10 March 22, 2002

> Message-ID: <OF7A5E1A7C.51565999-ON86257188.00447BDB-86257188.0044887F (at) email (dot) zuri [email concealed]ch.
com>

> From: Ted Senn <ted.senn (at) zurichna (dot) com [email concealed]>

> Date: Fri, 9 Jun 2006 07:30:15 -0500

> X-MIMETrack: Serialize by Router on USZNH023/Zurich-Internet(Release 6.5.4FP2 HF81|November

> 17, 2005) at 06/09/2006 07:30:28 AM

> MIME-Version: 1.0

> Content-type: text/plain; charset=ISO-8859-1

> Content-transfer-encoding: quoted-printable

> X-SmarterMail-Spam: BAYESIAN FILTERING, SPF_Pass

> X-Rcpt-To: <bugtraq (at) murgatroyd.org (dot) uk [email concealed]>

>

> That will get the basics. However each Primary AV server (and ideally)

> each AV server needs to have the reporting AGENTS install and configured to

> report to the Reporting server. To configure the agents you need the 10.1

> Symantec Center Console.

>

> If you have a big infrastructure you should consider a separate SQL back

> end server.

>

> Ted Senn

> Security Engineer

> Distributed Security

> 847-605-6837

>

> "Serge Vondandamo"

> <serge.vondandamo@ To: "'Ted Senn'" <ted.senn (at) zurichna (dot) com [email concealed]>

> wanadoo.fr> cc: <focus-virus (at) securityfocus (dot) com [email concealed]>, "'sekure'" <sekure (at) gmail (dot) com [email concealed]>

> Subject: RE: Symantec AV reporting metrics.

> 06/08/2006 09:26

> PM

>

>

>

>

>

>

> Thanks Ted,

>

> If I understand, I just need to install the 10.1 and the reporting server

> in

> one of my primary and that is it?

>

> Is there any eval version of it? I will like to test it on my lab first.

> BTW, is the 10.1 affected by the recent Symantec products vulnerability?

>

> Thanks,

> Serge

>

> -----Message d'origine-----

> De : Ted Senn [mailto:ted.senn (at) zurichna (dot) com [email concealed]]

> Envoyé : mardi 6 juin 2006 14:24

> À : serge.vondandamo (at) wanadoo (dot) fr [email concealed]

> Cc : focus-virus (at) securityfocus (dot) com [email concealed]; 'sekure'

> Objet : RE: Symantec AV reporting metrics.

>

> I am running Reporting server without any problem on version 10, and 9

> servers. The agent installs and reports back to the reporting server. You

> may need a special group with 10.1 for the reporting server only, but the

> reporting will work with the lower version AV servers ( agent will not

> install on NT systems)

>

>

> Ted Senn

> Distributed Security

>

>

> "Serge Vondandamo"

>

> <serge.vondandamo@ To: "'sekure'"

> <sekure (at) gmail (dot) com [email concealed]>

> wanadoo.fr> cc:

> <focus-virus (at) securityfocus (dot) com [email concealed]>

> Subject: RE: Symantec AV

> reporting metrics.

> 06/05/2006 03:30

>

> PM

>

>

>

>

>

>

>

>

>

> Sekure and all,

>

> Thanks but we don't have version 10.1 and unfortunately, I have to find a

> way to report with the versions we have. I may suggest to upgrade but that

> will not be possible now - IT Ops folks and other IS Managers will be

> difficult to convince - given the heavy IT Governance and change process we

> have in place.

>

> We currently have version 8 in few sites, version 9 and 10 in the majority

> of the sites.

>

> Paul, your pointers are more than welcome!!!

>

> Thanks,

> Serge

>

>

>

> -----Message d'origine-----

> De : sekure [mailto:sekure (at) gmail (dot) com [email concealed]]

> Envoyé : lundi 5 juin 2006 20:51

> À : Serge Vondandamo

> Cc : focus-virus (at) securityfocus (dot) com [email concealed]

> Objet : Re: Symantec AV reporting metrics.

>

> Symantec Corp AV 10.1 has a reporting server module, which provides

> pretty pictures for lots of these metrics.

>

> On 6/3/06, Serge Vondandamo <serge.vondandamo (at) wanadoo (dot) fr [email concealed]> wrote:

> > All,

> >

> > I have been tasked to develop Symantec AV reporting metrics.

> > The metrics should help provide visual information (graphs, tables, etc)

> to

> > Senior management on weekly, monthly, quarterly and annual basis per

> region

> > and WW if needed.

> >

> > I am focusing on providing the followings:

> >

> > - Number of AV clients per region,

> > - Number of AV engines, versions, per region,

> > - Information on AV defs per region, frequency of updates, versions of AV

> > definitions, age of AV definitions (i.e. two weeks old, two months old,

> very

> > old, etc).

> > - Status of AV clients per region - i.e. auto-protect enabled or

> disabled,

> > threat found, old definitions, etc.

> > - Any other information that will be useful for big boss not interested

> on

> > technical data.

> >

> >

> > I am looking for pointers, idea and suggestion from those who have

> already

> > done so; I will not try to re-invent the wheel ;)

> >

> > Thanks for your inputs.

> >

> > Regards,

> > Serge Vondandamo, HND, CISSP, CCNA.

> >

> >

> >

>

>

>

>

>

>

>

>

> ******************* PLEASE NOTE *******************

> This E-Mail/telefax message and any documents accompanying this

> transmission may contain privileged and/or confidential information and is

> intended solely for the addressee(s) named above. If you are not the

> intended addressee/recipient, you are hereby notified that any use of,

> disclosure, copying, distribution, or reliance on the contents of this

> E-Mail/telefax information is strictly prohibited and may result in legal

> action against you. Please reply to the sender advising of the error in

> transmission and immediately delete/destroy the message and any

> accompanying documents. Thank you.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus