Opening Ports for Antivirus Update though Firewall Client

Hi

I'm using panda antivirus installed on every client machine. But the update
engine cannot access the internet correctly.

There are setting to point to a proxy server. ie //http:server on 8080.
Which is correct.

Setting this makes no difference.

I have spoken to tech support at panda, and they say that I need to open
ports 80 and 8003 for the updates to be carried out correctly.

Can anyone tell me how to do this.

Cheers

mark

Javier
Tue Dec 07 14:43:58 CST 2004

Correct me if I'm wrong... but aren't the clients supposed to pull new AV
definitions from the *server*? not the internet? In my experience this
behavior is far more common and doesn't involve ISA at all. So I ask you...
are you sure about this?

To answer your question-> Your subject line says FW client, but your message
is talking about the proxy. Can you verify the FW client is installed on the
PC and its connected to ISA... if so, then take out the proxy settings from
the AV and check again.

--
Javier [SBS MVP]
www.msmvps.com/javier
<< SBS ROCKS!!! >>

"markreynard" <markreynard@discussions.microsoft.com> wrote in message
news:CC34336A-B2F4-4785-89E6-E0F8F8DD9069@microsoft.com...
> Hi
>
> I'm using panda antivirus installed on every client machine. But the
> update
> engine cannot access the internet correctly.
>
> There are setting to point to a proxy server. ie //http:server on 8080.
> Which is correct.
>
> Setting this makes no difference.
>
> I have spoken to tech support at panda, and they say that I need to open
> ports 80 and 8003 for the updates to be carried out correctly.
>
> Can anyone tell me how to do this.
>
> Cheers
>
> mark

Dave
Tue Dec 07 14:48:34 CST 2004

Go to Control Panel -> Windows Firewall -> Exceptions. IMO better than
opening the ports would be to add Panda to the exceptions list (Add
Program). It's a matter of allowing access to only the one program, as
opposed to allowing unlimited access to the ports.

Does Panda allow you to download updates to the server, then configure the
clients to get them from there?


"markreynard" <markreynard@discussions.microsoft.com> wrote in message
news:CC34336A-B2F4-4785-89E6-E0F8F8DD9069@microsoft.com...
> Hi
>
> I'm using panda antivirus installed on every client machine. But the
> update
> engine cannot access the internet correctly.
>
> There are setting to point to a proxy server. ie //http:server on 8080.
> Which is correct.
>
> Setting this makes no difference.
>
> I have spoken to tech support at panda, and they say that I need to open
> ports 80 and 8003 for the updates to be carried out correctly.
>
> Can anyone tell me how to do this.
>
> Cheers
>
> mark

markreynard
Tue Dec 07 14:59:06 CST 2004

Hi thanks for your quick response

I have ISA running on the SBS machine

The workstations use the firewall client installed from the server.


The mention to proxy server is mentioned in the panda software.

To clarify the antivirus software is installed on the client workstation not
on the server. Also you cannot download the updates to the server then
collect the ipdate from the server. Th only way to update is directly
through the internet. Each copy of the antivirus uses a username and password
to allow the update.

I hope this clarifies the situation. Acoording to Pandasoftware all I need
do is open ports 80 and 8003 on the firewall, which I'm assuming is the ISA
server.

Cheers

mark



"markreynard" wrote:

> Hi
>
> I'm using panda antivirus installed on every client machine. But the update
> engine cannot access the internet correctly.
>
> There are setting to point to a proxy server. ie //http:server on 8080.
> Which is correct.
>
> Setting this makes no difference.
>
> I have spoken to tech support at panda, and they say that I need to open
> ports 80 and 8003 for the updates to be carried out correctly.
>
> Can anyone tell me how to do this.
>
> Cheers
>
> mark

markreynard
Tue Dec 07 15:03:07 CST 2004

In answer to the second part of your question, unfortunately no you can't.
Each client computer with the av installed has a username and password field.

The trouble is the AV has about 4 different programs ( I think )running in
the task manager.

Which one, all of them. I've never done this before, so if this is the
solution coudl you please ellaborate on how to do it.

The Av support has been poor. All they say is that you need ports 80 and
8003 on the firewall open to make it work.

Cheers

mark


"Dave Nickason [SBS MVP]" wrote:

> Go to Control Panel -> Windows Firewall -> Exceptions. IMO better than
> opening the ports would be to add Panda to the exceptions list (Add
> Program). It's a matter of allowing access to only the one program, as
> opposed to allowing unlimited access to the ports.
>
> Does Panda allow you to download updates to the server, then configure the
> clients to get them from there?
>
>
> "markreynard" <markreynard@discussions.microsoft.com> wrote in message
> news:CC34336A-B2F4-4785-89E6-E0F8F8DD9069@microsoft.com...
> > Hi
> >
> > I'm using panda antivirus installed on every client machine. But the
> > update
> > engine cannot access the internet correctly.
> >
> > There are setting to point to a proxy server. ie //http:server on 8080.
> > Which is correct.
> >
> > Setting this makes no difference.
> >
> > I have spoken to tech support at panda, and they say that I need to open
> > ports 80 and 8003 for the updates to be carried out correctly.
> >
> > Can anyone tell me how to do this.
> >
> > Cheers
> >
> > mark
>
>
>

Lanwench
Tue Dec 07 15:13:08 CST 2004

markreynard wrote:
> In answer to the second part of your question, unfortunately no you
> can't. Each client computer with the av installed has a username and
> password field.
>
> The trouble is the AV has about 4 different programs ( I think
> )running in the task manager.
>
> Which one, all of them. I've never done this before, so if this is the
> solution coudl you please ellaborate on how to do it.
>
> The Av support has been poor. All they say is that you need ports 80
> and 8003 on the firewall open to make it work.

You really want to look into network-aware antivirus software that you
control centrally and push updates out from your server. Relying on
client-side updates from the Internet is a pretty surefire way to make sure
you get viruses, and can't see who's got what very easily. I don't know if
Panda makes a corporate AV product, but if they do, you should upgrade. If
not, look into another product - I personally like Trend (and they have a
suite that includes ScanMail for Exchange, etc).
>
> Cheers
>
> mark
>
>
> "Dave Nickason [SBS MVP]" wrote:
>
>> Go to Control Panel -> Windows Firewall -> Exceptions. IMO better
>> than opening the ports would be to add Panda to the exceptions list
>> (Add Program). It's a matter of allowing access to only the one
>> program, as opposed to allowing unlimited access to the ports.
>>
>> Does Panda allow you to download updates to the server, then
>> configure the clients to get them from there?
>>
>>
>> "markreynard" <markreynard@discussions.microsoft.com> wrote in
>> message news:CC34336A-B2F4-4785-89E6-E0F8F8DD9069@microsoft.com...
>>> Hi
>>>
>>> I'm using panda antivirus installed on every client machine. But the
>>> update
>>> engine cannot access the internet correctly.
>>>
>>> There are setting to point to a proxy server. ie //http:server on
>>> 8080. Which is correct.
>>>
>>> Setting this makes no difference.
>>>
>>> I have spoken to tech support at panda, and they say that I need to
>>> open ports 80 and 8003 for the updates to be carried out correctly.
>>>
>>> Can anyone tell me how to do this.
>>>
>>> Cheers
>>>
>>> mark

Dave
Tue Dec 07 17:46:08 CST 2004

I agree. I use eTrust, but I recommend Trend because you can get great
support for it in this group. And Lanwench's point about network-aware AV
is a very good one. I log into the eTrust console and can immediately see
what version of the signature files is running on every desktop, laptop, and
server (and the program version itself for that matter).

FWIW, eTrust needs 3 programs excluded in the firewall settings, so you very
well may need to enter more than one. I'd experiment, but more importantly
the fact that you have to do this, combined with the poor support, argues
for a replacement. You may find someone who will give you an incentive for
changing to their product - I don't know about Trend, but this seems to be
pretty common in the AV business.


"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:OAIN$PK3EHA.2016@TK2MSFTNGP15.phx.gbl...
> markreynard wrote:
>> In answer to the second part of your question, unfortunately no you
>> can't. Each client computer with the av installed has a username and
>> password field.
>>
>> The trouble is the AV has about 4 different programs ( I think
>> )running in the task manager.
>>
>> Which one, all of them. I've never done this before, so if this is the
>> solution coudl you please ellaborate on how to do it.
>>
>> The Av support has been poor. All they say is that you need ports 80
>> and 8003 on the firewall open to make it work.
>
> You really want to look into network-aware antivirus software that you
> control centrally and push updates out from your server. Relying on
> client-side updates from the Internet is a pretty surefire way to make
> sure
> you get viruses, and can't see who's got what very easily. I don't know if
> Panda makes a corporate AV product, but if they do, you should upgrade. If
> not, look into another product - I personally like Trend (and they have a
> suite that includes ScanMail for Exchange, etc).
>>
>> Cheers
>>
>> mark
>>
>>
>> "Dave Nickason [SBS MVP]" wrote:
>>
>>> Go to Control Panel -> Windows Firewall -> Exceptions. IMO better
>>> than opening the ports would be to add Panda to the exceptions list
>>> (Add Program). It's a matter of allowing access to only the one
>>> program, as opposed to allowing unlimited access to the ports.
>>>
>>> Does Panda allow you to download updates to the server, then
>>> configure the clients to get them from there?
>>>
>>>
>>> "markreynard" <markreynard@discussions.microsoft.com> wrote in
>>> message news:CC34336A-B2F4-4785-89E6-E0F8F8DD9069@microsoft.com...
>>>> Hi
>>>>
>>>> I'm using panda antivirus installed on every client machine. But the
>>>> update
>>>> engine cannot access the internet correctly.
>>>>
>>>> There are setting to point to a proxy server. ie //http:server on
>>>> 8080. Which is correct.
>>>>
>>>> Setting this makes no difference.
>>>>
>>>> I have spoken to tech support at panda, and they say that I need to
>>>> open ports 80 and 8003 for the updates to be carried out correctly.
>>>>
>>>> Can anyone tell me how to do this.
>>>>
>>>> Cheers
>>>>
>>>> mark
>
>

Lanwench
Wed Dec 08 11:34:50 CST 2004

markreynard wrote:
> Hi thanks for your quick response
>
> I have ISA running on the SBS machine
>
> The workstations use the firewall client installed from the server.
>
>
> The mention to proxy server is mentioned in the panda software.
>
> To clarify the antivirus software is installed on the client
> workstation not on the server. Also you cannot download the updates
> to the server then collect the ipdate from the server. Th only way
> to update is directly through the internet. Each copy of the
> antivirus uses a username and password to allow the update.

That's not a good plan, as mentioned previously. You really need
network-aware AV software for your desktops that you can manage centrally.
>
> I hope this clarifies the situation. Acoording to Pandasoftware all
> I need do is open ports 80 and 8003 on the firewall, which I'm
> assuming is the ISA server.

Yep.
>
> Cheers
>
> mark
>
>
>
> "markreynard" wrote:
>
>> Hi
>>
>> I'm using panda antivirus installed on every client machine. But the
>> update engine cannot access the internet correctly.
>>
>> There are setting to point to a proxy server. ie //http:server on
>> 8080. Which is correct.
>>
>> Setting this makes no difference.
>>
>> I have spoken to tech support at panda, and they say that I need to
>> open ports 80 and 8003 for the updates to be carried out correctly.
>>
>> Can anyone tell me how to do this.
>>
>> Cheers
>>
>> mark