Configuring Windows XP Firewall for Symantec Antivirus Client

VIPRE 2015 728x90
If you install Symantec AntiVirus Client on a Windows XP system with Windows Firewall activated, which is automatically activated if you install Service Pack 2 on the system, and need to manage the system from a Symantec AntiVirus Coroprate Edition 8.0 server, then you need to add an exception to the Windows XP Firewall settings on the client to allow it to be managed from the antivirus server. To do so, take the following steps while logged in under the Administrator account or another account in the Administrators group.
  1. Click on Start.
  2. Select Control Panel.
  3. Double Click on Security Center.
  4. At the bottom of the Windows Security Center window, you will see "Manage security settings for" with "Windows Firewall" listed below it. Click on Windows Firewall.
    Udemy


    Empire: Total War - Gold Edition

    XP Security Center

  5. In the Windows Firewall window, make sure that "Don't allow exceptions" is not checked and click on the Exceptions tab.

    XP Windows Firewall

  6. At the Exceptions window, click on Add Port.

    XP Windows Firewall Exceptions

  7. At the Add a Port window type a description in the Name field, e.g. Symantec AntiVirus Client Management, RTVSCAN, since rtvscan.exe is the actual program listening on the port, or whatever else you wish and then put 2967 in the Port number field and click on UDP to select it.

    XP Windows Firewall - Add a Port

  8. Click on the Change scope button.
  9. At the Change Scope window, click on Custom list to select it and put in the IP address of the Symantec Antivirus Server followed by "/255.255.255.255", i.e. use a subnet mask that specifies just that one system, e.g. "192.168.0.8/255.255.255.255" and then click on OK.

    XP firewall change scope

  10. Then click on OK again to close the Add a Port window and then OK to close the Windows Firewall Window.

Alternatively, you can instead open UDP port 2967 using a netsh firewall set portopening command entered at a command line. The example below presumes the IP address of the Syamantec AntiVirus server is 192.168.0.8.

C:\Documents and Settings\Administrator>netsh firewall set portopening protocol = UDP port = 2967 name = "Symantec AntiVirus Client Management" mode = ENABLE scope = CUSTOM 192.168.0.8

For viewing what ports are open from a command line prompt, see Obtaining Information About the Windows XP Firewall from the Command Line .

Until port 2967 is opened on the client system, if, on the server, you right-click on a system within the Symantec System Center and choose "All Tasks", then "Symantec AntiVirus" and then "Start Manual Scan", you will see an error window open with the message "The requested operation will not be performed on the following Server Groups and/or machines because their topology information could not be retrieved from the Symantec System Center Topology Service."

Symantec System Center topology unretrievable error

If you pick "View Virus List" instead of "Start Manual Scan", you will see a Symantec AntiVirus Management Snap-In window open with the message below:

Symantec AntiVirus could not communicate with ".

Operation stopped.

If you select "Virus History", you will see the message below.

Symantec AntiVirus Management Snap-In
Symantec AntiVirus could not collect all the log data from the selected computer(s).
Please verify that Symantec AntiVirus is running on these computers.

[ OK ]

If you try to check the "File System Real-time Protection Status" or select "Virus Definition Manager", you receive the message "Symantec AntiVirus could not communicate with the selected computer."

But once you have modified the firewall settings on the client system to allow the antivirus server to connect to port 2967 on it, you should no longer encounter those errors and should be able to start a manual scan, view the virus list, etc.

Note, if the virus definitions on the client are out-of-date, you may have to wait up to 60 minutes until the server pushes out new updates. You can modify this setting, by taking the following actions on the server.

  1. Right-click on the server within the Symantec System Center.
  2. Select "All Tasks".
  3. Select "Symantec AntiVirus".
  4. Select "Virus Definition Manager".
  5. Click on the "Settings" button next to "Update virus definitions from parent server".
  6. Change the "Check for updates" value to be the maximum number of minutes you want to wait for the server to push out new definitions to clients.

References:

  1. Windows XP or Windows Server 2003 firewall prevents remote installation
  2. Some programs seem to stop working after you install Windows XP Service Pack 2
  3. Adding port exceptions to Windows Internet Connection Firewall for Symantec AntiVirus Corporate Edition
  4. Ports used for communication in Symantec AntiVirus Corporate Edition 8.x and 9.x
  5. How to configure a firewall to use it with SAV ?
  6. RPC Server Unavailable Because of XP Firewall
    MoonPoint Support

Avast Premier 2016 Malwarebytes Anti-Malware Premium Stopzilla

Shop Amazon Local - Subscribe to Deals in Your Neighborhood

Valid HTML 4.01 Transitional

Created: Monday May 30, 2005