kaspersky anti-virus
Deerfield.net
VisNetic AntiVirus for Server
USER GUIDE
VisNetic Antivirus
for Server
User Guide
ã Deerfield.net
Visit our Website: http://www.deerfield.net/
Date of editing: January 2003
VisNetic AntiVirus for Server
Contents
1.1. Software Components 8
1.2. New Features of Version 4.0 9
1.3. License agreement 11
1.4. Information in This Guide 23
1.5. Conventions 24
1.6. Help Desk for Registered Users 25
2.1. Hardware and Software Requirements 26
2.2. Running the Setup Wizard 27
2.2.1. Installing 27
2.2.2. Reinstalling 30
2.2.3. Uninstalling 31
3.1. Functions and Features 32
3.2. Starting VisNetic AntiVirus Scanner 33
3.3. Program Interface 36
3.3.1. System menu 36
3.3.2. Main window 36
3.3.3. Menu 37
3.3.4. Tool bar 39
3.3.5. Work area 40
3.3.5.1. The Objects, Options, Customize and Statistics categories 40
3.3.5.2. The right-click menu 40
3.3.6. Status bar 41
3.4. Changing Settings 41
3.4.1. Objects to be checked 41
3.4.1.1. Defining the location to be checked 41
3.4.1.2. Defining objects to be checked 43
3.4.1.3. Handling infected and suspicious objects 44
3.4.1.4. Advanced scanning modes 46
3.4.1.4.1. Scanning compound objects 46
3.4.1.4.2. Scanning archives and self-extracting files 46
3.4.1.4.3. Scanning mail databases and plain mail files 47
3.4.1.4.4. Scanning embedded objects 48
3.4.1.4.5. Heuristic detecting module 48
3.4.2. General settings: Options 48
3.4.2.1. Reporting options 49
3.4.2.2. Renaming options 50
3.4.2.3. Defining priority 50
3.4.3. Advanced settings: Customize 50
3.4.4. Saving/loading settings 52
3.4.5. Previewing settings before the check 53
3.5. Checking For and Deleting Viruses 54
3.5.1. Starting and aborting the check 54
3.5.2. Changing priority of the check 56
3.5.3. Monitoring progress 56
3.5.4. Viewing statistics 56
3.6. Updating Antivirus Bases 57
3.7. Generating a List of Currently Known Viruses 57
4.1. Functions and Features 59
4.2. How to Start, Disable and Enable Your VisNetic AntiVirus Monitor 60
4.3. Program Interface 61
4.3.1. System menu 61
4.3.2. Main window 62
4.3.3. Menu 62
4.3.4. Toolbar 64
4.3.5. Work area 64
4.3.6. Buttons 65
4.4. Changing Settings 65
4.5. Loading, Disabling and Enabling VisNetic AntiVirus Monitor 66
4.5.1. Loading, disabling and enabling VisNetic AntiVirus Monitor 66
4.5.2. Viewing performance statistics 67
4.6. Updating Anti-Virus Bases 67
5.1. What the VisNetic AntiVirus Updater is Used For 68
5.2. How to Start the VisNetic AntiVirus Updater 68
5.3. Description of VisNetic AntiVirus Updater Interface 69
5.3.1. The Welcome wizard box 69
5.3.2. The Connection wizard box 70
5.3.3. Updating via the Internet 70
5.3.4. Defining URL 71
5.3.5. Defining the IP connection 72
The dial-up options 74
5.3.5.1. Updating from a local folder 77
5.3.6. Choosing objects to be updated 77
5.3.7. The Options wizard box 77
5.3.8. The Retrieving updates window 78
5.3.9. The Finishing wizard box 79
6.1. What VisNetic AntiVirus Control Center Is Used For 80
6.2. Launching VisNetic AntiVirus Control Center 81
6.3. VisNetic AntiVirus Control Center Interface 83
6.3.1. The Tasks tab 83
6.3.1.1. The Property window 88
6.3.1.1.1. The VisNetic AntiVirus Scanner task property window 88
6.3.1.1.2. The VisNetic AntiVirus Monitor task property window 89
6.3.1.1.3. The VisNetic AntiVirus Updater task property window 89
6.3.2. The Components tab 90
6.3.3. The Settings tab 92
6.3.3.1. The Security category 93
6.3.3.2. The Alerts category 95
6.3.3.3. The Remote management category 98
6.3.3.3.1. Remote management security setting 99
6.3.3.3.2. Remote management ports setup 100
6.3.3.4. The Quarantine category 100
6.3.3.5. The Customize category 102
6.3.3.5.1. Sound setup 102
6.3.3.5.2. Color setup 103
6.3.4. The Quarantine tab 105
6.4. New Task Wizard 107
6.4.1. Tasks window 107
6.4.2. The Schedule window for a VisNetic AntiVirus Monitor task 108
6.4.3. The Schedule window for VisNetic AntiVirus Scanner and Updater 109
6.4.3.1. Launching on event 109
6.4.3.2. Launching by condition 111
6.4.3.3. Launching hourly 112
6.4.3.4. Launching daily 113
6.4.3.5. Launching weekly 114
6.4.3.6. Launching monthly 114
6.4.4. The Alerts window 115
6.4.5. The User account window 115
6.4.6. Task settings 117
6.4.6.1. The Settings window for VisNetic AntiVirus Scanner and Monitor tasks 117
7.1. What VisNetic Report Viewer is Used For 119
7.2. Activating VisNetic Report Viewer 119
7.3. Interface 119
8.1. What is the Settings Tree? 123
8.2. The Settings Tree 124
8.3. Controls 124
8.3.1. Check box 125
8.3.2. Option button 125
8.3.3. Text field 126
8.3.4. Input field defining the path to… 127
8.3.5. Input field defining the number of … 127
8.3.6. Drop-down list 127
8.4. Control Indicators 128
9.1. What Script Checker Is Used For 130
9.2. Operating Principles of VisNetic AntiVirus Script Checker 130
10.1. The Heuristic Checking Tool (Code Analyzer) 132
10.2. The Redundant Scanning Tool 134
Chapter
1
1. VisNetic AntiVirusÔ
for Server
1.1. Software Components
What is VisNetic AntiVirus for Server?
VisNetic AntiVirusTM for Server software package is designed to protect a computer running the Windows operating system against viruses.
The following software products are included:
· VisNetic AntiVirus Scanner is an antivirus program that checks for viruses and deletes them on demand.
· VisNetic AntiVirus Monitor is a resident virus-detection +monitor that checks files that are started and opened.
· VisNetic AntiVirus Updater is a virus-definition database-updating utility. When searching for viruses, VisNetic AntiVirus Scanner and VisNetic AntiVirus Monitor use these antivirus (or virus-definition) bases to identify viruses detected. Kaspersky Lab updates these bases on a daily basis by adding new virus details to them; database updates are placed on Kaspersky Lab websites and later retrieved by the updating utility.
· VisNetic AntiVirus Script Checker is a program that protects computers from script viruses and worms that are executed directly within computer memory. When you run the VisNetic AntiVirus Server setup utility, the program is automatically added in your operating system and later you will not have to start it manually.
· VisNetic AntiVirus Control Center is a shell program for the software package components. The VisNetic AntiVirus Control Center allows a user to manage installation and updating of the package components, schedule required operations, launch antivirus applications and review their performance statistics.
· VisNetic Report Viewer is a program allowing a user to display reports generated by the package components.
The VisNetic AntiVirus for Server software package allows checking for viruses on local as well as on network drives. This check can be performed using VisNetic AntiVirus Scanner and/or VisNetic AntiVirus Monitor.
By using VisNetic AntiVirus Administration Kit, the remote administration program, a network administrator can remotely manage components of the VisNetic AntiVirus software package.
1.2. New Features of Version 4.0
Features not available in the previous versions.
The VisNetic AntiVirusTM for Server version described in this guide has the following new features:
· Optimized architecture of VisNetic AntiVirus Scanner and VisNetic AntiVirus Monitor. These programs are now each divided into two sub-programs: functional and interface. This division allows the programs to continue operating even with the interface sub-program unloaded. When unloaded, the interface sub-program releases additional RAM space, allowing accelerated performance of other applications.
· Improved user interface. Changes affect mostly the interface’s graphic items, i.e., icons in the taskbar and pictures displayed when programs are started and during their operation.
· Improved setup utility. If you have VisNetic AntiVirus Control Center and/or VisNetic AntiVirus Updater preinstalled on your computer, the setup utility will allow you to keep their settings (see subchapter 2.2.2). When running under Windows NT/2000, the VisNetic AntiVirus Monitor program operates as a system service.
· Improved VisNetic AntiVirus Scanner command line. New switches have been added to the list of command line switches allowing more flexible configuration of the location to be checked by VisNetic AntiVirus Scanner (see subchapter 2.2.2).
· VisNetic AntiVirus Monitor for Windows 9x/NT/2000 operating systems. The difference between the VisNetic AntiVirus Monitor versions for various operating systems has been eliminated. Improved interception of system calls to the infected files increases the stability of your operating system.
· Improved archive-handling capabilities. New options have been added to the VisNetic AntiVirus Scanner and VisNetic AntiVirus Monitor archive-handling preferences. These options allow a user to insure retention of recoverable data with the programs preset to delete infected objects (see subchapter 3.4.2.2).
· Extended capability to disinfect MS Outlook Express mail bases and the objects started at the operating system start. VisNetic AntiVirus Scanner now allows removal of computer viruses from MS Outlook Express mail databases. If you preset the program to delete infected objects and it detects a virus in the OS-started object, the program deletes the object and the object-starting code.
· Added capability to check for viruses in the memory of running programs. VisNetic AntiVirus Monitor performs this check right after it is loaded, and also every time you update your antivirus bases. If the infected memory of a program cannot be disinfected, the program is forced to abort.
· Added capability to update program modules. VisNetic AntiVirus Updater now allows updating of both the antivirus bases and package components. It’s easy – you just enable module updating by checking the appropriate box (see subchapter 5.3.2).
· Quarantine. An easy-to-use tool that encodes infected files and places them into quarantine storage (a special folder from which they can be later restored). In combination with the removal of infected objects which the program failed to disinfect, this tool provides full-scale protection against viruses while ensuring the retention of recoverable data (see subchapters 6.3.3.4, 6.3.4). The quarantine tool is available only when managing VisNetic AntiVirus Monitor and VisNetic AntiVirus Scanner via VisNetic AntiVirus Control Center.
1.3. License agreement
1. 1. Proprietary Rights and Non-Disclosure
1.1. 1.1. You agrees that the Product and the authorship, systems, ideas, methods of operation, documentation and other information contained in the Product, are proprietary intellectual properties and or the valuable trade secrets of the Company and are protected by civil and criminal law, and by the law of copyright, trade secret, trademark and patent of the United States and other countries. You may use trademarks only insofar as to identify printed output produced by the Product in accordance with accepted trademark practice, including identification of trademark owner's name. Such use of any trademark does not give you any rights of ownership in that trademark. Your possession, installation or use of the Product does not transfer to you any title to the intellectual property in the Product, and you will not acquire any rights to the Product except as expressly set forth in this Agreement. All copies of the Product made hereunder must contain the same proprietary notices that appear on and in the Product. Except as stated herein, this Agreement does not grant you any intellectual property rights in the Product.
1.2. 1.2. You acknowledge that the source code for the Product is proprietary to the Company and constitutes trade secrets of the Company. You agree not to modify, adapt, translate, reverse engineer, decompile, disassemble or otherwise attempt to discover the source code of the Product in any way.
1.3. 1.3. You agree that the Product, including the specific design and structure of individual programs and the Key Identification File provided to you by the Company constitute confidential proprietary information of Kaspersky Labs and Deerfield.net. You agree not to disclose, provide or otherwise make available such confidential information in any form to any third party without the prior written consent of the Company. You agree to implement reasonable security measures to protect such confidential information, but without limitation to the foregoing, shall use best efforts to maintain the security of the Key Identification File provided to you by the Company.
1.4. 1.4. You agree not to modify or alter the Product in any way. You may not remove or alter any copyright notices or other proprietary notices on any copies of the Product.
2. 2. Grant of License
2.1. 2.1. License. The Company grants you one (1) unless otherwise specifically indicated under a valid license (e.g. volume license) granted by the Company, non-exclusive and non-transferable license to Operate and use the Product. During the term of your subscription license, subject to the payment of the applicable fees and your compliance with the terms hereof, this Agreement permits you to Operate one copy of the specified version of the Product, for internal purposes only, on one computer, workstation, personal digital assistant, pager, 'smart phone' or other electronic device of which the software was designed (each a "Client Device"), and only by one user, at a time. If you have purchased multiple licenses for the Product, then at any time you may have as many copies of the Product and may Operate as many copies of the Product as you have licenses. If the Product is licensed as a suite or bundle with more than one specified software product, this license applies to all such specified software products, subject to any restrictions or usage terms specified on the applicable price list or product packaging that apply to any of such software products individually. The Company reserves all rights not expressly granted herein.
2.2. 2.2. Server Mode. You may use the Product on a Client Device or as a server ("Server") within a multi-user or networked environment ("Server-Mode") only if such use is permitted in the applicable price list or product packaging for the Product. A separate license is required for each Client Device or "seat" that may connect to the Server at any time, regardless of whether such licensed Client Devices or seats are concurrently connected to or actually accessing or utilizing the Product (e.g. 'multiplexing' or 'pooling' software or hardware) does not reduce the number of licenses required (i.e. the required number of licenses would equal the number of distinct inputs to the multiplexing or pooling software or hardware 'front end'). If the number of Client Devices or seats that can connect to the Product can exceed the number of licenses you have obtained, then you must have a reasonable mechanism in place to ensure that your use of the Product does not exceed the use limits specified for the license you have obtained. This license authorizes you to make or download one copy of the Documentation for each Client Device or seat that is licensed, provided that each such copy contains all the Documentation's proprietary notices.
2.3. 2.3. Volume use. If the Product is licensed with volume license terms specified in the applicable product invoicing or packaging for the Product, you may make use and install as many additional copies of the Product on the number of Client Devices as the volume license terms specify. You must have a reasonable mechanism in place to ensure that the number of Client Devices on which the Product has been installed does not exceed the number of licenses you have obtained. This license authorizes you to make or download one copy of the Documentation for each additional copy authorized by the volume license, provided that each such copy contains all of the Documentation's proprietary notices.
2.4. 2.4. Multiple Environment Product; Multiple Language Product; Dual Media Product; Multiple Copies; Bundles. If the Product supports multiple platforms or languages, if you receive the Product on multiple media, if you otherwise receive multiple copies of the Product, or if you received the Product bundled with other software, the total number of your computers on which all versions of the Product are installed may not exceed the number of licenses you have obtained from the Company. You may not rent, lease, sublicense, lend or transfer any versions or copies of the Product you do not use.