Installing Symantec Protection Engine on Windows
Before you begin the installation process, ensure that your computer meets the minimum system requirements.
Symantec recommends that you install Symantec Protection Engine with Administrative or equivalent privilege account. Also, for security purposes, the read, write, and execute permissions for all Symantec Protection Engine-based files should be denied for all other users.
When the installation is complete, Symantec Protection Engine is installed as a Windows 2008, 2012, or 2016 service. It is listed as Symantec Protection Engine in the Services Console. The Symantec Protection Engine service starts automatically when the installation is complete. Any significant installation activities are recorded in the Windows Application Event Log.
When the installation is complete, Symantec Protection Engine is installed as a Windows 2012, 2016, or 2019 service. It is listed as Symantec Protection Engine in the Services Console. The Symantec Protection Engine service starts automatically when the installation is complete. Any significant installation activities are recorded in the Windows Application Event Log.
Select one of the following procedures for the type of installation or upgrade that you want to perform:
- First time product installation
- Perform a clean upgradeUninstalls your current version of Symantec Protection Engine and installs the newer version. However, any settings that you made to Symantec Protection Engine are lost during the upgrade.
- Perform a preserved settings upgradeUninstalls your current version of Symantec Protection Engine and installs the newer version, while preserving your existing settings.
- To install Symantec Protection Engine on Windows with Symantec Protection Engine-based authentication
- Log on to the computer on which you plan to install Symantec Protection Engine as administrator or as a user with administrator rights.
- In the Symantec Protection Engine.zip file, runSymantecProtectionEngine.exe.
- In theWelcomepanel, clickNext.
- In theLicense Agreementpanel, after you read the agreement, indicate that you agree with the terms of the Symantec Software License Agreement, and then clickNext.The default setting is that you do not agree with the terms of the Symantec Software License Agreement. If you do not indicate that you agree, the installation is canceled.
- In theDeployment Scenariopanel, select the type of deployment that Symantec Protection Engine should protect.If you selectOther Application, enter the name of the application in the provided field.The maximum length of the application name can be upto 40 characters.This step is applicable for Symantec Protection Engine for Cloud Services only.
- Select one of the following NAS device type that you want to protect.NetApp ® devices (over RPC protocol only)Select this option if you have NetApp device that communicates over RPC protocol.Other NAS devicesSelect this option if you have NAS device other than NetApp.This step is applicable for Symantec Protection Engine for Network Attached Storage only.
- Select one of the following the NetApp NAS device type:
- 7-Mode
- Cluster Mode
- Cluster and 7-Mode both
This step is applicable for Symantec Protection Engine for Network Attached Storage only. - In theDestination Folderpanel, select the location to install Symantec Protection Engine, and then clickNext.The default location is C:\Program Files\Symantec\Scan Engine.If you plan to change the default location to install Symantec Protection Engine, make sure the new directory has the same permissions as that of the Program Files directory.If the new location to install Symantec Protection Engine does not have the same permissions as that of the Program Files directory, malicious users with lower privilege can read and copy file contents, replace malicious data in tags, rename the file, or even delete the product files.
- In theInitialization Methodspanel, select one of the following options, and clickNext:Core server with user interface (requires JRE)Select this option if you want to use the user-interface console of Symantec Protection Engine.This method requires JRE to be installed.Core server only (does not require JRE)Select this option if you do not want to use the user-interface console of Symantec Protection Engine.This method does not require JRE to be installed.
- In theUI Authentication methodpanel, selectSymantec Protection Engine-based authentication, and then clickNext.
- In theAdministrative UI Setuppanel, configure the following options:Administrator PasswordType a password for the administrator account that you intend to use to manage Symantec Protection Engine.Confirm Administrator PasswordConfirm the password by typing it again.
- ClickNext.
- In theAdministrative UI Setuppanel, configure the following options:Administrator PortType the port number on which the Web-based console listens.If you change the port number, use a number that is greater than 1024 that is not in use by any other program or service. The default port number is 8004. You can disable the console by typing 0. If you disable the console, you can configure Symantec Protection Engine by editing the configuration file.SSL PortType the Secure Socket Layer (SSL) port number on which encrypted files are transmitted for increased security.The default SSL port number is 8005. If this port is already in use, select an SSL port that is not in use by any other program or service. Use a port number that is greater than 1024.
- ClickNext.
- In theURL Filtering and URL Reputationpanel, selectEnable URL Filtering and download URL Filtering definitionsto enable URL filtering feature.SelectEnable URL Reputation and download URL Reputation definitionsto enable URL Reputation feature.
- ClickNext.
- In the Reputation-based Protection (Insight) panel, select theInsight Aggression Levelfrom the list.The Insight aggression level defines how sensitive the Symantec Insight ™ feature is to a file's reputation score.
- In theAggression Levelpanel, select theScanning Aggression Levelfrom the list.The scanning aggression level defines the detection aggression level for threat detection technologies.
- In theReady to Install the Programpanel, clickInstall.
- ClickFinish.
- To install Symantec Protection Engine on Windows with Windows Active Directory-based authentication
- Log on to the computer on which you plan to install Symantec Protection Engine as administrator or as a user with administrator rights.
- In the Symantec Protection Engine.zip file, runSymantecProtectionEngine.exe.
- In theWelcomepanel, clickNext.
- In theLicense Agreementpanel, after you read the agreement, indicate that you agree with the terms of the Symantec Software License Agreement, and then clickNext.The default setting is that you do not agree with the terms of the Symantec Software License Agreement. If you do not indicate that you agree, the installation is canceled.
- In theDeployment Scenariopanel, select the type of deployment that Symantec Protection Engine should protect.If you selectOther Application, enter the name of the application in the provided field.The maximum length of the application name can be upto 40 characters.This step is applicable for Symantec Protection Engine for Cloud Services only.
- Select one of the following NAS device type that you want to protect.NetApp ® devices (over RPC protocol only)Select this option if you have NetApp device that communicates over RPC protocol.Other NAS devicesSelect this option if you have NAS device other than NetApp.
- Select one of the following the NetApp NAS device type:
- 7-Mode
- Cluster Mode
- Cluster and 7-Mode both
- In theDestination Folderpanel, select the location to install Symantec Protection Engine, and then clickNext.The default location is C:\Program Files\Symantec\Scan Engine.If you plan to change the default location to install Symantec Protection Engine, make sure the new directory has the same permissions as that of the Program Files directory.If the new location to install Symantec Protection Engine does not have the same permissions as that of the Program Files directory, malicious users with lower privilege can read and copy file contents, replace malicious data in tags, rename the file, or even delete the product files.
- In theInitialization Methodspanel, select one of the following options, and clickNext:Core server with user interface (requires JRE)Select this option if you want to use the user-interface console of Symantec Protection Engine.This method requires you to install JRE.Core server only (does not require JRE)Select this option if you do not want to use the user-interface console of Symantec Protection Engine.This method does not require JRE to be installed.
- In theUI Authentication methodpanel, selectWindows Active Directory-based authentication, and then clickNext.
- In theWindows Active Directory-based Authentication Settingspanel, in theGroup Namebox, type a valid security group name in the Domain\Groupname format.
- ClickNext.If the group name is incorrect, aGroup Name Validationscreen appears.ClickBackto try the security group name again.Alternatively, clickNextto continue the installation without a valid group name. In this case, the Symantec Protection Engine service starts after installation but you cannot access the console. Once the installation is complete, you must go to configuration.xml and enter a valid security group name in the Domain\Groupname format to access the console.
- In theAdministrative UI Setuppanel, configure the following options:Administrator PortType the port number on which the Web-based console listens.If you change the port number, use a number that is greater than 1024 that is not in use by any other program or service. The default port number is 8004. You can disable the console by typing 0. If you disable the console, you can configure Symantec Protection Engine by editing the configuration file.SSL PortType the Secure Socket Layer (SSL) port number on which encrypted files are transmitted for increased security.The default SSL port number is 8005. If this port is already in use, select an SSL port that is not in use by any other program or service. Use a port number that is greater than 1024.
- ClickNext.
- In theURL Filtering annd URL Reputationpanel, selectEnable URL Filtering and download URL Filteringdefinitions to enable URL filtering feature.SelectEnable URL Reputation and download URL Reputation definitionsto enable URL Reputation feature.
- ClickNext.
- In theReputation-based Protection (Insight)panel, select theInsight Aggression Levelfrom the list.The Insight aggression level defines how sensitive the Symantec Insight ™ feature is to a file's reputation score.
- In theAggression Levelpanel, select theScanning Aggression Levelfrom the list.The scanning aggression level defines the detection aggression level for threat detection technologies.
- In theReady to Install the Programpanel, clickInstall.
- ClickFinish.