http://www.ISAserver.org ------------------------------------------------------- See now didn't we get some meaningful discussion :) -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: Tuesday, 8 January 2008 3:00 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Symantec Endpoint Protection v11.0 on ISA Server 2006 http://www.ISAserver.org ------------------------------------------------------- Hi Jim, No need for "la la la" on this one. I thought about the SBS scenario over the weekend and forgot to mention it here. You're absolutely right that ISA/SBS needs a host based AV/AS solution, because in that scenario isn't not really a network firewall, it's a host - based firewall. :) Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- Microsoft Firewalls (ISA) > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: Monday, January 07, 2008 9:48 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Symantec Endpoint Protection v11.0 on > ISA Server 2006 > > http://www.ISAserver.org > ------------------------------------------------------- > > I would qualify that a bit. > There are those scenarios (start saying "la-la-la", Tom :-)) > such as SBS (I warned you) where file AV is worthwhile, > because this tends to be a "one server does it all" scenario > and these also tend to be used as a workstation. In this > case, having file-based AV is definitely useful to protect > the user against themselves. > In such scenarios, you *MUST* exclude the following objects > from AV scanning: > 1. Folders (trees): > - %ProgramFiles%\Microsoft ISA Server > - %ProgramFiles%\Microsoft SQL Server (MSDE or local SQL logging) > - ISA caching folder > - ISA logging folder > 2. ISA processes > - wspsrv > - w3prefch > - isastg > - sqlsvr (MSDE or local SQL logging) > > Do NOT install any form of "network protection" mechanism on > your ISA server. > Ever. > > As far as what's supported on an ISA appliance, you have to > ask the OEM vendor as they set the support matrix, but I can > guarantee you that they won't support what the ISA team does not. > > Jim > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder > Sent: Monday, January 07, 2008 7:17 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Symantec Endpoint Protection v11.0 on > ISA Server 2006 > > http://www.ISAserver.org > ------------------------------------------------------- > > Hi Andrew, > > What you're doing is what you should be doing. You want to inspect the > datastream moving through the ISA Firewall, you just don't need > something scanning the ISA firewall *itself*. > > HTH, > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- Microsoft Firewalls (ISA) > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Hodgson > > Sent: Monday, January 07, 2008 9:09 AM > > To: isalist > > Subject: [isalist] Re: Symantec Endpoint Protection v11.0 on > > ISA Server 2006 > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > Hi, > > > > We do have Kav for ISA firewall installed on the server, but > > it doesn't do any standard AV scanning on local files other > > than what comes through to the web proxy. Is this standard > > practice, or are we better to run an upstream proxy for AV checking? > > > > Thanks. > > Andrew. > > > > -----Original Message----- > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > Sent: 07 January 2008 15:04 > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] Re: Symantec Endpoint Protection v11.0 on > > ISA Server 2006 > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > Hi Greg, > > > > That is correct. In a well managed ISA Firewall enviroment, > > there is no > > need for AV/AS software on the firewall. In fact, adding > this software > > to the ISA Firewall can significantly increase the attack > > surface on the > > ISA Firewall and break the ISA Firewall's security model. > > > > Thanks! > > Tom > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://blogs.isaserver.org/shinder/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- Microsoft Firewalls (ISA) > > > > > > > > > -----Original Message----- > > > From: isalist-bounce@xxxxxxxxxxxxx > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Greg Mulholland > > > Sent: Monday, January 07, 2008 2:02 AM > > > To: isalist@xxxxxxxxxxxxx > > > Subject: [isalist] Re: Symantec Endpoint Protection v11.0 on > > > ISA Server 2006 > > > > > > http://www.ISAserver.org > > > ------------------------------------------------------- > > > > > > Constructive please... > > > > > > As you can probably tell by some of the responses, in a standalone > > > environment (sbs aside as you don't have much choice) we > > > generally wouldn't > > > encourage you to add third party functionality to your > > > firewall. There have > > > been many/many cases where such software has corrupted files, > > > registry or > > > just the nuts/bolts and wheels of the box. Many! Im sure if > > you wanted > > > horror stories or specific examples most of us, if not Jim > > > could knock your > > > jocks off. However, I would assume that no-one (that has > > > replied) other than > > > Peter has any specific experience with the product (albeit > > > his was in an sbs > > > 2000 environment, and I would guess would have been some > > > years ago). I would > > > be hitting up Symantec for deployment scenario's and best > > > practise guides > > > and I would most definitely ensure I could test in a lab > > > environment and had > > > a good/working backup of the server before I did anything > for real! > > > > > > HTH > > > > > > Greg > > > > > > > > > > > > -----Original Message----- > > > From: isalist-bounce@xxxxxxxxxxxxx > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On > > > Behalf Of Steve Moffat > > > Sent: Monday, 7 January 2008 1:06 AM > > > To: ISA Mailing List > > > Subject: [isalist] Re: Symantec Endpoint Protection v11.0 on > > > ISA Server 2006 > > > > > > http://www.ISAserver.org > > > ------------------------------------------------------- > > > > > > As others have asked...why on earth would you do that??? > > > > > > S > > > > > > -----Original Message----- > > > From: isalist-bounce@xxxxxxxxxxxxx > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On > > > Behalf Of Tony Afriyie > > > Sent: Sunday, January 06, 2008 9:48 AM > > > To: ISA Mailing List > > > Subject: [isalist] Re: Symantec Endpoint Protection v11.0 on > > > ISA Server 2006 > > > > > > http://www.ISAserver.org > > > ------------------------------------------------------- > > > > > > I am trying to install the Antivirus and the Antispyware > > > portion of the > > > Symantec Endpoint Protection. > > > > > > -----Original Message----- > > > From: isalist-bounce@xxxxxxxxxxxxx > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On > > > Behalf Of Thomas W Shinder > > > Sent: Saturday, January 05, 2008 2:48 PM > > > To: isalist@xxxxxxxxxxxxx > > > Subject: [isalist] Re: Symantec Endpoint Protection v11.0 on > > > ISA Server 2006 > > > > > > http://www.ISAserver.org > > > ------------------------------------------------------- > > > > > > Why in the world would you install endpoint protection on a > > firewall? > > > > > > Thomas W Shinder, M.D. > > > Site: www.isaserver.org > > > Blog: http://blogs.isaserver.org/shinder/ > > > Book: http://tinyurl.com/3xqb7 > > > MVP -- Microsoft Firewalls (ISA) > > > > > > > > > > > > > -----Original Message----- > > > > From: isalist-bounce@xxxxxxxxxxxxx > > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tony Afriyie > > > > Sent: Saturday, January 05, 2008 12:24 PM > > > > To: isalist@xxxxxxxxxxxxx > > > > Subject: [isalist] Symantec Endpoint Protection v11.0 on ISA > > > > Server 2006 > > > > > > > > http://www.ISAserver.org > > > > ------------------------------------------------------- > > > > > > > > All, > > > > Has anyone installed Symantec Endpoint Protection v11.0 on > > > > ISA Server 2006 > > > > yet? I am about to do it and I am trying to find out if I > > > can get any > > > > configuration advise before I start. I have "googled" around > > > > but I haven't > > > > found anything yet. Any tutorial out there that you guys can > > > > point me to? > > > > > > > > Thanks in advance, > > > > > > > > Tony > > > > - > > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: //www.freelists.org/archives/isalist/ > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server Articles and Tutorials: > > > > http://www.isaserver.org/articles_tutorials/ > > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > > > > ------------------------------------------------------ > > > List Archives: //www.freelists.org/archives/isalist/ > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server Articles and Tutorials: > > > http://www.isaserver.org/articles_tutorials/ > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > ------------------------------------------------------ > > > List Archives: //www.freelists.org/archives/isalist/ > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server Articles and Tutorials: > > > http://www.isaserver.org/articles_tutorials/ > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > > > List Archives: //www.freelists.org/archives/isalist/ > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server Articles and Tutorials: > > > http://www.isaserver.org/articles_tutorials/ > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > ------------------------------------------------------ > > > List Archives: //www.freelists.org/archives/isalist/ > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server Articles and Tutorials: > > > http://www.isaserver.org/articles_tutorials/ > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > -- > > allpay.net Limited, Fortis et Fides, Whitestone Business > > Park, Whitestone, Hereford, HR1 3SE. > > Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88. > > > > Telephone: 0870 243 3434, Fax: 0870 243 6041. > > Website: www.allpay.net > > Email: enquiries@xxxxxxxxxx > > > > This email, and any files transmitted with it, is > > confidential and intended solely for the use of the > > individual or entity to whom it is addressed. If you have > > received this email in error please notify the allpay.net > > Information Security Manager at the number above. > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx