Configuring Windows XP Firewall for Symantec Antivirus Client
If you install Symantec AntiVirus Client on a Windows XP system with
Windows Firewall activated, which is automatically activated if you
install Service Pack 2 on the system, and need to manage the system from a
Symantec AntiVirus Coroprate Edition 8.0 server, then you need to add an
exception to the Windows XP Firewall settings on the client to allow it to
be managed from the antivirus server. To do so, take the following steps
while logged in under the Administrator account or another account in the
Administrators group.
- Click on Start.
- Select Control Panel.
- Double Click on Security Center.
- At the bottom of the Windows Security Center window, you will see
"Manage security settings for" with "Windows Firewall" listed below it. Click
on Windows Firewall.
- In the Windows Firewall window, make sure that "Don't allow
exceptions" is not checked and click on the Exceptions tab.
- At the Exceptions window, click on Add Port.
- At the Add a Port window type a description in the Name
field, e.g. Symantec AntiVirus Client Management, RTVSCAN,
since rtvscan.exe is the actual program listening on the port, or whatever else
you wish and then put 2967 in the Port number field and click on
UDP to select it.
- Click on the Change scope button.
- At the Change Scope window, click on Custom list to select
it and put in the IP address of the Symantec Antivirus Server followed by
"/255.255.255.255", i.e. use a subnet mask that specifies just that one system,
e.g. "192.168.0.8/255.255.255.255" and then click on OK.
- Then click on OK again to close the Add a Port window
and then OK to close the Windows Firewall Window.
Alternatively, you can instead open
UDP port 2967 using a netsh firewall set portopening
command entered at a command line. The example below presumes the IP
address of the Syamantec AntiVirus server is 192.168.0.8.
C:\Documents and Settings\Administrator>netsh firewall set portopening protocol = UDP port = 2967 name = "Symantec AntiVirus Client Management" mode = ENABLE scope = CUSTOM 192.168.0.8
For viewing what ports are open from a command line prompt, see
Obtaining Information About the Windows XP Firewall from the Command Line
.
Until port 2967 is opened on the client system, if, on the server, you
right-click on a system within the Symantec System Center and choose "All
Tasks", then "Symantec AntiVirus" and then "Start Manual Scan", you will see an
error window open with the message "The requested operation will not be
performed on the following Server Groups and/or machines because their topology
information could not be retrieved from the Symantec System Center Topology
Service."
If you pick "View Virus List" instead of "Start Manual Scan", you will see a
Symantec AntiVirus Management Snap-In window open with the message below:
Symantec AntiVirus could not communicate with ".
Operation stopped.
If you select "Virus History", you will see the message below.
Symantec AntiVirus Management Snap-In |
Symantec AntiVirus
could not collect all the log data from the selected computer(s).
Please verify that Symantec AntiVirus is running on these computers.
[ OK ] |
If you try to check the "File System Real-time Protection Status" or
select "Virus Definition Manager", you receive
the message "Symantec AntiVirus could not communicate with the selected
computer."
But once you have modified the firewall settings on the client system
to allow the antivirus server to connect to port 2967 on it, you
should no longer encounter those errors and should be able to start
a manual scan, view the virus list, etc.
Note, if the virus definitions on the client are out-of-date, you may
have to wait up to 60 minutes until the server pushes out new updates.
You can modify this setting, by taking the following actions on the
server.
- Right-click on the server within the Symantec System Center.
- Select "All Tasks".
- Select "Symantec AntiVirus".
- Select "Virus Definition Manager".
- Click on the "Settings" button next to "Update virus definitions
from parent server".
- Change the "Check for updates" value to be the maximum number of
minutes you want to wait for the server to push out new definitions
to clients.
References:
-
Windows XP or Windows Server 2003 firewall prevents remote installation
-
Some programs seem to stop working after you install Windows XP Service Pack 2
-
Adding port exceptions to Windows Internet Connection Firewall for Symantec
AntiVirus Corporate Edition
-
Ports used for communication in Symantec AntiVirus Corporate Edition 8.x and 9.x
-
How to configure a firewall to use it with SAV ?
-
RPC Server
Unavailable Because of XP Firewall
MoonPoint Support
Created: Monday May 30, 2005