Re: CA antivirus software will not update after installining ISA 2004

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

So at this point is it correct that the SBS is updating signatures from CA
according to the settings you created (schedule, etc.)? And the desktop
PC's are not updating the signature files from the SBS as they should be?

If the server is updating from CA's FTP site, that rules out ISA, which
should not be effecting your PCs' communications with the server. (The one
caveat to this is that if ISA shuts down, it will block communication with
the server, but that's all communication, not just this). This isn't eTrust
Antivirus Gateway, is it? If so, there may be a patch or two at the CA
site. I still don't see how a purely internal distribution issue can be
ISA, but it does seem coincidental that it came up at the time of the ISA
2004 upgrade.

Here are a couple of things to check:

- I'm reading you that in the signature update options on the server, it's
set to be a redistribution server, and the correct signature files are
selected to cover all the workstation OS's you have in your network. You
should be downloading both InoculateIT and Vet signature files for any OS in
use at your office. Sounds like this is already done.

- On the workstations, check the signature update options. This should be
set by the server in the admin console, but in any case check it on the
workstation: In Signature Update Options, on the Incoming tab, the first
entry should be "Redistribution Server" with the source set to the netbios
name of your SBS. In other words, just plain "Servername" not
"Servername.yourdomain.local." I'm not sure if the .local name will work or
not, but I'm sure the netbios name should work.

You should also have a schedule set for signature file updates, even if
you're relying on the workstation to update itself when it starts. On my
home network, I have a timing issue where eTrust seems to try updating
before the connection is available, so sometimes it fails. I have a manual
update schedule in place in case that happens and I don't notice it. Also,
at the office, sometimes people leave their workstations running
indefinitely, so you'll want them checking for updates frequently.

- Also on the workstation, having installed the XP patch from CA, you should
have firewall exceptions listed for "eTrust Antivirus - Local Scanner,"
"eTrust Antivirus - Realtime monitor," and "eTrust Antivirus - RPC Server."
That last one is probably what allows signature file updates, but you should
have all three.

- If this still doesn't work, the Distribution Events log on the workstation
should have useful information (you could check the one on the server as
well, although it won't have anything if communication is blocked).

I wanted to also mention this in regard to the InoculateIT versus Vet
signature updates. Last I knew, CA's recommendation was to update both
signature files. They suggest using one engine for realtime scanning
(either one, but Vet is faster) and the other for scheduled scans. Also,
apparently Vet can't do Exchange Server, so that scanner will use
InoculateIT.

"Jerry" <Jerry@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FBB32F41-3D43-4DAF-94DF-B28AD7833551@xxxxxxxxxxxxxxxx
> Thanks Dave and Edward for your post. In responce, I have CA setup as the
> Admin server on the SBS server and it is set to be the redistribution
> server
> for the clients. Scanner & signiture update policies are controlled by the
> admin server. The XP2 patch for the CA software has been installed so as
> to
> open the correct port on the client pc's. All was working fine prior to
> installing ISA 2004. I seem to remember reading someting about ISA 2004
> limiting pc to pc access. Is that a posiblity?
>
> thanks
> --
> Jerry
>
>
> "Jerry" wrote:
>
>> I just installed ISA 2004 on an SBS 2003 Premium Server and I need to
>> configure the firewall to allow my antivirus program to download virus
>> signiture updates. I assume that I have to configure an access rule, but
>> I
>> need to know the correct procedure to do it. any help would be
>> appreciated.
>> --
>> Jerry


.

Relevant Pages

  • Re: FreeBSD 7.1 and BIND exploit
    ... The server may be specified by name or IP address. ... and by default is configured as a resolver only. ... can we have a stub resolver in FreeBSD that will "do the DNSSEC thing" regardless of what kind of resolving name server it's sitting behind? ... If the signature validates, then there are no "issues," you just pass the answer back to the stub and you're done. ...
    (freebsd-stable)
  • Re: Where are DC signatures stored in AD ? Can then be edited using adsiedit ?
    ... We took a NTBackup of the DC and restored it onto a server with the ... There were no errors apart from the decomissioned signature ... started having problems with the test network at the point of demoting the ... having and using a new signature, it registers it's CNAME entry in DNS ...
    (microsoft.public.windows.server.active_directory)
  • Re: Can outlook support more than 1 single line in its signature ?
    ... PCs that I use regularly to obtain the version of Outlook. ... >> lines were supported without any problem within my personal signature. ... This is a feeble and rubbish excuse and I am sure there has been regular ... I have no way of establishing what server they are using. ...
    (microsoft.public.outlook)
  • Re: mailto link?
    ... it seems as if the OP wants a specific signature and I ... said that the server would be the only way to generate that. ... send email, not the client-side Outlook. ... The mailto: protocol of a link does not specify that Outlook should ...
    (microsoft.public.dotnet.framework.aspnet.datagridcontrol)
  • Re: Client Certificates Issue
    ... You can't use the user's private key for this as it is on their workstation, ... not on your server. ... The problem is that i need to generate a Digital Signature using the ...
    (microsoft.public.dotnet.framework.aspnet.security)