Computing Resources
Norton Antivirus Definition Updates
All antivirus software depends on virus definition updates being
updated regularly. In recent weeks, we have been seeing a record rate of
introduction of new Internet viruses, and so downloading recent virus
definition updates becomes even more critical.
In other words, Antivirus software without regular virus definition
updates is ineffective.
In the case of Norton Antivirus, there are two ways in which we deploy
the software. "Antivirus Corporate Edition" is deployed for Windows XP and
2000 users on the CIT domain. When we deploy this software, updates
happen automatically via an antivirus server on the network. (you should
still check from time to time that the software is getting current
updates).
Standalone Norton Antivirus involves configuring the software to get
virus definition updates from Symantec instead of from our servers. We
typically deploy standalone Norton Antivirus for Windows 95/98/ME machines
and for Mac OS X.
How to check Norton Antivirus if updates are current
First launch Symantec Antivirus Client from the
start menu. For corporate edition users, it is under Start/Symantec Client
Security/Symantec AntiVirus Client.
As soon as the client is running, you should see a date and version for the
virus definition file as shown in this screen dump.
For example "Version 8/19/2003 rev. 3". Next to this will be a "LiveUpdate"
button which you can use to download more recent definitions. Note that
this button may be grayed out, in which case, your updates are coming
automatically from our Antivirus server (called ACDNTPDC in this example).
Check to see that these updates look recent to you. Antivirus definitions
sometimes come out more often than once a day, but sometimes as little as
once a week or so.
If there is an ongoing problem with a worm or virus, your compute Systems
Staff may announce an earliest date for your virus definitions (that
detects the ongoing virus).
How to initiate Antivirus virus definition updates
Updating virus definitions with Norton Antivirus essentially is just clicking the "LiveUpdate" button after launching the client. The following screen shots demonstrate the process from the point of view of Norton Antivirus running on a Mac OS X machine:
- [screen shot] Start the Norton Antivirus application. In this example, we see that the virus definitions are dated 31 July and are out of date.
- [screen shot] From the application launch "LiveUpdate". In the case of MacOS, LiveUpdate can be found under the "Utilities" pull-down menu. In the case of PC clients, it is usually a button on the application itself.
- [screen shot] In the Mac client, we click on the button "Update Everything Now".
- [screen shot] When the updates are complete, you should see a more recent date for the virus definitions in the startup screen of the Norton Antivirus client.
![[screen shot]](./Images/av1.jpg){kind=link}
![[screen shot]](./Images/av2.jpg){kind=link}
![[screen shot]](./Images/av3.jpg){kind=link}
![[screen shot]](./Images/av4.jpg){kind=link}
Making LiveUpdate work by schedule
We recommend scheduling LiveUpdates to happen automatically. Then, if your
PC or Mac is turned on during the time of the scheduled virus definition
updates, those updates will be downloaded without your having to worry about
them. This automation can ensure that Norton Antivirus is working from the
most recent virus definitions -- that is, more able to do its job
effectively.
For Norton Antivirus Corporate Edition users (for Windows XP and 2000), those
updates are scheduled automatically.
For others, these screenshots (from a Mac OS implementation of Antivirus)
show how to configure your definitions to occur nightly at 3am.
- [screen shot] Open the Norton Scheduler (found under the Utilities menu of Norton Antivirus.
- [screen shot] In our example, a schedule for monthly updates is already in place. We want to add a daily schedule to that, so we click on "New...". Then we click on the "Product Update" button.
- [screen shot] Fill out the resulting dialog box with appropriate information. In this screen shot, we have set up a schedule, called it "Antivirus daily definition update" and specified 3am as the time to run the update.
- [screen shot] Click on "Save" to save the new update and it should then appear in the Norton Scheduler list.
![[screen shot]](./Images/sched1.jpg){kind=link}
![[screen shot]](./Images/sched2.jpg){kind=link}
![[screen shot]](./Images/sched3.jpg){kind=link}
![[screen shot]](./Images/sched4.jpg){kind=link}
Full scans and "Auto-Protect"
There are two types of scans that Norton Antivirus (and most other
Antivirus) products conduct. One is a file-by-file scan of files on your
hard disk. This type of scan can often drill into zipped archive files
and do scans of files contained within them. This type of scan can be
scheduled by the Norton Scheduler. It takes a large amount of time,
especially if you have a large hard disk and/or a large number of files
and folders on that hard disk.
"Auto Protect" is where Norton Antivirus monitors activity in progress,
and performs scans were needed. For example, when a floppy disk is
inserted in a drive, Norton Antivirus will scan that disk at the time of
insertion. Other events such as moving files onto a system from a
network share, or receiving email in many popular email readers can also
trigger scans.
Auto Protect is extremely important to leave turned on. There are
occasions where software installers will ask you to turn off this feature
for the duration of the install, but you should turn it back on when
finished. Norton Antivirus will not be able to prevent a worm from
entering a system if the auto protect feature is not turned on.
Full scans are actually not as important if auto protect is doing its
job properly. I would recommend maybe doing a full file scan either once
a month, or if there has been a problem with a worm within our
institution.