ServerProtect 5 for NT and NW Jennifer O. Chua January 2001 TDSC Trend Development and Support Center Source: Several ServerProtect s eLearning

ServerProtect 5 for NT and NWServerProtect 5 for NT and NW

Jennifer O. ChuaJanuary 2001

TTrend DDevelopment and SSupport CCenter

Source: Several ServerProtect PDF fileseLearning Level 2 by Anne Jacqueline To (TDSC)

eDoctor Training Kit eDoctor Training Kit Version 2Version 2

Table of Contents

Introduction and Installation

Managing ServerProtect

Configuring ServerProtect

Maintaining ServerProtect

Troubleshooting

Frequently Asked Questions

Error Codes

Contacting Support and Solution Bank

Installation

and

Deployment

Three-Tier Architecture

Selecting the Proper Topology

A Sole Windows NT Environment

NT

NT

NT

NTNT

Step 1 Install IS

Step 2 Install NT Normal Servers

IS

NS

NSNS

NS


A Sole Novell Netware Environment

NW

NW

NWNW

Step 1 add one NT machine and

Install IS

Step 2 Install Netware Normal Servers

NT

IS

NS

NSNS

NS


A Mixed Environment

NT

NT

NT

NWNW

Step 1 Install IS

Step 2 Install Netware Normal Servers

IS

NS

NSNS

NS

Pre-installation Check

Management Console Windows 2000 Professional, Windows 95/98, Windows NT

4.0 with SP1, SP3, SP4, SP5 or SP6

A monitor with 800 x 600 or higher resolution

Network Protocols and Services: TCP/IP, Microsoft Network and Netbios. These must be running on the installed server


Information Server Microsoft Windows 2000 Professional with client 32 Microsoft Windows NT 4.0 with SP1, SP3, SP4, SP5

or SP6 Microsoft Windows NT 3.51 with SP5 or SP5 plus

Y2K patch 64 MB or above 50 MB of free disk space An Intel Pentium 166 MHZ processor or faster (or

equivalent) TCP/IP, Microsoft Network,Netbios, Gateway

Service, RPC services, and SPX protocol forNetWare servers.


Normal Server on Windows NT Windows NT Normal Server Microsoft Windows 2000 Professional Microsoft Windows NT 4.0 with SP1, SP3, SP4, SP5

or SP6 Microsoft Windows NT 3.51 with SP5 or SP5 plus

Y2K patch Windows NT 3.51: 16 MB RAM; 32 MB or above Windows NT 4.0: 32 MB RAM; 64 MB or above Microsoft Network, and RPC services running


Normal Server on Novell Netware NetWare v3.12 plus Y2K patch of NetWare v3.12

NetWare 3.2 NetWare v4.1x plus Y2K patch of NetWare v4.1x NetWare 4.x with SP7 or SP8 NetWare 5.0 with SP1, SP2, SP3, or SP4 NetWare 5.1

Required modules for NetWare 3.x servers: CLIB.NLM v3.12g or above TLI.NLM 3.12b or above SPXS.NLM v5.00b or above

Required modules for NetWare 4.x servers: TLI.NLM v4.10a or above SPXS.NLM 5.00q or above

NetWare Server: 64 MB and above are recommended IP or IPX and SPX running


User Rights/Roles needed to Install ServerProtect

Deployment Topology Sole NT environment, Sole Novell

environment, Mix environment

Serial number Valid serial number for the installation

Must use a Windows NT Administrator account

Installation Process

Installing ServerProtect


Installing a Full Set of ServerProtect


If you are installing the Management Console...


If you are installing an Information Server...


If you are installing an Information Server...

How to Install IS?


If you are installing a Normal Server...





If the to-be installed Normal Server runs Novell NetWare

Installing an NT Normal Server via the Setup program

Installing a NW Normal Server in a Pure TCP/IP setup

Installing a NW Normal Server in a IPX/SPX setup


Deploying clients through Microsoft SMS



Install/Uninstall normal server of ServerProtect

ServerProtect 5





After Installation…

… a program group entry for the Management Console will be created


… a service for the Information Server will be created and started


… an entry in the Add/Remove Program will be created for the Information Server


… a service for the Normal Server will be created and started


… an entry in the Add/Remove Program will be created for the Normal Server


… an icon on the system tray will be created on the Normal Server


… you need to manually start ServerProtect on the Netware console


… you need to manually start ServerProtect on the Netware console

Upgrading ServerProtect


When one Information Server manages one Normal Server

Upgrade is straightforward Upgrade can be done remotely or locally

using the setup program Upgrade can also be done thru the

Management Console


When one Information Server manages several Normal Servers

Upgrade its managed normal servers first Upgrade the Information server itself Upgrade can be done via setup program or

from the Management Console

If Normal Servers are NetWare servers... You need to manually uninstall SPNW 3.x

from the servers first Install ServerProtect via setup program


When several Information Servers manage groups of Normal Servers on the network

Upgrade is similar as having one Information Server

Upgrade the Information Server with its associated Normal Server at one time

Upgrade the other Information Servers Upgrade can be done via setup program or

from the Management Console It is recommended that you upgrade from

the Management Console


Upgrading from the Setup program Enter basic product information. Under Select Components Window, select

Install server as a ServerProtect Information Server or Install server as a ServerProtect Normal Server

Choose server’s location path Select the server you want to upgrade from

the server tree list

Upgrading a NetWare server You need to uninstall if first manually then

add the server through the setup program or from the Management Console


Upgrading from the Management Console







Converting ServerProtect Trial Version


The Software Evaluation Period dialog box

Viewing Serial Number List Click Help | About from the Management

Console. Click Serial Number button.



Updating Serial Number(s)

Uninstalling ServerProtect

Uninstalling the Normal Server Service

For Windows 2000/Windows NT 4.0 Remotely from the Management Console

Multi-select servers from the consoleSelect Domain | Uninstall ServerProtectAll selected servers will be remotely uninstalled

Locally from the Add/Remove program

How to remotely uninstall NS?

How to locally uninstall NS?


For Windows NT 3.51 Remotely from the Management Console

Multi-select servers from the consoleSelect Domain | Uninstall ServerProtectAll selected servers will be remotely uninstalled

Locally from the Windows NT command prompt"c:\program files\trend\sprotect\SpUninst" NT


For Novell NetWare Remotely from the Management Console Locally from the DOS- prompt

From the Netware console, press ESC to unload the ServerProtect modules

Delete SYS:System\SPNW.ncfDelete SYS:LOGIN\SPROTECTDelete <Volume>: Sprotect directoryDelete the following registry contents from the

ServerProtect Information Server:HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\InformationServer\ (the target ServerProtect Normal Server)HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\NW\ (the target ServerProtect Normal Server)

Uninstalling the Information Server

For Windows 2000/Windows NT 4.0 The information Server service can only be

removed locally Open Control Panel from the Windows Start

menu Open Add/Remove Programs Select the item "ServerProtect Information

Server" and then press the Add/Remove Programs button

How to unistall IS locally?


For Windows 3.51The information Server service can only be

removed locally Open Windows NT command prompt "c:\program files\trend\sprotect\SpUninst" IS

Uninstalling the Management Console

From the Program Group Menu Uninstalling the ServerProtect

Management Console is straightforward.

Just select Trend ServerProtect Management Console | Uninstall ServerProtect Management Console from the Windows Start menu.

How to uninstall the Console?


From the Windows Command Prompt The information Server service can only be

removed locally Open Windows Command Prompt "c:\program files\trend\sprotect\SpUninst"

ADMIN

Updating ServerProtect components

Via ServerProtect Master Setup program The setup program will automatically detect

the ServerProtect component to upgrade Updating through the setup program can only

be achieved if done locally ServerProtect can only update the existing

components in the same language

Via Trend Active Update Easier way to update the ServerProtect

components When updates are on the Trend Active

Update server, you can configure the Update to download program updates as well

ServerProtect Management

Console

Management Console

Opening the Management Console Select Trend ServerProtect Management

Console from the Start Menu

How to open Management

Console?

Management Console

Side Bar

Information Server

Main Menu

Column Field

Domain

Normal Server(ServerProtect Server)

Domain Browser Tree

Configuration Area

Managing Information

Servers

Managing Information Servers

Selecting Information Servers

Viewing Information Server Log

Moving Information Servers

Backing Up IS Data

Restoring IS Data

Managing Information Server

Issuing Commands at the Command Prompt

Command Function

EarthAgent -install Installing Information Server service

EarthAgent -remove Removing Information Server service

EarthAgent -start Starting Information Server service

EarthAgent -stop Stopping Information Server service

Managing Domains

Managing Domains

Creating New Domains

Renaming Domains

Deleting Domains

Filtering Domains

Managing Normal Servers

Adding a New Normal Server

Installing NS from the console


Moving a Normal Server between domains Select a Normal Server under one domain Drag and Drop to the another Domain

Removing a Normal Server You can remotely uninstall the

ServerProtect 5 software You can locally perform the uninstallation on

that server

Moving a Normal Server between IS The original IS service should be stopped. Go to Domains | Add a Normal Server Select the Normal Server(s). The selected

Normal server will now report to the new IS

Searching a Lost Normal Server

Deleting a Non-responding Normal Server


Issuing Commands at the Command Prompt

Command Function

Spntsvc /i Installing real-time service/scanner

Spntsvc /u Uninstalling real-time service/scanner

Spntsvc /s Starting real-time service/scanner

Spntsvc /t Stopping real-time service/scanner

Spntsvc /d Displaying the status dialog box for real-time service/scanner

Configuring and Performing

Task

Configuring and Performing Task

ServerProtect Task Wizard

Configuring and Performing Task

Default Tasks Scan Deploy Statistics These tasks are not modifiable. However, you can delete them manually and

create new tasks with the functions you prefer.

Creating a New Task

How to do a scheduled scan?

Equivalent

Click this

Real time scan setting DemoScan Now DemoDeploy DemoPurge Log DemoExport log DemoPrint log DemoRun Statistics Demo

Creating a New Task

Opening the Existing Task List

Equivalent

Running an Existing Task

Equivalent

Perform Now

Modifying an Existing Task

Click Modify

Modifying an Existing Task

Viewing an Existing Task

Click View

Viewing an Existing Task

Removing (deleting) an Existing Task

Click Remove

Configuring Virus Scanning


Actions Taken on Infected Files

Click this


Special Notes on Compressed File Scanning The first layer filename of the infected

compress file appears on the Log. Take actions (Rename, Delete, Move) on

the infected file from the Log. To clean infection, you need to manually

decompress and perform manual scan on it.

Scanning Profile

Click this

Scanning Profile

Saving a Scanning Profile

Deleting a Scanning Profile

Click Save

Click Save

Real-time Scanning



Defining Actions Against Viruses

Information for Novell Netware Users

Scanning MAC Files

Manual Scanning (Scan Now)

Configuring a Manual Scan (Scan Now)

Configuring a Manual Scan (Scan Now)

Configuring Manual Scan

Scheduled Scanning

Configuring a Scheduled Scan

How to do a scheduled scan?




Configuring Exclusion List

Directory Exclusion List

How to configure directory

exclusion list?

File Exclusion List

How to configure file exclusion list?

Virus Exclusion List

How to configure virus exclusion list?

Configuring Deny Write List

Configuring Deny Write List

Configuring Deny Write List - Folder

How to configure NT Deny Write Directory

List?

Configuring Deny Write List - File

How to configure NT Deny Write file

extensions?

Removing Deny Write List


2 Deny Write Options only Available for Netware Servers User Management

If someone needs to update a program or make any changes to protected files/directories, you can give timed modify rights to him

Exception Settings For NetWare servers, some files and directories

in the Deny Write list may need to remain unprotected.


Default deny write directory for Netware servers

•Sys : Login

•Sys: Public

•Sys : System

Granting Temporary Modify Rights to User

User Management…

Step 1 Add user

Step 2 Set time to allow the user to allow modify rights

Step 3 Click Set

Restricting Modify Rights to Selected Users

User Management…

NetWare servers can have more control over the

network by restricting users who have modify rights on

the network files.

Creating Exception Files/Directories in the Deny Write List

Exception Setting…

For NetWare servers, some files and directories in the

Deny Write list may need to remain unprotected.

Configuring Notifications

Configuring Notification

Standard Alert

Outbreak Alert

Notification Events

Configuring Alert Messages

Virus Infection


Attempt to change write-protected files/directories


Real-time scan configuration change


ServerProtect unload/NLM unload


Virus pattern out-of-date

Configuring Outbreak Alert

Setting Alert Methods

Configuring Alert Methods

Message Box Alert

How to configure Message Box?


Printer Alert

How to configure printer alert?


Pager Alert

How to configure Pager Alert?


Internet Mail (Email) Alert

How to configure Email Alert?

SNMP Trap Alert TMSP.mib needs to be manually copied to

the ManageWise folder for SPNW to send its own SMNP Trap Alerts

Windows NT event log


Configuring Updates

Configuring Updates

Main Features Pattern file, scan engine and program

version update supported Updates from Trend’s ActiveUpdate server Compatible with leading firewalls and proxy

servers Records update activity to a log file Pattern, engine and program version

rollback supported

Configuring Updates

Update Components Program component : new releases with

more advanced features, user interface enhancements, remedies to program issues of previous releases.

Virus pattern file : the software uses detection method called “pattern matching”

Scan engine : this software component does the actual scanning of files.

Configuring Updates

How ServerProtect performs update Downloading updates : downloading of the

latest updates to an Information Server Deploying updates : deploying the updates

from an Information Server to the rest of the Normal Servers

Automatically downloading and deploying updates : Scheduling the downloading of updates on the Information Server and the creating a scheduled task to automatically deploy the updates to the Normal server

How ServerProtect Performs Updates

Management Console

Sends command to IS

Connect to Active Update Server to download updates

Updates Save in IS

NT Normal Servers

Netware Normal Severs

Deploys

Internet

Configuring Updates

Files and Folders creating after Downloading updates Server.ini : provides information about the

update source /Engine : contains pre-VSAPI and VSAPI

scan engines that support NLM and Windows NT platform

/Pattern : contains virus pattern files including VSAPI and pre-VSAPI and combination patterns

/Product : contains 2 kinds of filesFiles with “AU” prefix that are run-time libraries for

ActiveUpdateThe other files are latest versions of

ServerProtect

Viewing Current Version of Updates

Downloading Updates

How to Download Update for IS (first

time)

Configuring Download Settings

From Internet

From the Network

Configuring Download Settings

Checking for a successful update

Check Management Console, if IS has the

Newest Updates Version

Deploying Updates

How to deploy Scan engine updates?

How to deploy pattern updates?

Check the component you want to deploy

Configuring a Scheduled Deployment

Existing Task

New Task

Checking for a successful deployment

Check Management Console If Normal

Server Has A Successful Deployment

Rolling-back the Previous Deployment Action

Check the component you want to rollback

Viewing Scan Result and Log

Files

Viewing Scan Results

Real-time scan enabled

Infected File found

Taking actions on infected files

ServerProtect’s Recommendation

Description on the Virus Found

Details on the infected file found

Taking actions on infected files

Click Purge

Take Action

Viewing Logs

Log Types

Date Range

Select Action to perform

Viewing Detailed Log Information

Click Next or Previous to view

other events

Description in the event

More information about the event

Viewing Deploy Logs

Only Update Log Type is checked

Notice that the dates are not in the 4-digit format. You can change the date format from the Control Panel

Viewing Scan Statistics

Only Infections Log Type is checked

Click the Statistics button

Automatically Running Scan Statistics

Or modify existing task definition

Create Run Statistic as a

scheduled task

Printing, Exporting and Purging Logs

Printing Logs

Exporting Logs

Click Purge button to delete a specific

log entry and Purge All to delete all the log entries

Automatically Purging of Logs

Create Purge logs as a

scheduled task

Purge Log Demo

Troubleshooting

Generating Debug Information

Mask Table MethodMaskHex Value

Debug Name Description

0 NOP

0x0001 SPTRACE_METHOD_DBMON

Use debug monitor (i.e. dbmon.exe) to collect the debug information

0x0002 SPTRACE_METHOD_FILE

Dump debug information to a file named SPNT.LOG which is located in Window System directory


Mask Table ModuleMask

Hex Value Debug Name Description

0 NOP

0x0001 ST_MOD_ENGINE ENGINE Debug Information

0x0002 ST_MOD_NOTIFICATION NOTIFICATION Debug Information

0x0004 ST_MOD_COMMON Common Module Debug Information

0x0010 ST_MOD_RPC RPC for NT server (NetWare use SPX protocol connect to IS)

0x0020 ST_MOD_SPNTSVC SPNT Service Debug Information

0x0040 ST_MOD_UPDATE UPDATE Debug Information

0x0080 ST_MOD_LOG NT Log Master Debug Information

0x0100 ST_MOD_AGENT AGENT (Information Server) Debug Information

0x0200 ST_MOD_AGCLN AGCLN

0x0400 ST_MOD_SPNWCLN SPNW Client Debug Information

0x1000 ST_MOD_ADMIN Management Console Debug Information

Other NO. If you want to monitor two module or above. Please add the every module’s value that you want, then input to the value field


Mask Table TypeMask

Hex Value

Debug Name Description

0x0001 SPTRACE_TYPE_ERROR Error

0x0002 SPTRACE_TYPE_MESSAGE Message

0x0003 SPTRACE_TYPE_ERROR SPTRACE_TYPE_MESSAGE

Error and Message

How to enable the Debug mode

How to enable debug log?

Creating debug logs from the registry1. Open the Registry Editor of the ServerProtect server.2. Under the HKEY_LOCAL_MACHINE\SOFTWARE\

TrendMicro\DebugLog\ directory, do the following: Create a new item to define where to save the debug

log file, like [SPNTHomeDirectory] = "c:\spnt.log" Set the following values

MethodMask = 2 ModuleMask = ffffffff TypeMask = 3

3. Re-start the ServerProtect service. If the service cannot be started, you can send the "c:\spnt.log" debug log file to Trend technical support engineers for assistance.

How to enable the Debug mode

Enabling Debug on Netware environment

Generating the Core Dump File on Netware “Left-Shift + Right-Shift + Alt +Esc” then

press “.c”

How to enable logging of all entries on the NW console to a log file Load conlog.nlmPerform the action for which you want to

produce the messageUnload conlog.nlmThe log file is created at SYS:ETC\

CONSOLE.LOG

Using Network Monitor to capture/analyze Netware packets

Debug Tools and Utilities

Setdbg.exe

To use: Please execute setdbg.exe and select all/any items

then click OK, tmfilter will dynamically enable its debug log.

The log may grow very soon. To disable the log, execute setdbg.exe again. Leave all the items blank(which is default) and click OK.

The log file will be named as %SystemRoot%\tmfilter.log.


SetSP5.exe This utility will display information about the Lprotect module. It also displays a menu that allows user to set various parameters in the Lprotect module. To use: Please extract the setsp5.zip, first and run

SETSP5.exe from a DOS prompt, with the SETSP5.exe file and the Lprotect module located in the root path.

Then type “SETSP5 LPROTECT.NLM” to display the following information about lprotect.nlm:

• Serial String;

• Netware Server Name;

• Working Directory of the old "LPROTECT.NLM”

The same information should be used whenever the lprotect module is updated manually.


Log.exe This tool is used to change the SPNW 5.x log files into text file format.To use:On the Dos prompt, please type

“log.exe f:\Sprotect\VpmLog\lp****.log”. A text file called lp****.dmp will be created

that would contain the information included in the log file.

Toolbox.exe This tool allow users to run Dos commands under Netware server console. It also allow users to access and browse Dos partitions. To use:Please copy the file to the Netware server and

type “load toolbox.nlm”.


VDB.exe This tool is used to convert coredumps to log format.

To use:Please copy all the vdb*.exe files to a

common folder. Then under the Dos prompt, type

“vdb.exe *.img”.

Things to Check

Things to check: The SPNT NS error code are defined same with NT

system. The simple description about the error can be displayed by typing "NET HELPMSG????" in command prompt. Such as: RPC communication problem (17??); service device starting problem (5, 10, 1114).

Any NT errors happen during the installation of SPNT, try to find solution in support.microsoft.com first. Such as: The server was unable to find a free connection 22 times in the last 60 seconds.

Any NW high CPU utilization, please use load monitor->processor utilization->Press F3, to check which process take most of CPU resource.

Whenever a problem that involves scanning, notification and other issues that doesn’t involve the Management Console, Normal Server and IS communication, please use the setdbg.exe tool to generate more detailed debug information.

Troubleshooting

Operation Failed (258)Question: When I tried to get updates from the

Internet, I was prompted with the error as follows: Error. Operation Failed (258). The Internet connection worked properly and I could browse web sites with a browser. What is wrong?

This is because the Internet connection to the ActiveUpdate server times out. If ServerProtect does not receive any response from the server after a preset time, ServerProtect will stop calling the server and return this message.

Troubleshooting

Failed when creating/deleting a directory under the destination directory

Question: When I tried to download the latest virus pattern file by clicking the Download Now button from the Management Console, the error, “Failed when creating/deleting a directory under the destination directory” occurred. What happened?

Do the following:1. Check your network configuration settings.2. Try using your browser to download the ActiveUpdate INI file

(server.ini) from the following servers to ensure that the ActiveUpdate server is running: http://serverprotect.activeupdate.trend.com/Activeupdate/server.ini

3. Check the debug log file, tmdump.txt, located under the \\Sprotect\Temp\ directory.

Troubleshooting

HTTP authentication failed Question: Why do I get a Generic HTTP Failure error message

when I try to update virus pattern files?This may result from an incorrect proxy configuration setting format. If your

network's Internet connection is routed through a proxy server, you need to enter the proxy server information before you will be able to retrieve updates from the Internet.

To set the Internet proxy:1. Do one of the following:

· Select Update ï Update from the left-hand side bar· Select Do ï Update from the main menu

2. Configure the update download setting by clicking the Configure button. From the Download Option dialog box, click the Proxy Setting tab.

3. Enable the Use proxy server option button4. From the Proxy Setting group, enter the Proxy server and Port number5. Enter the Proxy login user name and password. Click the OK button

when you are finished.

Troubleshooting

Invalid serial number Question: I am not able to install ServerProtect 5.x

on our existing ServerProtect 4.x servers. The error message returns: ”Invalid serial number.” Our current version (4.5) is correctly registered. What shall I do?

This is because ServerProtect 5.x uses a new set of serial numbers and cannot support any serial number used in ServerProtect for NT 4.xx or ServerProtect for NetWare 3.xx. Please contact our resellers worldwide to obtain a valid serial number.

Troubleshooting

Failed to update the following server xxx.xxx.xxx.xxx

Question: After downloading new pattern and engine files to the ServerProtect IS server, I wanted to deploy them to other ServerProtect Normal Servers by clicking the “Deploy” button but failed. The error message said, “Failed to update the following server xxx.xxx.xxx.xxx (6ba).” What can I do?

The possible reason of this error is the ServerProtect service on the problematic server is out of service. To successfully deploy updates to it, you need to manually re-start its ServerProtect service and run the deployment again.

Troubleshooting

An error occurred when moving data -115 Question: An error occurred when moving data –115

Component Normal Server for NT File Group. When I tried to install a new Normal Server to my network, I received the following message, Error: Failed to install ServerProtect. Target Server: XXX. The network name cannot be found. I could browse and ping this server by IP address and netbios name. What should I do?

This could be due to one of the following situations:· Inappropriate sharing settings on the to-be installed

server.· Insufficient disk space.

Troubleshooting

ActiveUpdate source not found Question: ActiveUpdate source not found (server.ini)

This could be that the Trend update server is currently down. If this is the case, try to connect to the server after a few moments. The server will be automatically rebooted.

This message may also occur while you are downloading update files. This is because the server.ini is either corrupt or missing. To solve the problem, manually download the server.ini file from the Trend ActiveUpdate web site and copy the file to the folder where you saved the previously downloaded update files.

Troubleshooting

Checking directory setting after installation After installing a Normal Server from the

Management Console, ServerProtect copies the default "Move" directory setting from the Source Server . This sometimes may result in an operation error. For instance, if the disk drive (e.g., d: or e:) where Source Server is installed, or the Move directory of the Source Server does not exist in the newly installed Normal Server, moving the infected files will fail.

We highly recommend that you manually change the directory after the installation to avoid any operation error.

Troubleshooting

System account in ServerProtect In ServerProtect for Windows NT version 4.x, the

ServerProtect scan engine is placed on the service level, which means that only system account is capable of activating services.

Since ServerProtect 5.0, the scan engine has been ported to the kernel driver. System account is not necessary for activating a scan job anymore, but plays a crucial role in the communication between ServerProtect servers.

Frequently Asked

Questions

FAQ – For Installation

Modify the source server for a remote installation

Question: While performing remote installation, ServerProtect chooses the first available ServerProtect 5.x Normal Server (NS) listed in the domain chosen as a source server from where ServerProtect copies necessary files to the target server.

With version 5.15, the user have the option to select the source server. Changing source servers from time to time is OK since target servers can obtain the same files and configuration setting from any server in the LAN.


Configuring a mixture of Alpha and Intel machines into one domain

Question: We have both Intel and Alpha servers to which we want to install ServerProtect. Can I configure a mixture of Alpha and Intel machines into one domain and have automatic pattern updates from the same Information Server?

Currently ServerProtect only supports Intel servers. Installing Alpha servers is not supported in the current version.


Silent Installation in ServerProtect 5 Question: How can I perform a silent installation on

my network?

If you want to perform a silent installation on your network, do the following:1. First install an Information Server 2. Under the Information Server's home directory, find a folder called SMS3. Copy or share the SMS folder, so that you can run the setup program from there4. Issue the SETUP -S command from the copied folder (or under the shared SMS sub-folder)5. The silent installation starts and the target machine

(the one that runs setup -s) will be attached to the Information Server


Installing on Netware ServerQuestion: When trying to reinstall ServerProtect 5.0 on a

NetWare server, a message saying ServerProtect has already installed appears.

This is because the SPNW.NCF was not deleted when you tried to uninstall ServerProtect last time. To solve the problem, go to the SYS:System directory and delete the file SPNW.NCF.

Question: The NetWare system console command line doesn't support directory names that contain more than 8 characters.

You need to avoid installing ServerProtect NetWare to a directory that has a long name (more than 8 characters).


Cannot access Files on a Netware serverQuestion: After installing ServerProtect 5.0, I cannot

delete or access the files on a NetWare server

To fix the problem, you need to apply the latest version of LPROTECT.NLM. This patch can fix the following problems found on some ServerProtect (Netware) installations:1. Files cannot be deleted or accessed from the server after the installation 2. Macintosh computers have no access to its Novell server3. The write-access list cannot be configured

FAQ – For Upgrade

Upgrading after the 30-day trial version expires

Question: How do I purchase additional virus pattern updates after my 30-day of trial version has expired? After I obtain a valid serial number, do I need to re-install the software?

You need to do the following:

1. Purchase a license copy of ServerProtect.

2. Run the software directly from the Management console and update the serial number.

FAQ – For Upgrade

Manually upgrading the ServerProtect Management Console

Question: After updating program files to ServerProtect 5, a message box pops up, reminding me to update the Management Console. What does this mean? And how can I do this?

If some Normal servers and the console are still using an older version, manually upgrade the Management Console by copying the admin.zip file from the server that has the updated program files. Otherwise, new features in ServerProtect 5 will not be supported from the previous version of the Management Console.

FAQ – For Update

Failed when creating or deleting directory under destination folder

Question: When the client clicked "Download now" from the Update section of ServerProtect, the following message returned:“Failed When Creating or Deleting Directory Under Destination directory”

Before deploying the update,1. From the Information Server, go to the Program Files\Trend\SProtect directory.2. Delete the following directories:

\SpntShare directory.\AuBin\AuBackUp\temp\Cache\Engine\temp\Cache\Pattern\temp\Cache\ServerProtect

3. Do the Internet Update(Download Now) once again.4. Now try to deploy the updates to a few servers at a

time.

FAQ – For Update

Return Code 13Question: A customer received return code 13 after

he had tried updating the ServerProtect program. The process didn't complete.

One easy way to take care of this issue is to delete all cached update data in the Information Server (IS) and do download again. Then deploy the downloaded update to all Normal Servers (NS).

Please delete the files under the following folders:{SPNT-Home}\temp\cache{SPNT-Home}\SpntShare

FAQ – For Update

Error 7Question: A client has no problem performing daily

pattern update, but when he does a program update an error 7 returns.

Take the following steps to force a new update for your Normal Servers and eliminate this error.- Go to Control Panel | Services to stop all ServerProtect services.- Backup your C:\Program Files\Trend\Sprotect\Spntshare folder.- Unzip this file (SPNTSHARE.ZIP) to this \Spntshare folder. This will replace the one you have just backup.- Start all the ServerProtect services then try

the update again.

FAQ – For Update

Automatically deploying downloaded updates to other servers

Question: Having set the Information Server to automatically check for updates on a daily basis, how can I automatically deploy them to other servers?

The ServerProtect’s default deployment task is set to run on a weekly basis. If you want to deploy the files everyday, create a new daily deployment task.

FAQ – For Scanning

Virus Action: Clean FailedQuestion: After doing a virus scan, the error "Virus Action:

Clean Failed" appears. What does this message mean?

It is possible that ServerProtect cannot clean the Temp directory.

The Temp directory is the quarantine directory of ServerProtect. The Quarantine directory is purposed to move infected files if they are uncleanable; it preserves the files for back-up purposes, too.

Therefore if ServerProtect is set to take a MOVE action on a virus, but finds the infected file is uncleanable, ServerProtect dumps the file to the quarantine directory. For this reason, we do recommend that you place the SPROTECT/TEMP folder to the Exclusion List while executing a Real-time scan or a manual scan.


Excluding certain directories from scanning Question: Is there any certain directory or file that should be

excluded from scanning, such as temp files or IIS folders?No. But for some files used by the system, e.g., pagefile.sys,

ServerProtect may be prevented from opening them and thus results in a scanning error. To avoid the error, you can manually add the system files into the exclusion list.

Viewing virus information Question: I performed a virus scanning on my machine and it

found a w97m_jack_box virus. Where can I find information about this virus?

To access the Virus Encyclopedia from the ServerProtect Management Console:Choose View | View Virus Encyclopedia from the main menu Or access the Trend’s web : http://www.antivirus.com/vinfo


What are *.rb files? Question: I found the files that I was unable to

clear or move were given new file extensions such as “.rb0” or “.rb1.” How can I determine where they came from and how could I verify them? And how can I remove them?

The *. rb files are the backup files created by ServerProtect before cleaning the virus-infected files. If you want to delete them, click the Delete Backup button in the Detailed Log Info dialog box.

FAQ – For Uninstalling

Uninstalling SPNW 3.xQuestion: How can I manually uninstall ServerProtect for NetWare

3.x version?Please do the following steps to unload ServerProtect in theNetware console:a. Press the ESC button in the ServerProtect monitor screen and

enter the unload password (the default password is VPROTECT). unload pscan.nlm unload vsapi.nlm (for V3.5x above only)

b. Delete the following files in the Netware Server: Delete <Volume>:SPROTECT\*.* Delete SYS:LOGIN\SPROTECT Delete SYS:SPROTECT\LPROTECT.NLM Delete SYS:SPROTECT\PSCAN.* Delete SYS:SPROTECT\VSAPI.NLM (for 3.5x and above) Delete SYS:SPROTECT\SPNW.NCF

FAQ – For Integration

Download patterns from an OfficeScan web server

Question: How do you download patterns to a ServerProtect server from an OfficeScan web server on a local net?

You can do this by configuring the downloading server to be the OfficeScan web server.

1. Enable from a local or network drive radio button to download the update files from another server on you network. Use UNC format, rather than mapped drive format for the server name to download the updates from:· Enter the UNC path where the files are being kept. For example: \\servername\foldername

2. Enter the User name and Password to access that resource.3. The server that you are updating from must have already

downloaded a copy of the update files.

FAQ – Others

Modify connection timeout setting Question: How can I modify connection timeout setting?

If you are performing a remote upgrade or installation, the Management Console may pop up a message, warning you that the connection is time out. This is because the Control may lose connection with the IS or the network traffic is too busy. The default time out is set to 10 minutes. If you want to modify the setting, change the time out value in the admin.ini file by doing the following steps:To change the timeout value in the admin.ini file:1. From the ServerProtect home directory, open the admin.ini file.2. Browse to the AdminServer field. You will see the following:

[ADMINServer]RemoteInstallTimeOut=10

3. The default value is set to 10. If you want ServerProtect to extend the time to take a time out, change the value to whichever you prefer. The value range is from 3 to 120.4. Save the admin.ini file.

Error Codes

Error Codes

Information Server Return Codes

NT Normal Server Return Codes

NW Normal Server Return Codes

Engine Return Codes

Handling and Miscellaneous Return Codes

TMNotify Return Codes

Active Update Return Codes

Error Codes returned by InstallShield

Error Codes

Error Codes

Error Codes

Error Codes

Error Codes

Error Codes

Error Codes

Error Codes

Error Codes

Error Codes

Error Codes

Error Codes

Error Codes

Error Codes

Error Codes

Error Codes

Error Codes

Error Codes

Error Codes

Contacting Support and

Solution Bank

Using Solution bank and submitting case

Use our Use our online solution bankonline solution bank to find solutions to to find solutions to most asked questions.most asked questions.

(Click here for DEMO)(Click here for DEMO)

Unable to find a specific problem? Unable to find a specific problem? Submit a caseSubmit a case to to support team.support team.

(Click here for DEMO)(Click here for DEMO)

Have an Infected File …

I have a file which I think is infected by a virus. Can I send it to support for manual analysis ?

Yes! Our virus engineers can manually verify this for you. If you Yes! Our virus engineers can manually verify this for you. If you have a file you think is infected with a virus, but ServerProtect have a file you think is infected with a virus, but ServerProtect does not detect it, we encourage you to send the suspect file to does not detect it, we encourage you to send the suspect file to us at :us at :

[email protected][email protected]

CompressCompress the infected file the infected file and and password protect it with password protect it with “virus”“virus”

Documents

ServerProtect 5 for NT and NW Jennifer O. Chua January 2001 TDSC Trend Development and Support Center Source: Several ServerProtect s eLearning