Guides for

• New Students
• Students
• Faculty
• Staff
• IT Staff

Search the UBIT site

Questions and comments about this should be sent to: cit-webmaster@buffalo.edu
Privacy Accessibility Statement
Last updated:
Copyright © 2006
All Rights Reserved.

Documentation

Symantec Client Security 3 Use

The Symantec Client Firewall Control Panel

The Symantec Client Firewall Control Panel is the central interface for customizing and manipulating the Client Firewall, where you can access LiveUpdate, customize program controls, add firewall rules, and import updated configuration settings.

Double-clicking on the Symantec Client Firewall icon in your system tray brings up the Control Panel.

All of the settings listed in the Control Panel except for the final two should be set to On by default.

• The Security setting is an overall indication of whether the Client Firewall is functioning. It encompasses both the actual firewall and all other Client Firewall settings such as privacy control and ad blocking. Any changes you have made to the Client Firewall settings will not be in effect if Security is set to off. You may customize the security settings if you wish, but disabling this field is not recommended.
  
  
• The Client Firewall setting represents the status of the software-based firewall included in Symantec Client Firewall. Turning this setting off leaves all other features of Client Firewall running, but stops restricting traffic to and from your computer.
  
  
• Intrusion Prevention is a feature that monitors your computer for harmful attacks by hackers or other outside threats. Keep this feature enabled to alert you when Client Firewall detects a potential attack.
  
  
• Privacy Control is a feature that ensures personal information about you (including your name, email address, and even your credit card information) cannot be transmitted without your direct consent.
  
  
• Ad Blocking allows you to block pop-ups and banner ads.

Running Symantec LiveUpdate

Symantec LiveUpdate is a program designed to automatically install new critical updates for Symantec products as they are released. Running LiveUpdate from within Symantec Client Firewall updates both the Client Firewall and your copy of Symantec AntiVirus, if you have it installed.

You must perform your first LiveUpdate immediately following the installation of Symantec Client Firewall. The LiveUpdate screen appears automatically. Following that, it is a good idea to periodically run LiveUpdate manually to ensure that your computer contains the newest virus definitions and firewall updates.

1. From the Symantec Client Firewall Control Panel, select LiveUpdate.
2. LiveUpdate will launch. Click Next to continue.
   
3. If there are available updates for your Symantec products, they will download and install.
   
4. When the LiveUpdate process is complete, click Finish to close LiveUpdate.
   

Automatic Program Control

By default, the Symantec Client Firewall enables a feature called Automatic Program Control. This feature automatically allows or restricts Internet traffic to different programs based on the type of local and remote information they request. It is possible to manually configure the Internet privileges of specific programs, thereby disabling Automatic Program Control.

If you want to disable Automatic Program Control, do the following:

1. From the Symantec Client Firewall Control Panel, select Client Firewall, then Configure.
   
2. Click the Programs tab, then de-select the Turn on Automatic Program Control box.
   
3. Click the Firewall tab, then select Custom Level.
   
4. De-select the Enable Access Control Alerts box, click OK, then OK again to return to the Symantec Client Firewall Control Panel.
   
5. You must restart your computer for these changes to take effect. When you are ready to restart, close any running programs, close the Symantec Client Firewall Control Panel, then restart your computer.

Updating the Symantec Client Firewall Configuration

Periodically, the University at Buffalo may release updates for your Symantec Client Firewall package that you will need to download and install. These updates are in the form of zipped XML files that can be imported directly into the Client Firewall.

Importing these XML files will effectively overwrite all of your old settings. If you have customized any of your Symantec Client Firewall settings, you will need to reset them to your preferences after the update. This includes such features as created rules or program control allowances, amongst others.

There are pre-configured XML files available for each version of Symantec Client Firewall on the UB Tech Tools Software Downloads page where Symantec Client Security is available for download. Using the same process as you did to download the Symantec Client Security setup files, you should download and import these files following a successful installation of the program.

1. Download the Zip file to your computer.
2. The XML file will decompress automatically as it installs to a directory of your choosing. Do not attempt to open the XML file, as Symantec Client Firewall will import it through its own interface.
3. Double-click on the Symantec Client Firewall icon, which looks like a yellow and black circle, in your Taskbar to access the Symantec Client Firewall Control Panel, then click the Options button at the top of the window.
4. Click the Settings Manager tab, then click Import Settings.
   
5. A file browser window will open. Choose the directory where you saved your XML file. Select the name of the XML file, then click Open.

Note

You must close all web browser windows before beginning the Symantec Client Firewall update process. Failure to do so may cause the process to freeze until all browser windows are closed.

6. You will be asked if you would like to import all of your settings from the XML file. Click Yes to proceed.
   
7. Symantec Client Firewall will confirm that you want to overwrite its configuration settings with the new ones located in the XML file. Click Yes to proceed.
   
8. A progress window will appear in the lower right-hand corner of your screen. When it reaches 100% and the installation is complete, a window will inform you that the settings update was successful. Click OK to return to the Symantec Client Firewall Control Panel.
   
9. Close all Symantec Client Firewall windows, save any unsaved information, and restart your computer. None of the updates you have just installed will take effect until the system restarts.

Backing Up Your Firewall Settings

When you update or reinstall Symantec Client Security, any customized firewall settings you are using will be replaced with the University at Buffalo standard settings. Therefore, it is highly recommended that you regularly back up your firewall settings to make sure that your computer is adequately protected.

1. Double-click on the Symantec Client Firewall icon, which looks like a yellow and black circle, in your Taskbar to access the Symantec Client Firewall Control Panel, then click the Options button at the top of the window.
   
2. Click the Settings Manager tab at the top of the Symantec Client Firewall Options window.
   
3. Click the Export Settings button.
   
4. Select the location to which you want to save the exported settings file, enter a file name into the File name text field, then click Save.
   
5. When the Confirm Import/Export window appears, click Yes.
   
6. An Exporting Settings progress window will appear at the bottom of your screen. Please wait while the exporting process is completed. When the window disappears, your settings have been successfully backed up.
   

Adding Rules in Symantec Client Firewall

Rules in Symantec Client Firewall are settings or preferences which allow outside computers and ports access through your firewall. In effect, they are settings which define what the firewall will block. If you use an Internet Service Provider (ISP) which is not the University at Buffalo (such as Time Warner Road Runner or Verizon), you will most likely need to manually configure your rules. There is no XML file available at the University which contains settings for off-campus ISPs. If you are a novice user, or feel you need help manually configuring your firewall rules and/or settings, please contact your ISP for assistance.

Note that items further up in the rules queue will take priority over those below them. This is very important, because rules you add may not take effect unless they are in an appropriate position in the queue.

To add new rules:

1. From the Symantec Client Firewall Control Panel, select Client Firewall, then Configure.
2. Click the Advanced tab, then click General.
   
3. Click the Add button.
   
4. Select whether you would like to permit, block, or monitor an outside connection, then click Next.
   
5. Select the connection permission, then click Next.
   
6. In the Add Rule window, select Only the computers and sites listed below, then click Add. The Networking window will appear. Select how you would like to specify the computers or sites involved in your rule, then enter the relevant information for that computer or site. When you are done, click OK to exit the Networking window, then click Next at the Add Rule window to continue.
   

Note

For computers or sites that you trust, you should generally allow all types of communication. Novice users should not attempt to allow individual port openings to sites that they may not trust completely, as opening the wrong port can present serious security risks.

7. Select which protocols and ports will be involved in this rule, then click Next.
   
8. Select any notification settings that you would like to enable, then click Next.
   
9. Enter a name for the new rule, then click Next.
   
10. Select the location settings for the new rule. It is recommended that you click Check All to apply this rule to all locations. Click Next to continue.
    
11. A summary of your rule will be displayed. Ensure that your desired settings match the ones displayed. If not, use the Back button to change them. When satisfied, click Finish.
12. You will be returned to the rules listing. Select your new rule, then use the Move Up and Move Down buttons to situate your rule in the proper priority structure.
13. When satisfied, click OK, then OK again to return to the Symantec Client Firewall Control Panel.

Web History

Symantec Client Firewall includes a feature known as Web History that logs your Internet activity. This feature enables Symantec Client Firewall's Log Viewer to track every website you have visited in an archive.

Some users may wish to erase this data periodically. To do so, refer to the following steps.

1. From the Symantec Client Firewall Control Panel, click Statistics on the left-hand side of the window.
2. The Statistics window will appear. Click View Logs.
   
3. The Log Viewer window will appear. From here, you can view various logged statistics about your computer's network and firewall activity. Select Web History from the list on the left to display your computer's logged web activity.
   
4. To delete this information, click the large red X in the upper left-hand corner of the window, under File. You will be asked to verify that you want to delete this information. Click Yes to continue.
   
5. Close the Log Viewer and return to the Symantec Client Firewall Control Panel to complete the Web History deletion process.

Interpreting Common Alerts

When Symantec Client Firewall detects certain potentially unsafe conditions, it will present you with what is commonly referred to as an Alert. These alerts are designed to inform you of what Client Firewall has detected, as well as give you options on how to handle the issue. Below is information about one of the general Alerts you may encounter when using Symantec Client Firewall, and what it means.

Intrusion Detection

An intrusion detection alert is created when Symantec Client Firewall detects a remote computer attempting to access your machine without explicit permission. This can be a serious issue, as hackers or malicious software programs may be attempting to access your computer to retrieve personal information or deposit potentially harmful programs.

When an intrusion detection alert appears, you will be presented with several important pieces of information. The box in the middle of the alert tells you the date and time of the intrusion attempt, as well as which protocol was used to attempt to transmit data. Different protocols are used to receive or transmit data; knowing this may potentially be relevant in troubleshooting the issue causing the alert. In addition, you are given the remote address of the intrusion attempt -- which is the Internet address of the computer attempting to access your computer.

If you want more information, you can choose Yes in the Alert Assistant pull-down menu to view a help file about various Symantec Client Firewall Alert topics. This is a good resource to get information about different types of Alerts and what they mean.

If you would like Symantec Client Firewall to continue blocking this intrusion attempt in the future but would not like to be prompted each time it does so, select the Don't create a Security Alert for this threat again checkbox. Click OK.

Document Information