Windows Firewall Config for Symantec AV Corp version 9

From: epigram (nospam_at_spammy.com)
Date: 01/17/05 

Date: Mon, 17 Jan 2005 13:38:24 -0500

I'm trying to define custom exceptions in the Windows XP firewall from my
SBS to allow my Symantec AV Corp (version 9) clients and servers to
communicate correctly. I have documents from MS and Symantec that talk
about how to do this, but I'm having trouble with the Symantec docs. The
symantec doc is
http://service1.symantec.com/SUPPORT/ent-security.nsf/c9b1ac1936fbf63488256e77006521df/7346c9f9933898dd88256ec9007c1ea0?OpenDocument&src=bar_sch_nam
This document has a link to two other documents where they explain which
ports and programs you need to create exceptions for.

It looks like I've got to do create two types of exceptions. Some for the
Symantec EXEs and some for the ports the clients/server use to communicate
with each other.

The program exceptions that I plan to put in "Windows Firewall: Define
program exceptions" in the Windows Firewall/Domain Profile (in the Group
Policy Object Editor) are:

"%PROGRAMFILES%\Symantec
AntiVirus\VPC32.exe:localsubnet:enabled:Symantec_Client_UI" - This one isn't
listed in the symantec document, but it is the client app that is running on
all the PCs. Not sure if I need this or not.

"%PROGRAMFILES%\Symantec
AntiVirus\Rtvscan.exe:localsubnet:enabled:Symantec_Client_Scan" - This one
is listed in the symantec document.

"%PROGRAMFILES%\Symantec\LiveUpdate\Lucomserver.exe:localsubnet:enabled:Symantec_LiveUpdate_Client"
 - This one is listed in the symantec document.

The ports are really what are confusing me. The port exceptions that I plan
to put "Windows Firewall: Define port exceptions" Windows Firewall/Domain
Profile are:

"2967:UDP:localsubnet:enabled:Symantec_Client_RtvScan_Port" - This is the
port that allows Symantec System Center to manage the Symantec Client
Security clients and also what Rtvscan uses

"137:UDP:localsubnet:enabled:Symantec_Remote_Client_Install_Port1" - This is
one of the ports required to remotely install the Symantec Client Security
client from the server

"138:UDP:localsubnet:enabled:Symantec_Remote_Client_Install_Port2" - This is
one of the ports required to remotely install the Symantec Client Security
client from the server

Any feedback on my approach (or a better one to take) would be much
appreciated!

Thanks

Relevant Pages

  • Re: Firewall Problems With SBS2003 Std Server SP1
    ... now I have to either enter all of the exceptions on the XPSP2 type ... firewall, or get my port and program exceptions built into the ... These ports are needed to communicate with the Symantec Server ...
    (microsoft.public.windows.server.sbs)
  • Re: WXP SP2 Woes
    ... Stuart Mackie [MCP, MSP] ... >> In terms of the Symantec AV Exceptions as you know you will have to add ... >> Client Security LuComServer ...
    (microsoft.public.windows.server.sbs)
  • RE: [Full-disclosure] Symantec Anti-Virus Corporate Edition: DownloadProduct Upd
    ... That stupid check box has been there since v7.0.0 when Symantec first bought that product from Intel LanDesk. ... You cannot move one client to another server, for example, unless it is physically communicating with the server. ... automatically upgrade itself, due to the vast number of vulnerabilities ... Faculty and Staff machines are on the domain and are in general ...
    (Full-Disclosure)
  • Firewall Problems With SBS2003 Std Server SP1
    ... While trying to Resolve an issue with Symantec Corporate configuration, ... created the exceptions and now find that the LAN clients can no ... The Ports needed for Symantec A/V Corporate Edition Are: ...
    (microsoft.public.windows.server.sbs)
  • Re: domain controller cannot be found
    ... I spoke to symantec and they advised me to add the server ip into the ... trusted networks field within the symantec firewall client on each machine. ...
    (microsoft.public.windows.server.sbs)
Loading