background image

Default Vulnerable and Compressed File Extensions

272

McAfee VirusScan

Current list of compressed files scanned

The VirusScan application and the VShield scanner look for viruses in a range 
of compressed and archived file formats. Each component uses slightly 
different technologies for this purpose, however, and therefore treats each file 
type differently.

For the purpose of this discussion, a “compressed” file means a single file. 
Compression utilities such as PKLite, LZEXE, and others combine or discard 
redundant data within these files to reduce their size. An “archived” file 
means a file that acts as a “wrapper” or an envelope that contains other files 
within itself. The files within the wrapper can be compressed or  not 
compressed. Examples of such files include WinZip files, .TAR files, and .ARC 
files. Most WinZip files compress other files and wrap them in a single archive.

This table summarizes how each VirusScan component treats each file type:

Table 10-1. Compressed file and archive scanning treatment

VirusScan 
component

Archived file

Compressed file

VirusScan 
application

• Select the 

Compressed 

files 

checkbox to enable.

• Opens archives and scans 

the files within.

• Specify 

All Files

 as your 

scan target or add the 
archive's file name 
extension to the Program 
Extensions dialog box to 
have the application scan 
the archive as a file.

• Select the 

Compressed 

Files

 checkbox to enable.

• Scans the compressed file if 

you specify 

All Files

 as 

your scan target or add the 
compressed file's extension 
to the Program Extensions 
dialog box.

VShield 
scanner

• The scanner will not open 

the archive to scan the files 
within.

• Specify 

All Files

 as your 

scan target or add the 
archive's file name 
extension to the Program 
Extensions dialog box, to 
have the scanner examine 
the archive as a file. 

• Select the 

Compressed 

Files

 checkbox to enable.

• Specify 

All Files

 as your 

scan target, or add the 
compressed file's extension 
to the Program Extensions 
dialog box, to have the 
scanner look for viruses in 
the compressed file.

Summary of Contents for VIRUSSCAN 5.1

Page 1: ...McAfee VirusScan User s Guide Version 5 1 ...

Page 2: ...bScan WebShield WebSniffer WebStalker WebWall and ZAC 2000 are registered trademarks of Network Associates and or its affiliates in the US and or other countries All other registered and unregistered trademarks in this document are the sole property of their respective owners LICENSE AGREEMENT NOTICE TO ALL USERS CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT AGREEMENT FOR THE LICENSE OF SPECIFIED S...

Page 3: ...s with VirusScan software 22 What s new in this release 27 Chapter 2 Installing VirusScan Software 31 Before you begin 31 System requirements 31 Other recommendations 31 Preparing to install VirusScan software 32 Installation options 32 Installation steps 32 Using the Emergency Disk Creation utility 43 Determining when you must restart your computer 48 Testing your installation 49 Modifying or rem...

Page 4: ...ner properties 93 Using the VShield shortcut menu 149 Disabling or stopping the VShield scanner 149 Tracking VShield software status information 155 Chapter 5 Using the VirusScan application 157 What is the VirusScan application 157 Why use the VirusScan application 158 Starting the VirusScan application 159 Configuring the VirusScan Classic interface 164 Configuring the VirusScan Advanced interfa...

Page 5: ...248 Using the Alert Manager Client Configuration utility 251 VirusScan software as an Alert Manager client 252 Configuring the Alert Manager client utility 252 Chapter 9 About Safe Sound 257 Using Safe Sound 258 Protected Volume Files The Ultimate Backup Protection 258 Why You Should Make Regular Backups With Safe Sound 258 How Safe Sound Creates Automatic Backups 259 Defining Your Backup Strategy...

Page 6: ...t Service to Get New Data Files 281 Introducing the SecureCast service 281 Why should I update my data files 282 Which data files does the SecureCast service deliver 282 Installing the BackWeb client and SecureCast service 283 System requirements 283 Troubleshooting the Enterprise SecureCast service 293 Unsubscribing from the SecureCast service 293 Support resources 293 SecureCast service 293 Back...

Page 7: ... the cost you incur in time and effort to track down the source of the infection and eradicate all of its traces Why worry So why worry about virus infections if most attacks do little harm The problem is twofold First although relatively few viruses have destructive effects that fact says nothing about how widespread the malicious viruses are In many cases viruses with the most debilitating effec...

Page 8: ...th us But knowing a bit about the history of computer viruses and how they work can help you better protect yourself against them Virus prehistory Historians have identified a number of programs that incorporated features now associated with virus software Canadian researcher and educator Robert M Slade traces virus lineage back to special purpose utilities used to reclaim unused file space and pe...

Page 9: ... closely guarded mainframe systems dominated the computing world from their bastions in large corporations and universities Nor did the individual users who bought PCs have much use for the sophisticated security measures needed to protect sensitive data in those environments As further catalyst virus writers found it relatively easy to exploit some PC technologies to serve their own ends Boot sec...

Page 10: ...later generation viruses routinely incorporate functions that infect your hard disk boot sector or MBR even if they use other methods as their primary means of transmission Those same viruses have also benefitted from several generations of evolution and therefore incorporate much more sophisticated infection and concealment techniques that make it far from simple to detect them even when they hid...

Page 11: ...fected file s size to easily detectable proportions or would consume enough system resources to point to an obvious culprit their authors also needed to tell them to leave certain files alone They addressed this problem by having the virus write a characteristic byte sequence or in 32 bit Windows operating systems create a particular registry key that would flag infected files with the software eq...

Page 12: ... down version of its Visual Basic language included with the suite users could create document templates that would automatically format and add other features to documents created with Word and Excel Other vendors quickly followed suit with their products either using a variation of the same Microsoft macro language or incorporating one of their own Virus writers in turn seized the opportunity th...

Page 13: ...e modules or objects that programmers can write themselves or take from existing sources and fashion into the plug ins applets device drivers and other software needed to power the web Java objects are called classes while ActiveX objects are called controls The principle difference between them lies in how they run on the host system Java applets run in a Java virtual machine designed to interpre...

Page 14: ...cious actions but virus writers and security hackers have found ways around these Because the benefits these innovations bring to the web generally outweigh the risks however most users find themselves calculating the tradeoffs rather than shunning the technologies Where next Malicious software has even intruded into areas once thought completely out of bounds Users of the mIRC Internet Relay Chat...

Page 15: ... yet unidentified Trojan horse or other malicious program for one of your favorite shareware or commercial utilities that is until after the fact Web and Internet access poses its own risks VirusScan anti virus software gives you the ability to block dangerous web sites so that users can t inadvertently download malicious software from known hazards it also catches hostile objects that get downloa...

Page 16: ...Preface xvi McAfee VirusScan ...

Page 17: ...ng VirusScan anti virus software Eighty percent of the Fortune 100 and more than 50 million users worldwide choose VirusScan anti virus software to protect their computers from the staggering range of viruses and other malicious agents that has emerged in the last decade to invade corporate networks and cause havoc for business users They do so because VirusScan software offers the most comprehens...

Page 18: ...ve faster than ever before The new release also adds multiplatform support for Windows 95 Windows 98 Windows ME Windows NT Workstation v4 0 and Windows 2000 Professional all in a single package with a single installer but optimized to take advantage of the benefits each platform offers Windows NT Workstation v4 0 and Windows 2000 Professional users for example can run VirusScan software with diffe...

Page 19: ...own data is relatively unimportant to you neglecting to guard against viruses might mean that your computer could play unwitting host to a virus that could spread to computers that your co workers and colleagues use Checking your hard disk periodically with VirusScan software significantly reduces your system s vulnerability to infection and keeps you from losing time money and data unnecessarily ...

Page 20: ...on techniques new variants or other problems that emerging viruses now pose This results in blazingly quick enhancements the engine s detection capabilities and removes the need for continuous updates that target virus variants Encrypted polymorphic virus detection Along with generic virus variant detection the scan engine now incorporates a generic decryption engine a set of routines that enables...

Page 21: ...bination of positive and negative techniques results in an unsurpassed detection rate with few if any costly misidentifications Wide spectrum coverage As malicious agents have evolved to take advantage of the instant communication and pervasive reach of the Internet so VirusScan software has evolved to counter the threats they present A computer virus once meant a specific type of agent one design...

Page 22: ...large compressed archive files in an attempt to tie up the scanner as it digs through the file looking for infections VirusScan software accurately scans the majority of popular compressed file and archive file formats but it also includes logic that keeps it from getting trapped in an endless hunt for a virus chimera What comes with VirusScan software VirusScan software consists of several compon...

Page 23: ... and step by step instructions click the Help icon on the upper right hand corner of the window To view available options in customizing how you want McAfee VirusScan components to work on your PC click the Options button The VirusScan Console This component allows you to create configure and run VirusScan tasks at times you specify A task can include anything from running a scan operation on a se...

Page 24: ...or your configuration options prevents others from making unauthorized changes The same convenient dialog box controls configuration options for all VShield modules See Using the VShield Scanner on page 85 of the VirusScan User s Guide for details Safe Sound This component allows you to create backup sets in protected volume files which is the safest and preferred type of backup A protected volume...

Page 25: ...y This essential utility helps you to create a floppy disk that you can use to boot your computer into a virus free environment then scan essential system areas to remove any viruses that could load at startup Command line scanners This component consists of a set of full featured scanners you can use to run targeted scan operations from the MS DOS Prompt or Command Prompt windows or from protecte...

Page 26: ...e command line scanners as a backup Documentation VirusScan software documentation includes A printed Getting Started Guide which introduces the product provides installation instructions outlines how to respond if you suspect your computer has a virus and provides a brief product overview The printed Getting Started Guide comes with the VirusScan software copies distributed on CD ROM discs you ca...

Page 27: ...es with the product release and often describes new product features incorporated into incremental product updates You ll find the README TXT file at the root level of your VirusScan software CD ROM or in the VirusScan software program folder you can open and print it from Windows Notepad or from nearly any word processing software What s new in this release This VirusScan release introduces a num...

Page 28: ...d VirusScan control panel to run at startup Other changes include New VShield system tray icon states tell you more about which VShield modules are active These states are All VShield modules are active The System Scan module is active but one or more of the other VShield modules is inactive The System Scan module is inactive but one or more of the other VShield modules is active All VShield modul...

Page 29: ...can software Even with the majority of the virus definitions it requires now incorporated directly into its engine in generic routines VirusScan software still requires regular DAT file updates to keep pace with the 200 to 300 new viruses that appear each month To meet this need McAfee VirusScan Software has incorporated updating technology in VirusScan software from its earliest incarnations With...

Page 30: ...About VirusScan Software 30 McAfee VirusScan ...

Page 31: ...or equivalent to at least an Intel Pentium class or compatible processor McAfee VirusScan Software recommends an Intel Pentium processor or Celeron processor running at a minimum of 166 MHz A CD ROM drive If you downloaded your copy of VirusScan software this is an optional item At least 16MB of free hard disk space At least 16MB of free random access memory RAM McAfee VirusScan Software recommend...

Page 32: ...particular profile or rights Installation options The Installation steps section describes how to install VirusScan software with its most common options on a single computer or workstation You can choose to do a Typical setup which installs commonly used VirusScan components but leaves out some VShield modules and the ScreenScan utility or you can choose to do a Custom setup which gives you the o...

Page 33: ... the installation Setup first checks to see whether your computer already has version 1 1 of the Microsoft Windows Installer MSI utility running as part of your system software If your computer runs Windows 2000 Professional this MSI version already exists on your system If your computer runs an earlier Windows release you might still have this MSI version on your system if you previously installe...

Page 34: ...uit immediately Otherwise click I agree to the terms of the License Agreement then click Next to continue Setup next checks to see whether previous VirusScan versions or incompatible software exists on your computer If you have no other anti virus software or any previous VirusScan versions on your system it will display the Security Type or the Setup Type panel Skip to Step 8 to continue If Setup...

Page 35: ...th Step 7 Figure 2 3 Incompatible software panel 7 Select the checkbox shown then click Next Setup will start the uninstallation utility that the conflicting software normally uses and allow it to remove the software The uninstallation utility might tell you that you need to restart your computer to completely remove the other software You do not need to do so to continue with your VirusScan insta...

Page 36: ...e same VirusScan version with the same configuration options and with the same scheduled tasks for all system users 8 Select the security mode you prefer Your choices are Use Maximum Security Select this option to require users to have Administrator rights to your computer in order to change any configuration options to enable or disable any VirusScan component or to configure and run scheduled ta...

Page 37: ...es contained in the McAfee VirusScan product Custom Installation This option allows you to customized McAfee VirusScan by only selecting specific features of the product to be installed on your computer 10 Choose the option you prefer then click Next to continue If you chose Custom Setup you ll see the panel shown in Figure 2 5 Otherwise skip to Step 13 to continue with your installation ...

Page 38: ...side a component name then choose This feature will not be available from the menu that appears NOTE The VirusScan Setup utility does not support the other options shown in this menu You may not install VirusScan components to run from a network and VirusScan software has no components that you can install on an as needed basis You can also specify a different disk and destination directory for th...

Page 39: ...gin copying files to your hard drive Otherwise click Back to change any of the Setup options you chose Setup first removes any previous VirusScan versions or incompatible software from your system then copies VirusScan program files to your hard disk When it has finished it displays a panel that asks if you want to configure the product you installed Figure 2 7 Figure 2 7 VirusScan Configuration p...

Page 40: ... that you can shut down and use the VirusScan Emergency Disk to restart If your computer runs Windows NT Workstation v4 0 Windows ME or Windows 2000 Professional you may not choose Scan boot record at startup but you may choose either of the other options Neither Windows NT Workstation Windows ME nor Windows 2000 permit software to scan or make changes to hard disk boot sectors or master boot reco...

Page 41: ...ou start the VShield scanner and the VirusScan Console NOTE For more information on any of these options you can refer to the online Help of McAfee VirusScan 16 In the next screen Figure 2 9 select the Enable McAfee VirusScan Protection checkbox then click Finish The VirusScan software splash screens will appear and the VShield scanner and VirusScan Console icons will appear in the Windows system ...

Page 42: ...taller Information dialog box is displayed where you will be prompted to restart your computer Figure 2 10 Figure 2 10 McAfee VirusScan Installer Information dialog box NOTE If you had a previous VirusScan version installed on your computer you must restart your system in order to start the VShield scanner Click Yes to restart your computer ...

Page 43: ... scan your hard disk boot sectors and Master Boot Record MBR BOOTSCAN EXE works with a specialized set of DAT files that focus on ferreting out boot sector viruses If you have already installed VirusScan software with default Setup options you can find these DAT files in this location on your hard disk C Program Files Common Files McAfee VirusScan VirusScan Engine 4 0 xx The special DAT files have...

Page 44: ...he Windows taskbar point to Programs then to McAfee VirusScan Next choose Create Emergency Disk The Emergency Disk wizard welcome panel will appear Figure 2 11 Figure 2 11 Emergency Disk welcome panel 1 Click Next to continue The next wizard panel appears Figure 2 12 Figure 2 12 Second Emergency Disk panel ...

Page 45: ...floppy disk into your floppy drive then click Next The Emergency Disk wizard will copy its files from a disk image stored in the VirusScan program directory As it does so it will display its progress in a wizard panel b Click Finish to quit the wizard when it has created your disk Next remove the disk from your floppy drive lock it label it VirusScan Emergency Boot Disk and store it in a safe plac...

Page 46: ... Next The Windows disk format dialog box appears see Figure 2 11 Figure 2 13 Windows Format dialog box d Verify that the Full checkbox in the Format Type area and the Copy system files checkbox in the Other Options area are both selected Next click Start Windows will format your floppy disk and copy the system files necessary to start your computer e Click Close when Windows has finished formattin...

Page 47: ... and its support files to the floppy disk you created If VirusScan software does detect a virus quit Setup immediately 4 When the wizard finishes copying the Emergency Disk files it displays the final wizard panel Figure 2 15 Figure 2 15 Final Emergency Disk panel 5 Click Finish to quit the wizard Next remove the new Emergency Disk from your floppy drive label it write protect it and store it in a...

Page 48: ...ircumstances you can install and use this VirusScan release immediately without needing to restart your computer In some cases however the Microsoft Installer MSI will need to replace or initialize certain files or previous McAfee VirusScan Software product installations might require you to remove files in order for VirusScan software to run correctly These requirements can also vary for each sup...

Page 49: ...en restart required Restart required Installation on computer with previous VirusScan version Restart required Restart required Installation on computer with incompatible software No restart required but Setup will ask if you wish to restart You can safely click No No restart required but Setup will ask if you wish to restart You can safely click No Installation on a computer with Microsoft Instal...

Page 50: ...m either of these sources be sure to delete any carriage returns or spaces 2 Save the file with the name EICAR COM The file size will be 69 or 70 bytes 3 Start your VirusScan software and allow it to scan the directory that contains EICAR COM When VirusScan software examines this file it will report finding the EICAR STANDARD AV TEST FILE virus Ë IMPORTANT This file is not a virus it cannot spread...

Page 51: ...ct this option to add or remove individual VirusScan components Setup will display the Custom wizard panel see Figure 2 5 Start with Step 11 to choose the components you want to add or remove Remove Select this option to remove VirusScan software from your computer completely Setup will ask you to confirm that you want to remove the software from your system Click Remove Setup will display progres...

Page 52: ...Installing VirusScan Software 52 McAfee VirusScan ...

Page 53: ...e a virus on your computer because of occurrences such as these scanning for viruses might not produce the results you expect but it will help eliminate one potential cause of your computer problems The safest course of action you can take is to install VirusScan software then scan your system immediately and thoroughly When you install VirusScan software Setup starts the VirusScan application to ...

Page 54: ...BIOS settings so that your computer looks first on your A or B drive Consult your hardware documentation to learn how to configure your BIOS settings After it starts your computer the Emergency Disk runs a batch file that leads you through an emergency scan operation The batch file first asks you whether you cycled the power on your computer 4 Type y to continue then skip to Step7 If you did not t...

Page 55: ...me and location of the virus on the screen 6 When the scanner finishes examining your hard disk remove the Emergency Disk from your floppy drive then shut your computer off again 7 When BOOTSCAN EXE finishes examining your system you can either Return to working with your computer If BOOTSCAN EXE did not find a virus or if it cleaned any infected files it did find remove the Emergency Disk from yo...

Page 56: ... constant level of vigilance between scan operations Under most circumstances this should protect your system s integrity If you connect to the Internet frequently or download files often you might want to supplement regular scan operations with tasks based on certain events Use the VirusScan Console to schedule a set of scan tasks to monitor your system at likely points of virus entry such as whe...

Page 57: ...me or defined behavior Although that doesn t give you much help when your problem really results from an interrupt conflict it does allow you to eliminate one possible cause With that knowledge you can then go on to troubleshoot your system with a full featured system diagnosis utility More serious is the confusion that results from virus like programs virus hoaxes and real security breaches Anti ...

Page 58: ...hut the computer down and turn off the power Wait a few seconds before you start the computer again so that the system can clear the other program s code signature strings from memory You have a BIOS chip with anti virus features Some BIOS chips provide anti virus features that can trigger false detections when VirusScan software runs Consult the user s guide for your computer to learn about how i...

Page 59: ... of default responses Responding when the System Scan module detects a virus How this module reacts when it finds a virus depends on which operating system your computer runs and on Windows 95 and Windows 98 systems on which prompt option you chose in the module s Action page By default on Windows 95 and Windows 98 systems this module looks for viruses each time you run copy create or rename any f...

Page 60: ...n Warning System Scan response options This alert message brings your system to a complete halt as it awaits your response No other programs or system operations run on your system until you choose one of the response options shown The BIOS prompt type also allows you to substitute a Continue option for the Move File option To do so select the Continue access checkbox in the module s Action page N...

Page 61: ...ich files it flagged as infected You can then restore deleted files from backup copies Move the file to a different location Click Move File to in the dialog box This opens a browse window you can use to locate your quarantine folder or another folder you want to use to isolate infected files Once you select a folder the System Scan module moves the infected file to it immediately This option does...

Page 62: ...odule software try to remove the virus code from the infected file If it cannot clean the file either because it has no remover or because the virus has damaged the file beyond repair it will record the incident in its log file and suggest alternative responses In the example shown in Figure 3 3 the module failed to clean the EICAR test file a mock virus written specifically to test whether your a...

Page 63: ... a web browser or such e mail client programs as Eudora Light Netscape Mail Outlook Express and others It will not detect files you download with FTP client applications terminal applications or through similar channels In its initial configuration the module will prompt you to choose a response from among three options whenever it detects a virus Figure 3 4 A fourth option provides you with addit...

Page 64: ...nternet You can also use the module to block your browser from connecting to dangerous Internet sites In its initial configuration the module will ask you whenever it encounters a potentially harmful object whether you want to Deny the object access to your system or you want to Continue and allow the object access It will offer you the same choice when you try to connect to a potentially dangerou...

Page 65: ...e virus Once the application finishes examining your system you can right click each file listed in the main window then choose an individual response from the shortcut menu that appears Figure 3 7 VirusScan main window Stop Click this button to stop the scan operation immediately The VirusScan application will list the infected files it has already found in the lower portion of its main window Fi...

Page 66: ... open a dialog box that you can use to locate your quarantine folder or another suitable folder Once you have located the correct folder click OK to transfer the file to that location Info Click this to connect to the McAfee VirusScan Virus Information Library This choice does not take any action against the virus that the application detected Responding when the E Mail Scan extension detects a vi...

Page 67: ... will continue until it finds another virus on your system or until it finishes the scan operation Once it has finished examining your system you can right click each file listed in the main window then choose an individual response from the shortcut menu that appears Stop Click this button to stop the scan operation immediately The E Mail Scan extension will list the infected files it has already...

Page 68: ...tem By default the E Mail Scan extension will record the name of the infected file in its log so that you can restore the file from a backup copy Move Click this button to open a dialog box that you can use to locate your quarantine folder or another suitable folder Once you have located the correct folder click OK to transfer the file to that location Info Click this to connect to the McAfee Viru...

Page 69: ...ame displays prevalence tables technical documents and white papers and gives you access to technical data you can use to remove viruses from your system To connect directly to the library visit the site at http vil nai com villib alpha asp You can also connect directly to the Library from the VirusScan Console choose Virus List from the View menu in the Console window You ll find the Library at M...

Page 70: ... choose File Info from the shortcut menu that appears VirusScan software will open an Infected Item Information dialog box that names the file lists its type and size in bytes gives its creation and modification dates and describes its attributes Figure 3 11 Figure 3 11 Infected File Information property page Submitting a virus sample If you have a suspicious file that you believe contains a virus...

Page 71: ...r analysis To submit a sample file follow these steps 1 If you must connect to your network or Internet Service Provider ISP to send e mail do so first If you are continuously connected to your network or ISP skip this step and go to Step 2 2 Locate the file SENDVIR EXE in your VirusScan program directory If you installed your VirusScan software with default Setup options you ll find the file here...

Page 72: ...l address and any message you would like to send along with your submission in the text boxes provided then click Next to continue NOTE You may submit samples anonymously if you prefer simply leave the text boxes in this panel blank You are under no obligation to supply any information at all here The Choose Files to Submit panel appears Figure 3 14 Figure 3 14 Choose Files to Submit panel ...

Page 73: ...he files you want to submit click Next to continue The Choose Upload Options panel appears Figure 3 15 Figure 3 15 Choose Upload options panel If the file you want to submit is a Microsoft Office document or another file that contains information you want to keep confidential select the Remove my personal data from file checkbox then click Next to continue This tells the SENDVIR EXE utility to str...

Page 74: ...soft Exchange Click this button to send your sample via your corporate e mail system To use this option your e mail system must support the Messaging Application Programming Interface MAPI standard Examples of such systems include Microsoft Exchange Microsoft Outlook and Lotus cc Mail v8 0 and later 8 Click Finish to send your sample NOTE Although McAfee VirusScan researchers appreciate your submi...

Page 75: ... so follow these steps 1 Insert a new unformatted floppy disk into your floppy drive 2 Click Start in the Windows taskbar point to Programs then choose MS DOS Prompt if your computer runs Windows 95 or Windows 98 or Command Prompt if your computer runs Windows NT Workstation v4 0 or Windows 2000 Professional 3 Type this line at the command prompt format a s If your system hangs as it tries to form...

Page 76: ...nclude all files you have installed in alternative startup file locations If you suspect that a macro virus has infected your PowerPoint files copy the file BLANKPRESENTATION POT from C Program Files Microsoft Office Templates to the disk Making disk images To send the files now stored on any floppy disks you created you can use a McAfee VirusScan AVERT Labs tool called RWFLOPPY EXE to make a flop...

Page 77: ...alog box appears 5 Click Password to display the Password dialog box 6 Type INFECTED in the Password text box then click OK 7 When prompted retype your password to verify its accuracy then click OK The Add With Password dialog box appears 8 Select your sample files then click OK WinZip applies the password you entered to all files that you add to or extract from your archive Password protected fil...

Page 78: ...e VirusScan anti virus researchers McAfee VirusScan Software recommends that you create a text file or write a message to accompany the disks that includes the same information you would submit with an electronic disk image Send your sample to only one research lab address so that you can receive the fastest possible response to your issue Use these mailing addresses In the United States virus_res...

Page 79: ...disks or other types of removable media In Germany Network Associates Inc Virus Research Luisenweg 40 20537 Hamburg Germany In Japan Network Associates Inc Virus Research 9F Toranomon Mori bldg 33 3 8 21 Toranomon Minato Ku Tokyo Japan 105 0001 In Australia Network Associates Inc Virus Research 500 Pacific Highway Level 1 St Leonards NSW Sydney Australia 2065 In Europe Network Associates Inc Virus...

Page 80: ...Removing Infections From Your System 80 McAfee VirusScan ...

Page 81: ... connecting to dangerous Internet sites The VShield scanner consists of five related modules each of which has a specialized function You can configure settings for all of these modules in the VShield Properties dialog box The VShield modules are System Scan This module looks for viruses on your hard disk as you work with your computer It tracks files as your system or other computers read files f...

Page 82: ... the VirusScan comprehensive anti virus software security package These capabilities include On access scanning This means that the scanner looks for viruses in files that you open copy save or otherwise modify and files that you read from or write to floppy disks and network drives It therefore can detect and stop viruses as soon as they appear on your system including those that arrive via e mai...

Page 83: ...ternet or work on a network in any capacity leaving this component running at all times can significantly improve your ability to detect and dispose of harmful software before it has a chance to damage your system Browser and e mail client support The VShield scanner works seamlessly with many of the most popular web browsers and e mail client software available for the Windows platform To work wi...

Page 84: ... to enable the VShield scanner at that time If you agree the VShield scanner should load into memory immediately and begin working with a default set of options that give you basic anti virus protection If you do not agree the VShield scanner will load automatically the next time you restart your computer When the VShield scanner first starts it displays an icon in the Windows system tray that ind...

Page 85: ...atically If the VShield scanner does not start automatically you can set it to do so in the VirusScan control panel Follow these steps 1 Click Start in the Windows taskbar point to Settings then choose Control Panel 2 Locate and double click the VirusScan control panel to open it 3 Click the Components tab Figure 4 1 Figure 4 1 VirusScan control panel Components page 4 Select the Load VShield on s...

Page 86: ...If you use this method to enable a module it remains enabled until you restart your VirusScan software or your computer At that point its state will depend on whether you have enabled or disabled the module in the VirusScan Properties dialog box Depending on which combination of modules you enable the VShield icon will display a different state Method 2 Use the System Scan Status dialog box Follow...

Page 87: ...erties dialog box Figure 4 2 VShield Properties dialog box 2 For each module that you want to enable click the corresponding icon along the left side of the dialog box then click the Detection tab 3 Select the Enable checkbox at the top of each page As you do so the scanner enables that module Depending on which combination of modules you enable the VShield icon displays a different state If you e...

Page 88: ...rom memory To run any tasks you have scheduled the Console must be active Understanding the VShield system tray icon states The VShield scanner displays four different icon states in the Windows system tray to indicate which if any of its modules are active An active module is one that the VShield scanner has enabled or loaded into memory and that is ready to scan inbound and outbound files An ina...

Page 89: ...amine your Internet traffic closely for viruses and malicious software The VShield configuration wizard can help you set up many of these options right away you can then tailor the program to work better in your environment as you become more familiar with the scanner and your system s susceptibility to harmful software To start the VShield configuration wizard 1 Right click the VShield icon in th...

Page 90: ...soft Office files The System Scan module will also scan files stored on floppy disks whenever you read from or write to them or when you shut down your computer If it finds a virus the module will sound an alert and prompt you for a response The module will also record its actions and summarize its current settings in a log file that you can review later 4 To enable these functions click Yes then ...

Page 91: ...e Internet but they usually do so through a gateway application run from the server The E Mail Scan module supports corporate e mail systems that fall into two general categories Lotus cc Mail Select this button if you use cc Mail versions 6 x and later which use a proprietary Lotus protocol for sending and receiving mail MAPI compliant e mail client Select this button if you use Microsoft Exchang...

Page 92: ...om the Internet select the Yes do scan my downloaded files for viruses checkbox then click Next to continue The module will look for viruses in those files most susceptible to infection and will scan compressed files as you receive them Otherwise select the No do not enable download scanning checkbox then click Next to continue The next wizard panel sets options for the VShield Internet Filter mod...

Page 93: ...e 4 8 VShield configuration wizard summary panel 8 If the summary list accurately reflects your choices click Finish to save your changes and return to the VShield Properties dialog box Otherwise click Back to change any options you chose or Cancel to return to the VShield Properties dialog box without saving any of your changes Setting VShield scanner properties To ensure its optimal performance ...

Page 94: ... 9 Figure 4 9 System Scan Properties dialog box Detection page Configuring the System Scan module The VShield System Scan module is at the heart of the VShield scanner It scans files that come from any source including those that the other VShield modules direct to it from Internet downloads and e mail messages The module can check your system for viruses each time you open run copy save rename or...

Page 95: ...ile susceptible to virus infection whether on your hard disk or on floppy disks and whether you read the file from or write the file to your hard disk The module will also examine compressed files by default but will not use heuristic scanning unless you activate it NOTE This property page will vary its appearance and have a different option set depending on which operating system your computer ru...

Page 96: ...ession here too you must select the Network drives checkbox Whenever your computer or another system reads data from a file stored on a local hard disk attached to your system or a network disk mapped to your system the System Scan module treats that data as outbound NOTE If you have network drives mapped to your computer from which you copy files or if other network users copy files from your com...

Page 97: ...own your computer This ensures that no viruses can load when your computer reads your floppy drive at startup 3 Specify the types of files you want the System Scan module to examine You can Scan compressed files Select the Compressed files checkbox to have the module look for viruses in compressed files or in file archives This option ensures that viruses do not spread from compressed files but be...

Page 98: ...select the Network drives checkbox 4 Choose VShield software management options These options let you control your interaction with the VShield scanner You can Disable the System Scan module at will Select the System Scan can be disabled checkbox in order to have the option to disable this module Note that McAfee VirusScan Software recommends that you leave the System Scan module enabled for maxim...

Page 99: ...e new viruses based on their resemblance to similar viruses that the module already knows To do this the module looks for certain virus like characteristics in the files you ve asked it to scan The presence of a sufficient number of these characteristics in a file leads the module to identify the file as potentially infected with a new or previously unidentified virus Because the System Scan modul...

Page 100: ...module will identify files with a sufficient number of these characteristics as potential viruses Enable macro and program file heuristics scanning Choose this option to have the module use both types of heuristics scanning McAfee VirusScan Software recommends that you use this option for complete anti virus protection NOTE The System Scan module will use heuristic scanning techniques only on the ...

Page 101: ...This property page will vary its appearance and have a different option set depending on which operating system your computer runs Follow these steps 1 Click the Action tab in the System Scan module to display the correct property page Figure 4 12 Figure 4 12 System Scan Properties dialog box Action page 2 Choose a response from the When a virus is found list The area immediately beneath the list ...

Page 102: ...l you choose a response option GUI Click this button to see a standard graphical alert message that also offers a range of response options This range will not include Continue access As the prompt awaits your choice your system will continue with normal operations in the background Next choose which response options you want to see in that alert message from the Possible Actions area at the botto...

Page 103: ...E The option is available only on computers that run Windows 95 or Windows 98 and only when you choose the BIOS prompt mode Move infected files automatically Choose this response to have the module move infected files to a quarantine folder as soon as it finds them By default the module moves these files to a folder named infected located in the VirusScan program directory You can enter a differen...

Page 104: ...an Properties dialog box click Apply To save your changes and close the dialog box click OK To close the dialog box without saving your changes click Cancel NOTE Clicking Cancel will not undo any changes you already saved by clicking Apply Choosing Alert options Once you configure it with the response options you want in the Action page you can let the System Scan module look for and remove viruse...

Page 105: ...if you select Prompt for user action in the Action property page Otherwise the checkbox will display and use the setting it had when you last chose the Prompt for user action item The module will sound the standard system warning beep or WAV file you have your computer set to play 4 Select the Display custom message checkbox to have the module add a custom message to the alert box it displays when...

Page 106: ... settings you used to detect and respond to the infections the System Scan module found You can also use the incident reports recorded in the file to determine which files you need to replace from backup copies examine in quarantine or delete from your computer Use the Report property page to determine which information the module will include in its log file To set the System Scan module to recor...

Page 107: ...stem down You can choose to record any of this information Virus Detection Select this checkbox to have the log file record how many viruses the module finds during each scan session Clear the checkbox to leave this information out of the log file Virus Cleaning Select this checkbox to have the log file record how many infected files the module cleans or tries to clean during each scan session Cle...

Page 108: ...e dialog box click OK To close the dialog box without saving your changes click Cancel NOTE Clicking Cancel will not undo any changes you already saved by clicking Apply Choosing Exclusion options Many of the files stored on your computer are not vulnerable to virus infection Having the System Scan module examine these files can take a long time and produce few results You can reduce the time the ...

Page 109: ...able to virus infection To choose your options follow these steps 1 Click the Exclusion tab in the System Scan module to display the correct property page Figure 4 16 Figure 4 16 System Scan Properties dialog box Exclusion page 2 Specify the items you want to exclude You can Add files folders or volumes to the exclusion list Click Add to open the Add Exclude Item dialog box Figure 4 17 Figure 4 17...

Page 110: ... the File scanning checkbox to exclude the item you specified in the first step when the module looks for file infecting viruses These viruses usually appear in files stored in the visible portions of your hard disk d Select the Boot sector scanning checkbox to exclude the item you specified in the first step from scan operations when the module looks for boot sector viruses These viruses usually ...

Page 111: ...s for viruses in earlier cc Mail versions This module can work with the Download Scan module to examine messages that arrive via POP 3 or SMTP e mail client programs such as Eudora Netscape Mail or Outlook Express The module pays particular attention to attachments that come with your e mail which are the biggest potential source of viruses Because it can scan e mail as soon as it appears on your ...

Page 112: ...ged into your e mail system the module will prompt you to choose a profile or enter account information as soon as a scan session starts even before you ve logged into your e mail account This also can occur when you start your computer if you do not have your e mail client program set to load at startup If you switch profiles or log into a different account perhaps in another domain the module wi...

Page 113: ... 8 0 or later so that it uses the same protocol as earlier cc Mail versions To verify which system you use check with your network administrator NOTE You can select only one corporate e mail system at a time but you can have the E Mail Scan module scan all attachments that arrive via both corporate and Internet e mail systems if you use both Internet Mail Requires Download Scan Select this checkbo...

Page 114: ...ail so that module has an opportunity to detect any viruses before they reach your computer 4 Specify the types of e mail attachments you want the E Mail Scan module to examine You can Scan compressed files Select the Compressed files checkbox to have the module look for viruses in compressed files or in file archives This option ensures that viruses do not spread from compressed files but because...

Page 115: ...c scanning technology enables the E Mail Scan module to recognize new viruses based on their resemblance to similar viruses that the module already knows To do this the module looks for certain virus like characteristics in the files you ve asked it to scan The presence of a sufficient number of these characteristics in a file leads the module to identify the file as potentially infected with a ne...

Page 116: ...e E Mail Scan module locate new viruses in program files by examining file characteristics and comparing them against a list of known virus characteristics The module will identify files with a sufficient number of these characteristics as potential viruses Enable macro and program file heuristics scanning Choose this option to have the module use both types of heuristics scanning McAfee VirusScan...

Page 117: ... scan If you select only Internet Mail the options here will be unavailable If you receive only Internet mail you must choose your responses in the Action property page for the Download Scan module Follow these steps 1 Click the Action tab in the E mail Scan module to display the correct property page Figure 4 22 Figure 4 22 E mail Scan Properties dialog box Action page 2 Choose a response from th...

Page 118: ...on page Delete file This option tells the module to delete the infected attachment immediately The module will however preserve the e mail message it came in Move file This option tells the module to move the infected file to a quarantine folder The alert message will display a Move file to button that allows you to locate a quarantine folder Continue scan This option tells the module to continue ...

Page 119: ...elete them at your next opportunity Use this option only if you plan to leave your computer unattended while the module checks for viruses 3 Click the Alert tab to choose additional E Mail Scan module options To save your changes without closing the E mail Scan Properties dialog box click Apply To save your changes and close the dialog box click OK To close the dialog box without saving your chang...

Page 120: ...dule send alert messages to Alert Manager for distribution Alert Manager is a separate McAfee VirusScan software component that collects alert messages and uses a variety of methods to send them to recipients that you specify To have the E Mail Scan module send these alert messages successfully you must also set up the Alert Manager Client Configuration utility ...

Page 121: ... spread You can also choose to send a messages to any recipient without replying to the source of the infected attachment The E Mail Scan module can draw recipients directly from your Microsoft Exchange Microsoft Outlook or other MAPI compliant address book or from an equivalent Lotus cc Mail directory You can also enter recipient addresses directly The message you create for a response is a templ...

Page 122: ...it detects a virus the module will send a copy of this message to each person who sends you e mail with an infected attachment It fills in the recipient s address with information found in the original message header and identifies the virus and the affected file in the area immediately below the subject line If you have activated its report feature the module also logs each instance when it sends...

Page 123: ... saving your changes click Cancel NOTE Clicking Cancel will not undo any changes you already saved by clicking Apply Choosing Report options The E mail Scan module lists its current settings and summarizes all of the actions it takes during its scanning operations in a log file called WEBEMAIL TXT You can have the module write its log to this file or you can use any text editor to create a text fi...

Page 124: ... checkbox the log file can grow to as large a size as your disk space or file system permits Enter a value between 10KB and 999KB By default the System Scan module limits the file size to 100KB If the data in the log exceeds the file size you set the module erases the existing log and begins again from the point at which it left off 4 Select the checkboxes that correspond to the information you wa...

Page 125: ...How many infected files the module deleted How many infected files the module moved to a quarantine folder Your E Mail Scan module settings Clear the checkbox to leave this information out Virus Cleaning Select this checkbox to have the log file record how many infected files the module cleans or tries to clean during each scan session Clear this checkbox to leave this information out NOTE The E M...

Page 126: ...n have it report what it has done either with an alert message when it takes the action or in a log file you can examine at your leisure It can even send a message to the person who sent an infected e mail message which makes tracking the source of virus infections relatively simple NOTE The Download Scan module will not appear in the VShield Properties dialog box unless you used the Custom Setup ...

Page 127: ...e of your scan sessions so that the module examines only those files most susceptible to virus infection To do so select the Program files only button To see or designate the file name extensions that the Download Scan module will examine click Extensions to open the Program File Extensions dialog box Figure 4 10 Figure 4 26 Program File Extensions dialog box Scan all files Select the All files bu...

Page 128: ...o do this the module looks for certain virus like characteristics in the files you ve asked it to scan The presence of a sufficient number of these characteristics in a file leads the module to identify the file as potentially infected with a new or previously unidentified virus Because the Download Scan module looks simultaneously for file characteristics that rule out the possibility of virus in...

Page 129: ...of these characteristics as potential viruses Enable macro and program file heuristics scanning Choose this option to have the module use both types of heuristics scanning McAfee VirusScan Software recommends that you use this option for complete anti virus protection NOTE The Download Scan module will use heuristic scanning techniques only on the file types you designate in the Program File Exten...

Page 130: ...ownload Scan module to display the correct property page Figure 4 28 Figure 4 28 Download Scan Properties dialog box Action page 2 Choose a response from the When a virus is found list The area immediately beneath the list will change to show you additional options for each choice Your choices are Prompt for user action Choose this response if you want the Download Scan module to ask you what to d...

Page 131: ...infected files to a folder Choose this response to have the module move infected files to a quarantine folder as soon as it finds them The module moves these files to a folder named Infected located in the VirusScan program directory Delete infected files Choose this response to have the Download Scan module delete every infected file it detects immediately Be sure to enable its reporting feature ...

Page 132: ...ke appropriate action have it send an alert message to you or to others Follow these steps 1 Click the Alert tab in the Download Scan module to display the correct property page Figure 4 29 Download Scan Properties dialog box Alert page 2 Select the Notify Alert Manager checkbox to have the module send alert messages to Alert Manager for distribution Alert Manager is a separate McAfee VirusScan so...

Page 133: ...t you can change the setting for this option only if you choose Prompt for user action in the Action property page If you do not choose that item in the Action page no alert box will appear and you will not see a custom message even if you select this checkbox 5 Enter the message you want the module to display in the text box provided You can enter a maximum of 250 characters here 6 Click the Repo...

Page 134: ...play the correct property page Figure 4 30 Figure 4 30 Download Scan Properties dialog box Report page 2 Select the Log to file checkbox By default the Download Scan module writes log information to the file WEBINET TXT in the VirusScan program directory You can enter a different name and path in the text box provided or click Browse to locate a suitable file elsewhere on your hard disk or on your...

Page 135: ...cord how many viruses the module moves to a quarantine folder during each scan session Clear this checkbox to leave this information out Session settings Select this checkbox to have the log file record the configuration settings you used for the module during each scan session Clear this checkbox to leave this information out Session summary Select this checkbox to have the log file summarize wha...

Page 136: ...judicious approach It uses an up to date database of objects known to cause harm to screen Java classes and ActiveX controls you encounter as you browse When it finds a virus the module can ask you what you want it to do or it can block the dangerous object or site automatically You can have it report what it has done either with an alert message when it takes the action or in a log file you can e...

Page 137: ...ols Java classes Select this checkbox to have the module look for and block harmful Java classes or applets written in Java The Internet Filter module will compare the objects you encounter as you visit Internet sites with an internal database that lists the characteristics of objects known to cause harm When it finds a match the module can alert you and let you decide what to do or it can automat...

Page 138: ...delete them Each address consists of four numeric groups of one to three digits each formatted in this manner 123 123 123 123 The Internet Filter module can use this number to identify a specific computer or network of computers on the Internet and prevent your browser from connecting to it Each group of numbers can range between zero and 255 The first number series is the banned site s domain add...

Page 139: ...r the site you want to avoid Otherwise leave the default value shown c Click OK to return to the Banned IP addresses dialog box Select one of the items shown then click Delete to remove the item from the list When you changed the banned list so that it has all of the addresses you want to block click OK to return to the Internet Filter Properties dialog box Internet URLs to block Select this check...

Page 140: ...quest the resource via the Hyper Text Transport Protocol http from a computer named www on a network domain named domain com Other transport protocols include ftp and gopher The Internet s Domain Name System translates URLs into IP addresses using an up to date centralized and cross referenced database To add a site to this list you must enter the domain name by itself since the module will assume...

Page 141: ...ond either by asking you whether it should block the object or site or by automatically blocking it Use the Action property page to specify which of these courses you want the module to take By default the module lets you decide what you want to do Figure 4 36 Figure 4 36 Internet Filter Properties dialog box Action page Choose a response from the When a potentially harmful object is found list Yo...

Page 142: ...lick Cancel NOTE Clicking Cancel will not undo any changes you already saved by clicking Apply Choosing Alert options Once you configure it with the response options you want in the Action page you can let the Internet Filter module look for and block harmful objects or dangerous Internet sites away from your system automatically as it finds them with almost no further intervention But if you want...

Page 143: ...if you select Prompt for user action in the Action property page Otherwise the checkbox will display and use the setting it had when you last chose the Prompt for user action item The module will sound the standard system warning beep or WAV file you have your computer set to play 4 Select the Display custom message checkbox to have the module add a custom message to the alert box it displays when...

Page 144: ...r it to use You can then open and print the log file for later review from any text editor Use the Report property page to designate the file you want to serve as the Internet Filter log and to determine that file s permissible size The WEBFLTR TXT file can serve as an important management tool for you to track malicious software activity on your system and to note which settings you used to detec...

Page 145: ... off 4 Click a different tab to change any of your Internet Filter settings or click one of the icons along the side of the Internet Filter Properties dialog box to choose options for a different module To save your changes in the Internet Filter module without closing its dialog box click Apply To save your changes and close the dialog box click OK To close the dialog box without saving your chan...

Page 146: ...ssword protection checkbox The options in the rest of the property page activate Figure 4 39 Figure 4 39 Security Properties dialog box Password page 2 Decide whether to protect the property pages for all VShield modules or whether to protect individual pages Your choices are Password protect all options on all property pages Select this button to lock everything all at once Password protect selec...

Page 147: ...ly 4 Click any of the other Security module tabs to protect individual property pages To save your password without closing the Security Properties dialog box click Apply If you chose to protect all property pages in all modules and want to close the dialog box click OK To close the dialog box without saving any changes click Cancel NOTE Clicking Cancel will not undo any changes you already saved ...

Page 148: ...erties dialog box System Scan page 2 Select the settings you want to protect in the list shown You may protect any or all of a module s property pages Protected property pages display a locked padlock icon in the security list shown in Figure 4 41 To remove protection from a property page click the locked padlock icon to unlock it 3 Select as many property pages as you want to protect in each modu...

Page 149: ...VShield scanner At the end of the VirusScan installation Setup asks if you want to enable the VShield scanner at that time If you agree the VShield scanner should load into memory immediately and begin working with a default set of options that give you basic anti virus protection If you do not agree the VShield scanner will load automatically the next time you restart your computer When the VShie...

Page 150: ...s property page 5 Click OK to close the control panel The VShield scanner will not stop or unload at this point but it will not start when you next start your computer Stopping the VShield scanner completely You can stop the VShield scanner completely that is deactivate it and remove it from memory in any of three ways Once you stop the scanner you can reactivate it only by restarting it or restar...

Page 151: ...sk list then choose Disable from the Task menu the Console will stop the VShield scanner and all of its modules and unload them from memory The VShield icon will disappear from the Windows taskbar 3 Click the minimize or the close button in the upper right corner of the Console window to shrink it back to a system tray icon NOTE Do not choose Exit from the Task menu This will shut the Console down...

Page 152: ... Click Stop in the Service page All active VirusScan components will stop close all open windows or dialog boxes remove their icons from the Windows system tray and unload from memory 4 Click OK to close the control panel Disabling the VShield scanner and its modules You can use any of three methods to disable any of the VShield modules that is deactivate the module but do not remove the scanner f...

Page 153: ... The module will start again when you restart your computer Depending on which combination of modules you enable the VShield icon will display a different state Method 2 Use the System Scan Status dialog box Follow these steps 1 Double click the VShield icon in the Windows system tray to open the System Scan Status dialog box Figure 4 44 Figure 4 44 VShield System Scan Status dialog box 2 For each...

Page 154: ...x at the top of each module page As you do so the scanner will disable that module and make all of the configuration options in that page unavailable Depending on which modules you disable the VShield icon will display a different state If you disable all of its modules the scanner will display in the Windows system tray unless you clear the Show icon in the taskbar checkbox in the System Scan Det...

Page 155: ...es it scanned the number of infections it found and the number it moved or deleted Internet Filter This module reports the number of Java and ActiveX objects or Internet sites it has scanned and the number it has banned or kept you from encountering To see a short description of each of the items that appears in this page right click a figure or label then choose What s This from the shortcut menu...

Page 156: ... box 3 Click the tab that corresponds to the program component that you want to enable or disable or whose progress you want to check The status page will list the results of the last scan operation this task conducted and the name of the last file it scanned To see a short description of each of the items that appears in this page right click a figure or label then choose What s This from the sho...

Page 157: ...ify this second method as on demand scanning The term on demand means that you as a user control when the application starts and ends a scan operation which targets it examines what it does when it finds a virus or any other aspect of the scan operation Other VirusScan components by contrast operate automatically or according to a schedule you set The VirusScan name applies both to the entire set ...

Page 158: ... virus until it deploys its payload The VirusScan application however can detect a virus as it lies in wait for an opportunity to run Viruses are sneaky Accidentally leaving a floppy disk in your drive as you start your computer could load a virus into memory before the VShield scanner particularly if you do not have the scanner configured to scan floppy disks Once in memory a virus can infect nea...

Page 159: ...on what sort of scan operation you want to run When you first start it the application window opens so that you can make changes to its configuration You must click Scan Now or Run Now in a separate step to start an actual scan operation Four separate methods exist to start the VirusScan application the fourth method involves running the application from the command line The VirusScan Administrato...

Page 160: ...ng immediately Click Scan to have the application scan your system with the last configuration options you set or with default options The following screen Figure 3 2 allows you to select which area of your computer you want to scan After selecting click Scan Now Following through the succeeding screens to complete the task ...

Page 161: ...w window View the VirusScan application activity log Through this window you are able to view a log of VirusScan activities performed on your your computer You can also select to clear or print any of these activity logs see Figure 5 3 Figure 5 3 VirusScan Activity Log ...

Page 162: ...anges to You can see these same help topics if you right click an element in the VirusScan window then choose What s This from the menu that appears 2 Set options From the main window the Options icon see Figure 5 4 allows you to access and customize settings of the other components of McAfee VirusScan via a drop down menu e g Safe Sound and Emergency Disk Figure 5 4 Options drop down menu 3 Choos...

Page 163: ... a task in the task list then click in the Console toolbar If the scan task is set to start automatically the VirusScan application window will open and the task will run immediately If the task is not set to start automatically the window will open but you must click Scan Now to start the operation Create and schedule a new task of your own Click in the Console toolbar to open the Task Properties...

Page 164: ...options move to the VirusScan Advanced interface Choose Advanced from the Tools menu in the VirusScan Classic window You can start a scan operation with the options you ve chosen at any point simply click Scan Now To save your changes as default scan options choose Save As Default from the File menu or click New Scan To save your settings in a new file choose Save Settings from the File menu name ...

Page 165: ... whether they reside on your system or on other computers on your network You cannot select My Computer Network Neighborhood or multiple volumes as scan targets from VirusScan Classic to choose these items as scan targets you must switch to VirusScan Advanced When you have selected your scan target click OK to return to the VirusScan Classic window 2 Select the Include subfolders checkbox to have ...

Page 166: ...files most susceptible to virus infection To do so click the Program files only button To see or designate the file name extensions the application will examine click Extensions This opens the Program File Extensions dialog box 4 Click the Action tab to choose additional VirusScan options To start a scan operation immediately with just the options you ve chosen click Scan Now To save your changes ...

Page 167: ...box provided or click Browse to locate a suitable folder on your hard disk Clean infected files automatically Choose this response to tell the VirusScan application to remove the virus code from the infected file as soon as it finds it If the application cannot remove the virus it will note the incident in its log file Delete infected files automatically Use this option to have the VirusScan appli...

Page 168: ...twork administrator You can also set the size and location of the VirusScan log file here By default the application lists its current settings and summarizes all of the actions it takes during its scanning operations in a log file called VSCLOG TXT You can keep this file as your log file or you can specify a different existing text file for the application to use The application will not create a...

Page 169: ...rusScan software limits the file size to 100KB If the data in the log exceeds the file size you set VirusScan software erases the existing log and begins again from the point at which it left off 5 Click a different tab to change any of your VirusScan settings To start a scan operation immediately with the options you ve chosen click Scan Now To save your changes as default scan options choose Sav...

Page 170: ...irusScan Advanced window To protect the settings you ve chosen from unauthorized changes choose Password Protect from the Tools menu to open the Password Protection dialog box You can start a scan operation with the options you ve chosen at any point simply click Scan Now To save your changes as default scan options choose Save As Default from the File menu or click New Scan To save your settings ...

Page 171: ...et from the list provided Your choices are My Computer This tells the application to scan all drives physically attached to your computer or logically mapped via Windows Explorer to a drive letter on your computer All removable media This tells the application to scan only floppy disks CD ROM discs Iomega ZIP disks or similar storage devices physically attached to your computer All fixed disks Thi...

Page 172: ...clude subfolders checkbox to have the VirusScan application also look for viruses in any folders inside your scan target NOTE Choosing Include subfolders causes the application to scan only those files stored in the subfolders themselves The application will not scan files stored at the root level of the folder you designate To scan those files clear the Include subfolders checkbox c Click OK to c...

Page 173: ... recommends that you choose this option for your first scan operation or periodically thereafter to ensure that your system is virus free You can then limit the scope of later scan operations Choose file types Viruses cannot infect files that contain no executable code whether script macro or binary code You can therefore safely narrow the scope of your scan operations to those files most suscepti...

Page 174: ...the types of heuristics scanning you want the VirusScan application to use Your choices are Enable macro heuristics scanning Choose this option to have the application identify all Microsoft Word Microsoft Excel and other Microsoft Office files that contain embedded macros then compare the macro code to its virus definitions database The application will identify exact matches with the virus name ...

Page 175: ...e to specify which response options you want VirusScan software to give you when it finds a virus or which actions you want it to take on its own Follow these steps 1 Click the Action tab in the VirusScan Advanced window to display the correct property page Figure 5 11 Figure 5 13 VirusScan Advanced Action page 2 Choose a response from the When a virus is found list The area immediately beneath th...

Page 176: ...older Move infected files automatically Choose this response to have the application move infected files to a quarantine folder By default the application moves these files to a folder named Infected located in the VirusScan program directory You can enter a different name in the text box provided or click Browse to locate a suitable folder on your hard disk Clean infected files automatically Choo...

Page 177: ...diately when it finds a virus so that you can take appropriate action however configure it to send an alert message to you Follow these steps 1 Click the Alert tab in the VirusScan Advanced window to display the correct property page Figure 5 12 Figure 5 14 VirusScan Advanced Alert page 2 Select the Notify Alert Manager checkbox to have the VirusScan application send alert messages to Alert Manage...

Page 178: ...on in the Action property page If you do not choose that item in the Action page no alert box will appear and you will not see a custom message even if you select this checkbox 5 Enter the message you want the application to display in the text box provided You can enter a maximum of 250 characters here 6 Click the Report tab to choose additional VirusScan configuration options To start a scan ope...

Page 179: ...dow to display the correct property page Figure 5 13 Figure 5 15 VirusScan Advanced Report page 2 Select the Log to file checkbox By default the VirusScan application writes log information to the file VSCLOG TXT in the VirusScan program directory You can enter a different name in the text box provided or click Browse to locate a suitable file elsewhere on your hard disk or on your network You may...

Page 180: ...ormation out of the log file Infected file move Select this checkbox to have the log file record how many viruses the application moves to a quarantine folder during each scan operation Clear this checkbox to leave this information out of the log file Session settings Select this checkbox to have the log file record the configuration settings you used for the application during each scan operation...

Page 181: ...nnot become infected Once you scan your system thoroughly you can exclude the files and folders that do not change or that are not normally vulnerable to virus infection You can also rely on the VShield scanner to provide you with protection between scheduled scan operations Regular scan operations that examine all areas of your computer however provide you with the best virus defense To prevent t...

Page 182: ...want to exclude You can Add files folders or volumes to the exclusion list Click Add to open the Add Exclude Item dialog box Figure 5 15 Figure 5 17 Add Exclude Item dialog box Next follow these substeps to add items to the list a Enter a path to a folder or a file name in the text box provided or click Browse to locate the item you want the application to exclude NOTE If you have chosen to move i...

Page 183: ...t reside in your hard disk s boot sector or master boot record Use this option to exclude system files such as COMMAND COM from scan operations WARNING McAfee VirusScan recommends that you do not exclude your system files from scan operations e Repeat Step a through Step d until you have listed all of the files and folders you do not want scanned Change the exclusion list To change the settings fo...

Page 184: ...can Advanced window to open the Password Protection dialog box Figure 5 16 Figure 5 18 Password Protection dialog box 2 Select the settings you want to protect in the list shown You may protect any or all VirusScan property pages Protected property pages display a locked padlock icon in the security list shown in Figure 5 16 To remove protection from a property page click the locked padlock icon t...

Page 185: ...User s Guide 185 Using the VirusScan application ...

Page 186: ...Using the VirusScan application 186 McAfee VirusScan ...

Page 187: ...Afee AVERT Labs Web site for virus information open and view log files and copy and paste task definitions within the Console window Why schedule scan operations Although VirusScan software includes components that look for viruses continuously or that allow you to scan your system whenever you want you should schedule regular scan operations and other software activities to Set a periodic baselin...

Page 188: ...mputer that scan all drives included in the My Computer group that scan your C drive and that update VirusScan software data files and program components You can enable any of the default tasks to start or you can create your own tasks to suit your work habits Starting the VirusScan Console You must have the VirusScan Console running in order to run any tasks you have scheduled McAfee VirusScan So...

Page 189: ...ically at startup by choosing Load at startup from the View menu the Console window initially shows a list of default tasks that come with the Console pre configured and ready to run A task is a set of instructions to run a particular program in a certain configuration at a certain time Along with a name for each task the Console window shows the path and filename for the program that the task wil...

Page 190: ...dule and enable a task Select one of the tasks listed in the Console window then choose Properties from the Task menu or click in the Console toolbar A Task Properties dialog box will appear Configure the task Select one of the tasks listed in the Console window then click in the Console toolbar to display a property page for the VirusScan component that will run the task How this property page lo...

Page 191: ...se Help Topics from the Help menu or click in the Console toolbar to see a list of VirusScan software help topics You can also right click most dialog box buttons lists menus and other items to reveal context sensitive help topics Choose the What s This item that appears when you right click inside a dialog box to see the help topic View an Activity Log Select one of the tasks listed in the Consol...

Page 192: ...t VShield software will immediately begin scanning your system using a default configuration that provides you with a basic range of protection for your system The other tasks listed in the Console window also have default configurations set up but these tasks remain dormant until you activate them the Console comes with five default tasks These are VShield This task runs the VShield scanner By de...

Page 193: ... Scan My Computer This task runs a baseline scan operation on all hard disks and other drives connected to your computer along with your RAM and hard disk or floppy disk boot sectors You may not rename or delete this task but you can modify its configuration it schedule it see statistics from its most recent scan operation and protect its settings with a password You must activate this task to get...

Page 194: ...ox In this dialog box you can Enable or disable the task Click the Disable button at the bottom of the Task Properties dialog box If the scanner is inactive this button will read Enable Open the VShield configuration property pages Click Configure to open the System Scan dialog box where you can choose all of the configuration options available for the VShield scanner View statistics for VShield m...

Page 195: ...og box To work with either task open the Console window then follow these steps 1 Double click the AutoUpgrade or the AutoUpdate task in the Console window The Task Properties dialog box will appear Figure 6 4 Figure 6 4 AutoUpdate utility Task Properties dialog box You may not rename either the AutoUpgrade or AutoUpdate this task so the Description text box will be unavailable 2 Set a password to...

Page 196: ... will need to set a task schedule later to get it to run To do so select the task from the list in the Console window then click to open the Task Properties dialog box Click Cancel to close the dialog box without creating a task Creating new tasks Although the tasks that come in the default set can provide your system with nearly comprehensive anti virus protection you will probably want to create...

Page 197: ...e Console window and so that you can tell at a glance what it does 3 Set a password to protect this task and prevent anyone else from making any changes to your scan task settings To do this follow these substeps a Select the Password protect this task checkbox then click Password to open the Specify Password dialog box b Enter a unique password in the text box provided You may enter a maximum of ...

Page 198: ...un Minimized checkbox to start the window out as a minimized button in the Windows taskbar Scan only mode This displays a minimal window that indicates that the task is running You can stop pause or resume the task at any point Select the Run Minimized checkbox to start the window out as a minimized button in the Windows taskbar Hidden mode This displays no interface as the scan task runs You cann...

Page 199: ...y you when it finds a virus what information to record in its activity log what items to exclude from scan tasks and whether to protect the configuration options you set for the task Click Run Now to run this task immediately The task will run with default configuration options or the configuration options you ve defined for it Here s what happens when you click the button If you have configured t...

Page 200: ...not need to do this for the other default tasks See Step 5 on page 209 for more details To enable a task follow these steps 1 If you do not already have the Task Properties dialog box open double click one of the listed tasks in the Console window or select a task then click in the Console toolbar The Task Properties dialog box will appear see Figure 6 5 on page 197 If you chose the VShield AutoUp...

Page 201: ...ed Daily This runs your task once at the time you specify on the days you indicate Enter the time in the text box provided then select the checkboxes in the Start At area for each day that you want the task to run At Startup Select this checkbox to run your task once each time you start your computer and the VirusScan Console Specify in hours and minutes how long after startup you want the Console...

Page 202: ...indow of one hour the task would run at any point in the period between 14 30 and 15 30 You may set a window of up to 480 minutes or eight hours 6 You have now set a schedule for your task and readied it to run at the scheduled time Click OK to close the Task Properties dialog box or click Apply to save your settings without closing the dialog box Click Cancel to close the dialog box without savin...

Page 203: ...x Status page The status page will list the results of the last scan operation this task conducted and the name of the last file it scanned To see a short description of each of the items that appears in this page right click a figure or label then choose What s This from the shortcut menu that appears or click the button in the upper right corner of the dialog box then click the item you want des...

Page 204: ...ther you want to protect the settings you chose from unauthorized changes The VirusScan Console provides a series of property pages you can use to define your task These property pages replicate many of the options you find in the VirusScan application main window and add others that help you define a task you want to run regularly and repeatedly To configure the VirusScan application to run a sca...

Page 205: ... dialog box Figure 6 9 Figure 6 9 Add Scan Item dialog box To scan your entire computer or a subset of the drives on your system or your network click the Select item to scan button then a Choose a scan target from the list provided Your choices are My Computer This tells the application to scan all drives physically attached to your computer or logically mapped via Windows Explorer to a drive let...

Page 206: ... the Include subfolders checkbox to have the VirusScan application look for viruses in any folders inside your scan target NOTE Choosing Include subfolders causes the application to scan only those files stored in the subfolders themselves The application will not scan files stored at the root level of the folder you designate To scan those files clear the Include subfolders checkbox c Click OK to...

Page 207: ...tware recommends that you choose this option for your first scan operation or periodically thereafter to ensure that your system is virus free You can then limit the scope of later scan operations Choose file types Viruses cannot infect files that contain no executable code whether script macro or binary code You can therefore safely narrow the scope of your scan operations to those files most sus...

Page 208: ...want the VirusScan application to use Your choices are Enable macro heuristics scanning Choose this option to have the application identify all Microsoft Word Microsoft Excel and other Microsoft Office files that contain embedded macros then compare the macro code to its virus definitions database The application will identify exact matches with the virus name code signatures that resemble existin...

Page 209: ...on tab to choose additional VirusScan options To save your changes without closing the VirusScan Properties dialog box click Apply To save your changes and return to the Console window click OK To return to the Console window without saving your changes click Cancel NOTE Clicking Cancel will not undo any changes you already saved by clicking Apply Choosing Action options When the VirusScan applica...

Page 210: ...e checkboxes you select in the Action page causes an option button to appear in an alert message that the application displays when it finds a virus Selecting Delete file here for example causes a Delete button to appear in the alert message You can choose from these options Clean file This option tells the application to try to remove the virus code from the infected file If you have its reportin...

Page 211: ...application to remove the virus code from the infected file as soon as it finds it If the application cannot remove the virus it will note the incident in its log file Delete infected files automatically Choose this option to have the application delete every infected file it finds immediately Be sure to enable the reporting feature so that you have a record of which files the application deleted ...

Page 212: ...ect the task you created in the task list then click in the Console toolbar 2 The VirusScan Properties dialog box appears see Figure 6 8 on page 204 Click the Alert tab to display the correct property page Figure 6 13 Figure 6 13 VirusScan Properties dialog box Alert page 3 Select the Notify Alert Manager checkbox to have the VirusScan application send alert messages to Alert Manager for distribut...

Page 213: ...an infected file As with the audible alert you can change the setting for this option only if you choose Prompt for user action in the Action property page If you do not choose that item in the Action page no alert box will appear and you will not see a custom message even if you select this checkbox 6 Enter the message you want the application to display in the text box provided You can enter a m...

Page 214: ... application will record and how large the log file can get follow these steps 1 To start from the Console window select the task you created in the task list then click in the Console toolbar 2 The VirusScan Properties dialog box appears see Figure 6 8 on page 204 Click the Report tab to display the correct property page Figure 6 14 Figure 6 14 VirusScan Properties Report page 3 Select the Log to...

Page 215: ...ect this checkbox to have the log file record how many infected files the application cleans or tries to clean during each scan operation Clear this checkbox to leave this information out of the log file Infected file deletion Select this checkbox to have the log file record how many viruses the application deletes during each scan operation Clear this checkbox to leave this information out of the...

Page 216: ...nges click Cancel NOTE Clicking Cancel will not undo any changes you already saved by clicking Apply Choosing Exclusion options Many of the files stored on your computer are not vulnerable to virus infection Scan operations that examine these files can take a long time and produce few results You can speed up scan operations by telling the VirusScan application to look only at susceptible file typ...

Page 217: ...l click the Components tab then enter a new figure in the Maximum number of exclude items text box To exclude files or folders from scan operations follow these steps 1 To start from the Console window select the task you created in the task list then click in the Console toolbar 2 The VirusScan Properties dialog box appears see Figure 6 8 on page 204 Click the Exclusion tab to display the correct...

Page 218: ...selves The application will still scan files stored at the root level of the folder you designate To exclude the files at the folder root level clear the Include subfolders checkbox c Select the File scanning checkbox to exclude the item you specified in the first step from scan operations in which the application looks for file infecting viruses These viruses usually appear in files in the visibl...

Page 219: ...s VirusScan software lets you set a password to protect the settings you choose in each property page from unauthorized changes This feature is particularly useful for system administrators who need to keep users from tampering with their security measures by changing VirusScan settings Use the Security property page to lock your settings You can also protect all of the settings for this task at o...

Page 220: ...om a property page click the locked padlock icon to unlock it 4 Click Password to open the Specify Password dialog box Figure 6 18 Figure 6 18 Specify Password dialog box a Enter a password in the first text box shown then enter the same password again in the text box below to confirm your choice b Click OK to close the Specify Password dialog box 5 To ensure that your security settings will appea...

Page 221: ...n settings To save your changes without closing the VirusScan Properties dialog box click Apply To save your changes and return to the Console window click OK To return to the Console window without saving your changes click Cancel NOTE Clicking Cancel will not undo any changes you already saved by clicking Apply ...

Page 222: ...Creating and Configuring Scheduled Tasks 222 McAfee VirusScan ...

Page 223: ... as VBS BUBBLEBOY demonstrated might even be able to work without users having to open or read even the e mail message itself The Microsoft Exchange and Outlook e mail clients are particularly vulnerable to infections of this sort because of their powerful macro and script interpretation capabilities As with the rest of the Microsoft Office application suite the Exchange client software makes exte...

Page 224: ...nfections before they spread or do any harm Using the E Mail Scan extension To use the E Mail Scan Extension you must install VirusScan software with a Custom installation and choose the E Mail Scan component for installation see Installation steps on page 32 for details To use the E Mail Scan extension with its default settings first start your Microsoft Exchange or Microsoft Outlook client softw...

Page 225: ... finds an infected file the E Mail Scan extension will ask you how to respond to the virus See Responding when the E Mail Scan extension detects a virus on page 66 for details Configuring the E Mail Scan extension The E Mail Scan extension comes set to protect your system in most situations and against most likely hostile agents that arrive via e mail You can change the configuration options for t...

Page 226: ...ge or Outlook client and log in to your e mail server NOTE If you have already logged into the network domain that hosts your e mail server you might not need to log into to your e mail server directly instead you can simply start Exchange or Outlook See your network administrator to learn the login requirements for your server 2 Choose E Mail Scan Properties from the Tools menu or click in the cl...

Page 227: ... regular scan operations unless you specifically exclude them To change these settings follow these steps 1 Choose which e mail messages you want the E Mail Scan extension to examine for viruses You can scan All messages in the Inbox folder Click this button to have the extension look for viruses in all e mail messages stored in your Microsoft Exchange or Microsoft Outlook Inbox whether you have r...

Page 228: ...d files scanned on page 272 Scan all files Select the All Files checkbox to have the E Mail Scan extension scan all file types in your mailbox whatever their file name extensions NOTE McAfee VirusScan Software recommends that you choose this option for your first scan operation or periodically thereafter to ensure that your mailbox is virus free You can then limit the scope of later scan operation...

Page 229: ...the E Mail Scan extension to use Your choices are Enable macro heuristics scanning Choose this option to have the extension identify all Microsoft Word Microsoft Excel and other Microsoft Office files that contain embedded macros then compare the macro code to its virus definitions database The extension will identify exact matches with the virus name code signatures that resemble existing viruses...

Page 230: ... detects a virus it can respond either by asking you what it should do with the infected file or by automatically taking an action that you determine ahead of time Use the Action property page to specify which response options you want the extension to give you when it finds a virus or which actions you want it to take on its own Follow these steps 1 Click the Action tab in the E Mail Scan Propert...

Page 231: ...to a quarantine folder The alert message will display a Move file to button that allows you to send the infected item to a quarantine folder on your Microsoft Exchange server You can move infected items to any other folder you ve created in your Exchange or Outlook mailbox or to any public folder on the Exchange server to which you have access The item will remain on the Exchange server until you ...

Page 232: ...f infected files so that you can delete them at your next opportunity WARNING The E mail Scan extension will not try to break any encrypted messages to scan them If an infected attachment includes a digital signature the extension will remove the digital signature in order to clean or delete the infected file 3 Click the Alert tab to choose additional E Mail Scan extension options To save your cha...

Page 233: ...st also set up the Alert Manager Client Configuration utility See Using the Alert Manager Client Configuration utility on page 251 for details You can pass alert messages directly to an Alert Manager server or you can send alert messages as text ALR files to a Centralized Alerting directory that the Alert Manager server checks periodically NOTE Clearing this checkbox tells the E Mail Scan extensio...

Page 234: ...ion will not give you an opportunity to edit the message before it sends it You may send one message to reply to the source of the infected message and a different message to other recipients but you cannot tailor the same message for different recipients 3 To compose your template messages follow these substeps a Select the Return reply mail to sender checkbox in the Alert property page then clic...

Page 235: ...ep d above In this case however you can fill out both the To and the Cc text boxes Whenever it detects a virus the E Mail Scan extension sends a copy of this message to all of the addresses that you entered for this message 4 Select the Sound audible alert checkbox to have the extension beep when it finds an infected file You can change the setting for this option only if you select Prompt for use...

Page 236: ...XT You can have E Mail Scan write its log to this file or you can use any text editor to create a text file for E Mail Scan to use You can then open and print the log file for later review from within E Mail Scan or from a text editor You can use the MAILSCAN TXT file to track virus activity on your system and to note which settings the extension used to detect and respond to infections it found Y...

Page 237: ...Access Error message when it detects a virus 3 To minimize the log file size select the Limit size of log file to checkbox then enter a value for the file size in kilobytes in the text box provided If you do not select this checkbox the log file can grow to as large a size as your disk space permits Enter a value between 10KB and 999KB By default the extension limits the file size to 100KB If the ...

Page 238: ...les the extension examined How many infected files the extension cleaned How many infected files the extension deleted How many infected files the extension moved to a quarantine folder Your extension settings Clear the checkbox to leave this information out of the log file Date and time Select this checkbox to have the log file record the date and time at which the extension starts your scan oper...

Page 239: ... it can get access to your cc Mail server and scan your Inbox Enter your cc Mail user name and password just as if you were logging directly into cc Mail then click OK to continue Next start your cc Mail client application then set the interval for the client to poll your cc Mail server to a period longer than five minutes This gives VShield software a chance to examine your mail before your clien...

Page 240: ...r point to Settings then choose Control Panel 2 Locate and double click the Display control panel in the window that appears in order to open the Display Properties dialog box Next click the ScreenScan tab Figure 7 7 Figure 7 7 Display Properties dialog box ScreenScan page 3 Select the Enable scanning while in screen saver mode checkbox to activate the options in the rest of the property page 4 Ch...

Page 241: ...to the folder you want scanned or click Browse to locate the scan target on your computer All fixed drives This tells the utility to scan hard disks physically connected to your computer When you ve chosen your target click OK to close the dialog box Change scan targets Select one of the listed scan targets then click Edit to open the Edit Scan Item dialog box Figure 7 9 Figure 7 9 The Edit Scan I...

Page 242: ...r their extensions NOTE McAfee VirusScan Software recommends that you choose this option for your first scan operation or periodically thereafter to ensure that your system is virus free You can then limit the scope of later scan operations Choose file types Viruses cannot infect files that contain no executable code whether script macro or binary code You can therefore safely narrow the scope of ...

Page 243: ...steps a Select the Enable heuristics scanning checkbox The remaining options in the dialog box activate b Select the types of heuristics scanning you want the ScreenScan utility to use Your choices are Enable macro heuristics scanning Choose this option to have the utility identify all Microsoft Word Microsoft Excel and other Microsoft Office files that contain embedded macros then compare the mac...

Page 244: ...left off If you do not select this checkbox the utility will begin its scan operation again from the root level of the first drive you specified as a scan target each time your screen saver starts to run This could mean that the utility will scan some parts of your system repeatedly but will miss other parts completely 8 Set Advanced ScreenScan options Click Configure to open the Advanced Scanner ...

Page 245: ...hut your system down If you would prefer to log this data to a different text file enter its path and filename in the text box provided or click Browse to locate the file The ScreenScan utility will not generate a text file it will write only to an existing file 9 Click Apply to save your changes without closing the Display Properties dialog box To save your changes and close the dialog box click ...

Page 246: ...Using Specialized Scanning Tools 246 McAfee VirusScan ...

Page 247: ...r the number of scan targets the VirusScan application can examine or exclude during a scan session limit the number of scan tasks that you can create configure and run from the VirusScan Console You can also choose whether you want to have the VirusScan management service load itself when your computer starts NOTE McAfee VirusScan Software strongly recommends that you set the VirusScan management...

Page 248: ...emory the Console and the VShield scanner normally are inactive this button will read Start Click it to reload inactive VirusScan components You can also restart the VirusScan application and the Console individually from the Windows Start menu 3 Select the Load on startup checkbox in the VirusScan Service area to start the VirusScan management service AVSYNMGR EXE as soon as you start your comput...

Page 249: ...2 Figure 8 2 VirusScan control panel Components page 5 To have the VShield scanner load when you start your computer select the Load VShield on startup checkbox This same setting appears in the System Scan module s Detection page Either setting will load the scanner when you start your computer NOTE McAfee VirusScan Software recommends that you leave this checkbox selected The VShield scanner is y...

Page 250: ...rusScan Console start as soon as you start your computer The Console must be running in order to execute any tasks you have scheduled including scan tasks AutoUpgrade tasks and AutoUpdate tasks You do not need to start the Console to start the VShield scanner however 9 Click or enter a figure in the Maximum Number of Tasks text box how many scan tasks can appear in the VirusScan Console window By ...

Page 251: ...method to collect and manage alert messages from all over the network in a central repository so that you can respond whenever any workstation detects an infected file McAfee VirusScan Software provides Alert Manager server software for just such a need The software allows you to centralize alert message collection and processing assign priority designations and custom messages to those messages a...

Page 252: ...ator software to tie alert messages into the McAfee Magic HelpDesk application for trouble ticket generation and other features Alert Manager messages also contain much richer data than do those sent via Centralized Alerting Enabling SNMP traps for Alert Manager will collect a host of information about the computer that generates the alert message and its software configuration The VirusScan clien...

Page 253: ...onfiguration page appears Figure 8 3 2 Figure 8 3 Alert Manager Client Configuration dialog box 2 Verify that the Disable Alerting checkbox is clear This activates the remaining options in this dialog box Select this checkbox only if you want the Alert Manager Client Configuration utility not to pass alert messages from your anti virus software to the Alert Manager server or to your Desktop Manage...

Page 254: ...d to your network If you have Active Directory Services installed on your computer clicking Browse displays a list of logical Alert Manager server names If you do not have Active Directory installed the display will show your entire directory tree In that case consult your system administrator to learn which computer hosts the Alert Manager server you want to use By default the client utility will...

Page 255: ... software sends alert messages as text files with the extension ALR to the target directory You can then point a designated Alert Manager server to the directory if it contains the CENTALRT TXT file so that it checks periodically for ALR files If it finds one it extracts the contents of the alert message from the file distributes the message via one of its pre configured notification methods then ...

Page 256: ...ient application The DMI client in turn assigns an identifying number to the VirusScan software so that it can collect VirusScan alert events and send them to a DMI administrative application In order for VirusScan software to send alert messages with an identification number that the administrative application can recognize and process you must enter the correct ID number here Consult your system...

Page 257: ...l components These structural components are used by Windows to find data on the drive organize it and so on If any one of these components is damaged or destroyed you will not be able to access the data you ve stored on the drive The FAT your drive s roadmap points to the locations where your files are physically stored on the drive Files can either be stored in contiguous locations or scattered ...

Page 258: ...cted from their individual sectors Why You Should Make Regular Backups With Safe Sound Your data is very valuable and costly to recreate This means that making frequent or even mirror backup copies of the important data on your drives is crucial A mirror backup copy is always identical to the original information on the source drive Safe Sound automates the back up process doing the time consuming...

Page 259: ... stepping through the Safe Sound Wizard Thereafter while the Enable Automatic Backup option is selected it continues to update your backup set at the time delay you ve specified If you chose to make Mirror backups Safe Sound updates your backup set at the same time that you resave the original source files If you select a write behind delay longer than zero seconds a Mirror backup Safe Sound updat...

Page 260: ...ackup copy to be stored at a remote location for increased protection As long as Safe Sound can access a logical drive mapped on your PC it can store the backup set there That is the backup set can be stored on a shared network drive NOTE You can use the Map Network Drive command available by Right clicking My Computer to assign map a drive letter to a location on a network drive This makes that l...

Page 261: ...ecent your backup set the happier you ll be if your PC does encounter a problem that compromises the data on your primary drives However you may want to keep the default Write behind Delay of 20 minutes to give you time to recover a previous version of a file if you ever need to Ð TIP Save early save often While working in applications you can almost always press CTRL S to save your work as you go...

Page 262: ...About Safe Sound 262 McAfee VirusScan ...

Page 263: ...or delete them at your convenience To use Quarantine to work with infected files that were quarantined follow these steps 1 Start the VirusScan Console 2 Click Quarantine The Quarantine Explorer window appears 3 Select an infected file and choose from the following Add Select this option to quarantine a suspected file Clean Select this option to remove the virus code from infected file If the viru...

Page 264: ...curring any obligations whatsoever If you have found what you suspect to be a new or unidentified virus send the infected file to McAfee Labs Anti Virus Emergency Response Team for analysis using the Submit to McAfee Wizard You are given the option of removing your personal data from the file before submitting it Submitting Virus Information to Anti Virus Emergency Response Team If you have found ...

Page 265: ...t to remove a file from the list select it and click Delete 9 Click Next The Choose Upload Options page appears 10 Select Remove Data From File if you want to preserve the confidentiality of your data 11 If you are outside the United States replace the default Network Associates e mail address with the appropriate local e mail address 12 Click Next The e mail subsystem page appears If required by ...

Page 266: ...About Quarantine 266 McAfee VirusScan ...

Page 267: ... shown in the Program Extensions dialog box follow these steps 1 Click Extensions in the Detection property page for whichever VirusScan component you are configuring 2 The Program File Extensions dialog box will appear Figure A 1 Program File Extensions dialog box 3 You can Click Add to include a new extension This opens the Add Program File Extension dialog box Type the three character extension...

Page 268: ...re recommends that you scan your system thoroughly during your first scan operation or periodically thereafter without limiting the scope of the scan operation to these file types This ensures that your system starts in a virus free condition You can then use this list of extensions to limit the scope of later scan operations Table 10 1 Vulnerable file name extensions Extension File Type File Desc...

Page 269: ...am Executable files Most software uses this extension to identify files that start its command shell or program kernel GMS Macro Corel Global Macro Storage files GZ Compressed UNIX GNU Gzip compressed files HLP Macro Windows Help files These files can contain executable Word Basic or other macro code HT Script macro Hyper Text Markup Language and related files Microsoft Hyper Text template files A...

Page 270: ...eir own right OLE Program Microsoft Object Linking and Embedding object files These files are similar to ActiveX controls They are files created in one application to be embedded in another application OV Program Overlay files POT Macro Microsoft PowerPoint template files These files can contain infectable Visual Basic for Applications macros PP Macro Microsoft PowerPoint document and slide show f...

Page 271: ...es Later Visio versions include infectable scripting extensions VXD Program Windows virtual device drivers These are executable fiels that often reside in memory WBK Macro Microsoft Word backup files WPD Macro Corel WordPerfect document files XL Macro Microsoft Excel worksheet add in toolbar chart dialog box backup macro workspace Visual Basic module and template files These files can contain infe...

Page 272: ...ow each VirusScan component treats each file type Table 10 1 Compressed file and archive scanning treatment VirusScan component Archived file Compressed file VirusScan application Select the Compressed files checkbox to enable Opens archives and scans the files within Specify All Files as your scan target or add the archive s file name extension to the Program Extensions dialog box to have the app...

Page 273: ... if listed in Program Extensions dialog box Scans compressed file if listed in Program Extensions dialog box TD0 Teledisk compressed file Scans compressed file if listed in Program Extensions dialog box Scans compressed file if listed in Program Extensions dialog box ARC LH ARC file older version Scans archive Scans files within archive Scans archive as a file if listed in the Program Extensions d...

Page 274: ...ns files within archive Scans archive as a file if listed in the Program Extensions dialog box Will not scan files within archive TAR UNIX tape archive file Scans archive Scans files within archive Scans archive as a file if listed in the Program Extensions dialog box Will not scan files within archive ZIP PKZip or WinZip file Scans archive Scans compressed files within archive Scans archive as a ...

Page 275: ... one year from your purchase of this software you can purchase another year of DAT signature files update for 4 95 How to Contact McAfee BEFORE YOU CONTACT McAfee Software for technical support locate yourself near the computer with McAfee VirusScan installed and verify the information listed below Have you sent in your product registration card Version of McAfee VirusScan Customer number if regis...

Page 276: ...nloadhelp beyond com For a status on an existing order mcafeeorderstatus beyond com To inquire about a promotion mcafeepromotions beyond com Technical support Support via the web McAfee is famous for its dedication to customer satisfaction We have continued this tradition by making our site on the World Wide Web http www mcafeehelp com a valuable resource for answers to technical support issues We...

Page 277: ...phone support numbers Disclaimer Time and telephone numbers are subject to change without prior notice 30 Day Free Telephone Support 972 308 9960 Per Minute Telephone Support 1 900 225 5624 Per Incident Telephone Support 35 1 800 950 1165 ...

Page 278: ...Product Support 278 McAfee VirusScan ...

Page 279: ...matically deliver your software Updates and your FREE product Upgrade to your system To update your copy of VirusScan just click the Update button on the VirusScan Central interface Internet Access You will need a World Wide Web WWW browser such as Internet Explorer Netscape or the AOL web browser to access the McAfee web site 1 Enter the WWW address for the McAfee Home Page into the appropriate a...

Page 280: ...at you have entered 9 When the email is opened you will be instructed to click on the url enclosed A thank you is displayed with a download button Click on the download button to begin downloading the upgrade 10 After the file is downloaded and saved to your hard drive extract or unzip the file if necessary and run the setup program The information provided in this article is provided as is withou...

Page 281: ... a corporate customer you must first have a grant number or product serial number to subscribe to the Enterprise SecureCast channel If you do not have a grant number please contact your purchasing agent your Value Added Reseller or McAfee VirusScan Customer Care at 972 308 9960 for assistance If you are already a registered McAfee VirusScan customer and do not know your grant number submit the gra...

Page 282: ...unction properly with newer scan engines When the older scan engine version becomes obsolete McAfee VirusScan will discontinue development of DAT files for it You should upgrade your software before your current version becomes obsolete Which data files does the SecureCast service deliver With the SecureCast service you ll receive automatic downloads of these files New product upgrades The product...

Page 283: ...s 95 Windows 98 Windows NT or Windows 2000 At least 10MB free hard disk space plus sufficient space for product and other downloads An active Internet connection direct or dial up for a minimum of one hour per week Phase 1 Download and install BackWeb 1 To download the BackWeb client software connect to the McAfee Web site at http www nai com asp_set anti_virus alerts register asp Next download th...

Page 284: ...ient welcome panel 3 Read the instructions and warnings on this panel then click Next to continue 4 The BackWeb license agreement appears Figure D 2 Figure D 2 BackWeb Software License Agreement panel 5 Click Yes to continue 6 The Choose Destination Location panel appears Figure D 3 on page 285 ...

Page 285: ...tion for Setup to install the client software if you wish or click Browse to locate a suitable folder Click Next to continue Setup will begin to copy BackWeb program files to your computer As it does so it displays its progress When it has finished Setup displays the Connection Type panel Figure D 4 Figure D 4 Connection Type panel ...

Page 286: ...s Figure D 5 Figure D 5 Communication Method panel 9 Choose a communication method Your choices are HTTP Choose this option if you can connect directly to the Internet without going through a proxy server Skip to Step 13 HTTP via proxy Choose this option if you connect to the Internet through a proxy server on your network Continue with Step 10 BackWeb Polite Agent Choose this option to connect to...

Page 287: ...y server in the Proxy text box then enter the port the server uses for communication in the Port text box When you have finished click Next to continue The Proxy Authentication panel appears Figure D 7 on page 287 Figure D 7 Proxy Authentication panel 12 If the proxy server requires user authentication enter in the text boxes provided a user name and password with sufficient rights to permit you t...

Page 288: ... Register with the Enterprise SecureCast service After you install the BackWeb client and start it the SecureCast service immediately opens the client application and sends its first InfoPak the SecureCast registration forms Figure D 9 Figure D 9 The Enterprise SecureCast client window InfoPaks downloaded to your system appear here SecureCast Flash Banner SecureCast channels to which you subscribe...

Page 289: ...reCast service site or your site the window might not list any InfoPaks In that case minimize or close the BackWeb window After some time you will receive a Flash message Click the flashing message then continue with Step 2 To register for the Enterprise SecureCast channel follow these steps 1 If you see Register Now listed in the window double click it The SecureCast service Flash banner appears ...

Page 290: ...e grant number you received when you purchased your software or that you received from McAfee Customer Service NOTE If your company is not a subsidiary of another company clear the Subsidiary of a Parent Company checkbox before you continue When you have entered your information click Next to continue If you did not clear the Subsidiary of a Parent Companycheckbox the Parent Company Information di...

Page 291: ...twork requires you to connect to the Internet through a proxy server select the Use HTTP proxy at address checkbox then enter the server name or its Internet Protocol IP address in the text box provided Next verify that the correct port number appears in the Port text box or enter the correct port number If your proxy server requires you to sign on to use it select the Proxy requires users authent...

Page 292: ...r will connect to the McAfee SecureCast service electronic customer care page If you are a corporate user the window resembles the one shown in Figure D 16 Figure D 16 SecureCast Electronic Corporate Customer Care You can use this page to download product updates and upgrades contact technical support and get other information directly from McAfee The terms of your grant will determine what inform...

Page 293: ...g from the SecureCast service You can stop the SecureCast service from delivering InfoPaks at any time you want to To do so right click the BackWeb icon in your Windows system tray then choose Start SecureCast from the shortcut menu that appears Next follow these steps 1 In the list box on the left side of the BackWeb client window see Figure D 9 on page 288 locate then select the listing for the ...

Page 294: ...cureCast Service to Get New Data Files 294 McAfee VirusScan BackWeb client For a comprehensive guide to BackWeb including additional troubleshooting advice see the online BackWeb User s Manual http www backweb com ...

Page 295: ... bandwidth than ever before Better still the AutoUpdate utility makes this process completely transparent it will download as many incremental DAT files as it needs to bring your software up to date If your DAT files are older than the backward range of iDAT packages available or if an iDAT download fails for any reason the utility will download the entire current DAT file package In either case t...

Page 296: ...t and install all of the virus definition files it needed to bring your existing DAT files up to date The utility finds the information it needs to determine which packages to download in the DELTA INI file DELTA INI files These are text files that describe which weekly UPD files the AutoUpdate utility needs to bring your DAT files completely up to date The DELTA INI file consists of entries that ...

Page 297: ... the existing DAT files you may not download the iDAT files through the AutoUpdate utility and use the utility to save them for later updates You can download the UPD packages independently from the McAfee VirusScan FTP site however and save these files for later distribution See Best practices below for details What does McAfee VirusScan Software post each week Each week McAfee VirusScan Software...

Page 298: ...rings your network to a workable baseline state You can then download and install iDAT files to keep current 2 From the baseline state use a web browser or FTP client software each week to download new UPD files directly from the McAfee VirusScan FTP site to a central server on your network If you start from the baseline state described in Step 1 you can simply download the most recent UPD file po...

Page 299: ...ters are off or if they do not have the VirusScan Console running the AutoUpdate utility will resume its scheduled task when you next start the computer or the VirusScan Console To learn how to use this feature see Enabling tasks on page 200 NOTE Be sure to schedule your client computer updates for a time after you have downloaded and installed the update files on your central server If you config...

Page 300: ...of date After that point it becomes more efficient to download a full DAT file set Network configuration issues Q Do all the machines I want to update need to be able to connect to the Internet A No You can configure one computer on your network to download the iDAT files from the Internet then have other computers on your network download their files from this computer To learn more see Three sta...

Page 301: ...rusScan in Console 212 to 213 in Download Scan module 132 to 133 in E mail Scan module 119 to 123 in Internet Filter module 142 to 143 in System Scan module 104 to 105 in the E Mail Scan program component 232 to 236 ALR files use of for Centralized Alerting messages 252 America Online mail client supported in VShield 84 anti virus software code signatures use of for virus detection xi consequences...

Page 302: ...ert Manager configuring 252 to 256 understanding and using in VirusScan software 251 to 252 code signatures use of by viruses xi COMMAND COM files virus infections in x components included with VirusScan 22 to 27 computer problems attributing to viruses 53 Concept virus introduction of xii configuration choosing options for VirusScan in Console 204 to 221 of E Mail program component 225 to 238 of ...

Page 303: ...ing 190 toolbar in hiding and displaying 189 window elements of 189 contents of log file 107 124 135 215 237 context menus use of in VirusScan Console window 190 control panel VirusScan choosing options for 248 to 250 opening 247 to 248 understanding 247 Copy in Edit menu 190 corporate e mail systems choosing in configuration wizard 91 in E Mail Scan Properties dialog box 113 costs from virus dama...

Page 304: ... transmission ix to x distribution of VirusScan electronically and on CD ROM disc 31 DMI alerts use of with Alert Manager server 255 document files as agents for virus transmission xii double heuristics analysis 21 Download Scan module configuring 126 to 136 default response options for 63 to 64 set up using configuration wizard 92 using VShield Properties dialog box 126 to 135 E Edit menu Copy 19...

Page 305: ...finition and behavior of x setting heuristic scanning options for 99 to 100 115 128 to 129 207 228 242 files choosing as scan targets 205 to 206 228 to 230 240 to 242 infected cleaning 101 to 104 117 to 119 130 132 210 to 211 230 to 232 cleaning by yourself when VirusScan cannot 55 deleting 101 to 104 117 to 119 130 132 210 to 211 230 to 232 moving 101 to 104 117 to 119 130 132 210 to 211 230 to 2...

Page 306: ...ad of viruses via xii Internet Explorer as browser supported in VShield 83 Internet Filter module configuring 136 to 145 default response options for 64 set up using configuration wizard 93 using VShield Properties dialog box 136 to 145 Internet Relay Chat as agent for virus transmission xiv J Java classes as malicious software xiii to xiv distinction between viruses and xiii L log file creating w...

Page 307: ...us infections in ix to x menus shortcut use of from system tray for VShield 149 use of in VirusScan Console window 190 Microsoft Exchange Outlook and Outlook Express as e mail clients supported in VShield 84 Internet Explorer as browser supported in VShield 83 Visual Basic as macro virus programming language xii Word and Excel files as agents for virus transmission xii military time using to sched...

Page 308: ...sScan in Console 220 in VShield Security module 147 Paste in Edit menu 190 payload definition of ix PC viruses origins of ix permanent storage definition 258 plain text use of to transmit viruses xiv polymorphic viruses definition of xi POP 3 e mail clients choosing options for in configuration wizard 91 in E mail Scan dialog box 113 pranks as virus payloads ix program components included with Vir...

Page 309: ... Console 213 to 216 in Download Scan module 133 to 136 in E mail Scan module 123 to 125 in Internet Filter module 144 to 145 in System Scan module 106 to 108 in the E Mail Scan program component 236 to 238 in VirusScan Classic to 169 response options choosing when Download Scan module finds a virus 63 to 64 when E mail Scan module finds a virus 62 to 63 when Internet Filter module finds harmful ob...

Page 310: ... 216 memory scanning 209 naming 197 new creating 190 196 to 200 pasting settings from another 190 program to carry out choosing 197 removing 190 report options configuring for VirusScan Classic to 169 for VirusScan in Console 213 to 216 schedule times and intervals available for 201 scheduling and enabling 190 200 to 202 security options configuring 219 to 221 starting 191 automatically 209 need f...

Page 311: ...licts as potential cause for computer problems 57 spreadsheet files virus infections in xii Start in Task menu 191 statistics displayed in VShield Status dialog box 155 for scan task 202 to 203 status checking for scan operations 202 to 203 checking for VShield 155 Status Bar in VirusScan Console hiding and displaying 190 Status Bar in View menu 190 stealth viruses definition of xi Stop in Task me...

Page 312: ...port options configuring for VirusScan Classic to 169 for VirusScan in Console 213 to 216 scan targets for adding 205 240 to 241 schedule times and intervals available for 201 scheduling and enabling 190 200 to 202 security options configuring 219 to 221 starting 191 automatically 209 need for Console to be running 202 status checking 202 to 203 stopping 191 task list default tasks in 189 Task men...

Page 313: ...default response to when E Mail Scan program component detects 66 when VirusScan detects 64 when VShield detects 59 to 64 definition of vii detecting recorded in log file 107 124 135 disguising infections of xi distinction between hostile objects and xiii effects of vii 53 encrypted definition of xi false detections of understanding 58 file infectors x history of vii to xiv macro xii setting heuri...

Page 314: ...sing in Console 213 to 216 main window use of to select responses to infections 65 overview of features 17 property pages Action to 177209 to 211 Alert 212 to 213 Detection 205 to 209 Exclusion 216 to 219 Report 213 to 216 Security 219 to 221 report options choosing in Console 213 to 216 security options choosing in Console 219 to 221 VirusScan Classic Report options choosing to 169 VirusScan Comm...

Page 315: ...ter module configuring 136 to 145 default response options for 64 Properties dialog box Download Scan module 126 to 135 E mail Scan module 111 to 125 Internet Filter module 136 to 145 Security module 145 to 148 System Scan module 94 to 100 Wizard button in 89 reasons to run 82 Security module configuring 145 to 148 stopping and unloading from memory 149 to 154 System Scan module configuring 94 to ...

Reviews: