Release Notes for Symantec™ Critical System Protection Version

Release Notes for Symantec™ Critical
System Protection Version 5.2.4.1
Chapter
1
Release Notes for Symantec™ Critical
System Protection Version 5.2.4.1
This chapter includes the following topics:

About Symantec Critical System Protection

What's new in this version

Additional release information

What you need to know before you install or upgrade your software

Known issues

Resolved issues

Product documentation

Legal Notice
About Symantec Critical System Protection
Welcome to Symantec Critical System Protection, a flexible, multi-layer security solution for servers that detects
abnormal system activities. Symantec Critical System Protection prevents and blocks viruses and worms, hacking
attacks, and zero-day vulnerability attacks. Symantec Critical System Protection also hardens systems, enforcing
behavior-based security policies on clients and servers.
Symantec Critical System Protection includes a management console and server components, and agent components
that enforce policies on computers. The management server and management console run on Windows operating
systems. The agent runs on Windows and UNIX operating systems.
Among Symantec Critical System Protection's key features are:

Predefined application policies for common Microsoft interactive applications

Out-of-the-box policies that continuously lock down the operating system, high-risk applications, and
databases to prevent unauthorized executables from being introduced and run

Microsoft Windows, Sun Solaris, and Linux platform support
Among Symantec Critical System Protection's key benefits are:

Provides proactive, host-based security against day-zero attacks

Offers protection against buffer overflow and memory-based attacks

Helps to maintain compliance with security policies by providing granular control over programs and data
What's new in this version
The current maintenance pack contains new browser support, improved Web UI functionality and Customer Defect
fixes.
Note:
This release may also be referred to as Symantec Critical System Protection 5.2 Release
Update 4 Maintenance Pack 1.
Updated Hardware Requirement
Symantec Critical System Protection Manager requires minimum 2 Gigabytes of memory.
Browser support
Symantec Critical System Protection contains new and improved browser support.

New Internet Explorer 7 Support

Improved Internet Explorer 8 Support
Web-based user interface
Symantec Protection Center
Symantec Protection Center is a Web-based console that lets you integrate management of your Symantec security
products into a single environment. Symantec Protection Center includes a centralized Dashboard that reports on the
overall security of your network based on the products that you integrate.
You integrate supported products in Symantec Protection Center in a registration process. After you register your
products, you can log on to Symantec Protection Center to manage them all.
Symantec Critical System Protection must be installed and configured separately before you can register it with the
Symantec Protection Center. Registered products still function independently of Symantec Protection Center. You
can manage Symantec Critical System Protection and other supported products together, in the Symantec Protection
Center, or separately, in the Symantec Critical System Protection console.
For information about how to register Symantec Critical System Protection in the Symantec Protection Center, see
the Symantec Protection Center information in the Administration Guide for Symantec Endpoint Protection and
Symantec Network Access Control that accompanies Symantec Endpoint Protection version 11 RU6.
Only Symantec Endpoint Protection includes Symantec Protection Center.
Note: Symantec Critical System Protection continues to support both its own Web-based console and its Java-based
console.
Symantec Critical System Protection Web UI Console
You can optionally start and view the Symantec Critical System Protection management console from a browser
window. The console now runs in both Internet Explorer 7 and 8.
If you are using a Prevention policy on your Symantec Critical System Protection management server, you must
update the policies to 5.2.4.1 at the same time that you update the management server software to 5.2.4.1. The new
Web UI feature of the management server will not work if the older 5.2.0 Prevention policies are applied on the
management server system.
If you have previously installed the Symantec Critical System Protection Server, ensure that .NET 2.0 is installed on
your system, and then perform the Server upgrade to get the Web-based user interface.
To launch the console interface from a Web browser
1.
Open your Web browser.
2.
Type the following URL in the Address field: https://localhost:8081/scsp
Note:
By default, the Web server administration port number is 8081. If you change the port
when you install Symantec Critical System Protection, then you must substitute the port
number that you used in this URL.
Additional release information
This section outlines some additional information that you should know about.
What you need to know before you install or upgrade your
software
The Symantec Critical System Protection Installation Guide contains detailed information about how to install the
Symantec Critical System Protection components. If you are installing for the first-time, you should install,
configure, and test Symantec Critical System Protection in a test environment.
For the latest and most complete information about the release and known issues and workarounds, refer to the
readme file that accompanies this release.
Table 1-3
Overview of an installation
Step
Action
Description
1
Plan the installation
When planning your installation,
you may need to consider the
following:

Network architecture
and policy distribution

Firewalls

Name resolution

IP routing
2
Review the system requirements
All the computers on which you
install Symantec Critical System
Protection should meet or
exceed the recommended
operating system and hardware
requirements.
3
Decide on the computers to
install the software components
You can install the management
console and management server
on the same computer or on
separate computers. You can
install agents on any computer.
All computers must run a
supported operating system.
4
Decide on the management
server installation type
You can install the following
management server installation
types:

An evaluation installation
that runs SQL Server
2005 Express on the
local system

An evaluation installation
that uses an existing MS
SQL instance

A production installation
with Tomcat and the
database schema

The Tomcat component
only
5
Configure the TEMP environment
variable
The installation packages unpack
installation files into the directory
that is specified by the TEMP
environment variable. The
volume that contains this
directory must have at least 200
MB of available disk space. If this
volume does not have the
required disk space, you must
change your TEMP environment
variable.
6
Install the management server
You begin the installation by
installing the management
server.
Management server installation
prompts you to enter a series of
values consisting of port
numbers, user names,
passwords, and so on. Each
database that you can install
uses different default settings
and options for the management
server and database.
7
Install the management console
Install the management console
after you install the management
server.
The management console
installation also installs the
authoring environment.
The management console
installation does not prompt you
to enter port numbers or server
names. You enter this
information after installation,
when you configure the
management console.
8
Configure the management
console
Management console
configuration prompts you to
enter a series of values
consisting of port numbers,
passwords, and a server name.
In a few instances, the port
numbers must match the port
numbers that were specified
during management server
installation.
9
Install the agents
Install the agents after you install
the management server, and
after you install and configure the
management console.
The agent installation prompts
you to enter a series of agent
values consisting of port
numbers, management server
name, etc.
Supported platforms
Supported platforms and Symantec Critical System Protection components supported on each lists the platforms
supported by Symantec Critical System Protection release 5.2.4.
Table 1-4
Supported platforms and Symantec Critical System Protection components
supported on each
Operating system
Processor
IDS
support
IPS
support
Red Hat Enterprise Linux
ES 3.0 (2.4 Kernel)
x86, AMD64,
EM64T,
Hugemem (32bit)
X
X
Red Hat Enterprise Linux
ES 4.0 (2.6 Kernel)
x86, AMD64,
EM64T,
Hugemem (32bit), IA64
X
X, except
on IA64
Red Hat Enterprise Linux
ES 5.0 (2.6 Kernel)
x86, AMD64,
EM64T
X
X
SuSE Linux Enterprise
Server 8 (2.4 Kernel)
x86, AMD64,
EM64T
X
X
SuSE Linux Enterprise
Server 9 (2.6 Kernel)
x86, AMD64,
EM64T
X
X
SuSE Linux Enterprise
Server 10 (2.6 Kernel)
x86, AMD64,
EM64T
X
X
Solaris 8 (32- and 64-bit)
SPARC
X
X
SPARC
X
X
SPARC, x86,
AMD64, EM64T
X
X
Note:
Symantec
Critical System
Protection 5.2.4
only supports
global zones on
Solaris. Local
zones are not
supported at this
time.
Solaris 9 (32- and 64-bit)
Note:
Symantec
Critical System
Protection 5.2.4
only supports
global zones on
Solaris. Local
zones are not
supported at this
time.
Solaris 10 (32- and 64-bit)
Note:
Symantec
Critical System
Protection 5.2.4
Console
support
Manager
support
supports local
zones in IDS
mode only. IPS
is not supported
for local zones at
this time.
HP-UX 11i V1 (11.11) (64bit)
PARISC
X
Itanium2
X
HP Tru64 5.1B-3
Alpha
X
AIX 5L 5.1 (32- and 64-bit)
POWERPC
X
Windows NT4 SP6
x86
X
X
Windows 2000 Advanced
Server SP4
x86
X
X
X
Windows 2000 Server SP4
x86
X
X
X
Windows 2000 Professional
SP4
x86
X
X
X
Windows XP Professional
SP2, SP3
x86
X
X
X
Windows 2003 Enterprise
Edition SP2
x86, AMD64,
EM64T
X
X
X
X
Windows 2003 Enterprise
Edition R2
x86, AMD64,
EM64T
X
X
X
X
Windows 2003 Standard
Edition SP2
x86, AMD64,
EM64T
X
X
X
X
Windows 2003 Standard
Edition R2
x86, AMD64,
EM64T
X
X
X
X
Windows 2008 Standard
Edition and Enterprise
Edition, SP1
x86, AMD64,
EM64T
X
X
X
x86, AMD64
X
X
X
HP-UX 11i V2 (11.23) (64bit)
HP-UX 11i V3 (11.31) (64bit)
HP-UX 11i V2 (11.23) (64bit)
HP-UX 11i V3 (11.31) (64bit)
AIX 5L 5.2 (32- and 64-bit)
AIX 5L 5.3 (32- and 64-bit)
Windows 2008 Standard
Edition and Enterprise
Edition, SP2
Windows 2008 Standard
Edition and Enterprise
Edition, R2
SQL Enterprise Server
2005 SP2
x86
X
SQL Enterprise Server
2005 Express
32-bit, 64-bit
X
SQL Enterprise Server
2008
32-bit, 64-bit
X
Windows Vista
X
VMWare Server ESX 3.5
Host
Note:
x86
X
The supported platforms include those running as a Guest OS running in any VMWare
product.
Linux Kernel version support (includes x86, x86_64, UP, SMP) lists the Linux kernel versions Symantec Critical
System Protection supports.
Table 1-5
Linux Kernel version support (includes x86, x86_64, UP, SMP)
Linux distribution
Kernel
RedHat Enterprise Linux 3
Version
RHEL 3 GA
2.4.21-4.EL
RHEL 3 U1
2.4.21-9.EL
RHEL 3 U2
2.4.21-15.EL
RHEL 3 U3
2.4.21-20.EL
RHEL 3 U4
2.4.21-27.EL
RHEL 3 U5
2.4.21-32.EL
RHEL 3 U6
2.4.21-37.EL
RHEL 3 U8
2.4.21-47.EL
RedHat Enterprise Linux 4
Version
RHEL 4.1
2.6.9-11.EL
RHEL 4.2
2.6.9-22.EL
RHEL 4.3
2.6.9-34.EL
RHEL 4.4
2.6.9-42.EL
RHEL 4.5
2.6.9-55.EL
RHEL 4.6
2.6.9-67.EL
RHEL 4.7
2.6.9-78.EL
RedHat Enterprise Linux 5
Version
RHEL 5.1
2.6.18-53.el5
RHEL 5.2
2.6.18-92.el5
SuSE Linux Enterprise Server 8
Version
SLES 8 SP4 hotfix
2.4.21-304
SLES 8 SP4 hotfix
2.4.21-306
SLES 8 SP4 hotfix
2.4.21-314
SuSE Linux Enterprise Server 9
Version
SLES 9 GA
2.6.5-7.97
SLES 9 SP1
2.6.5-7.139
SLES 9 SP2
2.6.5-7.191
SLES 9 SP3
2.6.5-7.244
SLES 9 SP3 hotfix
2.6.5-7.283
SLES 9 SP4
2.6.5-7.308
SuSE Linux Enterprise Server 10
Version
SLES 10 SP1
2.6.16.46
SLES 10 SP1 hotfixes
2.6.16.54-*
SLES 10 SP2
2.6.16.60-*
VMWare ESX 3.5 Host
Version
ESX 3.5.0 GA and U1
2.4.21-47.Elvmnix
ESX 3.5.0 U2 - U4
2.4.21-57.Elvmnix
Scalability guidelines
The Symantec Critical System Protection agent is licensed to service no more than 25 virtual agents. This is based
on the following assumptions:

A virtual agent instance services no more than ten dedicated and shared logs.

On Windows platforms, the combination of logs includes forwarded Windows event log messages for the
Application, Security, and Service logs, and any additional application logs that are either text logs or
custom Windows event logs, such as Web server logs, database server logs and so on.

On UNIX/Linux platforms, the combination of logs includes forwarded syslog or syslog-ng messages, and
application-specific logs.

The aggregate sum of messages coming from the various logs is approximately no more than 250/second,
and that input messages are spread across more than a single collector.
A Symantec Critical System Protection agent that is configured to host a large number of virtual agents dedicates a
large portion of its resources to the monitoring of various input logs, and therefore should be expected to be at least
partially dedicated to this purpose.
There is no way to exactly quantify the number of messages that are processed by the agent, as this varies greatly
between platforms, configurations, and application usage. Additional consideration must be given to the hardware
and network environment. Therefore, these recommendations are only a rough guideline.
Known issues
Installation on computers that run Windows 2008 R2 may cause
the wrong error message to display
When you install the Symantec Critical System Protection console, agent, or server on computers that run Windows
2008 R2, the computer may not display the typical disk space check messages. Instead, you may see the following
error message:
This installation package could not be opened. Contact the application vendor to verify that this is a valid Windows
installer package.
To work around this issue, ensure that you have a sufficient amount of disk space on the computer for installation
before you begin to install.
The filewatch collector does not monitor file permissions for the
Archive and Index attributes
The filewatch collector does not monitor file permissions for the Archive and Index attributes. Changes to these
attributes do not trigger a file modification event.
Resolved issues
Policy importing and displaying issue - #2003545
You can now import prevention policies from 5.2 or later with custom program options into this 5.2.4.1 console.
Importing is working in 5.2.4 without custom program options.
Registry Driver Fix - #2018311
A registry driver error discovered in a Windows Server 2003 environment was resolved.
Network Filter Driver Fix - #2040450
A synchronization issue on an SCSP network filter driver in a multiple processor Windows Server 2008
environment with heavy network traffic was resolved.
Zeta-byte File System (ZFS) support on Solaris - #1826515
Symantec Critical System Protection now supports ZFS on the Solaris 10 Sparc and x86 platforms.
Product documentation
The following documents provide information on Symantec Critical System Protection:

Symantec Critical System Protection Installation Guide

Symantec Critical System Protection Administration Guide

Symantec Critical System Protection Prevention Policy Reference Guide

Symantec Critical System Protection Detection Policy Reference Guide

Symantec Critical System Protection Policy Override Guide

Symantec Critical System Protection Agent Event Viewer Guide
Legal Notice
The software described in this book is furnished under a license agreement and may be used only in accordance with
the terms of the agreement.
Documentation version 5.02.00.04.01
Copyright © 2010 Symantec Corporation. All rights reserved.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates
in the U.S. and other countries. Other names may be trademarks of their respective owners.
This Symantec product may contain third party software for which Symantec is required to provide attribution to the
third party (“Third Party Programs”). Some of the Third Party Programs are available under open source or free
software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you
may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to
this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third
Party Programs.
The product described in this document is distributed under licenses restricting its use, copying, distribution, and
decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without
prior written authorization of Symantec Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE
DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY
INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR
CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF
THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT
TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR
12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer
Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction
release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government
shall be solely in accordance with the terms of this Agreement.
Symantec Corporation350 Ellis StreetMountain View, CA 94043
http://www.symantec.com