Upload
meagan-willis
View
218
Download
3
Embed Size (px)
Citation preview
ServerProtect 5 for NT and NWServerProtect 5 for NT and NW
Jennifer O. ChuaJanuary 2001
TTrend DDevelopment and SSupport CCenter
Source: Several ServerProtect PDF fileseLearning Level 2 by Anne Jacqueline To (TDSC)
eDoctor Training Kit eDoctor Training Kit Version 2Version 2
Table of Contents
Introduction and Installation
Managing ServerProtect
Configuring ServerProtect
Maintaining ServerProtect
Troubleshooting
Frequently Asked Questions
Error Codes
Contacting Support and Solution Bank
Installation
and
Deployment
Three-Tier Architecture
Selecting the Proper Topology
A Sole Windows NT Environment
NT
NT
NT
NTNT
Step 1 Install IS
Step 2 Install NT Normal Servers
IS
NS
NSNS
NS
Selecting the Proper Topology
A Sole Novell Netware Environment
NW
NW
NWNW
Step 1 add one NT machine and
Install IS
Step 2 Install Netware Normal Servers
NT
IS
NS
NSNS
NS
Selecting the Proper Topology
A Mixed Environment
NT
NT
NT
NWNW
Step 1 Install IS
Step 2 Install Netware Normal Servers
IS
NS
NSNS
NS
Pre-installation Check
Management Console Windows 2000 Professional, Windows 95/98, Windows NT
4.0 with SP1, SP3, SP4, SP5 or SP6
A monitor with 800 x 600 or higher resolution
Network Protocols and Services: TCP/IP, Microsoft Network and Netbios. These must be running on the installed server
Pre-installation Check
Information Server Microsoft Windows 2000 Professional with client 32 Microsoft Windows NT 4.0 with SP1, SP3, SP4, SP5
or SP6 Microsoft Windows NT 3.51 with SP5 or SP5 plus
Y2K patch 64 MB or above 50 MB of free disk space An Intel Pentium 166 MHZ processor or faster (or
equivalent) TCP/IP, Microsoft Network,Netbios, Gateway
Service, RPC services, and SPX protocol forNetWare servers.
Pre-installation Check
Normal Server on Windows NT Windows NT Normal Server Microsoft Windows 2000 Professional Microsoft Windows NT 4.0 with SP1, SP3, SP4, SP5
or SP6 Microsoft Windows NT 3.51 with SP5 or SP5 plus
Y2K patch Windows NT 3.51: 16 MB RAM; 32 MB or above Windows NT 4.0: 32 MB RAM; 64 MB or above Microsoft Network, and RPC services running
Pre-installation Check
Normal Server on Novell Netware NetWare v3.12 plus Y2K patch of NetWare v3.12
NetWare 3.2 NetWare v4.1x plus Y2K patch of NetWare v4.1x NetWare 4.x with SP7 or SP8 NetWare 5.0 with SP1, SP2, SP3, or SP4 NetWare 5.1
Required modules for NetWare 3.x servers: CLIB.NLM v3.12g or above TLI.NLM 3.12b or above SPXS.NLM v5.00b or above
Required modules for NetWare 4.x servers: TLI.NLM v4.10a or above SPXS.NLM 5.00q or above
NetWare Server: 64 MB and above are recommended IP or IPX and SPX running
Pre-installation Check
User Rights/Roles needed to Install ServerProtect
Deployment Topology Sole NT environment, Sole Novell
environment, Mix environment
Serial number Valid serial number for the installation
Must use a Windows NT Administrator account
Installation Process
Installing ServerProtect
Installation Process
Installing a Full Set of ServerProtect
Installation Process
If you are installing the Management Console...
Installation Process
If you are installing an Information Server...
Installation Process
If you are installing an Information Server...
How to Install IS?
Installation Process
If you are installing a Normal Server...
Installation Process
If you are installing a Normal Server...
Installation Process
If you are installing a Normal Server...
If the to-be installed Normal Server runs Novell NetWare
Installing an NT Normal Server via the Setup program
Installing a NW Normal Server in a Pure TCP/IP setup
Installing a NW Normal Server in a IPX/SPX setup
Installation Process
Deploying clients through Microsoft SMS
Installation Process
Deploying clients through Microsoft SMS
Install/Uninstall normal server of ServerProtect
ServerProtect 5
Installation Process
Deploying clients through Microsoft SMS
Installation Process
Deploying clients through Microsoft SMS
After Installation…
… a program group entry for the Management Console will be created
After Installation…
… a service for the Information Server will be created and started
After Installation…
… an entry in the Add/Remove Program will be created for the Information Server
After Installation…
… a service for the Normal Server will be created and started
After Installation…
… an entry in the Add/Remove Program will be created for the Normal Server
After Installation…
… an icon on the system tray will be created on the Normal Server
After Installation…
… you need to manually start ServerProtect on the Netware console
After Installation…
… you need to manually start ServerProtect on the Netware console
Upgrading ServerProtect
Upgrading ServerProtect
When one Information Server manages one Normal Server
Upgrade is straightforward Upgrade can be done remotely or locally
using the setup program Upgrade can also be done thru the
Management Console
Upgrading ServerProtect
When one Information Server manages several Normal Servers
Upgrade its managed normal servers first Upgrade the Information server itself Upgrade can be done via setup program or
from the Management Console
If Normal Servers are NetWare servers... You need to manually uninstall SPNW 3.x
from the servers first Install ServerProtect via setup program
Upgrading ServerProtect
When several Information Servers manage groups of Normal Servers on the network
Upgrade is similar as having one Information Server
Upgrade the Information Server with its associated Normal Server at one time
Upgrade the other Information Servers Upgrade can be done via setup program or
from the Management Console It is recommended that you upgrade from
the Management Console
Upgrading ServerProtect
Upgrading from the Setup program Enter basic product information. Under Select Components Window, select
Install server as a ServerProtect Information Server or Install server as a ServerProtect Normal Server
Choose server’s location path Select the server you want to upgrade from
the server tree list
Upgrading a NetWare server You need to uninstall if first manually then
add the server through the setup program or from the Management Console
Upgrading ServerProtect
Upgrading from the Management Console
Upgrading ServerProtect
Upgrading from the Management Console
Upgrading ServerProtect
Upgrading from the Management Console
Upgrading ServerProtect
Upgrading from the Management Console
Converting ServerProtect Trial Version
Converting ServerProtect Trial Version
The Software Evaluation Period dialog box
Viewing Serial Number List Click Help | About from the Management
Console. Click Serial Number button.
Converting ServerProtect Trial Version
Converting ServerProtect Trial Version
Updating Serial Number(s)
Uninstalling ServerProtect
Uninstalling the Normal Server Service
For Windows 2000/Windows NT 4.0 Remotely from the Management Console
Multi-select servers from the consoleSelect Domain | Uninstall ServerProtectAll selected servers will be remotely uninstalled
Locally from the Add/Remove program
How to remotely uninstall NS?
How to locally uninstall NS?
Uninstalling the Normal Server Service
For Windows NT 3.51 Remotely from the Management Console
Multi-select servers from the consoleSelect Domain | Uninstall ServerProtectAll selected servers will be remotely uninstalled
Locally from the Windows NT command prompt"c:\program files\trend\sprotect\SpUninst" NT
Uninstalling the Normal Server Service
For Novell NetWare Remotely from the Management Console Locally from the DOS- prompt
From the Netware console, press ESC to unload the ServerProtect modules
Delete SYS:System\SPNW.ncfDelete SYS:LOGIN\SPROTECTDelete <Volume>: Sprotect directoryDelete the following registry contents from the
ServerProtect Information Server:HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\InformationServer\ (the target ServerProtect Normal Server)HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\NW\ (the target ServerProtect Normal Server)
Uninstalling the Information Server
For Windows 2000/Windows NT 4.0 The information Server service can only be
removed locally Open Control Panel from the Windows Start
menu Open Add/Remove Programs Select the item "ServerProtect Information
Server" and then press the Add/Remove Programs button
How to unistall IS locally?
Uninstalling the Information Server
For Windows 3.51The information Server service can only be
removed locally Open Windows NT command prompt "c:\program files\trend\sprotect\SpUninst" IS
Uninstalling the Management Console
From the Program Group Menu Uninstalling the ServerProtect
Management Console is straightforward.
Just select Trend ServerProtect Management Console | Uninstall ServerProtect Management Console from the Windows Start menu.
How to uninstall the Console?
Uninstalling the Information Server
From the Windows Command Prompt The information Server service can only be
removed locally Open Windows Command Prompt "c:\program files\trend\sprotect\SpUninst"
ADMIN
Updating ServerProtect components
Via ServerProtect Master Setup program The setup program will automatically detect
the ServerProtect component to upgrade Updating through the setup program can only
be achieved if done locally ServerProtect can only update the existing
components in the same language
Via Trend Active Update Easier way to update the ServerProtect
components When updates are on the Trend Active
Update server, you can configure the Update to download program updates as well
ServerProtect Management
Console
Management Console
Opening the Management Console Select Trend ServerProtect Management
Console from the Start Menu
How to open Management
Console?
Management Console
Side Bar
Information Server
Main Menu
Column Field
Domain
Normal Server(ServerProtect Server)
Domain Browser Tree
Configuration Area
Managing Information
Servers
Managing Information Servers
Selecting Information Servers
Viewing Information Server Log
Moving Information Servers
Backing Up IS Data
Restoring IS Data
Managing Information Server
Issuing Commands at the Command Prompt
Command Function
EarthAgent -install Installing Information Server service
EarthAgent -remove Removing Information Server service
EarthAgent -start Starting Information Server service
EarthAgent -stop Stopping Information Server service
Managing Domains
Managing Domains
Creating New Domains
Renaming Domains
Deleting Domains
Filtering Domains
Managing Normal Servers
Adding a New Normal Server
Installing NS from the console
Managing Normal Servers
Moving a Normal Server between domains Select a Normal Server under one domain Drag and Drop to the another Domain
Removing a Normal Server You can remotely uninstall the
ServerProtect 5 software You can locally perform the uninstallation on
that server
Moving a Normal Server between IS The original IS service should be stopped. Go to Domains | Add a Normal Server Select the Normal Server(s). The selected
Normal server will now report to the new IS
Searching a Lost Normal Server
Deleting a Non-responding Normal Server
Managing Normal Servers
Issuing Commands at the Command Prompt
Command Function
Spntsvc /i Installing real-time service/scanner
Spntsvc /u Uninstalling real-time service/scanner
Spntsvc /s Starting real-time service/scanner
Spntsvc /t Stopping real-time service/scanner
Spntsvc /d Displaying the status dialog box for real-time service/scanner
Configuring and Performing
Task
Configuring and Performing Task
ServerProtect Task Wizard
Configuring and Performing Task
Default Tasks Scan Deploy Statistics These tasks are not modifiable. However, you can delete them manually and
create new tasks with the functions you prefer.
Creating a New Task
How to do a scheduled scan?
Equivalent
Click this
Real time scan setting DemoScan Now DemoDeploy DemoPurge Log DemoExport log DemoPrint log DemoRun Statistics Demo
Creating a New Task
Opening the Existing Task List
Equivalent
Running an Existing Task
Equivalent
Perform Now
Modifying an Existing Task
Click Modify
Modifying an Existing Task
Viewing an Existing Task
Click View
Viewing an Existing Task
Removing (deleting) an Existing Task
Click Remove
Configuring Virus Scanning
Configuring Virus Scanning
Actions Taken on Infected Files
Click this
Configuring Virus Scanning
Special Notes on Compressed File Scanning The first layer filename of the infected
compress file appears on the Log. Take actions (Rename, Delete, Move) on
the infected file from the Log. To clean infection, you need to manually
decompress and perform manual scan on it.
Scanning Profile
Click this
Scanning Profile
Saving a Scanning Profile
Deleting a Scanning Profile
Click Save
Click Save
Real-time Scanning
Configuring Virus Scanning
Configuring Virus Scanning
Defining Actions Against Viruses
Information for Novell Netware Users
Scanning MAC Files
Manual Scanning (Scan Now)
Configuring a Manual Scan (Scan Now)
Configuring a Manual Scan (Scan Now)
Configuring Manual Scan
Scheduled Scanning
Configuring a Scheduled Scan
How to do a scheduled scan?
Configuring a Scheduled Scan
Configuring a Scheduled Scan
Configuring a Scheduled Scan
Configuring Exclusion List
Directory Exclusion List
How to configure directory
exclusion list?
File Exclusion List
How to configure file exclusion list?
Virus Exclusion List
How to configure virus exclusion list?
Configuring Deny Write List
Configuring Deny Write List
Configuring Deny Write List - Folder
How to configure NT Deny Write Directory
List?
Configuring Deny Write List - File
How to configure NT Deny Write file
extensions?
Removing Deny Write List
Information for Novell Netware Users
2 Deny Write Options only Available for Netware Servers User Management
If someone needs to update a program or make any changes to protected files/directories, you can give timed modify rights to him
Exception Settings For NetWare servers, some files and directories
in the Deny Write list may need to remain unprotected.
Information for Novell Netware Users
Default deny write directory for Netware servers
•Sys : Login
•Sys: Public
•Sys : System
Granting Temporary Modify Rights to User
User Management…
Step 1 Add user
Step 2 Set time to allow the user to allow modify rights
Step 3 Click Set
Restricting Modify Rights to Selected Users
User Management…
NetWare servers can have more control over the
network by restricting users who have modify rights on
the network files.
Creating Exception Files/Directories in the Deny Write List
Exception Setting…
For NetWare servers, some files and directories in the
Deny Write list may need to remain unprotected.
Configuring Notifications
Configuring Notification
Standard Alert
Outbreak Alert
Notification Events
Configuring Alert Messages
Virus Infection
Configuring Alert Messages
Attempt to change write-protected files/directories
Configuring Alert Messages
Real-time scan configuration change
Configuring Alert Messages
ServerProtect unload/NLM unload
Configuring Alert Messages
Virus pattern out-of-date
Configuring Outbreak Alert
Setting Alert Methods
Configuring Alert Methods
Message Box Alert
How to configure Message Box?
Configuring Alert Methods
Printer Alert
How to configure printer alert?
Configuring Alert Methods
Pager Alert
How to configure Pager Alert?
Configuring Alert Methods
Internet Mail (Email) Alert
How to configure Email Alert?
SNMP Trap Alert TMSP.mib needs to be manually copied to
the ManageWise folder for SPNW to send its own SMNP Trap Alerts
Windows NT event log
Configuring Alert Methods
Configuring Updates
Configuring Updates
Main Features Pattern file, scan engine and program
version update supported Updates from Trend’s ActiveUpdate server Compatible with leading firewalls and proxy
servers Records update activity to a log file Pattern, engine and program version
rollback supported
Configuring Updates
Update Components Program component : new releases with
more advanced features, user interface enhancements, remedies to program issues of previous releases.
Virus pattern file : the software uses detection method called “pattern matching”
Scan engine : this software component does the actual scanning of files.
Configuring Updates
How ServerProtect performs update Downloading updates : downloading of the
latest updates to an Information Server Deploying updates : deploying the updates
from an Information Server to the rest of the Normal Servers
Automatically downloading and deploying updates : Scheduling the downloading of updates on the Information Server and the creating a scheduled task to automatically deploy the updates to the Normal server
How ServerProtect Performs Updates
Management Console
Sends command to IS
Connect to Active Update Server to download updates
Updates Save in IS
NT Normal Servers
Netware Normal Severs
Deploys
Internet
Configuring Updates
Files and Folders creating after Downloading updates Server.ini : provides information about the
update source /Engine : contains pre-VSAPI and VSAPI
scan engines that support NLM and Windows NT platform
/Pattern : contains virus pattern files including VSAPI and pre-VSAPI and combination patterns
/Product : contains 2 kinds of filesFiles with “AU” prefix that are run-time libraries for
ActiveUpdateThe other files are latest versions of
ServerProtect
Viewing Current Version of Updates
Downloading Updates
How to Download Update for IS (first
time)
Configuring Download Settings
From Internet
From the Network
Configuring Download Settings
Checking for a successful update
Check Management Console, if IS has the
Newest Updates Version
Deploying Updates
How to deploy Scan engine updates?
How to deploy pattern updates?
Check the component you want to deploy
Configuring a Scheduled Deployment
Existing Task
New Task
Checking for a successful deployment
Check Management Console If Normal
Server Has A Successful Deployment
Rolling-back the Previous Deployment Action
Check the component you want to rollback
Viewing Scan Result and Log
Files
Viewing Scan Results
Real-time scan enabled
Infected File found
Taking actions on infected files
ServerProtect’s Recommendation
Description on the Virus Found
Details on the infected file found
Taking actions on infected files
Click Purge
Take Action
Viewing Logs
Log Types
Date Range
Select Action to perform
Viewing Detailed Log Information
Click Next or Previous to view
other events
Description in the event
More information about the event
Viewing Deploy Logs
Only Update Log Type is checked
Notice that the dates are not in the 4-digit format. You can change the date format from the Control Panel
Viewing Scan Statistics
Only Infections Log Type is checked
Click the Statistics button
Automatically Running Scan Statistics
Or modify existing task definition
Create Run Statistic as a
scheduled task
Printing, Exporting and Purging Logs
Printing Logs
Exporting Logs
Click Purge button to delete a specific
log entry and Purge All to delete all the log entries
Automatically Purging of Logs
Create Purge logs as a
scheduled task
Purge Log Demo
Troubleshooting
Generating Debug Information
Mask Table MethodMaskHex Value
Debug Name Description
0 NOP
0x0001 SPTRACE_METHOD_DBMON
Use debug monitor (i.e. dbmon.exe) to collect the debug information
0x0002 SPTRACE_METHOD_FILE
Dump debug information to a file named SPNT.LOG which is located in Window System directory
Generating Debug Information
Mask Table ModuleMask
Hex Value Debug Name Description
0 NOP
0x0001 ST_MOD_ENGINE ENGINE Debug Information
0x0002 ST_MOD_NOTIFICATION NOTIFICATION Debug Information
0x0004 ST_MOD_COMMON Common Module Debug Information
0x0010 ST_MOD_RPC RPC for NT server (NetWare use SPX protocol connect to IS)
0x0020 ST_MOD_SPNTSVC SPNT Service Debug Information
0x0040 ST_MOD_UPDATE UPDATE Debug Information
0x0080 ST_MOD_LOG NT Log Master Debug Information
0x0100 ST_MOD_AGENT AGENT (Information Server) Debug Information
0x0200 ST_MOD_AGCLN AGCLN
0x0400 ST_MOD_SPNWCLN SPNW Client Debug Information
0x1000 ST_MOD_ADMIN Management Console Debug Information
Other NO. If you want to monitor two module or above. Please add the every module’s value that you want, then input to the value field
Generating Debug Information
Mask Table TypeMask
Hex Value
Debug Name Description
0x0001 SPTRACE_TYPE_ERROR Error
0x0002 SPTRACE_TYPE_MESSAGE Message
0x0003 SPTRACE_TYPE_ERROR SPTRACE_TYPE_MESSAGE
Error and Message
How to enable the Debug mode
How to enable debug log?
Creating debug logs from the registry1. Open the Registry Editor of the ServerProtect server.2. Under the HKEY_LOCAL_MACHINE\SOFTWARE\
TrendMicro\DebugLog\ directory, do the following: Create a new item to define where to save the debug
log file, like [SPNTHomeDirectory] = "c:\spnt.log" Set the following values
MethodMask = 2 ModuleMask = ffffffff TypeMask = 3
3. Re-start the ServerProtect service. If the service cannot be started, you can send the "c:\spnt.log" debug log file to Trend technical support engineers for assistance.
How to enable the Debug mode
Enabling Debug on Netware environment
Generating the Core Dump File on Netware “Left-Shift + Right-Shift + Alt +Esc” then
press “.c”
How to enable logging of all entries on the NW console to a log file Load conlog.nlmPerform the action for which you want to
produce the messageUnload conlog.nlmThe log file is created at SYS:ETC\
CONSOLE.LOG
Using Network Monitor to capture/analyze Netware packets
Debug Tools and Utilities
Setdbg.exe
To use: Please execute setdbg.exe and select all/any items
then click OK, tmfilter will dynamically enable its debug log.
The log may grow very soon. To disable the log, execute setdbg.exe again. Leave all the items blank(which is default) and click OK.
The log file will be named as %SystemRoot%\tmfilter.log.
Debug Tools and Utilities
SetSP5.exe This utility will display information about the Lprotect module. It also displays a menu that allows user to set various parameters in the Lprotect module. To use: Please extract the setsp5.zip, first and run
SETSP5.exe from a DOS prompt, with the SETSP5.exe file and the Lprotect module located in the root path.
Then type “SETSP5 LPROTECT.NLM” to display the following information about lprotect.nlm:
• Serial String;
• Netware Server Name;
• Working Directory of the old "LPROTECT.NLM”
The same information should be used whenever the lprotect module is updated manually.
Debug Tools and Utilities
Log.exe This tool is used to change the SPNW 5.x log files into text file format.To use:On the Dos prompt, please type
“log.exe f:\Sprotect\VpmLog\lp****.log”. A text file called lp****.dmp will be created
that would contain the information included in the log file.
Toolbox.exe This tool allow users to run Dos commands under Netware server console. It also allow users to access and browse Dos partitions. To use:Please copy the file to the Netware server and
type “load toolbox.nlm”.
Debug Tools and Utilities
VDB.exe This tool is used to convert coredumps to log format.
To use:Please copy all the vdb*.exe files to a
common folder. Then under the Dos prompt, type
“vdb.exe *.img”.
Things to Check
Things to check: The SPNT NS error code are defined same with NT
system. The simple description about the error can be displayed by typing "NET HELPMSG????" in command prompt. Such as: RPC communication problem (17??); service device starting problem (5, 10, 1114).
Any NT errors happen during the installation of SPNT, try to find solution in support.microsoft.com first. Such as: The server was unable to find a free connection 22 times in the last 60 seconds.
Any NW high CPU utilization, please use load monitor->processor utilization->Press F3, to check which process take most of CPU resource.
Whenever a problem that involves scanning, notification and other issues that doesn’t involve the Management Console, Normal Server and IS communication, please use the setdbg.exe tool to generate more detailed debug information.
Troubleshooting
Operation Failed (258)Question: When I tried to get updates from the
Internet, I was prompted with the error as follows: Error. Operation Failed (258). The Internet connection worked properly and I could browse web sites with a browser. What is wrong?
This is because the Internet connection to the ActiveUpdate server times out. If ServerProtect does not receive any response from the server after a preset time, ServerProtect will stop calling the server and return this message.
Troubleshooting
Failed when creating/deleting a directory under the destination directory
Question: When I tried to download the latest virus pattern file by clicking the Download Now button from the Management Console, the error, “Failed when creating/deleting a directory under the destination directory” occurred. What happened?
Do the following:1. Check your network configuration settings.2. Try using your browser to download the ActiveUpdate INI file
(server.ini) from the following servers to ensure that the ActiveUpdate server is running: http://serverprotect.activeupdate.trend.com/Activeupdate/server.ini
3. Check the debug log file, tmdump.txt, located under the \\Sprotect\Temp\ directory.
Troubleshooting
HTTP authentication failed Question: Why do I get a Generic HTTP Failure error message
when I try to update virus pattern files?This may result from an incorrect proxy configuration setting format. If your
network's Internet connection is routed through a proxy server, you need to enter the proxy server information before you will be able to retrieve updates from the Internet.
To set the Internet proxy:1. Do one of the following:
· Select Update ï Update from the left-hand side bar· Select Do ï Update from the main menu
2. Configure the update download setting by clicking the Configure button. From the Download Option dialog box, click the Proxy Setting tab.
3. Enable the Use proxy server option button4. From the Proxy Setting group, enter the Proxy server and Port number5. Enter the Proxy login user name and password. Click the OK button
when you are finished.
Troubleshooting
Invalid serial number Question: I am not able to install ServerProtect 5.x
on our existing ServerProtect 4.x servers. The error message returns: ”Invalid serial number.” Our current version (4.5) is correctly registered. What shall I do?
This is because ServerProtect 5.x uses a new set of serial numbers and cannot support any serial number used in ServerProtect for NT 4.xx or ServerProtect for NetWare 3.xx. Please contact our resellers worldwide to obtain a valid serial number.
Troubleshooting
Failed to update the following server xxx.xxx.xxx.xxx
Question: After downloading new pattern and engine files to the ServerProtect IS server, I wanted to deploy them to other ServerProtect Normal Servers by clicking the “Deploy” button but failed. The error message said, “Failed to update the following server xxx.xxx.xxx.xxx (6ba).” What can I do?
The possible reason of this error is the ServerProtect service on the problematic server is out of service. To successfully deploy updates to it, you need to manually re-start its ServerProtect service and run the deployment again.
Troubleshooting
An error occurred when moving data -115 Question: An error occurred when moving data –115
Component Normal Server for NT File Group. When I tried to install a new Normal Server to my network, I received the following message, Error: Failed to install ServerProtect. Target Server: XXX. The network name cannot be found. I could browse and ping this server by IP address and netbios name. What should I do?
This could be due to one of the following situations:· Inappropriate sharing settings on the to-be installed
server.· Insufficient disk space.
Troubleshooting
ActiveUpdate source not found Question: ActiveUpdate source not found (server.ini)
This could be that the Trend update server is currently down. If this is the case, try to connect to the server after a few moments. The server will be automatically rebooted.
This message may also occur while you are downloading update files. This is because the server.ini is either corrupt or missing. To solve the problem, manually download the server.ini file from the Trend ActiveUpdate web site and copy the file to the folder where you saved the previously downloaded update files.
Troubleshooting
Checking directory setting after installation After installing a Normal Server from the
Management Console, ServerProtect copies the default "Move" directory setting from the Source Server . This sometimes may result in an operation error. For instance, if the disk drive (e.g., d: or e:) where Source Server is installed, or the Move directory of the Source Server does not exist in the newly installed Normal Server, moving the infected files will fail.
We highly recommend that you manually change the directory after the installation to avoid any operation error.
Troubleshooting
System account in ServerProtect In ServerProtect for Windows NT version 4.x, the
ServerProtect scan engine is placed on the service level, which means that only system account is capable of activating services.
Since ServerProtect 5.0, the scan engine has been ported to the kernel driver. System account is not necessary for activating a scan job anymore, but plays a crucial role in the communication between ServerProtect servers.
Frequently Asked
Questions
FAQ – For Installation
Modify the source server for a remote installation
Question: While performing remote installation, ServerProtect chooses the first available ServerProtect 5.x Normal Server (NS) listed in the domain chosen as a source server from where ServerProtect copies necessary files to the target server.
With version 5.15, the user have the option to select the source server. Changing source servers from time to time is OK since target servers can obtain the same files and configuration setting from any server in the LAN.
FAQ – For Installation
Configuring a mixture of Alpha and Intel machines into one domain
Question: We have both Intel and Alpha servers to which we want to install ServerProtect. Can I configure a mixture of Alpha and Intel machines into one domain and have automatic pattern updates from the same Information Server?
Currently ServerProtect only supports Intel servers. Installing Alpha servers is not supported in the current version.
FAQ – For Installation
Silent Installation in ServerProtect 5 Question: How can I perform a silent installation on
my network?
If you want to perform a silent installation on your network, do the following:1. First install an Information Server 2. Under the Information Server's home directory, find a folder called SMS3. Copy or share the SMS folder, so that you can run the setup program from there4. Issue the SETUP -S command from the copied folder (or under the shared SMS sub-folder)5. The silent installation starts and the target machine
(the one that runs setup -s) will be attached to the Information Server
FAQ – For Installation
Installing on Netware ServerQuestion: When trying to reinstall ServerProtect 5.0 on a
NetWare server, a message saying ServerProtect has already installed appears.
This is because the SPNW.NCF was not deleted when you tried to uninstall ServerProtect last time. To solve the problem, go to the SYS:System directory and delete the file SPNW.NCF.
Question: The NetWare system console command line doesn't support directory names that contain more than 8 characters.
You need to avoid installing ServerProtect NetWare to a directory that has a long name (more than 8 characters).
FAQ – For Installation
Cannot access Files on a Netware serverQuestion: After installing ServerProtect 5.0, I cannot
delete or access the files on a NetWare server
To fix the problem, you need to apply the latest version of LPROTECT.NLM. This patch can fix the following problems found on some ServerProtect (Netware) installations:1. Files cannot be deleted or accessed from the server after the installation 2. Macintosh computers have no access to its Novell server3. The write-access list cannot be configured
FAQ – For Upgrade
Upgrading after the 30-day trial version expires
Question: How do I purchase additional virus pattern updates after my 30-day of trial version has expired? After I obtain a valid serial number, do I need to re-install the software?
You need to do the following:
1. Purchase a license copy of ServerProtect.
2. Run the software directly from the Management console and update the serial number.
FAQ – For Upgrade
Manually upgrading the ServerProtect Management Console
Question: After updating program files to ServerProtect 5, a message box pops up, reminding me to update the Management Console. What does this mean? And how can I do this?
If some Normal servers and the console are still using an older version, manually upgrade the Management Console by copying the admin.zip file from the server that has the updated program files. Otherwise, new features in ServerProtect 5 will not be supported from the previous version of the Management Console.
FAQ – For Update
Failed when creating or deleting directory under destination folder
Question: When the client clicked "Download now" from the Update section of ServerProtect, the following message returned:“Failed When Creating or Deleting Directory Under Destination directory”
Before deploying the update,1. From the Information Server, go to the Program Files\Trend\SProtect directory.2. Delete the following directories:
\SpntShare directory.\AuBin\AuBackUp\temp\Cache\Engine\temp\Cache\Pattern\temp\Cache\ServerProtect
3. Do the Internet Update(Download Now) once again.4. Now try to deploy the updates to a few servers at a
time.
FAQ – For Update
Return Code 13Question: A customer received return code 13 after
he had tried updating the ServerProtect program. The process didn't complete.
One easy way to take care of this issue is to delete all cached update data in the Information Server (IS) and do download again. Then deploy the downloaded update to all Normal Servers (NS).
Please delete the files under the following folders:{SPNT-Home}\temp\cache{SPNT-Home}\SpntShare
FAQ – For Update
Error 7Question: A client has no problem performing daily
pattern update, but when he does a program update an error 7 returns.
Take the following steps to force a new update for your Normal Servers and eliminate this error.- Go to Control Panel | Services to stop all ServerProtect services.- Backup your C:\Program Files\Trend\Sprotect\Spntshare folder.- Unzip this file (SPNTSHARE.ZIP) to this \Spntshare folder. This will replace the one you have just backup.- Start all the ServerProtect services then try
the update again.
FAQ – For Update
Automatically deploying downloaded updates to other servers
Question: Having set the Information Server to automatically check for updates on a daily basis, how can I automatically deploy them to other servers?
The ServerProtect’s default deployment task is set to run on a weekly basis. If you want to deploy the files everyday, create a new daily deployment task.
FAQ – For Scanning
Virus Action: Clean FailedQuestion: After doing a virus scan, the error "Virus Action:
Clean Failed" appears. What does this message mean?
It is possible that ServerProtect cannot clean the Temp directory.
The Temp directory is the quarantine directory of ServerProtect. The Quarantine directory is purposed to move infected files if they are uncleanable; it preserves the files for back-up purposes, too.
Therefore if ServerProtect is set to take a MOVE action on a virus, but finds the infected file is uncleanable, ServerProtect dumps the file to the quarantine directory. For this reason, we do recommend that you place the SPROTECT/TEMP folder to the Exclusion List while executing a Real-time scan or a manual scan.
FAQ – For Scanning
Excluding certain directories from scanning Question: Is there any certain directory or file that should be
excluded from scanning, such as temp files or IIS folders?No. But for some files used by the system, e.g., pagefile.sys,
ServerProtect may be prevented from opening them and thus results in a scanning error. To avoid the error, you can manually add the system files into the exclusion list.
Viewing virus information Question: I performed a virus scanning on my machine and it
found a w97m_jack_box virus. Where can I find information about this virus?
To access the Virus Encyclopedia from the ServerProtect Management Console:Choose View | View Virus Encyclopedia from the main menu Or access the Trend’s web : http://www.antivirus.com/vinfo
FAQ – For Scanning
What are *.rb files? Question: I found the files that I was unable to
clear or move were given new file extensions such as “.rb0” or “.rb1.” How can I determine where they came from and how could I verify them? And how can I remove them?
The *. rb files are the backup files created by ServerProtect before cleaning the virus-infected files. If you want to delete them, click the Delete Backup button in the Detailed Log Info dialog box.
FAQ – For Uninstalling
Uninstalling SPNW 3.xQuestion: How can I manually uninstall ServerProtect for NetWare
3.x version?Please do the following steps to unload ServerProtect in theNetware console:a. Press the ESC button in the ServerProtect monitor screen and
enter the unload password (the default password is VPROTECT). unload pscan.nlm unload vsapi.nlm (for V3.5x above only)
b. Delete the following files in the Netware Server: Delete <Volume>:SPROTECT\*.* Delete SYS:LOGIN\SPROTECT Delete SYS:SPROTECT\LPROTECT.NLM Delete SYS:SPROTECT\PSCAN.* Delete SYS:SPROTECT\VSAPI.NLM (for 3.5x and above) Delete SYS:SPROTECT\SPNW.NCF
FAQ – For Integration
Download patterns from an OfficeScan web server
Question: How do you download patterns to a ServerProtect server from an OfficeScan web server on a local net?
You can do this by configuring the downloading server to be the OfficeScan web server.
1. Enable from a local or network drive radio button to download the update files from another server on you network. Use UNC format, rather than mapped drive format for the server name to download the updates from:· Enter the UNC path where the files are being kept. For example: \\servername\foldername
2. Enter the User name and Password to access that resource.3. The server that you are updating from must have already
downloaded a copy of the update files.
FAQ – Others
Modify connection timeout setting Question: How can I modify connection timeout setting?
If you are performing a remote upgrade or installation, the Management Console may pop up a message, warning you that the connection is time out. This is because the Control may lose connection with the IS or the network traffic is too busy. The default time out is set to 10 minutes. If you want to modify the setting, change the time out value in the admin.ini file by doing the following steps:To change the timeout value in the admin.ini file:1. From the ServerProtect home directory, open the admin.ini file.2. Browse to the AdminServer field. You will see the following:
[ADMINServer]RemoteInstallTimeOut=10
3. The default value is set to 10. If you want ServerProtect to extend the time to take a time out, change the value to whichever you prefer. The value range is from 3 to 120.4. Save the admin.ini file.
Error Codes
Error Codes
Information Server Return Codes
NT Normal Server Return Codes
NW Normal Server Return Codes
Engine Return Codes
Handling and Miscellaneous Return Codes
TMNotify Return Codes
Active Update Return Codes
Error Codes returned by InstallShield
Error Codes
Error Codes
Error Codes
Error Codes
Error Codes
Error Codes
Error Codes
Error Codes
Error Codes
Error Codes
Error Codes
Error Codes
Error Codes
Error Codes
Error Codes
Error Codes
Error Codes
Error Codes
Error Codes
Contacting Support and
Solution Bank
Using Solution bank and submitting case
Use our Use our online solution bankonline solution bank to find solutions to to find solutions to most asked questions.most asked questions.
(Click here for DEMO)(Click here for DEMO)
Unable to find a specific problem? Unable to find a specific problem? Submit a caseSubmit a case to to support team.support team.
(Click here for DEMO)(Click here for DEMO)
Have an Infected File …
I have a file which I think is infected by a virus. Can I send it to support for manual analysis ?
Yes! Our virus engineers can manually verify this for you. If you Yes! Our virus engineers can manually verify this for you. If you have a file you think is infected with a virus, but ServerProtect have a file you think is infected with a virus, but ServerProtect does not detect it, we encourage you to send the suspect file to does not detect it, we encourage you to send the suspect file to us at :us at :
[email protected][email protected]
CompressCompress the infected file the infected file and and password protect it with password protect it with “virus”“virus”