Allowing Norton AntiVirus software LiveUpdate through ISA Server

Many businesses use Norton AntiVirus servers to keep the company’s servers and client computers virus free. In order to keep the virus definitions updated, the Live-Update is used to schedule virus definitions download to the main NAV server, which in turn, updates the client computers.

From my experience, some integrators seem to be having difficulties with the LiveUpdate configuration on a network protected by ISA Server, so I decided to write this article.

The LiveUpdate feature requires both HTTP and FTP access to Symantec’s web site.
In order to configure ISA to allow the main server to download definition updates, use the following instructions:

  1. Open the ISA management console.
  2. Expand the Server -> Policy Elements -> Client Address sets in the ISA tree.
  3. Create a Client address set named “NAV Server”. Enter the IP address of the server on which the Norton AntiVirus Server is installed. If the NAV server is installed on the ISA Server itself (such as in the case of SBS 2000), make sure that the IP address specified is the internal IP address of the server (the private ISA server IP address).

  1. Expand the Access Policy object, and create a new rule in Protocol Rules. This rule should allow the specified client address set which was created in step 3 to access FTP and HTTP sites.

  1. Install Symantec Norton Anti-Virus for Servers, include all the components recommended by Symantec.
    Open the “Norton Antivirus Corporate Edition” program.

From the File menu, select “Live Update

Click on the “Configure” button, and move to the Proxy tab.

As shown in the picture below, select “I want to customize my proxy settings for LiveUpdate.
Select both the HTTP Proxy and FTP Proxy.

Enter the ISA Server’s private network IP address (internal) for both Proxy settings, use port 8080 for the HTTP Proxy, and port 21 for the FTP proxy. Apply the changes and click OK.

Click Next, and test the your ability to download the required updates.

  1. To schedule a daily download of new virus definitions, open the “Symantec System Center” console, expend the “System Hierarch”, and right click the Norton Server group (by default named “Norton Antivirus 1”). Select All Tasks -> Norton AntiVirus -> Virus Definition Manager

In the Virus Definition Manager screen, select Update the primary Server Group only, in the How servers retrieve virus definitions updates and click configure.

Select the required schedule for the definition download. In order to check if the settings work, click “Update Now”.

If the update was successful, an event ID 16 should be logged in the server’s application log, which will inform you if the definitions are current (was able to connect, but no download was required), or if the download of the virus definition file was successful.

Note! There is no need to configure the LiveUpdate proxy use from the Symantec System Center.

  1. Don’t forget to additionally configure how Client computer retrieve the definition update. The recommended way is to Update virus definitions from parent server.
    That way, the new virus definitions will only be downloaded by the NAV server, and not by the client computer.


About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top