Page 1 KASPERSKY LAB Kaspersky Anti-Virus 5.0 for Windows Workstations Administrator’s Guide...
Page 2 ® K A S P E R S K Y A N T I - V I R U S 5 . 0 F O R W I N D O W S W O R K S T A T I O N S Administrator’s Guide ©...
Page 3: Table Of Contents
Contents CHAPTER 1. KASPERSKY ANTI-VIRUS FOR WINDOWS WORKSTATIONS ..7 1.1. What's new in version 5.0? ................... 9 1.2. Hardware and software system requirements ........... 11 1.3. Distribution kit ...................... 11 1.3.1. License Agreement..................12 1.4. Services for registered users ................12 1.5.
Page 4 Kaspersky Anti-Virus 5.0 for Windows Workstations 5.1.2. Performing manual update. Downloading updates........40 5.1.3. Configuring updates ..................42 5.1.3.1. Updating the application modules ............44 5.1.3.2. Copying updates to the local folder............45 5.1.3.3. Selecting the updates source ..............46 5.1.3.4.
Page 5 Contents 5.10.1.3. Working with Backup storage............105 5.10.2. Working with reports................. 106 5.10.3. Managing Kaspersky Anti-Virus configuration......... 111 5.10.4. Additional settings..................112 5.10.5. Configuring prompts for confirmation............116 5.10.6. Restricting efficiency of Kaspersky Anti-Virus ......... 117 5.10.7. Working in the administrator’s and the user’s mode ....... 118 CHAPTER 6.
Page 6 Kaspersky Anti-Virus 5.0 for Windows Workstations 6.3.3. Launching and stopping tasks..............165 6.4. Configuring application settings ................ 165 6.4.1. Viewing information about the application ..........167 6.4.2. Additional application settings ..............168 6.4.3. Working with the quarantine and backup storage areas......169 6.4.4.
Page 7: Chapter 1. Kaspersky Anti-Virus For Windows Workstations
CHAPTER 1. KASPERSKY ANTI- VIRUS FOR WINDOWS WORKSTATIONS ® Kaspersky Anti-Virus for Windows Workstations (hereinafter referred to as the Kaspersky Anti-Virus) is designed to protect workstations against computer viruses and malware. The following features have been implemented in the application: •...
Page 8 Kaspersky Anti-Virus 5.0 for Windows Workstations defense will be provided and the attacking computer will be blocked. Additionally, the application will use the invisible mode that allows receiving data only from computers that are engaged in the data exchange initiated by the user. •...
Page 9: What's New In Version 5.0
Kaspersky Anti-Virus for Windows Workstations where you can disinfect, delete them, restore them to the original folder or send them to the Kaspersky Lab’s experts for analysis. Quarantined files are stored in a special format and do not impose any threat. •...
Page 10 Kaspersky Anti-Virus 5.0 for Windows Workstations the archives and for disinfection of infected objects contained in zip archives. Kaspersky Anti-Virus scans multi-volume archives of the above format and self-extracting archives, but does not disinfect them. • The anti-virus database updating process speed has been increased through determining the Kaspersky Lab’s updates server closest to the user’s geographical location.
Page 11: Hardware And Software System Requirements
Kaspersky Anti-Virus for Windows Workstations • Ability to create the list of trusted processes. Kaspersky Anti-Virus does not monitor the activities of the trusted processes in the real-time protection mode. • Password-protected access to the Kaspersky Anti-Virus settings management feature. You can set up a password to be prompted for when switching between the user’s and the administrator’s mode.
Page 12: License Agreement
Kaspersky Anti-Virus 5.0 for Windows Workstations The retail box package includes: • a sealed envelope with an installation CD containing the application files;; • a user's manual; • a license key included in the distribution package or recorded on a special floppy disk;...
Page 13: Conventions
Kaspersky Anti-Virus for Windows Workstations • consultation regarding issues pertaining to installation, setup and use of the software products available by phone or e-mail; • notifications about availability of new Kaspersky Lab software products and about new viruses worldwide (this service is provided to users who have subscribed to the Kaspersky Lab e-mail newsletter).
Page 14: Chapter 2. Installation And Removal Of The Application
CHAPTER 2. INSTALLATION AND REMOVAL OF THE APPLICATION There are two options for installing Kaspersky Anti-Virus 5.0 for Windows Workstations: local remote installation (through Kaspersky Administration Kit centralized administration system). This guide describes local installation of Kaspersky Anti-Virus to a workstation. For details regarding remote installation of the application, please consult the Kaspersky Administration Kit 5.0 Reference Guide.
Page 15 Installation and removal of the application Step 1. Verifying the version of the installed operating sys- Before the application installation is started, a check will be performed to determine whether the operating systems and the Service Packs installed on your computer meet the software requirements for the installation of Kaspersky Anti-Virus.
Page 16 Kaspersky Anti-Virus 5.0 for Windows Workstations protection is enabled. If you do not want Kaspersky Anti-Virus to scan files when you access them, uncheck the Use real-time file system protection box. Real-time mail protection – anti-virus scan of all messages received by your computer, messages you send and your mail databases.
Page 17 Installation and removal of the application If an earlier version of Kaspersky Anti-Virus (for example, version 4.5) is detected on your computer, the application will be automatically updated from version 4.x to version 5.0 (details see section 2.4 on page 22). If a license key for Kaspersky Anti-Virus for Windows Workstations version 4.x is detected on your computer, then the Install the license key dialog box displayed during the installation (see Step 8 page 17)
Page 18 Kaspersky Anti-Virus 5.0 for Windows Workstations • If you purchased Kaspersky Anti-Virus in a box (retail box), your license key will be written on a floppy disk. You will have to en- ter the disk in the drive and select this drive to access the disk. •...
Page 19: Silent Mode Installation Of The Application
Installation and removal of the application As the result of Kaspersky Anti-Virus installation: • application icon will appear in the system tray. • Application shortcuts will be added to the main Windows menu (Start Programs Kaspersky Anti-Virus 5.0 for Windows Workstations). 2.2.
Page 20 Kaspersky Anti-Virus 5.0 for Windows Workstations Modifier Purpose disabled; • KLUSEISTREAMS – iStreams™ technology set- tings. In order to enable this technology, use “1”, in order to disable it – use “”. By default this tech- nology is enabled; • KLUNINSTPASSWD –...
Page 21 Installation and removal of the application The filename of the file containing the settings must always be setup.ini. The following settings can be used: • InstallDir – full path to the application installation folder; • User – user name; • Company –...
Page 22: Removing The Application
Kaspersky Anti-Virus 5.0 for Windows Workstations 2.3. Removing the application If for some reason you need to uninstall Kaspersky Anti-Virus, run Start Programs Kaspersky Anti-Virus Windows Workstations Kaspersky Anti-Virus Uninstall or use standard Microsoft Windows Add or Remove Programs control panel tool. If the application is controlled via Kaspersky Administration Kit, and password protection has been enabled to prevent its unauthorized uninstallation (see section 6.2.2.14 on page 151), you will be prompted...
Page 23: Chapter 3. Application Management Concepts
CHAPTER 3. APPLICATION MANAGEMENT CONCEPTS Kaspersky Anti-Virus is installed on a workstation and can be controlled locally or remotely through Kaspersky Administration Kit (if the computer is included into the centralized administration system). There are several categories of users working with Kaspersky Anti-Virus: •...
Page 24: Basic Concepts Of The Administration Concept
Kaspersky Anti-Virus 5.0 for Windows Workstations If centralized administration via Kaspersky Administration Kit is used, the application is controlled remotely from a computer on which the Administration console installed. The administration console is a standard interface integrated into MMC that allows the logical network administrator to perform the following functions: •...
Page 25: Local Interface
Application management concepts A Policy is a set of application settings pertaining to its operation in a logical network group and a set of restrictions for redefining these parameters when configuring the application or a task. A policy includes parameters required for complete configuration of the application’s functionality, and includes both application settings and settings for all types of tasks, except for parameters that must be defined each time a specific task is started.
Page 26: Right-Click Menu
Kaspersky Anti-Virus 5.0 for Windows Workstations 3.2.2. Right-click menu If you right-click the application icon in the system tray, you will see a right-click menu (see Figure 1) consisting of the following items: • Open Kaspersky Anti-Virus opens the Protection tab of the main application window.
Page 27: Main Application Window: General Structure
Application management concepts Figure 1. Shortcut menu 3.2.3. Main application window: general structure The main window of Kaspersky Anti-Virus is designed for implementation of all application features, which helps achieve complete anti-virus protection of your computer. Here you can: • start and stop full computer scan and scan of individual drives, folders and files for viruses and other types of malware;...
Page 28: The Protection Tab
Kaspersky Anti-Virus 5.0 for Windows Workstations • Support – a tab where you can view the information about the license key, renew the application license, access reference help and send your inquiries to the Technical Support Service (see section 3.2.3.3 on page 31).
Page 29: The Settings Tab
Application management concepts Figure 2. The Protection tab Critical status and any status that is different from the recommended protection level always supplemented with Kaspersky Lab’s experts’ recommendations. In order to increase the level of the anti-virus protection you may be offered to modify the current settings, return to the settings recommended by the experts, run a task, etc.
Page 30 Kaspersky Anti-Virus 5.0 for Windows Workstations comments and tips on editing some settings. For example, if in the past you started the anti-virus database updating process manually, the application will suggest that you automate this process by creating a schedule to start this task automatically.
Page 31: The Support Tab
Application management concepts Support 3.2.3.3. The The Support tab (see Figure 4) displays contact information to be used when you need help if you encountered problems in the operation of Kaspersky Anti- Virus or a situation that you cannot handle by yourself. This tab also contains information about the application, the license key and about the operating system installed on your computer for cases when you need to provide this information to the Kaspersky Lab’s Technical Support Service.
Page 32: Scanning Process Window
Kaspersky Anti-Virus 5.0 for Windows Workstations • Virus Encyclopedia – a link to www.viruslist.com site containing detailed descriptions of all currently existing malware. • Kaspersky Lab’s Website – a link to the Kaspersky Lab web site. 3.2.4. Scanning process window The scanning process window appears on screen when a computer scan or scan of its individual objects (disks, folders, files) is launched (see Figure 5).
Page 33: Help System
Application management concepts list of settings used to perform the scan. In order to hide the bottom part, use the button. In order to access the quarantine window (see section 5.10.1.2 on page 103), follow the View Quarantine link. If a full computer scan is being performed, you can use the same window to select a mode that turns off the computer after the scan is completed.
Page 34: Chapter 4. Computer Protection Using The Default Settings
CHAPTER 4. COMPUTER PROTECTION USING THE DEFAULT SETTINGS Anti-virus protection starts working immediately after application installation using its default settings. These settings are recommended by the Kaspersky Lab's experts for ensuring the optimum protection of your computer. If you are using centralized administration feature via Kaspersky Administration Kit, the settings can be determined by the policies and tasks created by the Security Administrator.
Page 35 Computer protection using the default settings • If an infected object is detected, Kaspersky Anti-Virus will attempt to disinfect it and deletes the object if disinfection fails, creating a copy of it in the backup storage; if a suspicious object is detected, it is quarantined. •...
Page 36: Anti-Virus Protection Levels
Kaspersky Anti-Virus 5.0 for Windows Workstations • If an infected or suspicious object is detected, Kaspersky Anti-Virus will postpone its processing until the anti-virus scan is completed, will prompt the user for action when the scan is finished and process the object. •...
Page 37 Computer protection using the default settings • Recommended – level of anti-virus protection based on the settings recommended by the Kaspersky Lab's settings that ensure optimal protection of your computer. • High speed – level of computer protection that ensures maximum system performance with a certain decrease in the number of objects scanned.
Page 38 Kaspersky Anti-Virus 5.0 for Windows Workstations Maximum Recommended High Speed Setting protection protection scan protection scan protection scan disk boot sectors packed files archives – self-extracting – – archives e-mail – – databases mail text – – format files OLE objects –...
Page 39: Chapter 5. Application Management Using The Local Interface
CHAPTER 5. APPLICATION MANAGEMENT USING THE LOCAL INTERFACE This chapter contains detailed information about operation and settings of the major tasks of Kaspersky Anti-Virus and additional features of the program control using the local interface. 5.1. Updating the anti-virus database and application modules Kaspersky Anti-Virus provides a possibility to automate the updates of both the anti-virus database, which contains descriptions of viruses and methods to be...
Page 40: When To Download Updates
Kaspersky Anti-Virus 5.0 for Windows Workstations 5.1.1. When to download updates The application will inform you when the anti-virus database requires an update. You can also make your own judgment regarding the updates after reviewing their status in the right frame of the Protection tab (see Figure 2). The status of updates is indicated by the following icons: anti-virus database has been updated recently or is being currently updated...
Page 41 Application management using the local interface The update downloading procedure can be divided into the following steps: Kaspersky Anti-Virus checks connection to the network and establishes connection with the source of updates. The application obtains a list of updates and information on their size from the Kaspersky Lab update servers.
Page 42: Configuring Updates
Kaspersky Anti-Virus 5.0 for Windows Workstations 5.1.3. Configuring updates In order to configure the settings of the anti-virus database update task: use the Configure Updater hyperlink in the left frame of the Settings tab (see Figure 3). This will open the Updating the anti-virus database window (see Figure 7). Figure 7.
Page 43 Application management using the local interface Figure 8. Anti-virus database updating task settings configuration • enable Kaspersky Anti-Virus application module updating feature (see section 5.1.3.1 on page 44); • configure the feature of copying updates into a local folder for broadcasting to other network computers on which Kaspersky Anti-Virus is installed (see section 5.1.3.2 on page 45);...
Page 44: Updating The Application Modules
Kaspersky Anti-Virus 5.0 for Windows Workstations 5.1.3.1. Updating the application modules Apart from the anti-virus database you can also update the Kaspersky Anti-Virus application modules. Application modules updates files are uploaded to the updates servers as they are released. You can update the application modules from the updates source specified during the application setup (see section 5.1.3.3 on page 46).
Page 45: Copying Updates To The Local Folder
Application management using the local interface If you order a zip archive with the updates from the Kaspersky Lab or from one of its partners, please make sure to indicate that you would also like to receive the application modules updates. When you receive the application modules a corresponding prompt will be displayed on the screen (see Figure 10).
Page 46: Selecting The Updates Source
Kaspersky Anti-Virus 5.0 for Windows Workstations In addition, you can select the updates copying method: • full to copy the updates of the anti-virus database and of the modules for all Kaspersky Lab's applications. In order to select full update, check the Copy updates for all applications box.
Page 47 Application management using the local interface You can specify the following as the updates source: • Administration server – a centralized updates storage located at the Kaspersky Administration Kit Administration Server. This updates source will not be available if the Network Agent is not installed on the computer (details see the Kaspersky Administration Kit 5.0 Reference Guide).
Page 48: Proxy Server Settings Configuration
Kaspersky Anti-Virus 5.0 for Windows Workstations If you wish the updates to be performed from the specified source, check the box next to it. You can select several resources at the same time. In this case Kaspersky Anti-Virus will perform updates from the first source in the list. If this source is unavailable for any reason, the updating will be performed from the source next in the list, etc.
Page 49: Selecting Anti-Virus Database Type
Application management using the local interface used for the next update. Otherwise you will be prompted for the authorization parameters again. If your server has a firewall and you cannot connect to the required FTP server in the active mode check the Use passive mode when updating from FTP servers box.
Page 50 Kaspersky Anti-Virus 5.0 for Windows Workstations In order to select the anti-virus database type to be used with your Kaspersky Anti-Virus, Follow the Threats and exclusions link in the left section of the Settings tab (see Figure 3). If you wish to use the extended anti-virus database, check the Adware, riskware, automatic dialers box in the Detectable threats section of the dialog box that will open.
Page 51: Real-Time Protection Mode
Application management using the local interface 5.2. Real-time protection mode Real-time protection of your computer is provided only if you did not disable it during the installation of the application. Real-time protection is a mode of operation in which Kaspersky Anti-Virus provides constant monitoring of all calls to the file system's objects, incoming and outing mail and the execution of potentially dangerous VBScript, JavaScript scripts and macros used by office applications and detecting potentially...
Page 52 Kaspersky Anti-Virus 5.0 for Windows Workstations anti-virus protection stopped, this status indicates that protection of your computer is temporarily disabled, real-time protection is not working, in this case we recommend configuring real-time protection settings and starting it. Real-time protection is enabled since the moment your operation system has loaded and until you turn-off your computer.
Page 53: File System Scan
Application management using the local interface Figure 15. Temporary disabling the anti-virus protection Disabling the real-time protection mode considerably increases the risk of a virus infection of your computer. However, when performing certain operations (for example, defragmenting a disk with FAT32 file system), you can disable real-time protection in order to save time.
Page 54 Kaspersky Anti-Virus 5.0 for Windows Workstations • enable/disable protection. In order to do this check or uncheck the Enable real-time file protection box. By default the box is checked - protection is enabled; • specify the anti-virus protection level, perform a detailed configuration of the selected level (see section 5.2.1.1 on page 55);...
Page 55: Selecting The Anti-Virus Protection Level
Application management using the local interface Figure 16. File system objects protection task settings 5.2.1.1. Selecting the anti-virus protection level Select one of the levels pre-defined by the Kaspersky Lab's experts in the Protection level settings drop-down list (details Chapter 4 on page 34). By default the recommended anti-virus level protection settings will apply.
Page 56 Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 17. Fine-tuning of the real-time file protection Check corresponding boxes to specify drives to be scanned in the Scan scope section. Select objects to be included into the scan scope in the Objects to be scanned section: •...
Page 57: Actions To Be Performed With A Detected Object
Application management using the local interface You can limit the time for scanning one object in the Additional settings of file protection section by specifying the value of the scan interval in seconds; here you also can specify whether the following objects will be scanned: •...
Page 58 Kaspersky Anti-Virus 5.0 for Windows Workstations Sometimes as the result of placing the file into quarantine, a message can be displayed informing the user that this object cannot be deleted. This is related to the fact that placing an object into quarantine involves moving this object: copying it to the quarantine and deleting it from its original location.
Page 59: Scanning Mail
Application management using the local interface 5.2.2. Scanning mail Real-time protection of incoming and outgoing e-mail messages is provided only if you did not disable it during the installation of the application. In order to install the mail protection feature, you will have to re-install the application.
Page 60: Selecting The Anti-Virus Protection Level
Kaspersky Anti-Virus 5.0 for Windows Workstations the specified protection settings. The appearance of the link changes depending on whether any exclusions are specified; • specify action that will be performed by Kaspersky Anti-Virus upon detection of dangerous and suspicious objects (see section 5.2.1.2 on page 57).
Page 61 Application management using the local interface Such user-defined settings will not be saved when you return to the settings of any of the three pre-defined levels. You can view and modify the setting of the selected level of protection in the Real-time mail protection settings window (see Figure 19) that opens by pressing the Settings button on the Mail tab (see Figure 18).
Page 62: Actions To Be Performed With A Detected Object
Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 19. Fine-tuning e-mail scan settings 5.2.2.2. Actions to be performed with a detected object In the Actions to be performed with detected objects section, choose the type of action to be performed upon detecting of an infected or suspicious object: •...
Page 63: Scanning Microsoft Office Outlook Mail
Application management using the local interface • Delete – deletes an object. If you select this action for an object, a copy of it will be created and stored in the backup storage. You may use the copy to restore the file or send it for examination to Kaspersky Lab. 5.2.3.
Page 64: Macros Monitoring
Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 20. Kaspersky anti-virus tab in Microsoft Office Outlook In order to setup e-mail scanning, use the click here hyperlink in the Settings section. This will open the real-time protection settings on the Mail tab (see Figure 18).
Page 65 Application management using the local interface Macros monitoring is configured in the Macros tab of the Real-time protection settings window (see Figure 21). Figure 21. Macros monitoring task settings By default macros monitoring is enabled. In order to disable monitoring, uncheck the Enable VBA macros monitoring box.
Page 66: Scripts Monitoring
Kaspersky Anti-Virus 5.0 for Windows Workstations You can configure your own settings based on the settings of any protection level. In this case the protection level will be changed to User-defined settings. Such user-defined settings will not be saved when you return to the settings of any of the three pre-defined levels.
Page 67: Protection Against Network Attacks
Application management using the local interface Figure 22. Script monitoring task settings 5.2.6. Protection against network attacks Protection of your computer against network attacks is provided only if you did not disable it during the installation of the application. Kaspersky Anti-Virus allows protecting your computer against hacker’s attacks attempted from the local area network or from the internet.
Page 68 Kaspersky Anti-Virus 5.0 for Windows Workstations about the type of the attack, IP address of the attacking computer and the local port (if possible). Network attacks protection settings are configured on the Network tab of the Real-time protection settings dialog box (see Figure 24). Enabling/disabling the real-time protection from the Kaspersky Anti-Virus right- click menu (see section 5.2 on page 51) in the system tray also disables network attacks protection.
Page 69 Application management using the local interface • Network attack notification By default the application informs you every time when an attempt is made to attack your computer. A message will be displayed on the screen (see Figure 23) to inform you what kind of attacks was attempted, from which IP address it was attempted and to which local port (if it was possible to determine this).
Page 70: The On-Demand Scan Mode
Kaspersky Anti-Virus 5.0 for Windows Workstations 5.3. The on-demand scan mode On-demand scanning is the mode of the application designed to scan for the presence of malicious code at the request of the workstation user or administrator, and disinfect and remove infected objects as well as quarantine suspicious objects.
Page 71 Application management using the local interface The application will prompt you when you need to perform full scan. If the main application window is closed, then a message will appear above the Kaspersky Anti-Virus icon in the system tray with a recommendation to start scan (if pop-up messages are not disabled, see section 5.10.4 on page 112).
Page 72: Scanning Selected Objects
Kaspersky Anti-Virus 5.0 for Windows Workstations The full computer scan does not include analysis of mail boxes, removable drives and network drives if such drives are connected to your computer. You can hide the scan window by pressing button in the right top corner and select Close this dialog box and resume scan in the window that will open.
Page 73 Application management using the local interface • hard drives; • network drives (if such drives are connected to your computer); • Microsoft Office Outlook and Microsoft Outlook Express mailboxes; • My Documents folder; • system memory; • startup objects; • disk boot sectors.
Page 74: Configuring On-Demand Scan
Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 27. Scanning objects selected using Microsoft Windows tools If Kaspersky Anti-Virus is not running, then you will be offered to launch it when you initiate the scan of the object selected using Microsoft Windows tools.
Page 75 Application management using the local interface Figure 28. On-demand scan tasks list Block containing information about the scan scope and about the start time of the last and the next scan is opened by a mouse click on the task name. Using this block you can launch an on-demand scan using the Run button or open the anti- virus scan settings configuration window (see Figure 29) where you can: •...
Page 76 Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 29. On-demand scan task settings window. The Objects to be scanned tab • specify the anti-virus protection level, perform a detailed configuration of the selected level (see section 5.3.3.1 on page 77); • create a list of objects that will not be scanned (see section 5.7 on page 92).
Page 77: Selecting The Scan Level
Application management using the local interface In this case you will be able to launch such task by clicking on the link with its name, located in the left section of the Protection tab (see Figure 2). Depending on the situation, the following icons may appear left of the task name: –...
Page 78 Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 30. Configuring an on-demand scan You can view and modify settings of the selected level in the On-demand scan settings (see Figure 31) that opens by pressing the Settings button (see Figure 30). Select objects to be included into the scan scope in the Objects to be scanned section: •...
Page 79 Application management using the local interface • packed executable files; • self-extracting archives; • objects attached or built-in into other files (OLE-objects), • alternate NTFS streams; • mail files; • mail databases Figure 31. Fine-tuning an on-demand scan...
Page 80: Actions To Be Performed With A Detected Object
Kaspersky Anti-Virus 5.0 for Windows Workstations Check the following boxes in the Restrictions section: • Do not scan files larger than (KB), to restrict the size of the objects being scanned specify the maximum size of the object (in KB) to be scanned.
Page 81 Application management using the local interface • Disinfect infected object, delete if disinfection fails • Quarantine the object possibly infected with a virus or its modification. Sometimes as the result of placing the file into quarantine, a message can be displayed informing the user that this object cannot be deleted.
Page 82: Scanning Archives
Kaspersky Anti-Virus 5.0 for Windows Workstations • Disinfect at system startup. This action will be listed only if this object can be disinfected. • Delete at system startup. • Skip - do not perform any action with the object, record information about its detection into the application's operation report.
Page 83 Application management using the local interface section 5.3.3.2 on page 80), a prompt for the password will be displayed after the scan is completed. You can choose whether the prompt for the password is displayed by checking or unchecking the Do not ask for password when scanning objects box in the scan settings (see section 5.3.3.1 on page 77).
Page 84: Scanning Removable Drives
Kaspersky Anti-Virus 5.0 for Windows Workstations that are not password-protected will be scanned and processed in accordance with the settings defined for anti-virus scanning. The Apply to all password-protected objects within this session box applies to the action selected after it is checked. For example, if you checked this box and then select Skip, Skip archive, then the remaining password-protected objects will not be scanned.
Page 85: Processing Malicious Objects Detected
Application management using the local interface Follow the Scan objects link to switch to the Select objects to scan window (see Figure 26), select removable drives and press the Scan button. Select the Settings tab in the main application window and follow the On-Demand Scan tasks link.
Page 86 Kaspersky Anti-Virus 5.0 for Windows Workstations demand scan settings. This section contains a discussion of cases when Kaspersky Anti-Virus offers various actions to be performed with the detected object during the scan or after the scan is complete. Such situations take place when one of the following actions to be performed with the detected object was selected: •...
Page 87 Application management using the local interface of the following actions (the set of actions suggested depends on the type of the object detected): • Disinfect – attempt to disinfect the infected object if disinfection is possible. Before the first attempt to disinfect the object its copy will be saved to the backup storage.
Page 88 Kaspersky Anti-Virus 5.0 for Windows Workstations You can also apply the selected action to all objects of this type by checking the corresponding box. Thus, for instance, in order to apply the selected action to all infected objects that the application can disinfect, check box Apply to all infected objects that can be disinfected within this session.
Page 89: Software Processing Monitoring
Application management using the local interface Figure 37. Shortcut menu of the Detected dangerous objects dialog box If any of the dangerous objects has been deleted manually, it will be removed from the list of detected dangerous objects at the time of the attempt to disinfect it.
Page 90 Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 38. Trusted processes list window An additional window will open when the Change button is pressed (see Figure 39). Figure 39. Adding a trusted process The name of the process file can be selected by pressing the button.
Page 91: User's Tasks
Application management using the local interface Path to the file will be provided automatically with the file name is selected. You can modify it manually. When specifying the path, you should use the full path to the process file or use a mask * (any number of any characters) or ? (any single character).
Page 92: Creating List Of Exclusions
Kaspersky Anti-Virus 5.0 for Windows Workstations If modification of certain settings have been prohibited when managing tasks using Kaspersky Administration Kit ( lock has been set), then such tasks will not be available for editing via the local interface of Kaspersky Anti-Virus.
Page 93 Application management using the local interface In order to add an exclusion, press the Add button. As the result a window Excluded object (see Figure 40) will open where you can specify exclusions for Kaspersky Anti-Virus. The following types of objects can be specified as exclusions: •...
Page 94 Kaspersky Anti-Virus 5.0 for Windows Workstations • test – all files with filename test • Masks with absolute paths to objects: • C:\dir\*.* – all files in folder C:\dir\ • C:\dir\*.exe – all files with extension exe in folder C:\dir\ •...
Page 95 Application management using the local interface www.viruslist.com. In order to do it, select a threat in the list of use the Details shortcut command. Figure 41. The list of detectable threats In order to exclude a specific object of a known threat from the protection scope, Specify the name of the object in the Object field.
Page 96: Configuring Schedule
Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 42. Notification about a threat 5.8. Configuring schedule You can create a schedule in order to automatically launch on-demand scan or updating tasks. This will allow timely updates of the anti-virus database and perform a regular anti-virus scan of your computer's objects based on this updated database.
Page 97 Application management using the local interface In order to create/modify the on-demand scan task schedule,   U se the On-Demand Scan tasks link in the left section of the Settings tab. In the window that contains the list of scan tasks (see Figure 28) select the task for which you need to create/modify the schedule and press the Properties button.
Page 98 Kaspersky Anti-Virus 5.0 for Windows Workstations button. If the user takes no action in the prompt window within 3 minutes, the task will be started automatically. Figure 44. Prompt for launching a scheduled task Use the Frequency field to define the periodicity for the task. The following options are available: hours, days, weeks, at the program startup.
Page 99: Launching A Task Under A Selected User's Account
Application management using the local interface • Weeks – the task will run, in accordance with its schedule, every x weeks. Define the frequency (in weeks) and select the weekday and the time of task launch. Figure 47. Setting task schedule with weekly frequency •...
Page 100: Additional Features
Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 48. The Run on behalf of user's account tab 5.10. Additional features Kaspersky Anti-Virus offers the following additional capabilities for product tuning and use, including: • Working with suspicious objects relocated to quarantine storage. •...
Page 101: Quarantine And Backup Storage
Application management using the local interface 5.10.1. Quarantine and Backup storage Kaspersky Anti-Virus gives users the option of isolating suspicious objects in quarantine or saving backup copies of infected objects in the backup storage prior to their disinfection or removal. When a suspicious object is detected, the application isolates it in a quarantine directory, where the object can be rescanned, deleted, restored or sent to Kaspersky Lab for analysis.
Page 102 Kaspersky Anti-Virus 5.0 for Windows Workstations Automatically scan quarantined objects every time the anti-virus database is updated. This mode allows automatic scan of quarantined objects every time the database is updated without user's intervention. Kaspersky Anti-Virus cannot scan quarantined objects immediately after your anti-virus database is updated if you are working with quarantine at the moment.
Page 103: Work With Quarantine Storage
Application management using the local interface 5.10.1.2. Work with Quarantine storage Kaspersky Anti-Virus moves all suspicious objects detected during a full computer scan or in real-time protection mode to quarantine, where you may continue operations with them (scanning, restoration, deletion, etc.) By default Kaspersky Anti-Virus rescans quarantined objects after each update of its anti-virus database.
Page 104 Kaspersky Anti-Virus 5.0 for Windows Workstations dialog box. This file will be added to the list with the quarantined by user status. • Scan and disinfect all suspicious files or files selected from the list using the current anti-virus databases. In order to do this press the Scan All or the Scan button (after you have selected objects to be scanned).
Page 105: Working With Backup Storage
Application management using the local interface • Delete any quarantined object or a group of selected objects. Delete only those objects which cannot be disinfected. In order to delete objects, select them in the list and press the Delete button. 5.10.1.3.
Page 106: Working With Reports
Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 51. Backup storage window When can I restore backup copies? Sometimes, during disinfection of an object its integrity cannot be preserved. If the disinfected file contained important information that became partially or completely unavailable after disinfection, you can try to restore the original object from its backup copy We recommend performing anti-virus scan of the object immediately after it has been restored.
Page 107 Application management using the local interface Here is where it records the status of each task, together with the date and time of its completion. The status information about object processing may belong to one of the following categories: Information report contains reference information (for example: task started, task completed, task running, task paused).
Page 108 Kaspersky Anti-Virus 5.0 for Windows Workstations You can perform the following actions in this window using the shortcut menu (opens by left-clicking the report name): • Export detailed report to file Using a standard Microsoft Windows dialog box that will open enter the file name, select a disk folder into which this file will be saved and press the Save button.
Page 109 Application management using the local interface Figure 53. The Statistics tab By default the Report tab (see Figure 55) does not contain information about “clean" objects and will display only information about detected viruses. In order to display information about clean objects, check the Log all reports box in the additional settings of Kaspersky Anti-Virus (see section 5.10.4 on page 112).
Page 110 Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 55. The Report tab The Settings tab (see Figure 56) displays the task settings. This tab contains information about the objects to be scanned, protection level selected for this task and actions to be performed by the application with the infected objects, malware and possibly infected files.
Page 111: Managing Kaspersky Anti-Virus Configuration
Application management using the local interface You can configure the settings for the reports log in the Additional settings window (see Figure 58), which is displayed after clicking the corresponding hyperlink in the left frame of the Settings tab (please see details in section 5.10.4 on page 112).
Page 112: Additional Settings
Kaspersky Anti-Virus 5.0 for Windows Workstations 5.10.4. Additional settings Apart from configuring settings of specific tasks, Kaspersky Anti-Virus also allows configuring various common and service settings (see Figure 58). In order to configure additional settings of Kaspersky Anti-Virus, Use the Additional Settings link in the left section of the Settings tab (see Figure 3).
Page 113 Application management using the local interface User interface display settings will be applied only after the computer restart. Display information messages – allow displaying all messages accompanying the operation of Kaspersky Anti-Virus. The messages will appear above the application icon in the system tray. Display of information messages is not available if you are running Microsoft Windows 98 or Microsoft Windows NT Workstation 4.0 operating system.
Page 114 Kaspersky Anti-Virus 5.0 for Windows Workstations You can configure restrictions to be imposed to the on-demand scan in order to save the battery (if you are using a notebook computer) and the operating systems’ resources (details see section 5.10.6 on page 117) on the Efficiency tab (see Figure 59).
Page 115 Application management using the local interface application window of Kaspersky Anti-Virus will minimize (if it was opened) and an information message will appear above the system tray icon (see Figure 60). After this the application’s operation will be recovered. Figure 60. Operation error. Use password for application protection –...
Page 116: Configuring Prompts For Confirmation
Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 61. Additional settings of Kaspersky Anti-Virus The Security tab 5.10.5. Configuring prompts for confirmation If you would like to be notified about certain events occurring during the operation of Kaspersky Anti-Virus, follow the Additional Settings link in the left section of the Settings tab (see Figure 3).
Page 117: Restricting Efficiency Of Kaspersky Anti-Virus
Application management using the local interface Figure 62. Configuring prompts for confirmation The following events can be associated with prompts for confirmation: Prompt for the scan cancellation confirmation – display a prompt or confirmation when canceling an on-demand scan If the scan was cancelled a pop up message containing explanation of the reasons why the scan was cancelled will appear above the system tray application icon.
Page 118: Working In The Administrator's And The User's Mode
Kaspersky Anti-Virus 5.0 for Windows Workstations You can impose the following restrictions: Pause anti-virus scan when the system load exceeds …% – pause the on-demand anti-virus scan if the file system load is above the specified level. Once the file system load decreases to the allowable level, the scan will be resumed.
Page 119 Application management using the local interface As the result the Switch to user mode command will appear in the shortcut application menu (see Figure 1). You can use this command to switch to the user’s mode. In order to return to the administrator’s mode, use the Switch to administrator mode command from the shortcut menu and enter the password in the dialog box that will open (see Figure 63).
Page 120: Chapter 6. Managing The Application Using Kaspersky Administration Kit
CHAPTER 6. MANAGING THE APPLICATION USING KASPERSKY ADMINISTRATION KIT 6.1. Managing installation packages This section contains information about creation and configuration of an installation package for Kaspersky Anti-Virus 5.0 for Windows Workstations. More detailed information about managing installation packages see the Kaspersky Administration Kit 5.0 Administrator's Guide.
Page 121 Managing the application using Kaspersky Administration Kit Step 2. Connecting the installation package description file Specify the application to be installed in the next window of the wizard (see Figure 64). Select option Make Kaspersky Lab's application package from the drop-down list and using the Browse button select the file containing description of the application (this file has extension .kpd and is included into the distribution package of Kaspersky Anti-Virus 5.0 for Windows Workstations).
Page 122 Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 65. Creating an installation package. Selecting the license key file Step 4. Completing the creation of an installation package Press the Next button in the Loading the installation package window. After this the set of files required for the installation of the specified application onto the client computers will be loaded into a public folder of the Administration Server and a check will be performed to determine whether the administration plugin for the selected application is installed on the administrator's workstation.
Page 123: Viewing And Editing The Installation Package Settings
Managing the application using Kaspersky Administration Kit 6.1.2. Viewing and editing the installation package settings In order to view and/or edit the values of the installation package set- tings: Select the installation package whose settings you wish to edit in the Remote install package of the console tree.
Page 124: Managing Policies
Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 66. Installation package properties. The Installation settings tab 6.2. Managing policies This section describes how to create and manage policies for Kaspersky Anti- Virus. Detailed information about managing policies see the Administrator’s Guide for Kaspersky Administration Kit 5.0. 6.2.1.
Page 125 Managing the application using Kaspersky Administration Kit The application for creating a new policy is organized as a Microsoft Windows Wizard which will guide you through the process. To switch between the wizard dialog boxes, use < Back and Next >. To finish working with the wizard, click Finish.
Page 126 Kaspersky Anti-Virus 5.0 for Windows Workstations Step 8. Select the update source During this stage (see Figure 67), you will be asked to set up the parameters for updating the anti-virus database and application modules. You will have to specify the source of updates and define network settings in the window which opens after clicking the LAN Settings button.
Page 127 Managing the application using Kaspersky Administration Kit Figure 68. Selection of the update service parameters Step 10. Completing creating the policy The final window of the wizard informs you that a new policy has been successfully created. After the wizard is closed, the policy for this application will be added to the Policies folder of the corresponding group and shown on the results panel.
Page 128: Viewing And Editing Policy Settings
Kaspersky Anti-Virus 5.0 for Windows Workstations 6.2.2. Viewing and editing policy settings At the editing stage, you can customize policy settings, prohibit changes in the policy settings for nested groups, and lock application and task settings so that users cannot modify them. To lock the configuration settings so that users cannot change them, mark them with the “lock”...
Page 129 Managing the application using Kaspersky Administration Kit • Policy name; • The application this policy is assigned to (Kaspersky Anti-Virus 5.0 for Windows Workstations); • Application version; • Date and time of creation; • Date and time of the last modification. Figure 69.
Page 130: On-Demand Scanning
Kaspersky Anti-Virus 5.0 for Windows Workstations 6.2.2.2. On-demand scanning To configure policy settings for on-demand scans use the On-demand scan tab (see Figure 70). Select one of the three predefined levels of anti-virus security from the drop- down list in the Protection level configuration section (see section 4.2 on page 36).
Page 131 Managing the application using Kaspersky Administration Kit The advanced settings window contains the Scan scope and Additional tabs. Use the Scan scope tab (see Figure 71) to specify the objects to be scanned, define their type and a list of those to be excluded from scanning (for details see section 5.3 on page 70).
Page 132: Real-Time Protection Of File System Objects
Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 72. The Additional tab 6.2.2.3. Real-time protection of file system objects Policy settings for real-time file protection are applied only on the computers on which this component is installed. The Files tab (see Figure 73) allows you to customize policy settings for constant protection of the file system objects.
Page 133 Managing the application using Kaspersky Administration Kit Figure 73. The Files tab Use the Scan scope tab (see Figure 74) to define the objects to be scanned and those excluded from real-time scanning. These settings are identical to local setup described in section 5.2.1 on page 53. On the Additional tab (see Figure 75), you can enable/disable scanning for various types of compound files, exclude allowed potentially dangerous programs from the scan scope, establish scanning time restriction and...
Page 134 Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 74. The Scan scope tab Figure 75. The Additional tab...
Page 135: Threats And Exclusions
Managing the application using Kaspersky Administration Kit 6.2.2.4. Threats and Exclusions You can use the Threats and exclusions tab (see Figure 76) to specify the type of the anti-virus database (standard or extended) to be used for the scans and to create a list of exceptions from the scan scope.
Page 136: Scanning E-Mail Messages
Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 77. The Trusted processes tab 6.2.2.6. Scanning e-mail messages Policy settings for real-time mail protection are applied only on the computers on which this component is installed. On the E-mail tab (see Figure 78), you can specify policy settings for scanning incoming and outgoing e-mail messages.
Page 137 Managing the application using Kaspersky Administration Kit Figure 78. The E-mail tab In the Scan scope section (see Figure 79), select the objects to be scanned and specify the types of e-mail messages to be excluded from scans. All these settings are identical to local setup.
Page 138 Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 79. The Scan scope tab In the Additional tab (see Figure 80), you can enable/disable use of iChecker(tm) technology and specify certain restrictions for e-mail scanning (see section on page 58). Figure 80. The Additional tab...
Page 139: Scripts Monitoring
Managing the application using Kaspersky Administration Kit 6.2.2.7. Scripts monitoring Policy settings for script monitoring are applied only on the computers on which this component is installed. You can set up the settings for the policy of real-time scanning of potentially dangerous VBScript and JavaScript scripts using the Scripts tab (see Figure 81).
Page 140: Macros Monitoring
Kaspersky Anti-Virus 5.0 for Windows Workstations 6.2.2.8. Macros monitoring Policy settings for macros monitoring are applied only on the computers on which this component is installed. The Macros tab (see Figure 82) allows you to change policy settings for scanning VBA macro commands used by office applications. Selection of the protection level and switching to the advanced settings window are identical to the On-demand scan tab (see section 6.2.2.2 on page 130).
Page 141 Managing the application using Kaspersky Administration Kit Figure 83. List of macros There are five types of macros listed on the corresponding tabs: • Modules – Macros for working with project modules, including: • Copying modules (OrganizerCopy); • Deleting modules (OrganizerDelete); •...
Page 142 Kaspersky Anti-Virus 5.0 for Windows Workstations • Deleting files; • Changing file attributes; • Creating folders; • Deleting folders; • Opening file for writing. • ActiveX – Operations with ActiveX objects, including: • Creating ActiveX objects; • Creating an ActiveX object on a remote computer; •...
Page 143: Protection Against Network Attacks
Managing the application using Kaspersky Administration Kit 6.2.2.9. Protection against network attacks Policy settings for network attacks protection are applied only on the computers on which this component is installed. You can configure the settings of protection against network attacks on the Network tab (see Figure 84).
Page 144: Updating Anti-Virus Databases And Application Modules
Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 84. The Network tab 6.2.2.10. Updating anti-virus databases and application modules On the Update tab (see Figure 85) you can customize the settings for updating the anti-virus database and application modules specified during creation of a new policy.
Page 145 Managing the application using Kaspersky Administration Kit Figure 85. The Update tab The Update tab consists of the following areas: Updating application modules – it is used for selection of parameters for the service updating the anti-virus databases and the application (see Step 9 on page 126). Sources of updates means the source of updates of the anti-virus database and application modules and its settings (see Step 3 on page 126).
Page 146: Working With System Tasks
Kaspersky Anti-Virus 5.0 for Windows Workstations 6.2.2.11. Working with system tasks In Predefined tasks tab (see Figure 86) you can enable/disable launching of scheduled system tasks (see section 5.8 on page 96) and real-time protection tasks at remote workstations included in the administration group. Figure 86.
Page 147 Managing the application using Kaspersky Administration Kit Figure 87. The Quarantine tab...
Page 148: Producing Report On The Operation Of Application
Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 88. The Backup tab 6.2.2.13. Producing report on the operation of application The Event processing tab (see Figure 89) displays the type of events occurring during the operation of application and registered in the report, as well as location of the report and conditions for notifying administrator and/or other users.
Page 149 Managing the application using Kaspersky Administration Kit Figure 89. The Event processing tab Kaspersky Anti-Virus generates a set of events that occurred during the application operation. Each event has a priority status. There are four priority statuses: • Critical event; •...
Page 150 Kaspersky Anti-Virus 5.0 for Windows Workstations Table 2. Application events Event Level of importance Warning Object disinfected Warning Infected object deleted Informational Real-time protection level changed message Warning Your license expires soon (two weeks before the expiration date) Your license has expired Critical event Error License has not passed verification...
Page 151: Additional Parameters
Managing the application using Kaspersky Administration Kit Event Level of importance Your computer has not been fully scanned for a long time: – for two weeks Warning – for a month Critical event Warning Infected object blocked Infected object skipped Warning * These values are the default values.
Page 152 Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 90. The Additional tab You can set up the following passwords in the window that opens by clicking the Passwords button (see Figure 91): • password for switching between the administrator’s and the user’s mode (see section 5.10.7 on page 118).
Page 153 Managing the application using Kaspersky Administration Kit Figure 91. The Passwords window. In the window that appears when you click the Notifications button (see Figure 92), you can set the conditions for receiving various notifications: Display notifications when a dangerous object is detected – enables display of messages informing the user that a virus has been detected.
Page 154 Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 92. The Notifications window Use the window (see Figure 93) that opens after clicking the Troubleshooting options button (see Figure 90) to configure the parameters optimizing the performance of on-demand scan tasks. You can: Disable scanning of e-mail accounts while running the task –...
Page 155: Viewing Results Of Policy Application
Managing the application using Kaspersky Administration Kit 6.2.2.15. Viewing results of policy application The Enforcement tab (see Figure 94) displays the following information about the policy applied to the computers in this group: • The number of computers this policy has been assigned to; •...
Page 156: Managing Tasks
Kaspersky Anti-Virus 5.0 for Windows Workstations settings on the client computers the first time the policy is applied. You can select one of the following options: • Do not modify local settings. In this case the local settings will not be changed.
Page 157: Creating A Local Task
Managing the application using Kaspersky Administration Kit Using Kaspersky Administration Kit, you can create the following tasks for Kaspersky Anti-Virus: • Local tasks assigned to each client computer; • Group tasks assigned to the groups of client computers; • Global tasks assigned to a set of client computers from arbitrary groups on a logical network.
Page 158 Kaspersky Anti-Virus 5.0 for Windows Workstations Next. To finish working with the wizard, click Finish. To stop working with the wizard at any stage, click Cancel. Figure 95. Creating a local task The Tasks tab Step 1. General information about the new task The first wizard dialog box is introductory: here you should enter the task name (Name field).
Page 159 Managing the application using Kaspersky Administration Kit • Install license key – Installs license keys; Step 3. Configure settings for the selected task type Depending on the selected type of the task, you will be given several options on how to configure the following task settings: ANTI-VIRUS DATABASE AND APPLICATION MODULES UPDATE TASK SETTINGS The task settings for updating the anti-virus databases and application modules...
Page 160 Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 96. List of objects to be scanned INSTALL LICENSE KEY TASK SETTINGS Use the Browse button to locate the path of the key file. To make the key being added your current key, check the box Use as the current license key.
Page 161 Managing the application using Kaspersky Administration Kit Figure 97. Configuring running a task under a different user’s account Step 5. Configure a schedule After you have configured the selected task, the wizard will open the Task scheduling settings dialog box (see Figure 98), where you can schedule this task.
Page 162 Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 98. Configuring schedule during a new task creation Select the desired regularity for the task from the Scheduled run drop-down list. The following options will be available: Every N hours, Every N days, Every N weeks, Manually and At application start.
Page 163: Creating A Group Task
Managing the application using Kaspersky Administration Kit 6.3.1.2. Creating a group task To create a group task for Kaspersky Anti-Virus, you should perform the following actions: In the console tree, select the group of computers the new task will be applied to.
Page 164: Viewing And Editing Task Settings And Monitoring Task Performance
Kaspersky Anti-Virus 5.0 for Windows Workstations After the task is created, it will be added to the Global Tasks node of the console tree and displayed on the results panel. 6.3.2. Viewing and editing task settings and monitoring task performance To view and / or edit task settings: •...
Page 165: Launching And Stopping Tasks
Managing the application using Kaspersky Administration Kit 6.3.3. Launching and stopping tasks The tasks on the computer can be started only if the corresponding application is running. When the application is terminated, all running tasks are also aborted. All tasks can be launched and stopped either automatically, according to the schedule, or manually, using the shortcut menu options or from the settings viewing window.
Page 166 Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 99. Client computer properties dialog box The Applications tab Select Kaspersky Anti-Virus 5.0 for Windows Workstations. Below the list, you can see the Events, Statistics, and Properties buttons that serve to: • View a list of events occurred on the client computer and logged on the administration server (for report details, see the Reference Guide for Kaspersky Administration Kit 5.0).
Page 167: Viewing Information About The Application
Managing the application using Kaspersky Administration Kit 6.4.1. Viewing information about the application In the General tab (see Figure 100) you can examine general information about the application (Kaspersky Anti-Virus 5.0 for Windows Workstations); start or stop its operation. Figure 100. Application setup window. The General tab The upper portion of the window displays the title of the installed application, its version, date of installation, its status (whether the application is running or stopped on a local computer) as well as the information about the condition of...
Page 168: Additional Application Settings
Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 101. Information about the application administration plug-in 6.4.2. Additional application settings The Additional, Quarantine, Threats and exclusions, Trusted processes and Backup tabs are used for setting the parameters of Kaspersky Anti-Virus on a remote workstation.
Page 169: Working With The Quarantine And Backup Storage Areas
Managing the application using Kaspersky Administration Kit 6.4.3. Working with the quarantine and backup storage areas Kaspersky Anti-Virus stores suspicious objects and backup files in special storages. Each computer has its own quarantine and backup storage directories. You can review objects quarantined and backed-up on a computer using the Storage objects tab (see Figure 102).
Page 170 Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 102. The Storage objects tab Figure 103. Quarantine storage...
Page 171: Viewing Information On License Keys
Managing the application using Kaspersky Administration Kit 6.4.4. Viewing information on license keys The Licenses tab (see Figure 104) is purely informational. It displays information about the current and the reserve license keys installed on a specific computer. Figure 104. The Licenses tab 6.4.5.
Page 172: Chapter 7. Testing Operation Of Kaspersky Anti-Virus
CHAPTER 7. TESTING OPERATION OF KASPERSKY ANTI-VIRUS 7.1. Test “virus” EICAR and its modifications After installing and adjusting Kaspersky Anti-Virus, we recommend that you test the correctness of its settings and operation of the application using a test “virus” or its modifications. The test virus was specially designed by the organization (The European Institute for Computer Antivirus Research) for testing anti-virus...
Page 173 Testing operation of Kaspersky Anti-Virus You can test the correctness of Kaspersky Anti-Virus operation using the modified EICAR “virus” only if your anti-virus database was last updated on or after October 24, 2003, or has the cumulative updates for October, 2003. Table 3.
Page 174: Testing Correct Operation Of Kaspersky Anti-Virus
Kaspersky Anti-Virus 5.0 for Windows Workstations 7.2. Testing correct operation of Kaspersky Anti-Virus In order to test the correctness of settings and performance of Kaspersky Anti-Virus 5.0 for Windows Workstation: • Make a directory on disk and save the test “viruses” which you have created to it.
Page 175 Testing operation of Kaspersky Anti-Virus Figure 105. Attention! A suspicious object detected Thus you can test reaction of Kaspersky Anti-Virus to discovering objects of different types by selecting various options in the dialog boxes displayed during scanning. Complete summary of scanning results will appear in the report (see Figure 106). Figure 106.
Page 176: Chapter 8. Managing License Keys
CHAPTER 8. MANAGING LICENSE KEYS You can use Kaspersky Anti-Virus only after you install the license key included into the product installation kit. Kaspersky Anti-Virus DOES NOT work without a license key! When the license expires, the functionality of Kaspersky Anti-Virus remains unchanged except that you will not be able to update your anti-virus database.
Page 177: Managing Keys Using Local Interface
Managing license keys Install the license key file. Please see details on work with the license key using a local license key interface in section 8.1 on page 177; for details pertaining to the use of the Kaspersky Administration Kit interface, please see section 8.2 on page 180.
Page 178 Kaspersky Anti-Virus 5.0 for Windows Workstations Figure 107. License key management window Figure 108. Key activation window Select the Kaspersky Anti-Virus group in the Start → Programs menu and select the Install License Key item. Press the Browse button In the window that will open and select the folder in which the license key file is located.
Page 179 Managing license keys If the list in the bottom part of the dialog box is empty, this means the license key is not suitable for any of the Kaspersky Lab applications installed on your computer. Select another license key file. Figure 109.
Page 180: Working With License Keys Using The Kaspersky Administration Kit Interface
Kaspersky Anti-Virus 5.0 for Windows Workstations 8.2. Working with license keys using the Kaspersky Administration Kit interface If the package is controlled via Kaspersky Administration Kit, you can extend a license using either of the following two methods: • Add group license means extension of the license for Kaspersky Anti- Virus simultaneously for selected computers or groups of client computers using global or group tasks (details see in the Administrator’s Guide for Kaspersky Administration Kit 5.0).
Page 181: Chapter 9. Managing Application From The Command Line
CHAPTER 9. MANAGING APPLICATION FROM THE COMMAND LINE Kaspersky Anti-Virus can be managed from the command line using the kavshell.exe utility included into the distribution package. After Kaspersky Anti- Virus installation this utility is located in the application installation root folder. When you start this utility from the command line, depending on the commands used, the following functions will be available: Scan of selected objects...
Page 182: Scanning Selected Objects
Kaspersky Anti-Virus 5.0 for Windows Workstations If the use of the user’s and administrator’s mode is disabled in the Kaspersky Anti-Virus settings (see section 5.10.7 on page 118), commands that require password will not be performed. In this case an error message will be displayed. To view the command syntax use: KAVSHELL HELP [command] KAVSHELL [command] /?
Page 183 Managing application from the command line Microsoft Outlook Express mailboxes; • /REMDRIVES – removable drives; • /FIXDRIVES – system drives; • /NETDRIVES – network drives. Comments: • if an object’s name contains a space, it must be provided in double quotes; •...
Page 184: Full Scan
Kaspersky Anti-Virus 5.0 for Windows Workstations possible. /DELETE • Delete. Comments: • if no action is selected, the object will be skipped and information about its detection will be logged in the report • composite files will not be deleted. Logging events into...
Page 185: Launching Updates
Managing application from the command line Modifier Purpose Logging events into the specified report_file: /W[A][!]:report_file • only important events; /W:report_file • /WA:report_file all events. Symbol ! is used to force the report file to overwritten each time the task is started. You can use either absolute or relative path to the file.
Page 186: Last Update Rollback
Kaspersky Anti-Virus 5.0 for Windows Workstations Logging events into the specified report_file: /W[A][!]: report_file • only important events; /W: report_file • all events. /WA: report_file Symbol ! is used to force the report file to overwritten each time the task is started. You can use either absolute or relative path to the file.
Page 187: Real-Time Protection Mode
Managing application from the command line 9.5. Real-time protection mode Command syntax: KAVSHELL RTP [taskid] { /START /PWD:password | /STOP /PWD:password } If no modifiers are specified, command syntax help will be displayed. Modifier Purpose Enables real-time protection individual /START component.
Page 188: Stopping The Application
Kaspersky Anti-Virus 5.0 for Windows Workstations 9.7. Stopping the application Command syntax: KAVSHELL STOP /PWD:password Modifier Purpose Entering the administrator’s password required in order to /PWD:password execute the command. Example: KAVSHELL STOP /PWD:password 9.8. Managing tasks Command syntax: KAVSHELL TASK [ taskid {/START [/W[A][!]:report_file]| /STOP | /PAUSE |...
Page 189 Managing application from the command line Logging events into the specified report_file: /W[A][!]:report_fil • only important events; /W:report_file • all events. /WA:report_file Symbol ! is used to force the report file to overwritten each time the task is started. You can use either absolute or relative path to the file.
Page 190: Import/Export Of Settings
Kaspersky Anti-Virus 5.0 for Windows Workstations • update-app – update application modules; • rollback – rollback last anti-virus database update; • on-access – real-time file protection; • mail-checker - real-time mail protection; • script-checker – real-time scripts monitoring; • office-guard - VBA macros monitoring; •...
Page 191: Adding A License Key
Managing application from the command line 9.10. Adding a license key Command syntax: KAVSHELL ADDKEY file [/R] /PWD:password Modifier Purpose License key file name. file Replacing the current license key with a new key. [/R] Entering the administrator’s password required in order to /PWD:password execute the command.
Page 192: Chapter 10. Frequently Asked Questions
CHAPTER 10. FREQUENTLY ASKED QUESTIONS This chapter is devoted to the most frequently asked questions from users pertaining to installation, setup and operation of the Kaspersky Anti-Virus; here we shall try to answer them here in detail. Question: Is it possible to use Kaspersky Anti-Virus with anti-virus products of other vendors? We recommend uninstalling anti-virus products of other vendors prior to installation of Kaspersky Anti-Virus to avoid software conflicts.
Page 193 Frequently Asked Questions believe that "partial protection" is even worse than no protection at all, because it forces users to take personal precautions. Kaspersky Anti-Virus gives its users maximum protection. Experienced users can, of course, accelerate anti-virus scanning to the detriment of overall security by disabling scanning of various file types, but we do not recommend doing so for users who want the best protection.
Page 194 Kaspersky Anti-Virus 5.0 for Windows Workstations program followed by rare updates to its anti-virus database. However, recent virus epidemics spread around the world in several hours, and Kaspersky Anti-Virus with old database may be helpless against a new threat. In order to resist new viruses, you should update the anti-virus database on a daily basis.
Page 195 Frequently Asked Questions updates from the Internet and shares them with the other networked computers. Question: Is it possible for an intruder to replace the anti-virus database? Every anti-virus database has a one-of-a-kind signature checked by Kaspersky Anti-Virus when accessing the database. If the signature is wrong or the date of the database is later than that of the license expiration, Kaspersky Anti-Virus will not use it.
Page 196 Kaspersky Anti-Virus 5.0 for Windows Workstations Create a new updating task or modify an existing one. Enable the sharing of updates through a local source and specify the created folder. Specify the local updates folder of the server as the source of updates on all computers, which should be updated from that server.
Page 197 Frequently Asked Questions In order to restore the connection to the local area network/internet, you will have to disable the network attacks protection. In order to do it, Open main application window of Kaspersky Anti-Virus and switch to the Settings tab (see Figure 3). Using the Real-time protection link, open the Configure Real-Time...
Page 198 Kaspersky Anti-Virus 5.0 for Windows Workstations Select the Advanced tab in the System Properties window and then press the Settings button in the Startup and Recovery sec- tion. Select the Complete memory dump option from the drop-down list in the Write debugging information section of the Startup and Recovery window.
Page 199: Appendix A. Contacting Technical Support Service
APPENDIX A. CONTACTING TECHNICAL SUPPORT SERVICE Kaspersky Anti-Virus provides support through Technical Support Service at Kaspersky Lab in the following cases: • You believe that the application behaves abnormally and malfunctions. • Kaspersky Anti-Virus has detected a suspicious file containing information valuable to you and has blocked it.
Page 200 Kaspersky Anti-Virus 5.0 for Windows Workstations • Select Kaspersky Anti-Virus for Windows Workstations as the name of the Kaspersky Lab’s product and provide a detailed description of the problem you encounter in the Detailed description of your question field. • Select the type of the application registration by indicating the license key if you purchased the product in the box and installed the license key from a disk or online purchase if you purchased the application online.
Page 201 Appendix A Attention! You can send suspicious files to Kaspersky Lab only if they were scanned using the anti-virus database updated on the day you are sending this file. In order to send a suspicious file for examination to Kaspersky Lab, select the suspicious file in the Quarantine window (see section 5.10.1.2 on page 103) and use the Send to Kaspersky Lab for analysis...
Page 202: Appendix B. Glossary
APPENDIX B. GLOSSARY These documents use terms and concepts specific to the field of anti-virus protection. This glossary serves as a dictionary containing definitions for those concepts. For convenience, the glossary is arranged in alphabetic order. Administration agent – a special application which provides for interaction between an administration server and applications from the corporate products of Kaspersky Lab.
Page 203 Appendix B administration console. Each application requires its own application management plug-in; therefore, it is included in the packages of all Kaspersky Lab applications which can be controlled via Kaspersky Administration Kit 5.0. Application modules – files, included into the distribution kit of Kaspersky Anti-Virus 5.0 for Windows Workstations, and ensuring implementation of the main tasks of the application.
Page 204 Kaspersky Anti-Virus 5.0 for Windows Workstations the first action after detection of a suspicious object, the application creates a backup copy of this file. If some data are lost during disinfection, you can use the backup to recover this object. Disinfection of objects at restart –...
Page 205 Appendix B High speed – a level of computer security which provides top system performance with some reduction in the number of objects scanned. iChecker™ – the technology which allows the application to skip rescanning objects which are unchanged since their previous scanning. The technology is implemented using a database of object checksums.
Page 206 Kaspersky Anti-Virus 5.0 for Windows Workstations Logical network administrator – person who controls the operation of the application via the Kaspersky Administration Kit remote centralized administration system. Maximum protection – the level of computer security which corresponds to maximum possible protection, leading to a certain performance decrease.
Page 207 Appendix B Rootkit – utilities used to conceal the malicious actions. They “hide” malware so that it is not detected by anti-virus programs. Rootkits can also modify the operating system altering its main functions to conceal their presence and actions performed by the malefactor on the infected computer.
Page 208 Kaspersky Anti-Virus 5.0 for Windows Workstations heuristic code analyzer and objects containing these viruses are identified as suspicious. Update – the procedure of replacement/addition of new files (the anti-virus databases or application modules) downloaded from Kaspersky Lab update servers. Urgent updates – critical updates of application modules. Virtual drives (RAM drives) –...
Page 209: Appendix C. Kaspersky Lab
APPENDIX C. KASPERSKY LAB Founded in 1997, Kaspersky Lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious programs, unsolicited and unwanted e- mail messages, and hacker attacks.
Page 210: Other Kaspersky Lab Products
Kaspersky Anti-Virus 5.0 for Windows Workstations C.1. Other Kaspersky Lab Products ® Kaspersky Anti-Virus Personal ® Kaspersky Anti-Virus Personal has been designed to provide anti-virus protection to personal computers running Microsoft Windows 98/ME or Microsoft Windows 2000/NT/XP against all known viruses, including potentially dangerous software.
Page 211 Appendix C retrieval of daily updates for the anti-virus database and the program modules. A unique second-generation heuristic analyzer efficiently detects unknown viruses. A simple and convenient interface allows users to configure the program quickly making work with it easier than ever. ®...
Page 212 Kaspersky Anti-Virus 5.0 for Windows Workstations ® Kaspersky Personal Security Suite ® Kaspersky Personal Security Suite is a software suite designed for organizing comprehensive protection of personal computers running Microsoft Windows. The suite prevents malicious and potentially dangerous programs from penetrating through any possible data sources and protects you from unauthorized attempts to access your computer’s data, as well as blocking spam.
Page 213 Appendix C • Exclude archives and e-mail databases from scanning. • Select standard/extended anti-virus databases for scanning. • Save a report on the scanning results in txt or html formats. ® Kaspersky OnLine Scanner Pro This program is a subscription service available to visitors of the corporate website allowing to perform efficient anti-virus scan of your computer and disinfection of infected files online.
Page 214 Kaspersky Anti-Virus 5.0 for Windows Workstations • Monitoring of changes in OS registry due to internal system registry control. • Blocking of dangerous VBA macros in Microsoft Office documents. • System restoration after malicious spyware influence accomplished due to recording of all changes in the registry and computer file system and an opportunity to perform their roll-back at user's discretion.
Page 215 Appendix C computer detection from outside. When you switch into that mode, the system will block all network activity except for a few transactions allowed in user- defined rules. The program employs complex approach to anti-spam filtering of incoming e-mail messages: •...
Page 216 Kaspersky Anti-Virus 5.0 for Windows Workstations • E-mail systems including Microsoft Exchange 2000/2003, Lotus Notes/Domino, Postfix, Exim, Sendmail, and Qmail. • Internet gateways: CheckPoint Firewall –1; Microsoft ISA Server 2000 Standard Edition. ® ® The Kaspersky Anti-Virus Business Optimal distribution kit includes Kaspersky Administration Kit, a unique tool for automated deployment and administration.
Page 217 Appendix C ® Kaspersky Anti-Spam ® Kaspersky Anti-Spam is a cutting-edge software suite that is designed to help organizations with small- and medium-sized networks wage war against the onslaught of unsolicited e-mail messages (spam). The product combines the revolutionary technology of linguistic analysis with modern methods of e-mail filtration, including DNS Black Lists and formal letter features.
Page 218: Contact Us
Kaspersky Anti-Virus 5.0 for Windows Workstations performs centralized anti-spam filtration of e-mail stream. This solution also includes some additional mail traffic filtration features. C.2. Contact Us If you have any questions, comments, or suggestions, please refer them to one of our distributors or directly to Kaspersky Lab. We will be glad to assist you in any matters related to our product by phone or via email.
Page 219: Appendix D. License Agreement
APPENDIX D. LICENSE AGREEMENT End User License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT ("AGREEMENT") FOR THE LICENSE OF SPECIFIED SOFTWARE ("SOFTWARE") PRODUCED BY KASPERSKY LAB ("KASPERSKY LAB"). IF YOU HAVE PURCHASED THIS SOFTWARE VIA THE INTERNET BY CLICKING THE ACCEPT BUTTON, YOU (EITHER AN INDIVIDUAL OR A SINGLE LEGAL ENTITY) CONSENT TO BE BOUND BY AND BE- COME PARTY TO THIS AGREEMENT.
Page 220 Kaspersky Anti-Virus 5.0 for Windows Workstations THIS CASE, KASPERSKY LAB WILL NOT BE HELD BY THE PART- NER'S CLAUSES. THE RIGHT TO RETURN AND REFUND EXTENDS ONLY TO THE ORIGINAL PURCHASER. All references to "Software" herein shall be deemed to include the software activation key ("Key Identification File") with which you will be provided by Kaspersky Lab as part of the Software.
Page 221 Appendix D steps to achieve interoperability, provided that you only reverse engineer or decompile the Software to the extent permitted by law. 1.1.4 You shall not make error corrections to, or otherwise modify, adapt, or translate the Software, nor create derivative works of the Software, nor permit any third party to copy the Software (other than as expressly permitted herein).
Page 222 Kaspersky Anti-Virus 5.0 for Windows Workstations described herein. Upon any termination or expiration of this Agreement, you must immediately destroy all copies of the Software and the Documentation. You may terminate this Agreement at any point by destroying all copies of the Software and the Documentation.
Page 223 Appendix D You shall implement reasonable security measures to protect such confidential information, but without limitation to the foregoing shall use best endeavours to maintain the security of the Key Identification File. 6. Limited Warranty. (i) Kaspersky Lab warrants that for six (6) months from first download or installation the Software purchased on a physical medium will perform substantially in accordance with the functionality described in the Documentation when operated properly and in the manner specified in the Documentation.
Page 224 Kaspersky Anti-Virus 5.0 for Windows Workstations (whether such losses or damage were foreseen, foreseeable, known or otherwise): (a) Loss of revenue; (b) Loss of actual or anticipated profits (including for loss of profits on contracts); (c) Loss of the use of money; (d) Loss of anticipated savings;...

KAPERSKY ANTI-VIRUS 5.0 - FOR WINDOWS WORKSTATIONS Administrator's Manual

Chapter 1. Kaspersky Anti-Virus for Windows Workstations

Chapter 2. Installation and Removal of the Application

Chapter 3. Application Management Concepts

Chapter 4. Computer Protection Using the Default Settings

Chapter 5. Application Management Using the Local Interface

Chapter 6. Managing the Application Using Kaspersky Administration Kit

Chapter 7. Testing Operation of Kaspersky Anti-Virus

Chapter 8. Managing License Keys

Chapter 9. Managing Application from the Command Line

Chapter 10. Frequently Asked Questions

Appendix A. Contacting Technical Support Service

Appendix B. Glossary

Appendix C. Kaspersky Lab

Appendix D. License Agreement

Quick Links

Related Manuals for KAPERSKY ANTI-VIRUS 5.0 - FOR WINDOWS WORKSTATIONS

Summary of Contents for KAPERSKY ANTI-VIRUS 5.0 - FOR WINDOWS WORKSTATIONS

Table of Contents