Professional Documents
Culture Documents
Symantec™ Protection Engine For Cloud Services 8.1 Getting Started Guide
Symantec™ Protection Engine For Cloud Services 8.1 Getting Started Guide
Legal Notice
Copyright © 2019 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo, the Checkmark Logo and are trademarks or registered trademarks of
Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks
of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying, distribution,
and decompilation/reverse engineering. No part of this document may be reproduced in any form by any
means without prior written authorization of Symantec Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE
DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY
INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL
DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS
DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO
CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software as defined
in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer
Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or
Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use,
modification, reproduction release, performance, display or disclosure of the Licensed Software and
Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
https://www.symantec.com
Getting Started
This document includes the following topics:
■ System requirements
■ The Internet Content Adaptation Protocol (ICAP), version 1.0, as presented in RFC 3507
(April 2003)
See “About supported protocols for Symantec Protection Engine” on page 7.
You can use the Symantec Protection Engine software development kit (SDK) or build your
own connector to integrate Symantec Protection Engine with your application. The SDK supports
version 1.0 of ICAP, as presented in RFC3507 (April 2003). Symantec also has developed
connector code for some third party applications to seamlessly integrate with Symantec
Protection Engine.
The Symantec Protection Engine Software Developers Guide provides information about how
to create customized integrations with ICAP.
See “Components of Symantec Protection Engine” on page 7.
■ The industry trend has been to Web-enable many application environments to include the
use of technologies like ActiveX applet to enhance the user experience. Many new threats
are associated with these Web technologies. Malicious mobile code viruses, such as Nimda
and Code Red, have entered networks as executables (for example, ActiveX, JavaScript,
or Visual Basic Scripts) that appear to be part of safe Web content.
■ Once a threat has been cached, malicious code can potentially be passed to other users
on the network, which can compromise additional computers and data on the network.
■ Malicious code can result in lost, stolen, or corrupted files, which can result in costly
downtime to the enterprise.
Decomposition of container Symantec Protection Engine extracts container files so that they can be
files scanned for risks. Symantec Protection Engine continues to extract
container files until it reaches the base file. Symantec Protection Engine
imposes limits on file extraction. These limits protect against
denial-of-service attacks that are associated with the overly large files or
the complex container files that take a long time to decompose. These
limits also improve scanning performance.
Symantec Protection Engine scans a file and its contents until it reaches
the maximum depth that you specify. Symantec Protection Engine stops
scanning any file that meets the maximum file size limit, cumulative file
size limit, or maximum file count. It then generates a log entry. Symantec
Protection Engine resumes scanning any remaining files. This process
continues until Symantec Protection Engine scans all of the files to the
maximum depth (that do not meet any of the processing limits).
Automatic product and virus Symantec LiveUpdate technology ensures that your network is not at risk
definitions updates of infection from newly discovered viruses. The updates are handled
automatically without having the restart services or redeploy software.
This ensures no interruption in scanning services during the updates.
Feature Description
Support for non-archive files Symantec Protection Engine 8.1 supports the scanning of the
larger than 2 GB non-archive files that are larger than 2 GB. The support is limited to
2 GB in previous releases.
Getting Started 7
About supported protocols for Symantec Protection Engine
Feature Description
Latest Symantec technologies Symantec Protection Engine 8.1 is integrated with latest internal
Symantec scanning technologies.
Enhanced LiveUpdate Internal critical fixes are now delivered through LiveUpdate.
Improved in-memory file system Symantec Protection Engine uses the system memory to stream and
scan the files. Now, the memory size is no more limited to 4 GB.
Protocol Description
Internet Content ICAP is a lightweight protocol for executing a remote procedure call on HTTP
Adaptation Protocol messages. ICAP is part of an architecture that lets corporations, carriers, and
(ICAP) ISPs dynamically scan, change, and augment Web content as it flows through
ICAP servers. The protocol lets ICAP clients pass HTTP messages to ICAP
servers for adaptation. Adaptation might include some sort of transformation or
other processing, such as scanning or content filtering. The server executes its
transformation service on the messages and responds to the client, usually with
modified messages. The adapted messages might be either HTTP requests or
HTTP responses.
Symantec Protection Engine The software that you install to protect Symantec_Protection_Engine\
your network from threats (such as
viruses), security risks (such as
adware and spyware), and unwanted
content.
Silent installation The files that you can use to perform Symantec_Protection_Engine\
a silent installation. Also includes Silent_Install\
response files for Red Hat.
Symantec Protection Engine The tools and documentation that you Symantec_Protection_
software developer's kit can use to create the customized Engine_SDK\
integrations that use ICAP.
Table 1-4 lists the components that are included in the Symantec_Protection_Engine_Tools.zip
file.
LiveUpdate Log Config files The LiveUpdate Log Config folder Tools\LiveUpdate_Log_Config\
contains the various configuration files
to enable LiveUpdate logging on all
platforms.
Adobe Acrobat Reader is required to view the reports that are generated in .pdf format. You
can download Adobe Acrobat Reader from http://www.adobe.com/.
System requirements
Before you install Symantec Protection Engine, verify that your server meets the minimum
system requirements.
■ System requirements to install Symantec Protection Engine on Linux
For Symantec Protection Engine platform support matrix, see the following pages:
■ Symantec Protection Engine for Cloud Services
https://support.symantec.com/en_US/article.DOC11034.html
■ Symantec Protection Engine for Network Attached Storage
https://support.symantec.com/en_US/article.DOC11035.html
Ensure that your operating system has the latest service patches available.
Processor Intel or AMD Server Grade Single Processor Quad Core systems or higher
Note: If any of the above package binary is already present on the computer and if the
installer is still unable to find it, you can add the path to the binary in
LD_LIBRARY_PATH environment variable.
Getting Started 12
Where to get more information
Hardware ■ Network interface card (NIC) running TCP/IP with a static IP address
■ Internet connection to update definitions
■ 100 Mbps Ethernet link (1 Gbps recommended)
The following Linux guest operating systems have been certified on Hyper-V: