Symantec Administration Console Admin Guide

Symantec™ Administration
Console for Macintosh®

Administrator’s Guide
Symantec™ Administration Console for Macintosh®
Administrator’s Guide
Copyright © 2005 Symantec Corporation. All rights reserved.
Documentation version 1.0.1
Symantec, and the Symantec logo are U.S. registered trademarks of Symantec
Corporation. LiveUpdate, Symantec AntiVirus, Symantec Enterprise Security
Architecture, and Symantec Security Response are trademarks of Symantec Corporation.
Mac, Macintosh, Mac OS, eMac, Safari, and the Mac logo are trademarks of Apple
Computer, Inc. PowerMac, iMac, and Xserve are trademarks of Apple Computer, Inc.,
registered in the U.S. and other countries. MySQL is a registered trademark of MySQL AB
in Sweden and other countries. MySQL is a trademark in the United States and other
countries. Red Hat and all Red Hat-based trademarks and logos are trademarks or
registered trademarks of Red Hat, Inc. in the United States and other countries. Linux is a
registered trademark of Linus Torvalds. RSA is a registered trademark or trademark of
RSA Security Inc. in the United States and/or other countries. Netscape is a registered
trademark of Netscape Communications Corporation in the United States and other
countries. Windows and Internet Explorer are either registered trademarks or trademarks
of Microsoft Corporation. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use,
copying, distribution, and decompilation/reverse engineering. No part of this document
may be reproduced in any form by any means without prior written authorization of
Symantec Corporation and its licensors, if any.
THIS DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED

CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-
INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH
DISCLAIMERS ARE HELD TO BE LEGALLY INVALID, SYMANTEC CORPORATION SHALL
NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION
WITH THE FURNISHING PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE
INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE
WITHOUT NOTICE.
Symantec Corporation
20330 Stevens Creek Blvd.
Cupertino, CA 95014
http://www.symantec.com
Technical Support
Symantec Technical Support maintains support centers globally. Technical

Support’s primary role is to respond to specific queries about product feature
and function, installation, and configuration. The Technical Support group also
authors content for our online Knowledge Base. The Technical Support group
works collaboratively with the other functional areas within Symantec to
answer your questions in a timely fashion. For example, the Technical Support
group works with Product Engineering and Symantec Security Response to
provide alerting services and virus definition updates.
Symantec’s maintenance offerings include the following:
■ A range of support options that give you the flexibility to select the right
amount of service for any size organization
■ Telephone and Web-based support that provides rapid response and up-to-
the-minute information
■ Upgrade insurance that delivers automatic software upgrade protection
■ Global support that is available 24 hours a day, 7 days a week worldwide.
Support is provided in a variety of languages for those customers that are
enrolled in the Platinum Support program
■ Advanced features, including Technical Account Management
For information about Symantec’s Maintenance Programs, you can visit our
Web site at the following URL:
www.symantec.com/techsupp/ent/enterprise.html
Select your country or language under Global Support. The specific features that
are available may vary based on the level of maintenance that was purchased
and the specific product that you use.
Contacting Technical Support

Customers with a current maintenance agreement may access Technical
Support information at the following URL:
Select your region or language under Global Support.
Before contacting Technical Support, make sure you have satisfied the system
requirements that are listed in your product documentation. Also, you should be
at the computer on which the problem occurred, in case it is necessary to
recreate the problem.
When you contact Technical Support, please have the following information
available:
■ Product release level
■ Hardware information
■ Available memory, disk space, NIC information
■ Operating system
■ Version and patch level
■ Network topology
■ Router, gateway, and IP address information
■ Problem description:
■ Error messages and log files
■ Troubleshooting that was performed before contacting Symantec
■ Recent software configuration changes and network changes
Licensing and registration

If your Symantec product requires registration or a license key, access our
technical support Web page at the following URL:
www.symantec.com/techsupp/ent/enterprise.html.
Select your region or language under Global Support, and then select the
Licensing and Registration page.
Customer service
Customer service information is available at the following URL:
Select your country or language under Global Support.
Customer Service is available to assist with the following types of issues:
■ Questions regarding product licensing or serialization
■ Product registration updates such as address or name changes
■ General product information (features, language availability, local dealers)
■ Latest information about product updates and upgrades
■ Information about upgrade insurance and maintenance contracts
■ Information about Symantec Value License Program
■ Advice about Symantec's technical support options
■ Nontechnical presales questions
■ Issues that are related to CD-ROMs or manuals
Maintenance agreement resources

If you want to contact Symantec regarding an existing maintenance agreement,
please contact the maintenance agreement administration team for your region
as follows:
■ Asia-Pacific and Japan: contractsadmin@symantec.com
■ Europe, Middle-East, and Africa: semea@symantec.com
■ North America and Latin America: supportsolutions@symantec.com
Additional enterprise services
Symantec offers a comprehensive set of services that allow you to maximize
your investment in Symantec products and to develop your knowledge,
expertise, and global insight, which enable you to manage your business risks
proactively. Additional services that are available include the following:
Symantec Early Warning These solutions provide early warning of cyber attacks,
Solutions comprehensive threat analysis, and countermeasures to
prevent attacks before they occur.
Managed Security Services These services remove the burden of managing and
monitoring security devices and events, ensuring rapid
response to real threats.
Consulting services Symantec Consulting Services provide on-site technical

expertise from Symantec and its trusted partners.
Symantec Consulting Services offer a variety of
prepackaged and customizable options that include
assessment, design, implementation, monitoring and
management capabilities, each focused on establishing
and maintaining the integrity and availability of your IT
resources.
Educational Services These services provide a full array of technical training,

security education, security certification, and awareness
communication programs.
To access more information about Enterprise Services, please visit our Web site
at the following URL:
www.symantec.com
Select your country or language from the site index.
Symantec Corporation Software License Agreement
Symantec™ Administration Console for Macintosh®
SYMANTEC CORPORATION AND/OR ITS C. use the Software on a network, provided that You
SUBSIDIARIES (“SYMANTEC”) IS WILLING TO have a licensed copy of the Software for each computer
LICENSE THE SOFTWARE TO YOU AS AN that can access the Software over that network;
INDIVIDUAL, THE COMPANY, OR THE LEGAL ENTITY D. use the Software in accordance with any written
THAT WILL BE UTILIZING THE SOFTWARE agreement between You and Symantec; and
(REFERENCED BELOW AS “YOU” OR “YOUR”) ONLY E. after written consent from Symantec, transfer the
ON THE CONDITION THAT YOU ACCEPT ALL OF THE Software on a permanent basis to another person or
TERMS OF THIS LICENSE AGREEMENT. READ THE entity, provided that You retain no copies of the
TERMS AND CONDITIONS OF THIS LICENSE Software and the transferee agrees in writing to the
AGREEMENT CAREFULLY BEFORE USING THE terms of this license.
SOFTWARE. THIS IS A LEGAL AND ENFORCEABLE
CONTRACT BETWEEN YOU AND THE LICENSOR. BY You may not:
OPENING THIS PACKAGE, BREAKING THE SEAL,
A. copy the printed documentation that accompanies
CLICKING THE “AGREE” OR “YES” BUTTON OR
the Software;
OTHERWISE INDICATING ASSENT
B. sublicense, rent, or lease any portion of the
ELECTRONICALLY, OR LOADING THE SOFTWARE,
Software; reverse engineer, decompile, disassemble,
YOU AGREE TO THE TERMS AND CONDITIONS OF
modify, translate, make any attempt to discover the
THIS AGREEMENT. IF YOU DO NOT AGREE TO THESE
source code of the Software, or create derivative works
TERMS AND CONDITIONS, CLICK THE “I DO NOT
from the Software;
AGREE” OR “NO” BUTTON OR OTHERWISE INDICATE
C. use the Software as part of a facility management,
REFUSAL AND MAKE NO FURTHER USE OF THE
timesharing, service provider, or service bureau
SOFTWARE.
arrangement;
D. use a previous version or copy of the Software after
1. License: You have received and installed a disk replacement set
The software and documentation that accompanies or an upgraded version. Upon upgrading the Software,
this license (collectively the “Software”) is the all copies of the prior version must be destroyed;
proprietary property of Symantec or its licensors and E. use a later version of the Software than is provided
is protected by copyright law. While Symantec herewith unless You have purchased corresponding
continues to own the Software, You will have certain maintenance and/or upgrade insurance or have
rights to use the Software after Your acceptance of this otherwise separately acquired the right to use such
license. This license governs any releases, revisions, or later version;
enhancements to the Software that the Licensor may F. use, if You received the software distributed on
furnish to You. Except as may be modified by an media containing multiple Symantec products, any
applicable Symantec license certificate, license Symantec software on the media for which You have
coupon, or license key (each a “License Module”) that not received permission in a License Module; nor
accompanies, precedes, or follows this license, and as G. use the Software in any manner not authorized by
may be further defined in the user documentation this license.
accompanying the Software, Your rights and
obligations with respect to the use of this Software are 2. Content Updates:
as follows.
Certain Software utilize content that is updated from
time to time (including but not limited to the following
You may: Software: antispam software utilize updated antispam
A. use the number of copies of the Software as have rules; antivirus software utilize updated virus
been licensed to You by Symantec under a License definitions; content filtering software utilize updated
Module. If the Software is part of a suite containing URL lists; some firewall software utilize updated
multiple Software titles, the total number of copies You firewall rules; policy compliance software utilize
may use, in any combination of Software titles, may updated policy compliance updates; and vulnerability
not exceed the total number of copies indicated in the assessment products utilize updated vulnerability
License Module. Your License Module shall constitute signatures; these updates are collectively referred to as
proof of Your right to make such copies. If no License “Content Updates”). You shall have the right to obtain
Module accompanies, precedes, or follows this license, Content Updates for any period for which You have
You may make one copy of the Software You are purchased maintenance, except for those Content
authorized to use on a single computer; Updates that Symantec elects to make available by
B. make one copy of the Software for archival separate paid subscription, or for any period for which
purposes, or copy the Software onto the hard disk of You have otherwise separately acquired the right to
Your computer and retain the original for archival obtain Content Updates. Symantec reserves the right
purposes; to designate specified Content Updates as requiring
purchase of a separate subscription at any time and IN NO CASE SHALL SYMANTEC'S LIABILITY EXCEED
without notice to You; provided, however, that if You THE PURCHASE PRICE FOR THE SOFTWARE. The
purchase maintenance hereunder that includes disclaimers and limitations set forth above will apply
particular Content Updates on the date of purchase, regardless of whether or not You accept the Software.
You will not have to pay an additional fee to continue
receiving such Content Updates through the term of 5. U.S. Government Restricted Rights:
such maintenance even if Symantec designates such
RESTRICTED RIGHTS LEGEND. All Symantec products
Content Updates as requiring separate purchase. This
and documentation are commercial in nature. The
License does not otherwise permit the licensee to
software and software documentation are
obtain and use Content Updates.
“Commercial Items,” as that term is defined in 48
C.F.R. section 2.101, consisting of “Commercial
3. Limited Warranty: Computer Software” and “Commercial Computer
Symantec warrants that the media on which the Software Documentation,” as such terms are defined in
Software is distributed will be free from defects for a 48 C.F.R. section 252.227-7014(a)(5) and 48 C.F.R.
period of thirty (30) days from the date of delivery of section 252.227-7014(a)(1), and used in 48 C.F.R.
the Software to You. Your sole remedy in the event of a section 12.212 and 48 C.F.R. section 227.7202, as
breach of this warranty will be that Symantec will, at applicable. Consistent with 48 C.F.R. section 12.212, 48
its option, replace any defective media returned to C.F.R. section 252.227-7015, 48 C.F.R. section 227.7202
Symantec within the warranty period or refund the through 227.7202-4, 48 C.F.R. section 52.227-14, and
money You paid for the Software. Symantec does not other relevant sections of the Code of Federal
warrant that the Software will meet Your requirements Regulations, as applicable, Symantec's computer
or that operation of the Software will be uninterrupted software and computer software documentation are
or that the Software will be error-free. licensed to United States Government end users with
only those rights as granted to all other end users,
TO THE MAXIMUM EXTENT PERMITTED BY according to the terms and conditions contained in this
APPLICABLE LAW, THE ABOVE WARRANTY IS license agreement. Manufacturer is Symantec
EXCLUSIVE AND IN LIEU OF ALL OTHER Corporation, 20330 Stevens Creek Blvd., Cupertino, CA
WARRANTIES, WHETHER EXPRESS OR IMPLIED, 95014, United States of America.
INCLUDING THE IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR 6. Export Regulation:
PURPOSE, AND NONINFRINGEMENT OF
Certain Symantec products are subject to export
INTELLECTUAL PROPERTY RIGHTS. THIS
controls by the U.S. Department of Commerce (DOC),
WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS.
under the Export Administration Regulations (EAR)
YOU MAY HAVE OTHER RIGHTS, WHICH VARY
(see www.bxa.doc.gov). Violation of U.S. law is strictly
FROM STATE TO STATE AND COUNTRY TO
prohibited. Licensee agrees to comply with the
COUNTRY.
requirements of the EAR and all applicable
international, national, state, regional and local laws,
4. Disclaimer of Damages: and regulations, including any applicable import and
SOME STATES AND COUNTRIES, INCLUDING use restrictions. Symantec products are currently
MEMBER COUNTRIES OF THE EUROPEAN prohibited for export or re-export to Cuba, North
ECONOMIC AREA, DO NOT ALLOW THE LIMITATION Korea, Iran, Iraq, Libya, Syria and Sudan or to any
OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR country subject to applicable trade sanctions. Licensee
CONSEQUENTIAL DAMAGES, SO THE BELOW agrees not to export, or re-export, directly or
LIMITATION OR EXCLUSION MAY NOT APPLY TO indirectly, any product to any country outlined in the
YOU. EAR, nor to any person or entity on the DOC Denied
TO THE MAXIMUM EXTENT PERMITTED BY Persons, Entities and Unverified Lists, the U.S.
APPLICABLE LAW AND REGARDLESS OF WHETHER Department of State's Debarred List, or on the U.S.
ANY REMEDY SET FORTH HEREIN FAILS OF ITS Department of Treasury's lists of Specially Designated
ESSENTIAL PURPOSE, IN NO EVENT WILL Nationals, Specially Designated Narcotics Traffickers,
SYMANTEC BE LIABLE TO YOU FOR ANY SPECIAL, or Specially Designated Terrorists. Furthermore,
CONSEQUENTIAL, INDIRECT, OR SIMILAR Licensee agrees not to export, or re-export, Symantec
DAMAGES, INCLUDING ANY LOST PROFITS OR LOST products to any military entity not approved under the
DATA ARISING OUT OF THE USE OR INABILITY TO EAR, or to any other entity for any military purpose,
USE THE SOFTWARE EVEN IF SYMANTEC HAS BEEN nor will it sell any Symantec product for use in
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. connection with chemical, biological, or nuclear
weapons or missiles capable of delivering such
weapons.
7. General: C. If the Software You have licensed is Symantec Client
Security, this Software utilizes the Standard Template
If You are located in North America or Latin America,
Library, a C++ library of container classes, algorithms,
this Agreement will be governed by the laws of the
and iterators. Copyright (c) 1996-1999. Silicon
State of California, United States of America.
Graphics Computer Systems, Inc. Copyright (c) 1994.
Otherwise, this Agreement will be governed by the
Hewlett-Packard Company.
laws of England and Wales. This Agreement and any
related License Module is the entire agreement
between You and Symantec relating to the Software
and: (i) supersedes all prior or contemporaneous oral
or written communications, proposals, and
representations with respect to its subject matter; and
(ii) prevails over any conflicting or additional terms of
any quote, order, acknowledgment, or similar
communications between the parties. This Agreement
shall terminate upon Your breach of any term
contained herein and You shall cease use of and
destroy all copies of the Software. The disclaimers of
warranties and damages and limitations on liability
shall survive termination. Software and
documentation is delivered Ex Works California, U.S.A.
or Dublin, Ireland respectively (ICC INCOTERMS 2000).
This Agreement may only be modified by a License
Module that accompanies this license or by a written
document that has been signed by both You and
Symantec. Should You have any questions concerning
this Agreement, or if You desire to contact Symantec
for any reason, please write to: (i) Symantec Customer
Service, 555 International Way, Springfield, OR 97477,
U.S.A., (ii) Symantec Customer Service Center, PO BOX
5689, Dublin 15, Ireland, or (iii) Symantec Customer
Service, 1 Julius Ave, North Ryde, NSW 2113,
Australia.
8. Additional Uses and Restrictions:

A. If the Software You have licensed is a specified
Symantec AntiVirus for a corresponding third party
product or platform, You may only use that specified
Software with the corresponding product or platform.
You may not allow any computer to access the
Software other than a computer using the specified
product or platform. In the event that You wish to use
the Software with a certain product or platform for
which there is no specified Software, You may use
Symantec Scan Engine.
B. If the Software you have licensed is Symantec
AntiVirus or Symantec Scan Engine utilizing Web
Server optional licensing as set forth in the License
Module, the following additional use(s) and
restriction(s) apply:
i) You may use the Software only with files that are
received from third parties through a web server;
ii) You may use the Software only with files received
from less than 10,000 unique third parties per month;
and
iii) You may not charge or assess a fee for use of the
Software for Your internal business.
Contents
Technical Support
Chapter 1 Introducing the Symantec Administration Console
for Macintosh
About the Symantec Administration Console for Macintosh .......................13
About the client/server model ...........................................................................14
About the client ....................................................................................................15
Chapter 2 Guarding your network

About antivirus protection .................................................................................17
Setting up a local LiveUpdate server on your network ..................................18
Creating custom preference sets .......................................................................18
Creating LiveUpdate preference sets ........................................................18
Restoring the default LiveUpdate preference set ...................................19
Creating Symantec AntiVirus for Macintosh preference sets ..............19
Creating Auto-Protect preference sets .....................................................20
Sending preferences to clients ...........................................................................21
Updating clients ...................................................................................................22
Running LiveUpdate commands ...............................................................23
About clients with intermittent connectivity ..........................................24
Initiating scans .....................................................................................................24
Chapter 3 Managing accounts, clients, and groups

Managing administrator accounts ....................................................................27
Creating administrator accounts ...............................................................28
Editing administrator accounts .................................................................29
Removing administrator accounts ............................................................29
Managing clients ..................................................................................................30
Configuring a client package ......................................................................30
Manually setting client preferences .........................................................31
Pinging network clients ..............................................................................31
Editing your client list .................................................................................32
Removing clients from the managed client database ............................33
10 Contents
Managing groups ................................................................................................. 33

Creating groups ............................................................................................ 34
Deleting groups ............................................................................................ 34
Adding clients to a group ............................................................................ 34
Removing clients from a group ................................................................. 35
Chapter 4 Managing commands

Managing command templates ......................................................................... 37
Creating command templates .................................................................... 37
Using command templates ......................................................................... 38
Deleting command templates .................................................................... 38
Managing public keys ......................................................................................... 39
Creating a public key ................................................................................... 39
Adding a public key to clients on the network ........................................ 40
Removing a public key from clients on the network .............................. 40
Interrupting commands and processes ............................................................ 41
Terminating a command ............................................................................ 42
Resetting a client ......................................................................................... 42
Rebooting a client ........................................................................................ 43
Chapter 5 Managing software installation

Installing software .............................................................................................. 45
Creating a package ....................................................................................... 46
Running the Install Software command .................................................. 46
Running the Download Script command ......................................................... 47
Running a custom script ..................................................................................... 48
Chapter 6 Reviewing network status

Using the Home page .......................................................................................... 51
Viewing events ..................................................................................................... 52
Viewing the Events log ................................................................................ 52
Viewing the Client Events log .................................................................... 52
Viewing command results .................................................................................. 52
Viewing virus protection status ........................................................................ 53
Viewing virus activity status ............................................................................. 53
Viewing installed client software ...................................................................... 54
Viewing the Client Software Versions report .......................................... 54
Viewing installed client software on the Send Commands page .......... 54
Viewing software status ............................................................................. 55
Customizing log or report displays ................................................................... 55
Purging log data ................................................................................................... 56
Contents 11
Appendix A About the Symantec Administration Console for

Macintosh database
What the database stores ...................................................................................57
Tables in the database .........................................................................................57
Adminuser table ...........................................................................................58
Cmdlib table ..................................................................................................59
Cmdset table .................................................................................................60
Cmdtemplate table .......................................................................................60
Command table .............................................................................................61
Eventlog table ...............................................................................................62
Ngroup table .................................................................................................63
Node table ......................................................................................................63
Nodesoftware table ......................................................................................64
Nodetogroup table .......................................................................................65
Software table ...............................................................................................65
Softwarestatus table ....................................................................................66
Softwarestatuskey table ..............................................................................67
Softwarevers table .......................................................................................67
Statuslog table ..............................................................................................68
Index
12 Contents
Chapter 1
Introducing the Symantec
Administration Console for
Macintosh
This chapter includes the following topics:
■ About the Symantec Administration Console for Macintosh
■ About the client/server model
■ About the client
About the Symantec Administration Console for

Macintosh
The Symantec™ Administration Console for Macintosh® centralizes the
management of Macintosh network clients that run Norton AntiVirus™ or
Symantec AntiVirus™ for Macintosh®. It works with the Apache HTTP Web
server and MySQL® database provided with the Macintosh OS® X Server to
perform this function. You can access the administration console locally or
remotely, and can perform the following tasks using the console:
■ Update client software and virus definitions.
■ Create and issue preference sets for installed Symantec products.
■ Initiate virus scans on client computers.
■ Review logs, summaries, and reports.
■ Manage client groups.
14 Introducing the Symantec Administration Console for Macintosh
About the client/server model
To enable the Symantec Administration Console for Macintosh to manage

network clients, you must install client software on each workstation. The client
software runs commands that you issue from the administration console.
See the Symantec AntiVirus 10 for Macintosh Installation Guide for additional
information about client installation.
About the client/server model

The Symantec Administration Console for Macintosh uses the Apache HTTP
Web server and PHP to generate HTML pages that reflect communication
between the MySQL database, the administration console, and the clients.
Transactions include commands that you issue from the server. They also
include command, event, and status updates that you subsequently view in the
administration console.
The following two tables, taken from the Symantec AntiVirus 10 for Macintosh
Installation Guide, list the components that make up the server portion of the
client/server model.
Table 1-1 Server components installed by the Symantec Administration

Console for Macintosh
Component Description
Command server Issues commands to clients and handles information from

clients.
Administration console Web-based user interface for viewing client status and
managing client computers.
Symantec Administration MySQL database components for the Symantec

Console for Macintosh Administration Console for Macintosh (command log,
database tables command library, client status logs).
Table 1-2 Server components installed as part of Mac OS X Server 10.3
Component Description
MySQL relational database Database used by the Symantec Administration Console for
management system Macintosh database components.
Apache HTTP server Serves administration console Web pages (user interface).
Also, receives status and event updates from clients.
Introducing the Symantec Administration Console for Macintosh 15
About the client
A command that you issue from the administration console passes through to
the Apache HTTP Web server. The server stores information about the new
command in the appropriate database tables and instructs the command server
to issue the command to the UDP multicast address that was set when Symantec
Administration Console for Macintosh was installed. The command broadcasts
through one or more routers to individual clients and client groups registered
with the UDP address.
Clients can complete commands successfully, or fail or skip commands. In each
case, a client reports the result of the command to the Apache HTTP Web server.
In turn, the server updates the MySQL database tables and updates the
administration console displays with the software, event, or command status.
About the client

The client software is a thin daemon that runs transparently on each client
computer. The following table lists the components that make up the client part
of the client/server model.
Table 1-3 Client components
Components Description
Symantec Administration Receives and runs commands from the server and sends
Console for Macintosh back status to the server.
client software (daemon
This software is required for a client to be able to receive
process) and run commands from the Symantec Administration
Console for Macintosh server.
Symantec AntiVirus 10 for Software installed on the client and used by Symantec
Macintosh Administration Console for Macintosh to remotely perform
antivirus tasks on the client.
The administrator installs the client software on network computers as

described in the Symantec AntiVirus 10 for Macintosh Installation Guide. When
installed, the client software and all of its tools are owned by, and run as, root.
The software listens on a single port for commands from the command server.
When a command is received, the client software checks it for authenticity
(using digital signatures) and integrity and then carries out the command.
The administrator can issue commands that force an immediate response from
the client, or instructions to download one or more packages from the Apache
HTTP Web server or a LiveUpdate™ server. After a client downloads a package,
the client carries out the instructions contained in the package.
16 Introducing the Symantec Administration Console for Macintosh
About the client
Chapter 2
Guarding your network
■ About antivirus protection
■ Setting up a local LiveUpdate server on your network
■ Creating custom preference sets
■ Sending preferences to clients
■ Updating clients
■ Initiating scans
About antivirus protection

The Symantec Administration Console for Macintosh provides you with the
means to protect your organization against viruses, and which you can
customize for your enterprise’s specific needs. The antivirus tools available to
you are LiveUpdate, Symantec AntiVirus for Macintosh, and Auto-Protect.
Using LiveUpdate, you can update your virus definitions and download
Symantec product updates. Once you update your virus definitions, you can use
Symantec AntiVirus to scan and eliminate viruses. Symantec AntiVirus and
Auto-Protect repair infected files on detection, or quarantine infected files that
cannot be repaired. Auto-Protect provides real-time defense against virus
attacks by scanning for viruses whenever your clients access, copy, or save files.
18 Guarding your network
Setting up a local LiveUpdate server on your network
Setting up a local LiveUpdate server on your

network
You can configure clients to download virus definition updates and product
updates either from the Symantec Web site or from an internal server on your
network. If you want your clients to download updates from an internal server,
and you need instructions for how to set up that server, you can access those
instructions on the Symantec Knowledge Base.
To access instructions for setting up an internal LiveUpdate server

1 On the Internet, go to www.symantec.com
2 On top of the Symantec Home page, click search.
3 On the search page, in the Search box, type:
“how to set up an internal LiveUpdate server”
Be sure to include the quotation marks in your entry.
4 Under Website Searches, check Knowledge Base.
5 Click search.
6 On the results page, click the first linked article.
Creating custom preference sets

The default preference settings on Symantec products installed on your clients
generally provide sufficient protection and usually do not need to be changed.
However, to change these settings and to ensure the consistency of those
changes across your network, you can create preference sets for LiveUpdate,
Symantec AntiVirus for Macintosh, and Auto-Protect.
Creating LiveUpdate preference sets

You can specify LiveUpdate preferences for clients. On the LiveUpdate Options
page, you can set the server or host name from which the client or group
downloads protection, program, and virus definitions files.
To create LiveUpdate preference sets

1 On the Client Preferences page, click Create “LiveUpdate” Preference Set.
Guarding your network 19
2 On the LiveUpdate Options page, specify the following:
Key ID The integer by which the public key is identified by both

the server and the client.
Key Password The password that corresponds to your Key ID.
Preference Set Name The name that identifies your saved preference settings.
Protocol The LiveUpdate server type (FTP or HTTP) that hosts

current LiveUpdate files for client downloads.
Host Name The LiveUpdate server’s FTP or HTTP address from which
clients can download LiveUpdate files.
Set Login and Check this option to set the Login Name and Password.
Password
Login and Password The authentication information that the client requires to
access the LiveUpdate server and download current files.
3 Click Save Preference Set.
Restoring the default LiveUpdate preference set

The Symantec Administration Console for Macintosh saves the default
LiveUpdate preference set so that you can restore it, if necessary.
To restore the default LiveUpdate preference set

1 On the Client Preferences page, click Create “LiveUpdate” Preference Set.
2 On the LiveUpdate Options page, click Reset to Defaults.
Creating Symantec AntiVirus for Macintosh preference sets

On the Symantec AntiVirus for Macintosh Options page, you can specify
whether Symantec AntiVirus scans compressed files, whether scheduled scans
produce an alert message on the client, and how Symantec AntiVirus handles
any infected files that it detects.
Note: These preference settings apply to clients running versions of either

Symantec AntiVirus or Norton AntiVirus that are compatible with Symantec
Administration Console for Macintosh.
To create Symantec AntiVirus for Macintosh preference sets

1 On the Client Preferences page, click Create “Symantec AntiVirus for
Macintosh” Preference Set.
2 On the Symantec AntiVirus for Macintosh Options page, specify the
following:
Key ID The integer by which the public key is identified

at both the server and the client.
Preference Set The name that identifies your saved preference

Name settings.
Scan compressed files Turn on or turn off compressed file scanning.
Select the file information to Select what you want to include in the scan
include in the scan report report that will be generated on the client.
Scheduled Scan Alerts Configure the Symantec AntiVirus scan to

produce alerts that appear only when infections
are found or every time a scheduled scan is
completed.
Select to have infected files Configure Symantec AntiVirus to automatically

repaired automatically or manually repair infected files or manually repair infected
when you perform a scan files.
Select to quarantine files that Configure Symantec AntiVirus to quarantine

cannot be repaired files that cannot be repaired.
Select to receive a reminder if virus Configure Symantec AntiVirus to display a virus

definitions appear out of date definitions alert.
Creating Auto-Protect preference sets

Use these options to set Auto-Protect preferences for clients, which override any
preferences set locally on the clients.
Note: The SafeZone and Mount Scan features are new to Symantec AntiVirus 10
for Macintosh. Clients running Norton AntiVirus 9 ignore the preference
settings you send that pertain to these two features.
Sending preferences to clients
To create Auto-Protect preference sets

1 On the Client Preferences page, click Create “Auto-Protect” Preference Set.
2 On the Auto-Protect Options page, specify the following:
Key ID The integer by which the public key is identified at both

Preference Set Name The name that identifies your saved preferences settings.
Auto-Protect Enabled Enable Auto-Protect on client.
Scan compressed files Configure Auto-Protect to scan compressed files.
Automatic Repair Automatically repair infected files.
Quarantine files that Automatically quarantine files that cannot be repaired.

cannot be repaired
SafeZone settings Specify which areas of the client’s system to scan and
which areas to ignore.
Mount Scan settings Specify whether to scan disks when they are mounted,
whether to show a progress bar when scanning mounted
disks, and whether to eject infected disks. Also specify
which kinds of disks should be scanned when mounted and
which should be ignored.
Sending preferences to clients

After you create preferences, you must send them to clients in order for the
preferences to be executed.
To send preferences to clients

1 On the Send Commands page, if necessary, select one or more clients or
groups to receive the command.
2 Under Send Command Options, select Send command to all clients or Send
command to clients and groups checked above.
3 On the Command pop-up menu, click Set Symantec Product Preferences.
4 Click Specify Parameters.
Updating clients
5 On the Set Symantec Product Preferences page, specify the following:
Command Label The name that you assign to your command. The name appears
in the Command log after you issue the command.
Command Expires The time period in which the command is active. Enter a
number, and then specify the period in days, weeks, or months.
Command Key ID The integer by which the public key is identified at both the
server and the client.
Preference Set Type the name of the preference set that you configured.
6 Click Command.
Updating clients
One common reason that virus protection fails is that virus definitions are not
current. New threats to your network and many viruses arise on a continual
basis.
Running LiveUpdate connects you to the Symantec™ Security Response Web
site to determine if your virus definitions need updating. If so, LiveUpdate
downloads the files onto your network and installs them to the proper locations.
LiveUpdate also checks for program patches and downloads them as necessary.
The only prerequisite for running LiveUpdate is an Internet connection. To
enforce the antivirus policy for your enterprise, you may want to set preferences
for the LiveUpdate commands.
Updating clients
Running LiveUpdate commands

You can run LiveUpdate commands on the client with these options. You can
either download program and virus definitions files by running LiveUpdate
Everything, or you can download and install only the most recent virus
definitions file by running LiveUpdate Virus Definitions.
Warning: Updating a large number of clients simultaneously can result in slow

network performance.
To run LiveUpdate commands

3 On the Command pop-up menu, click LiveUpdate.
5 On the LiveUpdate Options page, specify the following:
Update Select one of the following:

■ Virus Definitions: Download and install only the most
recent virus definitions file.
■ Everything: Download program and virus definitions files.
6 Click Command.
Initiating scans
About clients with intermittent connectivity

If a managed client infrequently connects to the network, such as might happen
with an offsite iBook®, it may not have the most current updates. When it
reconnects to the network, it sends a status packet to the server about the
commands that it has received. The server evaluates the status and issues the
unexpired commands that the client has not received.
To ensure that the latest updates are available the next time that the client
connects to the network, issue the LiveUpdate command with an expiration date
that accommodates clients that are not always connected.
Initiating scans
Virus scans inspect selected disks and folders on targeted client computers.
Scans initiated by the Virus Scan command automatically repair or quarantine
infected files, and scan compressed files. You may want to initiate a scan if you
suspect that a virus has been introduced on a client or group of clients. You can
initiate a virus scan at any time.
To initiate a virus scan

3 On the Command pop-up menu, click Virus Scan.
5 On the Virus Scan page, specify the following:

Initiating scans
Scan target On the Scan target pop-up menu, you can select to scan the
following:
■ All mounted disks: Includes all local devices, all devices
attached to the client computer, and mounted network
volumes.
■ All mounted local disks: Includes all local devices and all
devices attached to the client computer.
■ Applications folder: The client’s boot volume’s
Applications folder.
■ Library folder: The client’s boot volume’s Library folder.
6 Click Command.
Initiating scans
Chapter 3
Managing accounts,
clients, and groups
■ Managing administrator accounts
■ Managing clients
■ Managing groups
Managing administrator accounts

You can manage administrator accounts using the administration console. The
first administrator account is created during the server installation.
Note: See the Symantec AntiVirus 10 for Macintosh Installation Guide for more
information.
Managing administrator accounts involves the following tasks:

■ Create administrator accounts.
■ Edit administrator accounts.
■ Remove administrator accounts.
28 Managing accounts, clients, and groups
Creating administrator accounts

The administration console enables you to create multiple administrator
accounts. You may require an administrator to replace you during your absence
or may want to establish a system where specific administrators are responsible
for particular actions or groups.
Depending on your reasons for creating an administrator account, you can grant
and restrict certain privileges for an account. You can determine whether the
new administrator can create additional administrator accounts, issue
commands, or create key pairs.
Note: You may want to have a new administrator use a specific Key ID so that his
or her commands can be tracked.
To create an administrator account

1 On the Maintenance page, click Create Administrator Account.
2 On the Create Administrator Account page, specify the following:
Administrator A unique name for the new administrator account. You

User Name can type an administrator user name that is between one
and thirty-two characters.
New Password A password for the new administrator account. You can
type an administrator password that is between one and
thirty-two characters.
Re-enter New Password Retype the new administrator account password.
Language The default language for the administrator account.
User can broadcast Grant or refuse rights to broadcast commands to clients

commands and groups.
User can create key pairs Grant or refuse rights to create key pairs.
User can create Grant or refuse rights to create additional

Administrators administrators.
3 Click Create Account.

Managing accounts, clients, and groups 29
Editing administrator accounts

You can edit your own administrator account to change the password or the
default language.
To edit your administrator account

1 On the Maintenance page, click Edit Administrator User.
2 On the Edit Administrator User page, specify the following:
Current Password The existing password for the administrator.
New Password A password for the new administrator account. You can type
an administrator password that is between one and thirty-
two characters.
Re-enter New Retype the new administrator account password.

Password
Language The default language for the administrator account.
3 Click Modify Account.
Removing administrator accounts

If an administrator no longer manages the network, you can remove his or her
account. Any administrator with full privileges can remove the account.
To remove an administrator account

1 On the Maintenance page, click Remove Administrator User.
2 On the Remove Administrator User page, select the account to remove.
3 Click Remove Administrator User.
Managing clients
Managing clients
The administration console manages consistent and up-to-date antivirus
coverage across the enterprise, and reduces the need for users to independently
configure and manage their antivirus software. You can perform the following
tasks using the administration console:
■ Configure a client package.
■ Set client preferences.
■ Ping clients.
■ Edit the client list.
■ Remove clients.
Configuring a client package

When you configure a client package, the package adopts the server’s settings
that you specified when you configured the server. The settings need to be
identical across the enterprise to ensure that all clients communicate on the
same channel. If your server settings change, you need to configure the client
package that you use to install new clients to reflect those changes.
When you configure a client package, a client preference set is also created that
you can distribute to previously installed clients in order to make the necessary
changes.
To configure a client package

1 On the Maintenance page, click Configure Client Package.
2 Under Configure Client Package, specify the following:
Client Package Key ID The public key that is embedded into the client package
(Symantec Administration Client.pkg). By default, one key
appears on the pop-up menu. This is the key that the
administration console installation process generates.
You can create additional keys on the Create Public Key
page. If you do so, more keys will appear on the Client
Package Key ID pop-up menu.
Password The administrative password required to issue the

command.
3 Click Modify Client Package.

Managing clients
Manually setting client preferences

The majority of client package settings are specified using the administration
console. However, there are two settings that can be changed only by manually
editing the config file on the server. One setting specifies the length of time
between status updates from a client. The other setting specifies the length of
time that old commands are stored on the client.
Note: If your network includes more than 2000 computers, you should increase
the time between status updates to reduce network traffic.
To manually set client preferences

1 Use the Terminal or other utility to open the bash shell prompt.
2 Switch to the root account.
3 Type the path for the SMac directory located on the server:
/Library/Application Support/Symantec/SMac
4 Use a text editor or Integrated Development Environment program (IDE) to

open the config text file.
5 Modify one or both of the following keys:
StatusUpdateInterval Integer denotes the length of time in seconds between

regular status reports from the client to the server. The
default is 300 (5 minutes).
CommandLogArchTime Integer denotes the length of time in seconds that a

command that has been executed, successfully or not, will
be stored on the client. The default is 604800 (1 week).
6 Save the config file.
Pinging network clients

You can ping one or more clients or groups. Because the ping command forces
the client to report status as soon as possible, you can use it to verify the client’s
network status. After issuing a ping command, check the Command log to verify
whether the client is active or disconnected. You can also use the ping command
to receive immediate status from a client.
To ping one or more clients or groups

Managing clients
command to clients or groups checked above.
3 On the Command pop-up menu, click Ping.
5 On the Ping page, specify the following:
Command Label The name that you assign to your command. The name
appears in the Command log after you issue the command.
number, and then specify the period in days, weeks, or
months.
6 Click Command.
Editing your client list

The Send Commands page includes a list of all clients in your managed client
database. The list includes the name and location of each client. The name is the
Mac OS X computer name of the client, and the location is the IP address of the
gateway on that computer. These entries are established at the time that the
client registers itself with the server. If this information changes on the
computer after that time, the changes will not be reflected in the Send
Commands page list. However, you can edit the list on the Send Commands page
to make any changes to this information that you need.
Note: If you have a large number of computers for which you need to make
changes, it may be easier to make those changes directly in the database.
See “Tables in the database” on page 57.
To edit your client list

1 On the Send Commands page, select either the name or location for the
client whose information you want to change.
2 On the Modify Information page, type your changes.
3 Click Modify Information.
Managing groups
Removing clients from the managed client database

Many reasons exist for removing clients from the network. For example, if the
client fails to respond to the server and requires reinstallation, you would need
to remove the client from the network. If you remove a client from the network
for any reason, you should also remove it from the managed client database.
To remove clients from the managed client database

1 On the Maintenance page, click Remove Clients.
2 On the Remove Clients page, select one or more clients.
3 Click Remove Clients.
Managing groups
You can use the administration console to simultaneously manage a collection
of clients by assigning clients to a group. You can create as many groups as you
like, and you can name and order them according to various classifications.
A client can belong to more than one group. For example, your network might
consist of the following groups:
■ Subnet1
■ Subnet2
■ Administrators
■ Non-administrators
Each client can belong to two of those groups because they are categorized in
different ways. However, you must be careful with certain group operations
such as setting preferences, because the options for one group can override
those set earlier for a different group.
Another advantage of managing clients in groups is that you can consistently
assign preferences and commands to a collection of clients. For example, you
can specify that Subnet1 members download from the Symantec LiveUpdate
server while Subnet2 members download from a local server.
Managing groups
Creating groups
Consider how you want to organize and classify your groups before beginning to
create them to avoid having to continuously reorganize them.
Note: You can also create groups using the Add to Group command.
See “Adding clients to a group” on page 34.
To create a group
1 On the Maintenance page, click Manage Groups.
2 On the Create Group page, next to Group Name, type a name for the new
group.
If other groups were created, they appear in the Groups table on the Create
Group page.
3 Click Create Group.
Deleting groups
Many scenarios exist in which you might need to delete a group. For instance,
you may decide to do so after merging the members of one group into another
because the network is being restructured. A group can be deleted only after all
of its members have been removed from the group.
To delete a group
1 On the Maintenance page, click Manage Groups.
2 Under Groups, click Remove Group next to the group that you would like to
remove.
3 You are asked if you are sure that you want to remove the selected group.
Click Yes, Remove to remove the group.
Adding clients to a group

Typically, you add clients to a group to ease management. Adding members to a
group reduces the number of individual connections that you must directly
manage. For example, if you have a network with ten clients, and then split
these clients into two groups, you are left to manage only two entities.
To add one or more clients to a group

Managing groups
3 On the Command pop-up menu, click Add to Group.
5 On the Add to Group page, specify the following:
months.
Group The group name in which to assign the client or group.
6 If you are creating a new group, click Create a new group and type a unique
name for the group.
7 Click Command.
Removing clients from a group

Clients are removed from groups for various reasons. For example, you may
remove a client from a group to move it to another group, or if the client cannot
respond to your commands and requires troubleshooting.
To remove one or more clients from a group

3 On the Command pop-up menu, click Remove from Group.
Managing groups
5 On the Remove from Group page, specify the following:
months.
Group The group name in which to remove a client.
6 Click Command.
Chapter 4
Managing commands
■ Managing command templates
■ Managing public keys
■ Interrupting commands and processes
Managing command templates

You can save commands in templates to reuse them and avoid having to re-enter
their parameters.
Creating command templates

You can create a command template on the Send Commands page.
To create a command template

1 On the Send Commands page, under Send Command Options, click Save
command as template.
2 On the Command pop-up menu, select the command that you want to use.
4 On the command’s parameter page, specify the appropriate parameters. The
parameters differ based on the command that you create.
5 Click Save Command.
38 Managing commands
Managing command templates
Using command templates

You can issue commands using saved command templates on the Send
Commands page.
To issue a command using a template

3 On the Command pop-up menu, click the saved command that you want to
use.
5 On the command’s parameter page, modify any command parameters as
needed.
6 Type your key password.
7 Click Command.
Deleting command templates

You can delete command templates on the Manage Command Templates page.
You may want to delete a command template so that you can replace it with an
updated version.
To delete command templates

1 On the Maintenance page, click Manage Command Templates.
2 On the Manage Command Templates page, select one or more templates to
delete.
3 Click Delete Selected Templates.
Managing commands 39
Managing public keys

The administration console uses a public/private key algorithm when you issue
commands from the console. In addition, at least one key is created
automatically during the server installation process. You must set up at least
one key pair before you install the Symantec Administration Console client
software on any computers on your network.
Creating a public key

The server installation process generates the initial public key that you use to
broadcast commands to the network. After the server and clients are running,
you can create additional public keys. Typically, you create another key when
you want to change client settings or issue new commands, such as Add Public
Key, Install Software, or Set Symantec Product Preferences. You must distribute
the new key to the clients before you use the key to send a command.
To create a public key

1 On the Maintenance page, click Create Public Key.
2 On the Create Public Key page, specify the following:
Password The administrative password required to create the key.
Re-enter Password Retype the password for the new key pair.
Replace Existing Key Retain or overwrite an existing administrative key. Make

sure to distribute the new key to any clients that rely on the
key being replaced, or they will not be able to communicate
with the server.
Public Key to Replace If you selected to overwrite an existing key, select the
administrative key to replace.
3 Click Create Public Key.

4 Send the new key to the clients.
See “Adding a public key to clients on the network” on page 40.
Adding a public key to clients on the network

The Add Public Key command is used to distribute a new public/private key pair
to clients. The new key is used by clients to validate future commands.
To add a public key to clients on the network

1 On the Send Commands page, under Send Command Options, click Send
command to all clients.
2 On the Command pop-up menu, click Add Public Key.
4 On the Add Public Key page, specify the following:
months.
Command Key ID This is an integer by which the public key is identified at both
This is the pre-existing key installed on the client and is used
to authenticate the command.
New Public Key ID The Key ID to be added.
5 Click Command.
Removing a public key from clients on the network

You may want to remove an existing public key if a key that you associated with
an administrator is no longer active because you have removed the
administrator. Removing a public key removes it from the clients only; it
remains on the server.
Note: If you are replacing a public key, use the Create Public Key command.
See “Creating a public key” on page 39.
Interrupting commands and processes
To remove a public key from clients on the network

1 On the Send Commands page, under Send Command Options, click Send
command to all clients.
2 On the Command pop-up menu, click Remove Public Key.
4 On the Remove Public Key page, specify the following:
months.
Public key ID The Key ID to be removed.
5 Click Command.

You can use the administration console to interrupt pre-existing commands and
processes. You may need to reboot a client because you have installed new
software on the computer, or reset a client because it is unable to receive
commands. Terminating a command may be necessary if you would like to issue
a new command that conflicts with the original. The commands that you can
issue to interrupt commands and processes are as follows:
■ Terminate command
■ Reset client
■ Reboot client
Terminating a command
When you terminate a command that you have issued to one or more clients or
groups, all processes associated with the command immediately halt. For
example, if you mistakenly issued an incorrect client package command, or
initiated a virus scan for all mounted disks instead of just the Applications
folder, this command could be useful.
To terminate a command
3 On the Command pop-up menu, click Terminate Command.
5 On the Terminate Command page, specify the following:
months.
Terminate Command Select the command to be terminated.
6 Click Command.
Resetting a client
Reset a client to clear out any queued commands on that client. For example, a
client may appear to be stuck if it is failing to receive any commands. Resetting
the client clears any commands that have not been executed, and the client then
retrieves the unexecuted commands from the server’s queue of commands and
attempts to execute them.
To reset a client
3 On the Command pop-up menu, click Reset Client.
5 On the Reset Client page, specify the following:
months.
6 Click Command.
Rebooting a client
To reboot a client means to issue a command to halt all client processes, shut
down, and then restart the computer. Even after resetting a client, problems can
persist and you may decide that rebooting the client is a possible solution.
Another reason to reboot is if you have issued a LiveUpdate command that
downloads an update that requires a restart.
When the client receives the reboot command, an alert appears informing users
that their computer will reboot, and asking them to save their work and click
Restart. You can provide an alternative message if you want.
Note: If the alert remains on the desktop for more than twelve hours, the client
computer will automatically reboot.
To reboot a client
3 On the Command pop-up menu, click Reboot Client.
5 On the Reboot Client page, specify the following:
months.
Optional message to Type an informational message that will appear on the client
user computer. This setting is optional.
6 Click Command.
Chapter 5
Managing software
installation
■ Installing software
■ Running the Download Script command
■ Running a custom script
Installing software
The administration console provides the following commands to install, update,
and customize software installations across the enterprise:
■ Install Software
■ Download Script
■ Run Custom Script
The Install Software command causes clients to download, from a URL or
alternative server, the package that contains the software. The client then
decrypts and installs the software.
Like the Install Software command, the Download Script command directs
clients to download, decrypt, and install specific software, update packages, and
scripts. In addition, you can modify the script to specify incremental updates
and full installations.
46 Managing software installation
Installing software
Creating a package
Before running the Install Software command, you must use the command line
command, SymInstallPackage, to create the package that will contain the
software and additional files.
Note: For information about creating a package, see the man page entry for
SymInstallPackage.
When you use the command line script to create a package, contents typically
include the following:
■ An encrypted key, associated with the package and used to verify that the
package originated from the server
■ One or more scripts that tell the client what to do with the package
■ A tar file that contains the software installer package
The location of the tar file that contains the installer package is used as the URL
in the Install Software command.
You do not have to limit the files that you include in the package to installation
files. However, if you do include another kind of file, you must also include a
script telling the client what to do with it. If the file is a .pkg file, that script is
provided automatically.
Running the Install Software command

You can issue the Install Software command at any time.
To run the Install Software command

3 On the Command pop-up menu, click Install Software.
Managing software installation 47
Running the Download Script command
5 On the Install Software page, specify the following:
months.
Install Package URL An FTP or HTTP address from which the client downloads the
desired script.
Running the Download Script command

Initiating the download script process is similar to installing software in that
you must use the SymInstallPackage command. However, when you create a
package, you must already have created a script to specify when running the
SymInstallPackage command. Doing so results in a tar (.tgz) file that contains
the script and the associated file.
Note: For information about creating a package, see the man page entry for
SymInstallPackage.
The Download Script command is useful if you need to run a particular script on
multiple occasions. You can refer to the script’s location on the server, and only
the command’s parameters need be entered before you download the script.
You can issue the Download Script command at any time.
To run the Download Script command

2 Under Send Commands Option, select Send command to all clients or Send
3 On the Command pop-up menu, click Download Script.
Running a custom script
5 On the Download Script page, specify the following:
months.
Script Package URL An FTP or HTTP address from which the client downloads the
installer package for the desired script.

The Run Custom Script command is useful if you need to run a script
immediately and you’re aware of the correct script syntax, because you type the
script when you issue the command.
You can type any UNIX shell script supported by Mac OS X. The script runs as
root on the client.
To run a custom script

3 On the Command pop-up menu, click Run Custom Script.
Managing software installation 49
5 On the Install Software page, specify the following:
months.
Script Type a script.
Script arguments Type additional script arguments.
6 Click Command.
Chapter 6
Reviewing network status
■ Using the Home page
■ Viewing virus protection status
■ Viewing virus activity status
■ Viewing command results
■ Viewing installed client software
■ Customizing log or report displays
■ Purging log data
Using the Home page

The Home page provides a summary of virus, command, event, and client
information about your managed network. It includes links to logs and reports
that provide additional details about the information. You can set how
frequently this information is refreshed and you can access a version of this
information that is suitable for printing.
To set the refresh frequency

◆ At the top of the Home page, under the tabs, click the amount of time to pass
before the Home page is refreshed. Your options are:
■ 30 seconds
■ 60 seconds
■ 120 seconds
■ Don’t Refresh
52 Reviewing network status
Viewing events
To see a printable version of the Home page

◆ On the right side of the Home page, click Printable Version.
Viewing events
Events are actions initiated on the client, such as when Auto-Protect detects a
virus. Viruses detected during a scan initiated by the server appear as events;
however, viruses detected during a manual scan initiated on the client do not.
Events can be viewed in the following logs:
■ Events log
■ Client Events log
Viewing the Events log

The Events log lists all events reported by all clients. The log displays the name,
client location, date and time the event occurred on the client, and date and time
the event was reported to the server.
To view the Events log

◆ Do one of the following:
■ On the Home page, under Events Log Summary, click View Events Log.
■ On the Reports & Logs page, under Events, click Events Log.
Viewing the Client Events log

The Client Events log displays events listed by client. The log displays the client
name, client location (either by description or TCP/IP address), and the date and
time that the event was reported to the server.
To view the Client Events log

◆ On the Reports & Logs page, under Events, click Client Events Log.
Viewing command results

The Command log displays comprehensive information about commands and
corresponding client responses. The log displays the date and time of the last
network command, its label and command name, the administrator who
submitted the command, the command’s expiration date, and whether the
command completed without error. For additional information about a specific
command, each entry provides a link to the Command Details log.
Reviewing network status 53
Viewing virus protection status
To view the Command log

◆ Do one of the following:
■ On the Home page, under Latest Command Log Summary, click View
Command Log.
■ Anywhere in the administration console, click the Command Log tab.
Viewing virus protection status

A strong virus protection strategy includes enabling Auto-Protect on client
computers and keeping virus definitions current. The virus protection status
logs, available only through the Home page, show those clients that are running
Auto-Protect, those that are not, and those that are running outdated virus
definitions. Table 6-1 describes the virus protection status logs.
Table 6-1 Virus protection status logs
Summary type Description
Auto-Protect Enabled Displays the number of clients running Auto-Protect and a link to
Clients the list of clients.
Auto-Protect Displays the number of clients with Auto-Protect turned off and a
Disabled Clients link to the list of clients.
Outdated Virus Displays the number of clients running Norton AntiVirus with
Definitions Summary virus definitions older than eight days and a link to the list of
clients.
To view a virus protection status log

◆ On the Home page, click the link for the log that you want to see.
Viewing virus activity status

The virus activity status reports provide you with information about the number
and frequency of viruses detected on your network.
Table 6-2 lists the virus activity status reports available.
Table 6-2 Virus activity status reports
Name Description
Prevalent Viruses Displays the most active viruses by name, showing the detection
total for each and when the detection occurred.
Viewing installed client software
Table 6-2 Virus activity status reports
Name Description
Virus Detections Displays the name of the last 15 viruses detected and when each
was last detected.
To view a virus activity report

◆ On the Reports & Logs page, click the link for the report you want.
Viewing installed client software

You can check which software your clients have installed in the following places:
■ The Client Software Versions report
■ The Send Commands page
Viewing the Client Software Versions report

The Client Software Versions report lists all network clients, their location, their
installed software, and last virus definitions date. You can display 15, 25, 50, or
100 client items per page or view all items on one page.
To view the Client Software Versions report

◆ On the Reports & Logs page, under Reports, click Client Software Versions.
Viewing installed client software on the Send Commands page

On the Send Commands page, you can view which antivirus software each client
is running, the client’s last virus definitions update date, and the Symantec
Administration Console for Macintosh version.
To view installed client software

◆ On the Send Commands page, under Clients, click Show Client-installed
Software.
You can hide the information by clicking the link again.
Reviewing network status 55
Customizing log or report displays
Viewing software status

Software status logs display special status information about Symantec
software that is installed on the clients. They will not appear on the Reports &
Logs page until a client has reported information applicable to the logs.
You can use the log information to confirm that your clients are running Auto-
Protect or have the latest virus definitions. If you see problems, you can issue
commands to update the definitions and re-enable Auto-Protect on the client.
Table 6-3 summarizes the function of each log type.
Table 6-3 Software status logs
Log type Description
LiveUpdate Host Displays the client, its location, and the server address that the
client’s LiveUpdate is configured to use.
Auto-Protect Status Displays the client, its location, and whether Auto-Protect is on
or off on the client.
Virus Definitions Displays the client, its location, and the date of its virus
Date definitions file.
To view software status logs

◆ On the Reports & Logs page, under Software Status, click the name of the
log that you want to see.
Customizing log or report displays

Some logs or reports include the ability to sort or filter the display. These tools
help you manage large amounts of data and quickly locate the data that you
need.
To sort a log
◆ At the top of a log or report, click an underlined column header.
To filter a log
1 At the top of a log or report, on the Filter by pop-up menu, select a column
heading.
2 In the adjacent box, type a value.
3 Click Filter.
Purging log data
To remove a filter
1 Remove the value from the box.
2 Click Filter.
Purging log data

The Event and Command logs can grow rapidly, as they are recording all events
reported by the clients and all command activity. You can purge log data using
the administration console.
To purge the Command log

1 On the Maintenance page, click Purge Command Log.
2 On the Purge Command Log page, select the month, day, and year before
which you want to purge records.
3 Click Purge Command Log.
To purge the Event log

1 On the Maintenance page, click Purge Event Log.
2 On the Purge Event Log page, select the month, day, and year before which
you want to purge records.
3 Click Purge Event Log.
Appendix A
About the Symantec
Administration Console for
Macintosh database
■ What the database stores
■ Tables in the database
What the database stores

The Symantec Administration Console for Macintosh uses the MySQL database
to store event, command, and virus status data.
Tables in the database

The information in the database is organized into the following tables:
■ Adminuser table
■ Cmdlib table
■ Cmdset table
■ Cmdtemplate table
■ Command table
■ Eventlog table
■ Ngroup table
■ Node table
58 About the Symantec Administration Console for Macintosh database
■ Nodesoftware table
■ Nodetogroup table
■ Software table
■ Softwarestatus table
■ Softwarestatuskey table
■ Softwarevers table
■ Statuslog table
Adminuser table
The adminuser table stores all known administration users. Table A-1 provides a
list of the keys, data types, data type storage sizes, and a description of each
column for the adminuser table.
Table A-1 Adminuser table
Key Column name Type Size Description
Pri UserName varchar 20 The administrator’s name.
Password varchar 16 The administrator’s password.
LastChange timestamp 14 The last action the administrator has

performed.
PasswdChange timestamp 14 When the administrator changed his or

her password.
LastLDLogin timestamp 14 When the administrator logged in.
Language char 2 The administrator’s default language.
Pri Priv keys enum 1 The administrator can create public/

private key pairs.
PrivCmds enum 1 The administrator can issue commands.
PrivUsers enum 1 The administrator can create other

administrators.
About the Symantec Administration Console for Macintosh database 59
Cmdlib table
The cmdset table is related to the cmdlib table, linked by SetName, and
represents a one-to-one relationship. Both tables define the command library
for the administration console commands.
Table A-2 provides a list of the keys, data types, data type storage sizes, and a
description of each column for the cmdlib table.
Table A-2 Cmdlib table
Pri CmdName varchar 4 A four-character code that identifies an

issued command. This is the code that
the client uses for the command.
Index SetName varchar 4 This identifier matches the SetName

identifier in the cmdset table.
Pri Language char 2 This field is used to localize the

commands. The combination of
SetName and Language must be unique.
DefaultFlags int 10 This field currently uses one flag called

the immediate flag which instructs the
client to respond immediately to a
command rather than queue.
SortOrder int 10 This determines how commands are

ordered on the administration console’s
Send Commands page.
RealName tinytext The localizable human-readable name

for a command. This is the name that
appears in the console.
Params blob The binary blob that defines all the

parameters for the commands (for
example, types, default values, and
encoded information).
Cmdset table
The cmdset table is related to the cmdlib table, linked by SetName, and
represents a one-to-one relationship. Like the cmdlib table, the cmdset defines
the command library for the administration console commands.
description of each column for the cmdset table.
Table A-3 Cmdset table
Pri SetName varchar 4 This identifier matches the SetName

identifier in the cmdset table.
Pri Language char 2 This field is used to localize the

commands. The combination of
SetName and Language must be unique.
SortOrder int 10 This defines the order of a group of

commands relative to another group of
commands. For example, commands in
group 1 are executed first and are
followed by commands in group 2.
RealName tinytext Human-readable names for the

command set. These include:
■ Symantec Software Commands
■ Administrative Commands
■ General Commands
Cmdtemplate table
The cmdtemplate table stores information about command templates. Table A-4
provides a list of the keys, data types, data type storage sizes, and a description
of each column for the cmdtemplate table.
Table A-4 Cmdtemplate table
Pri CmdIndex int 10 An arbitrary and auto-incremented

integer.
CmdName varchar 4 Defines the identifier linked to the

CmdName in the commandlib table.
SubmitDate timestamp 14 Date on which the command was

created.
Table A-4 Cmdtemplate table
Flags int 10 This field currently uses one flag called

the immediate flag that instructs the
client to respond immediately to a
command rather than queue.
Submitter tinytext The creator of the command template.
Comment tinytext Arbitrary entry that identifies the

command.
ParamVals blob Stores and encodes the script or

parameters of the command.
Command table
The command table stores commands that have been broadcast from the
administration console to the clients. Table A-5 provides a list of the keys, data
types, data type storage sizes, and a description of each column for the
command table.
Table A-5 Command table
Pri SerialNumber int 10 An arbitrary and auto-incremented

integer.
Index SubmitDate timestamp 14 Date on which the command was

created.
CmdName varchar 4 The command’s identifier that appears

in the administration console.
Index Master int 10 The designated command. For example,

if you enter identical and multiple
commands to different clients and
groups, one of the commands is
considered the master. The commands
that follow adopt the master serial
number.
Expiration timestamp 14 The command’s expiration. If null, the

command will not expire.
Table A-5 Command table
ObsoletedBy int 10 Stores information about commands

that render older commands obsolete.
The new command adopts the previous
command’s serial number.
Submitter tinytext The administrator who issued the

command.
Comment tinytext Option text to describe the command.
RealPacket blob This is the encoded command packet

that is transmitted to the client.
NoopPacket tinyblob This is not an actual command, but uses

the serial number and target of a real
command. This is sent to a client when
the command is not relevant to the
client.
Eventlog table
The eventlog table saves reports regarding client-generated events such as virus
detection. This table stores the event data immediately following the event.
description of each column for the eventlog table.
Table A-6 Eventlog table
Index NodeID int 10 The client that reported the event.
Index SoftwareID varchar 4 Four-character identifier that matches

the SoftwareID field in the software
table. The field stores the name of the
software that reported the event.
InternalVersion int 10 This identifier matches the

InternalVersion field in the
softwarevers table. This stores the
version of the software.
Index Entered timestamp 14 When the event was stored in the log,
server local time.
Table A-6 Eventlog table
Occurred timestamp 14 When the event occurred on the client,

client local time.
Sent timestamp 14 When the event information was sent to

the server, client local time.
Event tinytext A string that describes the event.
EventCode tinytext
EventSubValue tinytext
Ngroup table
The ngroup table tracks defined groups. Table A-7 provides a list of the keys,
data types, data type storage sizes, and a description of each column for the
ngroup table.
Table A-7 Ngroup table
Pri GroupID int 10 Arbitrary auto-incremented integer.
LastModified timestamp 14 Stores the time in which the group

name changed.
Index GroupName tinytext The text name of the group.
Node table
The node table defines the individual clients (not groups) that are known to the
network. This table has a many-to-many relationship with ngroup.
description of each column for the node table.
Table A-8 Node table
Pri NodeID int 10 Arbitrary integer to uniquely identify

the client.
StaticIP int 11 This field is not used.

Table A-8 Node table
CommandSerial int 10 Stores the highest serial number from

the command table that has been
verified as received by the client. The
server can then determine which
commands were missed by the client.
For example, if a client has a serial
number of 550, the server determines
that the client received commands prior
to 550. Subsequently, the server can
begin to search for missed commands
using serial numbers that exceed 550.
LastModified timestamp 14 The time in which a record in this table

was modified.
Location tinytext The location of the client computer.
UserName tinytext The client name of the network

computer.
Nodesoftware table
The nodesoftware table links the softwarevers and software tables to the node
table so that all the software on a particular client is stored. Table A-9 provides a
list of the keys, data types, data type storage sizes, and a description of each
column for the nodesoftware table.
Table A-9 Nodesoftware table
Pri NodeID int 10 Primary key and integer that links to

the node table.
Pri SoftwareID char 4 Primary key that links to the software

table.
InternalVersion int 10 Links to the softwarevers table.

Nodetogroup table
The nodetogroup table establishes a many-to-many relationship between the
node and ngroup tables. Each record in the nodetogroup table defines the
relationship between one node and one group.
description of each column for the nodetogroup table.
Table A-10 Nodetogroup table
Pri NodeID int 10 The client identifier.
Pri GroupID int 10 The group identifier.
Software table
The software table stores all administrator-managed software on the network.
The table is defined by a one-to-many relationship to the softwarevers table.
description of each column for the software table.
Table A-11 Software table
Pri SoftwareID varchar 4 A four-character identifier.
Index SwName tinytext Human-readable software name.
SwVendor tinytext Human-readable name for the software

produce. This can include non-
Symantec products.
SwPackage tinytext Stores the bundlename; for instance,

the Norton AntiVirus application.
Softwarestatus table
The softwarestatus table stores information about software installed on client
computers. This table is designed to be expandable in the future.
description of each column for the softwarestatus table.
Table A-12 Softwarestatus table
Pri NodeID int 10 An internal and unique number

provided by the system to the client.
Pri Keyword varchar 32 Lists the software status keywords:

■ VirusDefsDate
■ AutoProtectOn
■ LiveUpdateServer
Pri StIndex int 11 The index stores multiple entries from

the Keyword field.
Updated timestamp 14 The date on which the client’s software

information was updated.
State tinytext This stores the state of client-installed

applications; specifically, whether
Auto-Protect is enabled, if its
LiveUpdate Server and settings are
configured, and if virus definitions are
up-to-date.
Softwarestatuskey table
The softwarestatuskey table stores information used by the logs in the
administration console. Table A-13 provides a list of the keys, data types, data
type storage sizes, and a description of each column for the softwarestatuskey
table.
Table A-13 Softwarestatuskey table
Pri Keyword varchar 32 This refers to a string for a software

status key that appears on the Reports &
Logs page, including:
■ LiveUpdateHost
■ VirusDefsDate
■ AuotProtect
Label tinytext This field is not used.
Softwarevers table
The softwarevers table stores information about all administrator-managed
software on the network. This table is makes up a one-to-many relationship with
software. Table A-14 provides a list of the keys, data types, data type storage
sizes, and a description of each column for the softwarevers table.
Table A-14 Softwarevers table
Pri SoftwareID varchar 4 Links to the software table to establish a

one-to-many relationship. This is the
unique number to identify software.
Pri InternalVersion int 10 An arbitrary integer to track a

particular version of software.
RealVersion tinytext A text field that stores the vendor’s

name for the software version.
Download tinytext Stores the download location for the

particular software.
Statuslog table
The statuslog table stores information about client’s responses to commands,
and status and log information.
description of each column for the statuslog table.
Table A-15 Statuslog table
Pri NodeID int 10 The client that reported a particular

status.
Pri SerialNumber int 10 The command to which the client

responded. The command is defined by
the serial number.
Index Master int 10 The master serial number, copied from

the command table.
Result int 11 The result code that follows a

command. The result code describes
how the client responded to a command.
See Table A-16, “Status response
codes,” on page 69.
Index Entered timestamp 14 The time in which the server received

the client status according to the server
time.
Occurred timestamp 14 When the command was executed

according to the client time.
Sent timestamp 14 When the client reported the status of

the command according to the client
time.
AddedInfo tinytext Text that describes client activity. This

field is currently unused.
Status response codes

The Result field in the statuslog table stores information about client responses
to commands, called results codes. Table A-15 displays a list of the results codes.
Table A-16 Status response codes
Key Column name
0 The command was completed successfully.
-1 The command is pending.
-2 The result code is currently not used.
-3 The key embedded in the command was invalid.
-4 The command has executed, but is not complete.
-5 The command has produced a general failure.
-6 The client has received an unknown command.
-7 The execution of the command has failed on the client, perhaps because a client
file is deleted or corrupted.
-8 The command issued is not intended for the client.
-9 The command issued is a duplicate.
-10 The command cannot execute because the software version is not compatible
with the command.
-11 The command is terminated.

Index
A Commands
adding clients to groups 34
Administrator accounts
broadcasting public keys 40
creating 28
creating command templates 37
editing 29
creating groups 34
overview 27
creating public keys 39
removing 29
deleting command templates 38
AntiVirus
deleting groups 34
Auto-Protect 53
Install Software 45
configuring Auto-Protect preferences 21
installing client software 45, 46
outdated virus definitions 53
installing client software updates 45
restoring LiveUpdate preferences 19
pinging 31
running LiveUpdate 47
removing clients 33
scanning the client for viruses 24
removing clients from groups 35
updating intermittent clients 24
removing public keys 40
updating program files 17
restoring LiveUpdate preferences 19
updating protection files 17
running custom scripts 48
updating virus definitions 17
running LiveUpdate Everything 47
viewing software status logs
scanning the client for viruses 24
viewing Auto-Protect settings 55
updating program files 17
viewing virus definitions date 55
updating protection files 17
Auto-Protect status 53
updating virus definitions 17
using command templates 38
C
Client Events log 52 D
Client-installed software 54
Database column name
Clients
added info 68
adding to groups 34
cmd index 60
installing client software updates 45
cmd name 60, 61
installing software 45, 46
cmdname 59
managing 30
command serial 64
pinging 31
comment 61, 62
public keys 40
defaultflags 59
removing 33
download 67
updating intermittent connections 24
entered 62, 68
Command log 52
event 63
Command templates
EventCode 63
creating 37
EventSubValue 63
deleting 38
expiration 61
overview 37
flags 61
using 38
group id 63, 65
72 Index
Database column name (continued) Database tables (continued)

group name 63 node 63
internal version 62, 64, 67 nodesoftware 64
keyword 66, 67 nodetogroup 65
label 67 software 65
language 58, 59, 60 softwarestatus 66
last change 58 softwarestatuskey table 67
last modified 63, 64 softwarevers 67
lastldlogin 58 status response codes 69
location 64 statuslog 68
master 61, 68
node id 62, 63, 64, 65, 66, 68
noop packet 62
E
obsoleted by 62 Events log 52
occurred 63, 68
parans 59 G
pararn vals 61 Groups
passwdchange 58 adding clients to 34
password 58 creating 34
pribcrnds 58 deleting 34
primbsusers 58 managing 33
privkeys 58 overview 33
real name 59, 60 removing clients from 35
real packet 62
real version 67
result 68 H
sent 63, 68 Home page 51
serial number 61, 68
set name 60
setname 59
I
software id 62, 64, 65, 67 Install Software 45
sort order 59, 60
st index 66 K
state 66 Keys
static ip 63 broadcasting public keys 40
submit date 60, 61 creating public keys 39
submitter 61, 62 removing public keys 40
sw name 65 Knowledge Base 18
sw package 65
sw vendor 65
updated 66 L
user name 58, 64 LiveUpdate
Database tables running 47
adminuser 58, 60, 63, 65, 67 running on local server 18
cmdlib 59 updating intermittent clients 24
cmdset 60 Logs
cmdtemplate 60 Client Events 52
command 61 Command 52
ngroup 63 customizing views 55
Index 73
Logs (continued)
Events 52
purging 56
software status 55
M
Mac OS X Server 10.3, components of 14
Mount Scan settings 21
P
Ping command 31
Preferences
configuring Auto-Protect 21
restoring LiveUpdate options 19
Prevalent Viruses 53
Purging log data 56
R
Reports, customizing views 55
Run Custom Script command 48
S
SafeZone settings 21
Security
broadcasting public keys 40
digital signatures 15
public/private key pair encryption 39
removing public keys 40
Software status logs 55
Status overview 51
Symantec Administration Console for Macintosh,
components 14
Symantec Macintosh Administration Console client
software 15
V
Virus definitions, updating intermittent clients 24
Virus Detections 53

Symantec Administration Console Admin Guide

Uploaded by

Document Informationclick to expand document information

Copyright:

Available Formats

Symantec Administration Console Admin Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Symantec Administration Console Admin Guide

Uploaded by

Copyright:

Available Formats

Symantec™ Administration

Console for Macintosh®

Documentation version 1.0.1

THIS DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED

Symantec Technical Support maintains support centers globally. Technical

Contacting Technical Support

Licensing and registration

Maintenance agreement resources

Consulting services Symantec Consulting Services provide on-site technical

Educational Services These services provide a full array of technical training,

8. Additional Uses and Restrictions:

Chapter 2 Guarding your network

Chapter 3 Managing accounts, clients, and groups

Managing groups ................................................................................................. 33

Chapter 4 Managing commands

Chapter 5 Managing software installation

Chapter 6 Reviewing network status

Appendix A About the Symantec Administration Console for

About the Symantec Administration Console for

To enable the Symantec Administration Console for Macintosh to manage

About the client/server model

Table 1-1 Server components installed by the Symantec Administration

Command server Issues commands to clients and handles information from

Symantec Administration MySQL database components for the Symantec

Table 1-2 Server components installed as part of Mac OS X Server 10.3

About the client

The administrator installs the client software on network computers as

About antivirus protection

Setting up a local LiveUpdate server on your

To access instructions for setting up an internal LiveUpdate server

Creating custom preference sets

Creating LiveUpdate preference sets

To create LiveUpdate preference sets

2 On the LiveUpdate Options page, specify the following:

Key ID The integer by which the public key is identified by both

Key Password The password that corresponds to your Key ID.

Protocol The LiveUpdate server type (FTP or HTTP) that hosts

3 Click Save Preference Set.

Restoring the default LiveUpdate preference set

To restore the default LiveUpdate preference set

Creating Symantec AntiVirus for Macintosh preference sets

Note: These preference settings apply to clients running versions of either

To create Symantec AntiVirus for Macintosh preference sets

Key ID The integer by which the public key is identified

Key Password The password that corresponds to your Key ID.

Preference Set The name that identifies your saved preference

Scan compressed files Turn on or turn off compressed file scanning.

Scheduled Scan Alerts Configure the Symantec AntiVirus scan to

Select to have infected files Configure Symantec AntiVirus to automatically

Select to quarantine files that Configure Symantec AntiVirus to quarantine

Select to receive a reminder if virus Configure Symantec AntiVirus to display a virus

3 Click Save Preference Set.

Creating Auto-Protect preference sets

To create Auto-Protect preference sets

Key ID The integer by which the public key is identified at both

Key Password The password that corresponds to your Key ID.

Auto-Protect Enabled Enable Auto-Protect on client.

Scan compressed files Configure Auto-Protect to scan compressed files.

Automatic Repair Automatically repair infected files.