Installing Symantec Protection Engine on Windows

Before you begin the installation process, ensure that your computer meets the minimum system requirements.
Symantec recommends that you install Symantec Protection Engine with Administrative or equivalent privilege account. Also, for security purposes, the read, write, and execute permissions for all Symantec Protection Engine-based files should be denied for all other users.
When the installation is complete, Symantec Protection Engine is installed as a Windows 2008, 2012, or 2016 service. It is listed as Symantec Protection Engine in the Services Console. The Symantec Protection Engine service starts automatically when the installation is complete. Any significant installation activities are recorded in the Windows Application Event Log.
When the installation is complete, Symantec Protection Engine is installed as a Windows 2012, 2016, or 2019 service. It is listed as Symantec Protection Engine in the Services Console. The Symantec Protection Engine service starts automatically when the installation is complete. Any significant installation activities are recorded in the Windows Application Event Log.
Select one of the following procedures for the type of installation or upgrade that you want to perform:
  1. To install Symantec Protection Engine on Windows with Symantec Protection Engine-based authentication
  2. Log on to the computer on which you plan to install Symantec Protection Engine as administrator or as a user with administrator rights.
  3. In the Symantec Protection Engine.zip file, run
    SymantecProtectionEngine.exe
    .
  4. In the
    Welcome
    panel, click
    Next
    .
  5. In the
    License Agreement
    panel, after you read the agreement, indicate that you agree with the terms of the Symantec Software License Agreement, and then click
    Next
    .
    The default setting is that you do not agree with the terms of the Symantec Software License Agreement. If you do not indicate that you agree, the installation is canceled.
  6. In the
    Deployment Scenario
    panel, select the type of deployment that Symantec Protection Engine should protect.
    If you select
    Other Application
    , enter the name of the application in the provided field.
    The maximum length of the application name can be upto 40 characters.
    This step is applicable for Symantec Protection Engine for Cloud Services only.
  7. Select one of the following NAS device type that you want to protect.
    NetApp ® devices (over RPC protocol only)
    Select this option if you have NetApp device that communicates over RPC protocol.
    Other NAS devices
    Select this option if you have NAS device other than NetApp.
    This step is applicable for Symantec Protection Engine for Network Attached Storage only.
  8. Select one of the following the NetApp NAS device type:
    • 7-Mode
    • Cluster Mode
    • Cluster and 7-Mode both
    This step is applicable for Symantec Protection Engine for Network Attached Storage only.
  9. In the
    Destination Folder
    panel, select the location to install Symantec Protection Engine, and then click
    Next
    .
    The default location is C:\Program Files\Symantec\Scan Engine.
    If you plan to change the default location to install Symantec Protection Engine, make sure the new directory has the same permissions as that of the Program Files directory.
    If the new location to install Symantec Protection Engine does not have the same permissions as that of the Program Files directory, malicious users with lower privilege can read and copy file contents, replace malicious data in tags, rename the file, or even delete the product files.
  10. In the
    Initialization Methods
    panel, select one of the following options, and click
    Next
    :
    Core server with user interface (requires JRE)
    Select this option if you want to use the user-interface console of Symantec Protection Engine.
    This method requires JRE to be installed.
    Core server only (does not require JRE)
    Select this option if you do not want to use the user-interface console of Symantec Protection Engine.
    This method does not require JRE to be installed.
  11. In the
    UI Authentication method
    panel, select
    Symantec Protection Engine-based authentication
    , and then click
    Next
    .
  12. In the
    Administrative UI Setup
    panel, configure the following options:
    Administrator Password
    Type a password for the administrator account that you intend to use to manage Symantec Protection Engine.
    Confirm Administrator Password
    Confirm the password by typing it again.
  13. Click
    Next
    .
  14. In the
    Administrative UI Setup
    panel, configure the following options:
    Administrator Port
    Type the port number on which the Web-based console listens.
    If you change the port number, use a number that is greater than 1024 that is not in use by any other program or service. The default port number is 8004. You can disable the console by typing 0. If you disable the console, you can configure Symantec Protection Engine by editing the configuration file.
    SSL Port
    Type the Secure Socket Layer (SSL) port number on which encrypted files are transmitted for increased security.
    The default SSL port number is 8005. If this port is already in use, select an SSL port that is not in use by any other program or service. Use a port number that is greater than 1024.
  15. Click
    Next
    .
  16. In the
    URL Filtering and URL Reputation
    panel, select
    Enable URL Filtering and download URL Filtering definitions
    to enable URL filtering feature.
    Select
    Enable URL Reputation and download URL Reputation definitions
    to enable URL Reputation feature.
  17. Click
    Next
    .
  18. In the Reputation-based Protection (Insight) panel, select the
    Insight Aggression Level
    from the list.
    The Insight aggression level defines how sensitive the Symantec Insight feature is to a file's reputation score.
  19. In the
    Aggression Level
    panel, select the
    Scanning Aggression Level
    from the list.
    The scanning aggression level defines the detection aggression level for threat detection technologies.
  20. In the
    Ready to Install the Program
    panel, click
    Install
    .
  21. Click
    Finish
    .
  22. To install Symantec Protection Engine on Windows with Windows Active Directory-based authentication
  23. Log on to the computer on which you plan to install Symantec Protection Engine as administrator or as a user with administrator rights.
  24. In the Symantec Protection Engine.zip file, run
    SymantecProtectionEngine.exe
    .
  25. In the
    Welcome
    panel, click
    Next
    .
  26. In the
    License Agreement
    panel, after you read the agreement, indicate that you agree with the terms of the Symantec Software License Agreement, and then click
    Next
    .
    The default setting is that you do not agree with the terms of the Symantec Software License Agreement. If you do not indicate that you agree, the installation is canceled.
  27. In the
    Deployment Scenario
    panel, select the type of deployment that Symantec Protection Engine should protect.
    If you select
    Other Application
    , enter the name of the application in the provided field.
    The maximum length of the application name can be upto 40 characters.
    This step is applicable for Symantec Protection Engine for Cloud Services only.
  28. Select one of the following NAS device type that you want to protect.
    NetApp ® devices (over RPC protocol only)
    Select this option if you have NetApp device that communicates over RPC protocol.
    Other NAS devices
    Select this option if you have NAS device other than NetApp.
  29. Select one of the following the NetApp NAS device type:
    • 7-Mode
    • Cluster Mode
    • Cluster and 7-Mode both
  30. In the
    Destination Folder
    panel, select the location to install Symantec Protection Engine, and then click
    Next
    .
    The default location is C:\Program Files\Symantec\Scan Engine.
    If you plan to change the default location to install Symantec Protection Engine, make sure the new directory has the same permissions as that of the Program Files directory.
    If the new location to install Symantec Protection Engine does not have the same permissions as that of the Program Files directory, malicious users with lower privilege can read and copy file contents, replace malicious data in tags, rename the file, or even delete the product files.
  31. In the
    Initialization Methods
    panel, select one of the following options, and click
    Next
    :
    Core server with user interface (requires JRE)
    Select this option if you want to use the user-interface console of Symantec Protection Engine.
    This method requires you to install JRE.
    Core server only (does not require JRE)
    Select this option if you do not want to use the user-interface console of Symantec Protection Engine.
    This method does not require JRE to be installed.
  32. In the
    UI Authentication method
    panel, select
    Windows Active Directory-based authentication
    , and then click
    Next
    .
  33. In the
    Windows Active Directory-based Authentication Settings
    panel, in the
    Group Name
    box, type a valid security group name in the Domain\Groupname format.
  34. Click
    Next
    .
    If the group name is incorrect, a
    Group Name Validation
    screen appears.
    Click
    Back
    to try the security group name again.
    Alternatively, click
    Next
    to continue the installation without a valid group name. In this case, the Symantec Protection Engine service starts after installation but you cannot access the console. Once the installation is complete, you must go to configuration.xml and enter a valid security group name in the Domain\Groupname format to access the console.
  35. In the
    Administrative UI Setup
    panel, configure the following options:
    Administrator Port
    Type the port number on which the Web-based console listens.
    If you change the port number, use a number that is greater than 1024 that is not in use by any other program or service. The default port number is 8004. You can disable the console by typing 0. If you disable the console, you can configure Symantec Protection Engine by editing the configuration file.
    SSL Port
    Type the Secure Socket Layer (SSL) port number on which encrypted files are transmitted for increased security.
    The default SSL port number is 8005. If this port is already in use, select an SSL port that is not in use by any other program or service. Use a port number that is greater than 1024.
  36. Click
    Next
    .
  37. In the
    URL Filtering annd URL Reputation
    panel, select
    Enable URL Filtering and download URL Filtering
    definitions to enable URL filtering feature.
    Select
    Enable URL Reputation and download URL Reputation definitions
    to enable URL Reputation feature.
  38. Click
    Next
    .
  39. In the
    Reputation-based Protection (Insight)
    panel, select the
    Insight Aggression Level
    from the list.
    The Insight aggression level defines how sensitive the Symantec Insight feature is to a file's reputation score.
  40. In the
    Aggression Level
    panel, select the
    Scanning Aggression Level
    from the list.
    The scanning aggression level defines the detection aggression level for threat detection technologies.
  41. In the
    Ready to Install the Program
    panel, click
    Install
    .
  42. Click
    Finish
    .