[isalist] Re: Symantec Endpoint Protection v11.0 on ISA Server 2006

• From: "Greg Mulholland" <gmulholland@xxxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Tue, 8 Jan 2008 09:29:03 +1100

http://www.ISAserver.org
-------------------------------------------------------
  
See now didn't we get some meaningful discussion :)

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thomas W Shinder
Sent: Tuesday, 8 January 2008 3:00 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Symantec Endpoint Protection v11.0 on ISA Server 2006

http://www.ISAserver.org
-------------------------------------------------------
  
Hi Jim,

No need for "la la la" on this one. I thought about the SBS scenario
over the weekend and forgot to mention it here. You're absolutely right
that ISA/SBS needs a host based AV/AS solution, because in that scenario
isn't not really a network firewall, it's a host - based firewall.

:)

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)

 

> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Monday, January 07, 2008 9:48 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Symantec Endpoint Protection v11.0 on 
> ISA Server 2006
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> I would qualify that a bit.
> There are those scenarios (start saying "la-la-la", Tom :-)) 
> such as SBS (I warned you) where file AV is worthwhile, 
> because this tends to be a "one server does it all" scenario 
> and these also tend to be used as a workstation.  In this 
> case, having file-based AV is definitely useful to protect 
> the user against themselves.
> In such scenarios, you *MUST* exclude the following objects 
> from AV scanning:
> 1. Folders (trees):
>   - %ProgramFiles%\Microsoft ISA Server
>   - %ProgramFiles%\Microsoft SQL Server (MSDE or local SQL logging)
>   - ISA caching folder
>   - ISA logging folder
> 2. ISA processes
>   - wspsrv
>   - w3prefch
>   - isastg
>   - sqlsvr (MSDE or local SQL logging)
> 
> Do NOT install any form of "network protection" mechanism on 
> your ISA server.
> Ever.
> 
> As far as what's supported on an ISA appliance, you have to 
> ask the OEM vendor as they set the support matrix, but I can 
> guarantee you that they won't support what the ISA team does not.
> 
> Jim
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> Sent: Monday, January 07, 2008 7:17 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Symantec Endpoint Protection v11.0 on 
> ISA Server 2006
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> Hi Andrew,
> 
> What you're doing is what you should be doing. You want to inspect the
> datastream moving through the ISA Firewall, you just don't need
> something scanning the ISA firewall *itself*.
> 
> HTH,
> Tom
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- Microsoft Firewalls (ISA)
> 
> 
> 
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Hodgson
> > Sent: Monday, January 07, 2008 9:09 AM
> > To: isalist
> > Subject: [isalist] Re: Symantec Endpoint Protection v11.0 on
> > ISA Server 2006
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > Hi,
> >
> > We do have Kav for ISA firewall installed on the server, but
> > it doesn't do any standard AV scanning on local files other
> > than what comes through to the web proxy.  Is this standard
> > practice, or are we better to run an upstream proxy for AV checking?
> >
> > Thanks.
> > Andrew.
> >
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > Sent: 07 January 2008 15:04
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: Symantec Endpoint Protection v11.0 on
> > ISA Server 2006
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > Hi Greg,
> >
> > That is correct. In a well managed ISA Firewall enviroment,
> > there is no
> > need for AV/AS software on the firewall. In fact, adding 
> this software
> > to the ISA Firewall can significantly increase the attack
> > surface on the
> > ISA Firewall and break the ISA Firewall's security model.
> >
> > Thanks!
> > Tom
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- Microsoft Firewalls (ISA)
> >
> >
> >
> > > -----Original Message-----
> > > From: isalist-bounce@xxxxxxxxxxxxx
> > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Greg Mulholland
> > > Sent: Monday, January 07, 2008 2:02 AM
> > > To: isalist@xxxxxxxxxxxxx
> > > Subject: [isalist] Re: Symantec Endpoint Protection v11.0 on
> > > ISA Server 2006
> > >
> > > http://www.ISAserver.org
> > > -------------------------------------------------------
> > >
> > > Constructive please...
> > >
> > > As you can probably tell by some of the responses, in a standalone
> > > environment (sbs aside as you don't have much choice) we
> > > generally wouldn't
> > > encourage you to add third party functionality to your
> > > firewall. There have
> > > been many/many cases where such software has corrupted files,
> > > registry or
> > > just the nuts/bolts and wheels of the box. Many! Im sure if
> > you wanted
> > > horror stories or specific examples most of us, if not Jim
> > > could knock your
> > > jocks off. However, I would assume that no-one (that has
> > > replied) other than
> > > Peter has any specific experience with the product (albeit
> > > his was in an sbs
> > > 2000 environment, and I would guess would have been some
> > > years ago). I would
> > > be hitting up Symantec for deployment scenario's and best
> > > practise guides
> > > and I would most definitely ensure I could test in a lab
> > > environment and had
> > > a good/working backup of the server before I did anything 
> for real!
> > >
> > > HTH
> > >
> > > Greg
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: isalist-bounce@xxxxxxxxxxxxx
> > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On
> > > Behalf Of Steve Moffat
> > > Sent: Monday, 7 January 2008 1:06 AM
> > > To: ISA Mailing List
> > > Subject: [isalist] Re: Symantec Endpoint Protection v11.0 on
> > > ISA Server 2006
> > >
> > > http://www.ISAserver.org
> > > -------------------------------------------------------
> > >
> > > As others have asked...why on earth would you do that???
> > >
> > > S
> > >
> > > -----Original Message-----
> > > From: isalist-bounce@xxxxxxxxxxxxx
> > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On
> > > Behalf Of Tony Afriyie
> > > Sent: Sunday, January 06, 2008 9:48 AM
> > > To: ISA Mailing List
> > > Subject: [isalist] Re: Symantec Endpoint Protection v11.0 on
> > > ISA Server 2006
> > >
> > > http://www.ISAserver.org
> > > -------------------------------------------------------
> > >
> > > I am trying to install the Antivirus and the Antispyware
> > > portion of the
> > > Symantec Endpoint Protection.
> > >
> > > -----Original Message-----
> > > From: isalist-bounce@xxxxxxxxxxxxx
> > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On
> > > Behalf Of Thomas W Shinder
> > > Sent: Saturday, January 05, 2008 2:48 PM
> > > To: isalist@xxxxxxxxxxxxx
> > > Subject: [isalist] Re: Symantec Endpoint Protection v11.0 on
> > > ISA Server 2006
> > >
> > > http://www.ISAserver.org
> > > -------------------------------------------------------
> > >
> > > Why in the world would you install endpoint protection on a
> > firewall?
> > >
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://blogs.isaserver.org/shinder/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- Microsoft Firewalls (ISA)
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: isalist-bounce@xxxxxxxxxxxxx
> > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tony Afriyie
> > > > Sent: Saturday, January 05, 2008 12:24 PM
> > > > To: isalist@xxxxxxxxxxxxx
> > > > Subject: [isalist] Symantec Endpoint Protection v11.0 on ISA
> > > > Server 2006
> > > >
> > > > http://www.ISAserver.org
> > > > -------------------------------------------------------
> > > >
> > > > All,
> > > >  Has anyone installed Symantec Endpoint Protection v11.0 on
> > > > ISA Server 2006
> > > > yet? I am about to do it and I am trying to find out if I
> > > can get any
> > > > configuration advise before I start. I have "googled" around
> > > > but I haven't
> > > > found anything yet. Any tutorial out there that you guys can
> > > > point me to?
> > > >
> > > > Thanks in advance,
> > > >
> > > > Tony
> > > > -
> > > >
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives: //www.freelists.org/archives/isalist/
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server Articles and Tutorials:
> > > > http://www.isaserver.org/articles_tutorials/
> > > > ISA Server Blogs: http://blogs.isaserver.org/
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > > >
> > > ------------------------------------------------------
> > > List Archives: //www.freelists.org/archives/isalist/
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server Articles and Tutorials:
> > > http://www.isaserver.org/articles_tutorials/
> > > ISA Server Blogs: http://blogs.isaserver.org/
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: //www.freelists.org/archives/isalist/
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server Articles and Tutorials:
> > > http://www.isaserver.org/articles_tutorials/
> > > ISA Server Blogs: http://blogs.isaserver.org/
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > ------------------------------------------------------
> > > List Archives: //www.freelists.org/archives/isalist/
> > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server Articles and Tutorials:
> > > http://www.isaserver.org/articles_tutorials/
> > > ISA Server Blogs: http://blogs.isaserver.org/
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: //www.freelists.org/archives/isalist/
> > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server Articles and Tutorials:
> > > http://www.isaserver.org/articles_tutorials/
> > > ISA Server Blogs: http://blogs.isaserver.org/
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> > >
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> > --
> > allpay.net Limited, Fortis et Fides, Whitestone Business
> > Park, Whitestone, Hereford, HR1 3SE.
> > Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88.
> >
> > Telephone: 0870 243 3434, Fax: 0870 243 6041.
> > Website: www.allpay.net
> > Email: enquiries@xxxxxxxxxx
> >
> > This email, and any files transmitted with it, is
> > confidential and intended solely for the use of the
> > individual or entity to whom it is addressed. If you have
> > received this email in error please notify the allpay.net
> > Information Security Manager at the number above.
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials: 
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/  
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
> ISA Server Articles and Tutorials: 
> http://www.isaserver.org/articles_tutorials/ 
> ISA Server Blogs: http://blogs.isaserver.org/ 
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com 
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
> Report abuse to listadmin@xxxxxxxxxxxxx 
> 
> 
> 
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

• References:
  • [isalist] Re: Symantec Endpoint Protection v11.0 on ISA Server 2006
    • From: Thomas W Shinder

Other related posts:

• » [isalist] Symantec Endpoint Protection v11.0 on ISA Server 2006
• » [isalist] Re: Symantec Endpoint Protection v11.0 on ISA Server 2006
• » [isalist] Re: Symantec Endpoint Protection v11.0 on ISA Server 2006
• » [isalist] Re: Symantec Endpoint Protection v11.0 on ISA Server 2006
• » [isalist] Re: Symantec Endpoint Protection v11.0 on ISA Server 2006
• » [isalist] Re: Symantec Endpoint Protection v11.0 on ISA Server 2006
• » [isalist] Re: Symantec Endpoint Protection v11.0 on ISA Server 2006
• » [isalist] Re: Symantec Endpoint Protection v11.0 on ISA Server 2006
• » [isalist] Re: Symantec Endpoint Protection v11.0 on ISA Server 2006
• » [isalist] Re: Symantec Endpoint Protection v11.0 on ISA Server 2006
• » [isalist] Re: Symantec Endpoint Protection v11.0 on ISA Server 2006
• » [isalist] Re: Symantec Endpoint Protection v11.0 on ISA Server 2006
• » [isalist] Re: Symantec Endpoint Protection v11.0 on ISA Server 2006
• » [isalist] Re: Symantec Endpoint Protection v11.0 on ISA Server 2006
• » [isalist] Re: Symantec Endpoint Protection v11.0 on ISA Server 2006
• » [isalist] Re: Symantec Endpoint Protection v11.0 on ISA Server 2006

1. Home
2. isalist
3. Archive
4. 01-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---