1. Manuals
  2. Brands
  3. McAfee Manuals
  4. Software
  5. AVDCDE-AA-AA - Active Virus Defense Suite
  6. User manual

McAfee AVDCDE-AA-AA - Active Virus Defense Suite User Manual

Anti-virus software version 4.5
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
McAfee VirusScan
Anti-Virus Software
User's Guide
Version 4.5

Advertisement

Table of Contents
loading

Related Manuals for McAfee AVDCDE-AA-AA - Active Virus Defense Suite

Summary of Contents for McAfee AVDCDE-AA-AA - Active Virus Defense Suite

  • Page 1 McAfee VirusScan Anti-Virus Software User’s Guide Version 4.5...
  • Page 2 Solomon’s, Enterprise Secure Cast, First Aid, ForceField, Gauntlet, GMT, GroupShield, HelpDesk, Hunter, ISDN Tel/Scope, LM 1, LANGuru, Leading Help Desk Technology, Magic Solutions, MagicSpy, MagicTree, Magic University, MagicWin, MagicWord, McAfee, McAfee Associates, MoneyMagic, More Power To You, Multimedia Cloaking, NetCrypto, NetOctopus, NetRoom, NetScan, Net Shield, NetShield, NetStalker, Net Tools, Network Associates, Network General, Network Uptime!, NetXRay, Nuts &...

  • Page 3: Table Of Contents

    How to protect yourself ......... .xvii How to contact McAfee and Network Associates ....xviii Customer service .
  • Page 4 Starting the VirusScan Console ........194 McAfee VirusScan Anti-Virus Software...
  • Page 5 Table of Contents Using the Console window ........196 Working with default tasks .
  • Page 6 Appendix B. Network Associates Support Services ....297 Adding value to your McAfee product ......297 PrimeSupport options for corporate customers .

  • Page 7: Preface

    Preface What happened? If you’ve ever lost important files stored on your hard disk, watched in dismay as your computer ground to a halt only to display a prankster’s juvenile greeting on your monitor, or found yourself having to apologize for abusive e-mail messages you never sent, you know first-hand how computer viruses and other harmful programs can disrupt your productivity.

  • Page 8: Where Do Viruses Come From

    “fight” against each other, competing to see whose program could “survive” while shutting down rivals. Those same students also found uses for worm programs in practical jokes they played on unsuspecting colleagues. viii McAfee VirusScan Anti-Virus Software...

  • Page 9: Viruses And The Pc Revolution

    Preface Some of these students soon discovered that they could use certain features of the host computer’s operating system to give them unauthorized access to computer resources. Others took advantage of users who had relatively little computer knowledge to substitute their own programs—written for their own purposes—in place of common or innocuous utilities.
  • Page 10 MBR among their repertoire of tricks. Among other advantages, loading at boot time can give a virus a chance to do its work before your anti-virus software has a chance to run. Many McAfee anti-virus products anticipate this possibility by allowing you to create an emergency disk you can use to boot your computer and remove infections.
  • Page 11 Preface Particularly clever viruses can even subvert attempts to clear them from memory by trapping the CTRL+ALT+DEL keyboard sequence for a warm reboot, then faking a restart. Sometimes the only outward indication that anything on your system is amiss—before any payload detonates, that is—might be a small change in the file size of infected legitimate software.

  • Page 12: On The Frontier

    Because its potential seems so vast, the web has attracted the attention and the developmental energies of nearly every computer-related company in the industry. McAfee VirusScan Anti-Virus Software...
  • Page 13 Preface Convergences in the technologies that have resulted from this feverish pace of invention have given website designers tools they can use to collect and display information in ways never previously available. Websites soon sprang up that could send and receive e-mail, formulate and execute queries to databases using advanced search engines, send and receive live audio and video, and distribute data and multimedia resources to a worldwide audience.

  • Page 14: Where Next

    VBS/Bubbleboy didn’t even require you to open the e-mail message—simply viewing it from the Outlook preview window could infect your system. McAfee VirusScan Anti-Virus Software...

  • Page 15: How To Protect Yourself

    Virus Information Library maintained on the AVERT website. McAfee can provide you with other powerful software in the Active Virus Defense* (AVD) and Total Virus Defense (TVD) suites, the most comprehensive anti-virus solutions available.

  • Page 16: How To Contact Mcafee And Network Associates

    • Magic Solutions. This division supplies the Total Service desk product line and related products • McAfee. This division provides the Active Virus Defense product suite and related anti-virus software solutions to corporate and retail customers. • PGP Security. This division provides award-winning encryption and...

  • Page 17: Technical Support

    The companies have continued this tradition by making their sites on the World Wide Web valuable resources for answers to technical support issues. McAfee encourages you to make this your first stop for answers to frequently asked questions, for updates to McAfee and Network Associates...

  • Page 18: Download Support

    (801) 492-2650 Retail customers (801) 492-2600 Network Associates training For information about scheduling on-site training for any McAfee or Network Associates product, call Network Associates Customer Service at: (972) 308-9960. Comments and feedback McAfee appreciates your comments and reserves the right to use any information you supply in any way it believes appropriate without incurring any obligation whatsoever.

  • Page 19: Reporting New Items For Anti-Virus Data File Updates

    Java classes, ActiveX controls, dangerous websites, or viruses that your software does not now detect. Note that McAfee reserves the right to use any information you supply as it deems appropriate, without incurring any obligations whatsoever.

  • Page 20: International Contact Information

    NA Network Associates Oy Lautruphoej 1-3 Mikonkatu 9, 5. krs. 2750 Ballerup 00100 Helsinki Danmark Finland Phone: 45 70 277 277 Phone: 358 9 5270 70 Fax: 45 44 209 910 Fax: 358 9 5270 7100 McAfee VirusScan Anti-Virus Software...
  • Page 21 Preface Network Associates Network Associates France S.A. Deutschland GmbH 50 Rue de Londres Ohmstraße 1 75008 Paris D-85716 Unterschleißheim France Deutschland Phone: 33 1 44 908 737 Phone: 49 (0)89/3707-0 Fax: 33 1 45 227 554 Fax: 49 (0)89/3707-1199 Network Associates Hong Kong Network Associates Srl 19th Floor, Matheson Centre Centro Direzionale Summit...
  • Page 22 Suite 6, 11F, No. 188, Sec. 5 227 Bath Road Nan King E. Rd. Slough, Berkshire Taipei, Taiwan, Republic of China SL1 5PP Phone: 886-2-27-474-8800 United Kingdom Fax: 886-2-27-635-5864 Phone: 44 (0)1753 217 500 Fax: 44 (0)1753 217 520 xxii McAfee VirusScan Anti-Virus Software...

  • Page 23: Chapter 1. About Virusscan Software

    “zombie” agents that assist in large-scale denial-of-service attacks from across the Internet. They do so also because they recognize how much value McAfee anti-virus research and development brings to their fight to maintain network integrity and service levels, ensure data security, and reduce ownership costs.
  • Page 24 At the same time, as the cornerstone product in the McAfee Active Virus Defense and Total Virus Defense security suites, VirusScan software retains the same core features that have made it the utility of choice for the corporate desktop.

  • Page 25: How Does Virusscan Software Work

    The scan engine, meanwhile, combines the best features of technologies that McAfee and Dr Solomon researchers developed independently for more than a decade.
  • Page 26 This meant that the simple pattern-matching method that earlier scan engine incarnations used to find many viruses simply no longer worked, since no constant sequence of bytes existed to detect. To respond to this threat, McAfee researchers developed the PolyScan Decryption Engine, which locates and analyzes the algorithm that these types of viruses use to encrypt and decrypt themselves.

  • Page 27: What Comes With Virusscan Software

    About VirusScan Software Still others open “back doors” into desktop systems or create security holes in a way that closely resembles a deliberate attempt at network penetration, rather than the more random mayhem that most viruses tend to leave in their wakes.
  • Page 28 Alert Manager Client Configuration utility” on page 281 for details. • The ScreenScan utility. This optional component scans your computer as your screen saver runs during idle periods. See “Using the ScreenScan utility” on page 269 for details. McAfee VirusScan Anti-Virus Software...
  • Page 29 About VirusScan Software • The SendVirus utility. This component gives you an easy and painless way to submit files that you believe are infected directly to McAfee anti-virus researchers. A simple wizard guides you as you choose files to submit, include contact details and, if you prefer, strip out any personal or confidential data from document files.
  • Page 30 The dialog boxes with Help buttons open the help file to the specific topic that describes the entire dialog box. McAfee VirusScan Anti-Virus Software...

  • Page 31: What's New In This Release

    Chapter 2, “Installing VirusScan Software” in the VirusScan Administrator’s Guide. This VirusScan version also comes with complete support for the McAfee ePolicy Orchestrator software distribution tool. A specially packaged VirusScan version ships with the ePolicy Orchestrator software, ready for enterprise-wide distribution. You can distribute VirusScan software, configure it from the ePolicy Orchestrator console, update that configuration and any program or .DAT files at any time, and schedule scan operations, all...

  • Page 32: Interface Enhancements

    • System Scan module action options now include a new Prompt Type configuration option for Windows 95 and Windows 98 systems. This option lets you determine how the Prompt for user action alert appears. McAfee VirusScan Anti-Virus Software...
  • Page 33 VirusScan software still requires regular .DAT file updates to keep pace with the 200 to 300 new viruses that appear each month. To meet this need, McAfee has incorporated updating technology in VirusScan software from its earliest incarnations. With this release, that technology takes a quantum leap forward with incremental .DAT...
  • Page 34 About VirusScan Software McAfee VirusScan Anti-Virus Software...

  • Page 35: Chapter 2. Installing Virusscan Software

    • A CD-ROM drive. If you downloaded your copy of VirusScan software, this is an optional item. • At least 40MB of free hard disk space for a full installation. McAfee recommends 75MB. • At least 16MB of free random-access memory (RAM). McAfee recommends at least 20MB.

  • Page 36: Preparing To Install Virusscan Software

    Typical setup—which installs commonly used VirusScan components but leaves out some VShield modules and the ScreenScan utility—or you can choose to do a Custom setup, which gives you the option to install all VirusScan components. McAfee VirusScan Anti-Virus Software...

  • Page 37: Installation Steps

    VirusScan Administrator’s Guide, which describes how to install and configure VirusScan software to meet nearly any business contingency. You can also use McAfee ePolicy Orchestrator software to distribute and configure VirusScan software on thousands of network desktop computers. See the ePolicy Orchestrator Administrator’s Guide for details.
  • Page 38 If you do not agree to the license terms, select I do not agree to the terms of the License Agreement, then click Cancel. Setup will quit immediately. Otherwise, click I agree to the terms of the License Agreement, then click Next> to continue. McAfee VirusScan Anti-Virus Software...
  • Page 39 Installing VirusScan Software Setup next checks to see whether previous VirusScan versions or incompatible software exists on your computer. If you have no other anti-virus software or any previous VirusScan versions on your system, it will display the Setup Type panel (Figure 2-6).
  • Page 40 Setup can continue without conflicts. Š NOTE: McAfee strongly recommends that you remove incompatible software. Because most anti-virus software operates at a very low level within your system, two anti-virus programs that compete for access to the same files or that perform critical operations can make your system very unstable.
  • Page 41 Installing VirusScan Software Figure 2-5. Security Type panel 8. Select the security mode you prefer. Your choices are: • Use Maximum Security. Select this option to require users to have Administrator rights to your computer in order to change any configuration options, to enable or disable any VirusScan component, or to configure and run scheduled tasks.
  • Page 42 Typical setup, but allows you to choose from among these additional items: – The VShield E-Mail Scan, Download Scan, and Internet Filter modules – The ScreenScan utility To learn more about what each component does, see “What comes with VirusScan software?” on page McAfee VirusScan Anti-Virus Software...
  • Page 43 Installing VirusScan Software 10. Choose the option you prefer, then click Next> to continue. If you chose Custom Setup, you’ll see the panel shown in Figure 2-7. Otherwise, skip to Step 13 on page 44 to continue with your installation. Figure 2-7.
  • Page 44 VirusScan program files to your hard disk. When it has finished, it displays a panel that asks if you want to configure the product you installed (Figure 2-9). Figure 2-9. Completing Setup panel McAfee VirusScan Anti-Virus Software...
  • Page 45 Installing VirusScan Software 14. At this point, you can: • Finish your installation. Leave the Scan Memory for Viruses before Configuring checkbox clear, then click Skip Config to finish your installation. Setup will ask if you want to start the VShield scanner and the VirusScan Console immediately.
  • Page 46 16. When you have chosen the options you want, click Next> to continue. If you selected the Create Emergency Disk option, the Emergency Disk creation wizard starts immediately. To learn how to use this utility, see “Using the Emergency Disk Creation utility” on page McAfee VirusScan Anti-Virus Software...
  • Page 47 17. Choose the update option you prefer. You can: • Run AutoUpdate Now. This option uses default AutoUpdate configuration options to connect directly to the McAfee website and download the latest incremental .DAT file updates. Select this option if your company has not designated a location on your network as an update site, and if you do not need to configure proxy server or firewall settings.
  • Page 48 18. When you have chosen the option you want, click Next>. If you chose to run an AutoUpdate operation immediately, the utility will connect to the McAfee website to download new incremental .DAT files. After it finishes, the Setup sequence will resume.

  • Page 49: Using The Emergency Disk Creation Utility

    The special .DAT files have these names: • EMCLEAN.DAT • EMNAMES.DAT • EMSCAN.DAT McAfee periodically updates these .DAT files to detect new boot-sector viruses. You can download updated Emergency .DAT files from this location: http://www.nai.com/asp_set/anti_virus/avert/tools.asp Š NOTE: McAfee recommends that you download new Emergency .DAT files directly to a newly formatted floppy disk in order to reduce the risk of infection.
  • Page 50 The next wizard panel appears (Figure 2-14). Figure 2-14. Second Emergency Disk panel If your computer runs Windows NT Workstation or Windows 2000 Professional, the wizard tells you that it will format your Emergency Disk with the NAI-OS. McAfee VirusScan Anti-Virus Software...
  • Page 51 Click Finish to quit the wizard when it has created your disk. Next, remove the disk from your floppy drive, lock it, label it McAfee Emergency Boot Disk and store it in a safe place.
  • Page 52 Emergency Disk to start your computer. Follow these substeps: a. Insert an unlocked and unformatted floppy disk into your floppy drive. McAfee recommends that you use a completely new disk that you have never previously formatted to prevent the possibility of virus infections on your Emergency Disk.
  • Page 53 Installing VirusScan Software Figure 2-17. Windows Format dialog box d. Verify that the Full checkbox in the Format Type area and the Copy system files checkbox in the Other Options area are both selected. Next, click Start. Windows will format your floppy disk and copy the system files necessary to start your computer.

  • Page 54: Determining When You Must Restart Your Computer

    In some cases, however, the Microsoft Installer (MSI) will need to replace or initialize certain files, or previous McAfee product installations might require you to remove files in order for VirusScan software to run correctly. These requirements can also vary for each supported Windows platform.

  • Page 55: Testing Your Installation

    .DLL files used .DAT file update No restart required No restart required Scan engine update via McAfee No restart required No restart required SuperDAT utility Testing your installation Once you install it, VirusScan software is ready to scan your system for infected files.

  • Page 56: Modifying Or Removing Your Virusscan Installation

    1. Click Start in the Windows taskbar, point to Settings, then choose Control Panel. 2. Locate and double-click the Add/Remove Programs control panel. 3. In the Add/Remove Programs Properties dialog box, choose McAfee VirusScan v4.5.0 in the list, then click Add/Remove. McAfee VirusScan Anti-Virus Software...
  • Page 57 Installing VirusScan Software Setup will start and display the first Maintenance wizard panel (Figure 2-20). Figure 2-20. First maintenance panel 4. Click Next> to continue. Setup displays the Program Maintenance wizard panel. Figure 2-21. Program Maintenance panel User’s Guide...
  • Page 58 (Figure 2-22). Figure 2-22. Remove the Program panel Click Remove. Setup will display progress information as it deletes VirusScan software from your system. When it has finished, click Finish to close the wizard panel. McAfee VirusScan Anti-Virus Software...

  • Page 59: Chapter 3. Removing Infections From Your System

    Removing Infections From Your System If you suspect you have a virus... First of all, don’t panic! Although far from harmless, most viruses that infect your machine will not destroy data, play pranks, or render your computer unusable. Even the comparatively rare viruses that do carry a destructive payload usually produce their nasty effects in response to a trigger event.
  • Page 60 The Emergency Disk will load the files it needs to conduct the scan operation into memory. If you have extended memory on your computer, it will load its database files into that memory for faster execution. McAfee VirusScan Anti-Virus Software...
  • Page 61 Š NOTE: McAfee strongly recommends that you do not interrupt the BOOTSCAN.EXE scanner as it runs its scan operation. The Emergency Disk will not detect macro viruses, script viruses, or Trojan horse programs, but it will detect common file-infecting and boot-sector viruses.

  • Page 62: Deciding When To Scan For Viruses

    The VirusScan Console includes AutoUpdate and AutoUpgrade tasks you can use to update your .DAT files and the VirusScan engine. To learn how to update your software, see Chapter 7, “Updating and Upgrading VirusScan Software.”. McAfee VirusScan Anti-Virus Software...

  • Page 63: Recognizing When You Don't Have A Virus

    You can, however, rely on McAfee researchers to identify and isolate the virus, then to update VirusScan software immediately so that you can detect and, if possible, remove the virus when you next encounter it.

  • Page 64: Understanding False Detections

    If none of these situations apply, contact Network Associates technical support or send e-mail to virus_research@nai.com with a detailed explanation of the problem you encountered. McAfee VirusScan Anti-Virus Software...

  • Page 65: Responding To Viruses Or Malicious Software

    Removing Infections From Your System Responding to viruses or malicious software Because VirusScan software consists of several component programs, any one of which could be active at one time, your possible responses to a virus infection or to other malicious software will depend upon which program detected the harmful object, how you have that program configured to respond, and other circumstances.
  • Page 66 Action page. Š NOTE: The Continue access checkbox is unavailable if your computer runs Windows NT Workstation v4.0 or Windows 2000, or if you choose the GUI prompt type on Windows 95 and Windows 98 systems. McAfee VirusScan Anti-Virus Software...
  • Page 67 Removing Infections From Your System To take one of the actions shown in an alert message, click a button in the Access to File Was Denied dialog box, or type the letter highlighted in yellow when you see the full-screen warning. If you want the same response to apply to all infected files that the System Scan module finds during this scan operation, select the Apply to all items checkbox in the dialog box.
  • Page 68 • Exclude. Click this button to prevent the E-Mail Scan module from flagging this file as a virus in future scan operations. If you copy this file to your hard disk, this also prevents the System Scan module from detecting the file as a virus. McAfee VirusScan Anti-Virus Software...
  • Page 69 Removing Infections From Your System When you choose your action, the E-Mail Scan module will implement it immediately and add a notice to the top of the e-mail message that contained the infected attachment. The notice gives the file name of the infected attachment, identifies the name of the infecting virus, and describes the action that the module took in response.
  • Page 70 VirusScan software to suit your own needs. With this initial configuration, the program will prompt you for a response when it finds a virus (Figure 3-6). Figure 3-6. VirusScan response options McAfee VirusScan Anti-Virus Software...
  • Page 71 Removing Infections From Your System To respond to the infection, click one of the buttons shown. You can tell the VirusScan application to: • Continue. Click this button to proceed with the scan operation and have the application list each infected file in the lower portion of its main window (Figure 3-7), record each detection in its log file, but take no other...
  • Page 72 Once it has finished examining your system, you can right-click each file listed in the main window, then choose an individual response from the shortcut menu that appears. McAfee VirusScan Anti-Virus Software...
  • Page 73 Removing Infections From Your System • Stop. Click this button to stop the scan operation immediately. The E-Mail Scan extension will list the infected files it has already found in the lower portion of its main window (Figure 3-9) and record each detection in its log file, but it will take no other action to respond to the virus.
  • Page 74 Console, see Chapter 6, “Creating and Configuring Scheduled Tasks.” The Library is part of the McAfee AVERT website, which you can visit at: http://www.nai.com/asp_set/anti_virus/avert/intro.asp The AVERT website has a wealth of virus-related data and software. McAfee VirusScan Anti-Virus Software...

  • Page 75: Viewing File Information

    Examples include: • Current information and risk assessments on emerging and active virus threats • Software tools you can use to extend or supplement your McAfee anti-virus software • Contact addresses and other information for submitting questions, virus samples, and other data •...

  • Page 76: Submitting A Virus Sample

    If you have a suspicious file that you believe contains a virus, or experience a system condition that might result from an infection—but VirusScan software has not detected a virus—McAfee recommends that you send a sample to its anti-virus research team for analysis. When you do so, be sure to start your system in the apparently infected state—don’t start your system from a clean...
  • Page 77 Removing Infections From Your System 4. Read the welcome message, then click Next> to continue. The Contact Information wizard panel appears. Figure 3-13. Your Contact Information panel 5. If you want AVERT researchers to contact you about your submission, enter your name, e-mail address, and any message you would like to send along with your submission in the text boxes provided, then click Next>...
  • Page 78 Remove my personal data from file checkbox, then click Next> to continue. This tells the SENDVIR.EXE utility to strip everything out of the file except macros or executable code. The Choose E-Mail Service panel appears (Figure 3-16). Figure 3-16. Choose E-mail Service panel McAfee VirusScan Anti-Virus Software...

  • Page 79: Capturing Boot Sector, File-Infecting, And Macro Viruses

    If you suspect you have a virus infection, you can collect a sample of the virus, then either create a floppy disk image to send via e-mail, or mail the floppy disk itself to McAfee anti-virus researchers. The researchers would also benefit from having samples of your current system files on a separate floppy disk.
  • Page 80 If you suspect you have a file-infecting virus or a macro virus that has infected any of your Microsoft Word, Excel, or PowerPoint files, send these files to McAfee anti-virus researchers, either with the SENDVIR.EXE utility, via e-mail as floppy disk images, or through the mail on floppy disk: •...
  • Page 81 Making disk images To send the files now stored on any floppy disks you created, you can use a McAfee AVERT Labs tool called RWFLOPPY.EXE to make a floppy disk image that encapsulates the infection. The RWFLOPPY.EXE tool does not...
  • Page 82 9. Attach the .ZIP file that you created to an e-mail message. Sending samples via e-mail Once you’ve made disk images or created a file archive for your samples, send them to McAfee researchers at one of these e-mail addresses: In the United States virus_research@nai.com In the United Kingdom vsample@nai.com...
  • Page 83 Removing Infections From Your System Mailing infected floppy disks You can also mail the actual disks you created directly to McAfee anti-virus researchers. McAfee recommends that you create a text file or write a message to accompany the disks that includes the same information you would submit with an electronic disk image.
  • Page 84 Removing Infections From Your System McAfee VirusScan Anti-Virus Software...

  • Page 85: Chapter 4. Using The Vshield Scanner

    Using the VShield Scanner What does the VShield scanner do? McAfee desktop anti-virus products use two general methods to protect your system. The first method, background scanning, operates continuously, watching for viruses as you use your computer for everyday tasks. In the VirusScan product, the VShield scanner performs this function.

  • Page 86: Why Use The Vshield Scanner

    VShield scanner both your first line of anti-virus defense, and your backstop protection in between each scan operation that you perform. The VShield scanner detects viruses in memory and as they attempt to execute from within infected files. McAfee VirusScan Anti-Virus Software...

  • Page 87: Browser And E-Mail Client Support

    “Setting VShield scanner properties” on page 97 to learn how to do the required setup. McAfee has tested these web browsers and verified that they work correctly with the VShield scanner: • Netscape Navigator v3.x • Netscape Navigator v4.0.x (not including v4.0.6) •...

  • Page 88: Enabling Or Starting The Vshield Scanner

    Using the VShield Scanner McAfee has also tested these e-mail clients and verified that they work with the VShield Download Scan module: • Microsoft Outlook Express • Qualcomm Eudora v3.x and v4.x • Netscape Mail (included with most versions of Netscape Navigator and Netscape Communicator) •...
  • Page 89 McShield, which you can see in the Windows Services control panel. Š NOTE: McAfee recommends that you do not start or stop the McShield service from the Windows control panel. Instead, you can stop and restart the scanner from the provided VirusScan control panel. To learn more about how to use the VirusScan control panel, see “Understanding...
  • Page 90 Method 2: Use the System Scan Status dialog box Follow these steps: 1. Double-click the VShield icon in the Windows system tray to open the System Scan Status dialog box (Figure 4-1). Figure 4-1. System Scan Status dialog box McAfee VirusScan Anti-Virus Software...
  • Page 91 Using the VShield Scanner 2. For each module that you want to enable, click the corresponding tab, then click Enable. The same button in the property page for active modules will read Disable. 3. Click Close to close the dialog box. Depending on which combination of modules you enable, the VShield icon will display a different state.
  • Page 92 VShield modules is inactive This icon means that the System Scan module is inactive, but one or more of the other VShield modules is active This icon means that all VShield modules are inactive McAfee VirusScan Anti-Virus Software...

  • Page 93: Using The Vshield Configuration Wizard

    Using the VShield Scanner Using the VShield configuration wizard After you install VirusScan software and restart your computer, the VShield scanner loads into memory immediately and begins working with a default set of options that give you basic anti-virus protection. Unless you disable it or one of its modules—or stop it entirely—you never have to worry about starting the scanner or scheduling scan tasks for it.
  • Page 94 4. To enable these functions, click Yes, then click Next>. Otherwise, click No, then click Next> to continue. The E-mail Scan wizard panel will appear (Figure 4-5). Figure 4-5. VShield configuration wizard - E-mail Scan panel McAfee VirusScan Anti-Virus Software...
  • Page 95 Using the VShield Scanner 5. Select the Enable e-mail scanning checkbox, then select the checkbox that corresponds to the type of e-mail client you use. Your choices are: • Internet e-mail clients. Select this checkbox if you use a Post Office Protocol (POP-3) or Simple Mail Transfer Protocol (SMTP) e-mail client that sends and receives standard Internet mail directly or through a dial-up connection.
  • Page 96 Otherwise, select the No, do not enable download scanning checkbox, then click Next> to continue. The next wizard panel sets options for the VShield Internet Filter module (Figure 4-7). Figure 4-7. VShield configuration wizard - Internet Filter panel McAfee VirusScan Anti-Virus Software...

  • Page 97: Setting Vshield Scanner Properties

    Using the VShield Scanner 7. To have the Internet Filter module block hostile Java and ActiveX objects or dangerous Internet sites that can cause your system harm, select Yes, enable hostile applet protection and access prevention to unsafe websites, then click Next>. The Internet Filter module maintains a list of harmful objects and sites that it uses to check the sites you visit and the objects you encounter.
  • Page 98 It can also detect viruses each time you read from or write to a floppy disk. As an advanced option, you can activate heuristic scanning, which gives the scanner the capability to detect unidentified or unclassified viruses. McAfee VirusScan Anti-Virus Software...
  • Page 99 Using the VShield Scanner The module can take a variety of automatic actions to respond to any viruses it finds, and can report what it has done either with an alert message when it takes the action or in a log file you can examine at your leisure. You can also set it to ask you what to do when it finds a virus.
  • Page 100 NOTE: If you have network drives mapped to your computer from which you copy files, or if other network users copy files from your computer, McAfee strongly recommends that you have the VShield scanner installed both on your computer and on the computer that “owns”...
  • Page 101 Using the VShield Scanner • Scan files on floppy disks. Boot-sector viruses can hide in the boot blocks of any formatted floppy disk, then load into memory as soon as your computer reads your floppy drive. Select the Access checkbox to have the System Scan module examine floppy disks each time your computer reads from them or writes to them.
  • Page 102 Disable the System Scan module at will. Select the System Scan can be disabled checkbox in order to have the option to disable this module. Note that McAfee recommends that you leave the System Scan module enabled for maximum protection. Clearing this...
  • Page 103 Using the VShield Scanner • Display the VShield icon in the Windows system tray. Select the Show icon in the Taskbar checkbox to have the VShield scanner display this icon in the system tray. The particular state in which the icon appears depends on which VShield modules you have enabled.
  • Page 104 – Enable macro and program file heuristics scanning. Choose this option to have the module use both types of heuristics scanning. McAfee recommends that you use this option for complete anti-virus protection. Š NOTE: The System Scan module will use heuristic scanning techniques only on the file types you designate in the Program File Extensions dialog box.
  • Page 105 Using the VShield Scanner Choosing Action options When the System Scan module detects a virus, it can respond either by asking you what it should do with the infected file, or by automatically taking an action that you determine ahead of time. Use the Action property page to specify which response options you want the module to give you when it finds a virus, or which actions you want it to take on its own.
  • Page 106 If you have its reporting function enabled, it will record a log event each time it successfully cleans, or fails to clean, an infected file. – Delete file. This option tells the module to delete the infected file immediately. McAfee VirusScan Anti-Virus Software...
  • Page 107 Use this option only when you know positively that the file the System Scan module flagged is not infected. To preserve files as virus samples, McAfee recommends moving infected files to a quarantine folder instead.
  • Page 108 Follow these steps: 1. Click the Alert tab in the System Scan module to display the correct property page (Figure 4-14). Figure 4-14. System Scan Properties dialog box - Alert page McAfee VirusScan Anti-Virus Software...
  • Page 109 2. Select the Notify Alert Manager checkbox to have the module send alert messages to Alert Manager for distribution. Alert Manager is a separate McAfee software component that collects alert messages and uses a variety of methods to send them to recipients that you specify.
  • Page 110 4-15). Figure 4-15. System Scan Properties dialog box - Report page 2. Select the Log to file checkbox. By default, the System Scan module writes log information to the file VSHLOG.TXT in the VirusScan program directory. McAfee VirusScan Anti-Virus Software...
  • Page 111 Using the VShield Scanner You can enter a different name and path in the text box provided, or click Browse to locate a suitable file elsewhere on your hard disk or on your network.You may use a different file, but the text file must already exist. The module will not create a new file.
  • Page 112 Each entry in the exclusion list displays the path to the item, notes whether the module will also exclude any nested folders within the target, and explains whether the application will exclude the item when it scans files, when it scans your hard disk boot sector, or both. McAfee VirusScan Anti-Virus Software...
  • Page 113 Using the VShield Scanner Once you use VirusScan software to scan your system thoroughly, you can tell the System Scan module to ignore those files and folders that do not change or that are not normally vulnerable to virus infection. To choose your options, follow these steps: 1.
  • Page 114 Use this option to exclude system files, such as COMMAND.COM, from scan operations. WARNING: McAfee recommends that you do not exclude your system files during a scan session. e. Repeat Step a.
  • Page 115 Using the VShield Scanner • Remove an item from the list. To delete an exclusion item, select it in the list, then click Remove. This means that the System Scan module will scan this file or folder during this scan session. 3.
  • Page 116 To choose configuration options for this page, follow these steps 1. Select the Enable Scanning of e-mail attachments checkbox. The options in the rest of the property page activate (Figure 4-18). Figure 4-18. E-mail Scan Properties dialog box - Detection page McAfee VirusScan Anti-Virus Software...
  • Page 117 Using the VShield Scanner 2. Select the type of e-mail system you use. Your options are: • Enable Corporate Mail. Select this checkbox to have the E-Mail Scan module scan mail attachments you receive via a mail system that runs within your office network. Usually such systems use a proprietary mail protocol and have a central mail server to which you send mail for delivery.
  • Page 118 NOTE: When the E-Mail Scan module examines a file archive, it will scan only the file archive itself, not the compressed files within the archive. To learn which files and archives the module scans, see “Current list of compressed files scanned” on page 292. McAfee VirusScan Anti-Virus Software...
  • Page 119 Using the VShield Scanner • Choose file types for scanning. Viruses cannot infect files that contain no executable code, whether script, macro, or binary code. You can, therefore, safely narrow the scope of your scan sessions so that the module examines only those files most susceptible to virus infection.To do so, select the Program files only button.
  • Page 120 – Enable macro and program file heuristics scanning. Choose this option to have the module use both types of heuristics scanning. McAfee recommends that you use this option for complete anti-virus protection. Š NOTE: The module will use heuristic scanning techniques only on the file types you designate in the Program File Extensions dialog box.
  • Page 121 Using the VShield Scanner 6. Click the Action tab to choose additional E-Mail Scan module options. To save your changes without closing the E-mail Scan Properties dialog box, click Apply. To save your changes and close the dialog box, click OK. To close the dialog box without saving your changes, click Cancel.
  • Page 122 Move infected files to a folder. Choose this response to have the module move infected files to a quarantine folder as soon as it finds them. The module moves these files to a folder named Infected located in the VirusScan program directory. McAfee VirusScan Anti-Virus Software...
  • Page 123 Using the VShield Scanner You can change the name and location of the folder into which the module deposits infected Internet mail, but to do so, you must switch to the Download Scan module and click the Action tab there. See “Choosing Action options”...
  • Page 124 2. Select the Notify Alert Manager checkbox to have the module send alert messages to Alert Manager for distribution. Alert Manager is a separate McAfee software component that collects alert messages and uses a variety of methods to send them to recipients that you specify.
  • Page 125 The message you create for a response is a template—the module will send the message you compose automatically to each recipient you designate, so McAfee recommends that you enter a message that all recipients can read and understand. Apart from the steps you take to compose this template message, the module will not give you an opportunity to edit the message before it sends it.
  • Page 126 You can change the setting for this option only if you select Prompt for user action in the Action property page. Otherwise, the checkbox will display and use the setting it had when you last chose the Prompt for user action item. McAfee VirusScan Anti-Virus Software...
  • Page 127 Using the VShield Scanner The module will sound the standard system warning beep or .WAV file you have your computer set to play. 5. Select the Display custom message checkbox to have the module add a custom message to the alert box it displays when it finds an infected file.
  • Page 128 You can choose to record any of this information: • Virus Detection. Select this checkbox to have the log file record how many viruses the module finds during each scan session. Clear the checkbox to leave this information out of the log file. McAfee VirusScan Anti-Virus Software...
  • Page 129 Using the VShield Scanner • Infected file deletion. Select this checkbox to have the log file record how many viruses the module deletes during each scan session. Clear this checkbox to leave this information out. • Infected file move. Select this checkbox to have the log file record how many viruses the module moves to a quarantine folder during each scan session.
  • Page 130 Internet (Figure 4-25). These default options provide excellent security, but your environment might require different settings. Figure 4-25. Download Scan Properties dialog box - Detection page McAfee VirusScan Anti-Virus Software...
  • Page 131 Using the VShield Scanner To modify the settings in this property page, follow these steps: 1. Select the Enable Internet download scanning checkbox. The options in the rest of the property page activate. 2. Specify the types of files you want the Download Scan module to examine.
  • Page 132 To activate heuristics scanning, follow these substeps: a. Select the Enable heuristics scanning checkbox. The remaining options in the dialog box activate. b. Select the types of heuristics scanning you want the Download Scan module to use. Your choices are: McAfee VirusScan Anti-Virus Software...
  • Page 133 – Enable macro and program file heuristics scanning. Choose this option to have the module use both types of heuristics scanning. McAfee recommends that you use this option for complete anti-virus protection. Š NOTE: The Download Scan module will use heuristic scanning techniques only on the file types you designate in the Program File Extensions dialog box.
  • Page 134 Š NOTE: If you choose Prompt for user action from the list, click the Alert tab to specify whether you want the Download Scan module to prompt you with a message, a beep, or both. McAfee VirusScan Anti-Virus Software...
  • Page 135 Using the VShield Scanner Select the options you want to see in the alert message. Each of the checkboxes you select here causes an option button to appear in an alert message that the module displays when it finds a virus. Selecting Delete file here, for example, causes a Delete button to appear in the alert message.
  • Page 136 (see Figure 4-29 on page 136). Figure 4-29. Download Scan Properties dialog box - Alert page 2. Select the Notify Alert Manager checkbox to have the module send alert messages to Alert Manager for distribution. McAfee VirusScan Anti-Virus Software...
  • Page 137 Using the VShield Scanner Alert Manager is a separate McAfee software component that collects alert messages and uses a variety of methods to send them to recipients that you specify. To have the Download Scan module send these alert messages successfully, you must also set up the Alert Manager Client Configuration utility.
  • Page 138 4-30). Figure 4-30. Download Scan Properties dialog box - Report page 2. Select the Log to file checkbox. By default, the Download Scan module writes log information to the file WEBINET.TXT in the VirusScan program directory. McAfee VirusScan Anti-Virus Software...
  • Page 139 Using the VShield Scanner You can enter a different name and path in the text box provided, or click Browse to locate a suitable file elsewhere on your hard disk or on your network. You may use a different file, but the text file must already exist. The module will not create a new file.
  • Page 140 VShield Properties dialog box to display the property pages for this module. Š NOTE: The Internet Filter icon will not appear here unless you used the Custom Setup option to install the VirusScan software and specified that you wanted to install the Internet Scan component. McAfee VirusScan Anti-Virus Software...
  • Page 141 Using the VShield Scanner Choosing Detection options The Internet Filter module starts by assuming that you want to block all of the harmful objects and sites it has listed in its database in order to prevent you from accidentally encountering them (Figure 4-31).
  • Page 142 McAfee VirusScan Anti-Virus Software...
  • Page 143 Using the VShield Scanner To change the list, you can: – Click Add to open the Add IP Address dialog box (Figure 4-33). Figure 4-33. Add IP address dialog box Next, follow these substeps: a. Type the Internet Protocol (IP) address you want to add to the Banned IP Addresses list in the text box on the left.
  • Page 144 – Select one of the items shown, then click Delete to remove the item from the list. When you have changed the banned list so that it has all of the addresses you want to block, click OK to return to the Internet Filter Properties dialog box. McAfee VirusScan Anti-Virus Software...
  • Page 145 Using the VShield Scanner 4. Click the Action tab to choose additional Internet Filter module options. To save your changes without closing the Internet Filter Properties dialog box, click Apply. To save your changes and close the dialog box, click OK. To close the dialog box without saving your changes, click Cancel.
  • Page 146 Follow these steps: 1. Click the Alert tab in the Internet Filter module to display the correct property page (Figure 4-37). Figure 4-37. Internet Filter Properties dialog box - Alert page McAfee VirusScan Anti-Virus Software...
  • Page 147 2. Select the Notify Alert Manager checkbox to have the module send alert messages to Alert Manager for distribution. Alert Manager is a separate McAfee software component that collects alert messages and uses a variety of methods to send them to recipients that you specify.
  • Page 148 To set the Internet Filter module to record its actions in a log file, follow these steps: 1. Click the Report tab in the Internet Filter module to display the correct property page (Figure 4-38). Figure 4-38. Internet Filter Properties dialog box - Report page McAfee VirusScan Anti-Virus Software...
  • Page 149 Using the VShield Scanner 2. Select the Log to file checkbox. By default, the module writes log information to the file WEBFILTR.TXT in the VirusScan program directory. You can enter a different name and path in the text box provided, or click Browse to locate a suitable file elsewhere on your hard disk or on your network.
  • Page 150 • Password-protect selected property pages only. Select this button to choose which property pages in individual modules you want to lock. The other tabs in the Security Properties dialog box let you designate individual pages. McAfee VirusScan Anti-Virus Software...
  • Page 151 Using the VShield Scanner 3. Enter a password to use to lock your settings. Type any combination of up to 20 characters in the upper text box in the Password area, then enter the exact same combination in the text box below to confirm your choice. Ë...
  • Page 152 Apply. To save your changes close the dialog box, click OK. To close the dialog box without saving any changes, click Cancel. Š NOTE: Clicking Cancel will not undo any changes you already saved by clicking Apply. McAfee VirusScan Anti-Virus Software...

  • Page 153: Using The Vshield Shortcut Menu

    Using the VShield Scanner Using the VShield shortcut menu The VShield scanner groups several of its common commands in a shortcut menu associated with its system tray icon . Double-click this icon to display the VShield Status dialog box. Right-click the icon to display these commands: •...
  • Page 154 1. Right-click the VShield icon in the Windows system tray to display its shortcut menu. 2. Choose Exit. The VShield scanner will stop and unload itself from memory. The VShield icon will disappear from the Windows taskbar. McAfee VirusScan Anti-Virus Software...
  • Page 155 Using the VShield Scanner Method 2: Use the VirusScan Console Follow these steps: 1. Double-click the VirusScan Console icon in the Windows system tray to bring the Console window to the foreground (Figure 4-42). Figure 4-42. VirusScan Console window 2. Select VShield in the task list, then choose Disable from the Task menu. the Console will stop the VShield scanner and all of its modules, and unload them from memory.
  • Page 156 Once you disable a module, you can reactivate it in much the same way you disabled it. To learn how to enable modules, see “Enabling or starting the VShield scanner” on page McAfee VirusScan Anti-Virus Software...
  • Page 157 Using the VShield Scanner Method 1: Use the VShield shortcut menu Follow these steps: 1. Right-click the VShield icon in the Windows system tray to display its shortcut menu. 2. Point to Quick Enable. 3. Choose one of the module names shown with a check mark beside it to deactivate it.
  • Page 158 Using this method to disable the module makes the disabled state the module’s “default” state. If you later use the shortcut menu to enable the module, it will stay enabled only until you restart your VirusScan software or your computer. McAfee VirusScan Anti-Virus Software...

  • Page 159: Tracking Vshield Software Status Information

    Using the VShield Scanner Tracking VShield software status information Once you activate and configure the VShield scanner, it operates continuously in the background, watching for and then scanning e-mail you receive, files you run or download, or Java and ActiveX objects you encounter. To see a real-time summary of its progress: 1.
  • Page 160 Windows system tray to bring the Console window to the foreground (see Figure 4-42 on page 155). 2. Double-click the McAfee VShield task in the task list to display the Task Properties dialog box shown in Figure 4-46.

  • Page 161: Chapter 5. Using The Virusscan Application

    Using the VirusScan application What is the VirusScan application? McAfee desktop anti-virus products use two general methods to protect your system. The first method, background scanning, operates continuously, watching for viruses as you use your computer for everyday tasks. In the VirusScan product, the VShield scanner performs this function.

  • Page 162: Why Use The Virusscan Application

    Regular scan operations can often catch infections before they spread or do any harm. McAfee VirusScan Anti-Virus Software...

  • Page 163: Starting The Virusscan Application

    The next sections describe each method. Method 1: Displaying the VirusScan application main window Follow these steps: 1. Click Start in the Windows taskbar, point to Programs, then to Network Associates. Next, choose McAfee VirusScan. The VirusScan Classic main window appears (Figure 5-1).
  • Page 164 • View the VirusScan application activity log. Choose View Activity Log from the File menu to open the VSCLOG.TXT file in a Notepad window. Figure 5-2. VirusScan Activity Log McAfee VirusScan Anti-Virus Software...
  • Page 165 Using the VirusScan application • Protect your settings with a password. Choose Password Protect from the Tools menu to open a dialog box you can use to lock any VirusScan application property page. Figure 5-3. Password protection dialog box Select each property page you want to protect, then click the Password button to the right to assign a password.
  • Page 166 Follow these steps: 1. Locate and double-click a settings file that you saved from the VirusScan application window. This reopens the VirusScan application window and loads the configuration options you saved (Figure 5-4). Figure 5-4. VirusScan Advanced window McAfee VirusScan Anti-Virus Software...
  • Page 167 Using the VirusScan application You can also open this window and load your settings by right-clicking the settings file, then choosing Start from the shortcut menu that appears. Ordinarily, you’ll find your settings files in the VirusScan program directory, but you can save your settings files anywhere on your hard disk.
  • Page 168 Depending on the command-line options you choose, starting the application this way can either run a scan operation or display the VirusScan application window, where you can choose configuration options for a scan operation. McAfee VirusScan Anti-Virus Software...

  • Page 169: Configuring The Virusscan Classic Interface

    Using the VirusScan application Configuring the VirusScan Classic interface For the VirusScan application to protect your system, you must tell it: • what you want it to scan • what you want it to do if it finds a virus •...
  • Page 170 NOTE: Choosing Include subfolders causes the application to scan only those files stored in the subfolders themselves. The application will not scan files stored at the root level of the folder you designate. To scan those files, clear the Include subfolders checkbox. McAfee VirusScan Anti-Virus Software...
  • Page 171 Š NOTE: McAfee recommends that you choose this option for your first scan operation, or periodically thereafter, to ensure that your system is virus-free. You can then limit the scope of later scan operations.
  • Page 172 Be sure to enable its reporting feature so that you have a record of which files the application deleted. You will need to restore deleted files from backup copies. If the application cannot delete an infected file, it will note the incident in its log file. McAfee VirusScan Anti-Virus Software...
  • Page 173 Using the VirusScan application • Continue scanning. Use this option only if you plan to leave your computer unattended while the VirusScan application checks for viruses. If you also activate the application’s feature (see “Choosing Report options” on page 183 for details), the program will record the names of any viruses it finds and the names of infected files so that you can delete them at your next opportunity.

  • Page 174: Configuring The Virusscan Advanced Interface

    VirusScan Classic interface, including the ability to run more than one scan operation concurrently, the ability to exclude items from scan operations, and the ability to activate the application’s heuristic detection capability. McAfee VirusScan Anti-Virus Software...
  • Page 175 Using the VirusScan application For the VirusScan application to protect your system, you must tell it: • what you want it to scan • what you want it to do if it finds a virus • how it should let you know when it finds a virus •...
  • Page 176 – All network drives. This tells the application to scan all drives logically mapped via Windows Explorer to a drive letter on your computer. b. When you've chosen your target, click OK to close the dialog box. McAfee VirusScan Anti-Virus Software...
  • Page 177 Using the VirusScan application To scan a particular disk or folder on your system, click the Select drive or folder to scan button, then: a. Type in the text box provided the drive letter or the path to the folder you want scanned, or click Browse to locate the scan target on your computer.
  • Page 178 Š NOTE: McAfee recommends that you choose this option for your first scan operation, or periodically thereafter, to ensure that your system is virus-free. You can then limit the scope of later scan operations.
  • Page 179 – Enable macro and program file heuristics scanning. Choose this option to have the application use both types of heuristics scanning. McAfee recommends that you use this option for complete anti-virus protection. Š NOTE: The application will use heuristic scanning techniques only on the file types you designate in the Program File Extensions dialog box.
  • Page 180 Each of the checkboxes you select in the Action page causes an option button to appear in an alert message that the application displays when it finds a virus. Selecting Delete file, here, for example, causes a Delete button to appear in the alert message. McAfee VirusScan Anti-Virus Software...
  • Page 181 Using the VirusScan application You can choose from these options: – Clean infection. This option tells the application to try to remove the virus code from the infected file. If you have its reporting function enabled, it will record a log event each time it successfully cleans, or fails to clean, an infected file.
  • Page 182 2. Select the Notify Alert Manager checkbox to have the VirusScan application send alert messages to Alert Manager for distribution. Alert Manager is a separate McAfee software component that collects alert messages and uses a variety of methods to send them to recipients that you specify.
  • Page 183 Using the VirusScan application You can pass alert messages directly to an Alert Manager server, or you can send alert messages as text (.ALR) files to a Centralized Alerting directory that the Alert Manager server checks periodically. Š NOTE: Clearing this checkbox tells the VirusScan application not to send an alert message via Alert Manager, but does not affect other alert messages that you configure in this property page.
  • Page 184 . By default, the application limits the file size to 100 . If the data in the log exceeds the file size you set, the application erases the existing log and begins again from the point at which it left off. McAfee VirusScan Anti-Virus Software...
  • Page 185 Using the VirusScan application 4. Select the checkboxes that correspond to the information you want the application to record in its log file. Each checkbox you select here causes the application to record this information, usually when the scan operation ends, or when you shut your system down: •...
  • Page 186 VirusScan control panel, click the Components tab, then enter a new figure in the Maximum number of exclude items text box. To learn more about how to use the VirusScan control panel, see “Understanding the VirusScan control panel” on page 277. McAfee VirusScan Anti-Virus Software...
  • Page 187 Using the VirusScan application To exclude files or folders from scan operations, follow these steps: 1. Click the Exclusion tab in the VirusScan Advanced window to display the correct property page (Figure 5-17). Figure 5-17. VirusScan Advanced window - Exclusion page 2.
  • Page 188 Use this option to exclude system files, such as COMMAND.COM, from scan operations. WARNING: McAfee recommends that you do not exclude your system files from scan operations. e. Repeat Step a.
  • Page 189 Using the VirusScan application Enabling password protection VirusScan software lets you set a password to protect the settings you choose in each property page from unauthorized changes. This feature is particularly useful for system administrators who need to keep users from tampering with their security measures by changing VirusScan settings.
  • Page 190 Using the VirusScan application McAfee VirusScan Anti-Virus Software...

  • Page 191: Chapter 6. Creating And Configuring Scheduled Tasks

    Console also allows you to start and stop a number of other important VirusScan operations, including VShield scan sessions, AutoUpdate, and AutoUpgrade operations. You can connect to the McAfee AVERT Labs website for virus information, open and view log files, and copy and paste task definitions within the Console window.

  • Page 192: Starting The Virusscan Console

    Starting the VirusScan Console You must have the VirusScan Console running in order to run any tasks you have scheduled. McAfee recommends that you set the Console to start automatically, as soon as you start your computer. To do so, follow these steps: 1.
  • Page 193 Creating and Configuring Scheduled Tasks 4. Select the Load on startup checkbox in the VirusScan Console area in the Components page. 5. Click OK to close the control panel. When you next restart your computer, the Console will also start, but it will remain minimized as an icon in the Windows system tray.

  • Page 194: Using The Console Window

    NOTE: You can delete only tasks that you create—you may not delete any of the tasks from the default set that come with the Console. You can, however, disable any default task that you don’t want to run. See “Enabling tasks” on page 204 for details. McAfee VirusScan Anti-Virus Software...
  • Page 195 “Disabling or stopping the VShield scanner” on page 153. • Connect to the McAfee Virus Information Library. Choose Virus List from the View menu, or click in the Console toolbar. the Console will start your preferred browser application and connect to the AVERT website.

  • Page 196: Working With Default Tasks

    VShield properties dialog box to configure it. See “Setting VShield scanner properties” on page 97 to learn which options you have available. McAfee VirusScan Anti-Virus Software...
  • Page 197 File Transfer Protocol (FTP) site that you designate. The task comes configured to connect to a McAfee server, but you may also set it to download files internally. You must also schedule and activate the task to get it to update your files.

  • Page 198: Working With The Vshield Task

    Task Properties dialog box shows summary statistics for the last scan session each ran. Click any other tab to see these statistics. To learn how to display a real-time update for these statistics, see “Tracking VShield software status information” on page 159. McAfee VirusScan Anti-Virus Software...

  • Page 199: Working With The Autoupgrade And Autoupdate Tasks

    Creating and Configuring Scheduled Tasks Working with the AutoUpgrade and AutoUpdate tasks The AutoUpgrade task allows you to download and install new program files for your VirusScan software according to a schedule you set. The AutoUpdate task allows you to download and install new virus definition (.DAT) files. You may not rename, delete, or create other copies of these tasks, but you can configure them, protect them with a password, or run them immediately from the Task Properties dialog box.

  • Page 200: Creating New Tasks

    My Computer and Scan Drive ‘C’ tasks—create new instances of them. You may copy the existing configuration options from the Scan My Computer and Scan Drive ‘C’ tasks for use as foundation settings for your own new tasks. McAfee VirusScan Anti-Virus Software...
  • Page 201 Creating and Configuring Scheduled Tasks The Console, however, allows you to create as many as 50 new tasks to suit your own needs. You can raise this limit by changing the number in the VirusScan control panel. To learn how to do so, see “Understanding the VirusScan control panel”...
  • Page 202 • Always Exit. Click this button to tell the VirusScan application to always quit immediately after it completes this scan task. If you choose Hidden Mode in the Interface Type list, this is your only option. McAfee VirusScan Anti-Virus Software...
  • Page 203 Creating and Configuring Scheduled Tasks • Auto Exit. Click this button to tell the VirusScan application to quit automatically if it has not detected any viruses during this scan task. If the application does find a virus, it will remain open to display its scan results.

  • Page 204: Enabling Tasks

    NOTE: The Task Properties dialog box for the VShield scanner will not include a Schedule property page—instead, it will include status pages for each of the scanner’s modules. The Task Properties dialog boxes for the AutoUpdate and AutoUpgrade tasks, meanwhile, will not include status pages. McAfee VirusScan Anti-Virus Software...
  • Page 205 Creating and Configuring Scheduled Tasks Figure 6-6. Task Properties dialog box - Schedule page 3. Select the Enable checkbox. The options in the Run and the Start At areas become active. 4. Choose how often you want the task to run in the Run area. Depending on which interval you select, the Start At area gives you a different set of choices for your task schedule.

  • Page 206: Checking Task Status

    You can also see a summary of how many files each task scanned, whether it found any malicious agents, and what actions it took. McAfee VirusScan Anti-Virus Software...
  • Page 207 Creating and Configuring Scheduled Tasks To see task results, follow these steps: 1. If you do not already have the Task Properties dialog box open, double-click one of the listed tasks in the Console window, or select a task, then click in the Console toolbar.

  • Page 208: Configuring Virusscan Application Options

    To configure the VirusScan application to run a scan task, select one of those listed in the Console window—including any task that you created yourself—then click in the Console toolbar. The VirusScan Properties dialog box will appear (Figure 6-8). Figure 6-8. VirusScan Properties dialog box - Detection page McAfee VirusScan Anti-Virus Software...
  • Page 209 Creating and Configuring Scheduled Tasks Choosing Detection options If you chose to configure a task you just created, the VirusScan application initially assumes that you want to scan your C: drive and your computer’s memory, to look for boot sector viruses, and to restrict the files it scans only to those susceptible to virus infection.
  • Page 210 The dialog box appears with the existing scan target specified. Choose or enter a new scan target, then click OK to close the dialog box. • Remove scan targets. Select one of the listed scan targets, then click Remove to delete it. McAfee VirusScan Anti-Virus Software...
  • Page 211 Š NOTE: McAfee recommends that you choose this option for your first scan operation, or periodically thereafter, to ensure that your system is virus-free. You can then limit the scope of later scan operations.
  • Page 212 – Enable macro and program file heuristics scanning. Choose this option to have the application use both types of heuristics scanning. McAfee recommends that you use this option for complete anti-virus protection. Š NOTE: The application will use heuristic scanning techniques only on the file types you designate in the Program File Extensions dialog box.
  • Page 213 Creating and Configuring Scheduled Tasks 4. Choose special scanning options. Boot-sector viruses load themselves into your computer’s memory and conceal themselves in the boot blocks or master boot record on your hard drive. To use this scan task to detect those types of viruses, select the Scan Memory and Scan boot sectors checkboxes.
  • Page 214 – Delete file. This option tells the application to delete the infected file immediately. – Exclude file. This option tells the application to skip the file during later scan operations. This is the only option not selected by default. McAfee VirusScan Anti-Virus Software...
  • Page 215 Creating and Configuring Scheduled Tasks – Continue scan. This option tells the application to continue with its scan operation, but not take any other actions. If you have its reporting options enabled, the application records the incident in its log file. –...
  • Page 216 3. Select the Notify Alert Manager checkbox to have the VirusScan application send alert messages to Alert Manager for distribution. Alert Manager is a separate McAfee software component that collects alert messages and uses a variety of methods to send them to recipients that you specify.
  • Page 217 Creating and Configuring Scheduled Tasks You can pass alert messages directly to an Alert Manager server, or you can send alert messages as text (.ALR) files to a Centralized Alerting directory that the Alert Manager server checks periodically. Š NOTE: Clearing this checkbox tells the VirusScan application not to send an alert message via Alert Manager, but does not affect other alert messages that you configure in this property page.
  • Page 218 Browse to locate a suitable file elsewhere on your hard disk or on your network. You may use a different file, but the text file must already exist. The application will not create a new file. McAfee VirusScan Anti-Virus Software...
  • Page 219 Creating and Configuring Scheduled Tasks 4. To minimize the log file size, select the Limit size of log file to checkbox, then enter a value for the file size, in kilobytes, in the text box provided. If you do not select this checkbox, the log file can grow to as large a size as your disk space permits.
  • Page 220 By default, the VirusScan application does not scan the Recycle Bin because Windows will not run items stored there. This item, therefore, will appear in the exclusion list when you first open the window. McAfee VirusScan Anti-Virus Software...
  • Page 221 Creating and Configuring Scheduled Tasks Each entry in the exclusion list displays the path to the item, notes whether the application will also exclude any nested folders within the target, and explains whether the application will exclude the item when it scans files, when it scans your hard disk boot sector, or both.
  • Page 222 Use this option to exclude system files, such as COMMAND.COM, from scan operations. WARNING: McAfee recommends that you do not exclude your system files from scan operations. McAfee VirusScan Anti-Virus Software...
  • Page 223 Creating and Configuring Scheduled Tasks e. Repeat Step a. through Step d. until you have listed all of the files and folders you do not want scanned. • Change the exclusion list. To change the settings for an exclusion item, select it in the Exclusions list, then click Edit to open the Edit Exclude Item dialog box.
  • Page 224 5. To ensure that your security settings will appear by default in any task you create by copying this task (see “Using the Console window” on page 194 for details), select the Inherit security options checkbox. McAfee VirusScan Anti-Virus Software...
  • Page 225 Creating and Configuring Scheduled Tasks 6. Click a different tab to change any of your VirusScan settings. To save your changes without closing the VirusScan Properties dialog box, click Apply. To save your changes and return to the Console window, click OK.
  • Page 226 Creating and Configuring Scheduled Tasks McAfee VirusScan Anti-Virus Software...

  • Page 227: Chapter 7. Updating And Upgrading Virusscan Software

    Technology.” What is the scan engine? The Olympus scan engine is at the heart of McAfee anti-virus software. The engine contains the program logic necessary to scan files at particular points, process and pattern-match virus definitions with data it finds in your files,...

  • Page 228: Update And Upgrade Methods

    Appendix D, “Understanding iDAT Technology.” • SuperDAT scan engine and .DAT file updates. McAfee releases a weekly SuperDAT package of current .DAT file updates and the current Olympus scan engine, together with a Setup feature that makes updating and upgrading a snap.
  • Page 229 250. In addition to the weekly SuperDAT package that contains both current .DAT files and a current Olympus scan engine, McAfee will make available a SuperDAT package that consists only of .DAT files. This executable file minimizes the need for you to closely manage your .DAT file updates. It...

  • Page 230: Understanding The Autoupdate Utility

    “push-pull” arrangement. Once you install its client software on an administrative server, the SecureCast service can send, or “push,” updated files to you automatically, as soon as McAfee makes them available on its servers. To learn more about the SecureCast service, see Appendix C, “Using...

  • Page 231: Configuring The Autoupdate Utility

    • Reduce the likelihood that you will need to wait to download new .DAT files. Traffic on McAfee servers increases dramatically on regular .DAT file publishing dates. Avoiding the competition for network bandwidth enables you to deploy your update with minimal interruptions.
  • Page 232 Disabled. A site is enabled if you have selected the Enabled checkbox in the Automatic Update Properties dialog box. A site is disabled if you clear this checkbox. This designation does not change whether or not the AutoUpdate utility can connect with the site. McAfee VirusScan Anti-Virus Software...
  • Page 233 Updating and Upgrading VirusScan Software Initially, the utility comes configured to connect only to the Network Associates FTP site. You can add as many different sites as you need, and alter the order in which AutoUpdate tries to connect to them, from this dialog box.
  • Page 234 By default, the AutoUpdate utility records what happens during update attempts and saves the record in the file UPDATE UPGRADE ACTIVITY LOG.TXT in the VirusScan program directory whenever you stop the task or when you shut your system down. McAfee VirusScan Anti-Virus Software...
  • Page 235 Updating and Upgrading VirusScan Software If you would prefer to log this data to a different text file, enter its path and filename in the text box provided, or click Browse to locate the file. The AutoUpdate utility will not generate a text file—it will write only to an existing file.
  • Page 236 If you click Update now, the AutoUpdate utility will use the same account you used to log on to your network to connect to the upgrade server. McAfee VirusScan Anti-Virus Software...
  • Page 237 Updating and Upgrading VirusScan Software To use a custom account, clear the Use Logged In Account checkbox, then click UNC login information to enter a user name and password for an account that has access rights to the target server. •...
  • Page 238 After a Successful Update area. To tell AutoUpdate where to save the .DAT file package, enter a path and folder name in the text box below this checkbox, or click Browse to locate a suitable folder. McAfee VirusScan Anti-Virus Software...
  • Page 239 Updating and Upgrading VirusScan Software Selecting this checkbox also makes the Backup the existing DAT files, the Force Update, and the Reboot system, if needed, after a successful update checkboxes unavailable. You might want to use this option if you download new .DAT files to a central server on your network and want individual client computers to download, extract and install the new files locally.

  • Page 240: Understanding The Autoupgrade Utility

    • Set a schedule for the AutoUpgrade task, and enable it to run • Set a password to protect your configuration settings, if you wish • Configure the task to download new files from a specific location on your network, or on the Internet McAfee VirusScan Anti-Virus Software...

  • Page 241: Configuring The Autoupgrade Utility

    Updating and Upgrading VirusScan Software By default, the AutoUpgrade task included with VirusScan Console does not come configured with any default upgrade site. Instead, McAfee recommends that you use other mechanisms, such as the Enterprise SecureCast service, to receive new SuperDAT or program files, then place those files on a central server within your network.
  • Page 242 199. To learn how to set a schedule for the task, see “Enabling tasks” on page 204. 2. Click Configure. The Automatic Upgrade dialog box appears with the Upgrade Sites property page selected (see Figure 7-7 on page 243). McAfee VirusScan Anti-Virus Software...
  • Page 243 Updating and Upgrading VirusScan Software Figure 7-7. Automatic Upgrade dialog box - Upgrade Sites page Here, the AutoUpgrade utility lists the sites from which it will download new VirusScan program files. It also reports each site’s current status as Enabled or Disabled. A site is enabled if you have selected the Enabled checkbox in the Automatic Upgrade Properties dialog box.
  • Page 244 Move Down. • Update your files immediately from the sites listed in the update list, using default configuration options or the options you chose for this task. Click Upgrade now. McAfee VirusScan Anti-Virus Software...
  • Page 245 Updating and Upgrading VirusScan Software To use this function, you must have configured enough of the necessary options for the AutoUpgrade utility to locate the listed site and, if necessary, log on to it. See “Configuring upgrade options” on page 246 to learn how to specify the options you need.
  • Page 246 Figure 7-10. Automatic Upgrade Properties dialog box - Upgrade Options page Next, follow these steps: 1. Enter a descriptive name in the Site Name text box that clearly identifies the new site. An example might be Internal Program File Upgrade Site. McAfee VirusScan Anti-Virus Software...
  • Page 247 Updating and Upgrading VirusScan Software 2. Select the Enabled checkbox to approve this site for the AutoUpgrade utility’s use. Clearing this checkbox preserves the options you’ve chosen, but causes the utility to skip this site when it tries to download new .DAT files. The AutoUpgrade utility will make a maximum of three connection attempts for the site during each scheduled update operation.
  • Page 248 To have AutoUpgrade do additional pre- or post-processing on the files, or to have it take other actions, click the Advanced Upgrade Options tab to display the property page shown in Figure 7-5 on page 238. McAfee VirusScan Anti-Virus Software...
  • Page 249 Updating and Upgrading VirusScan Software Figure 7-11. Automatic Update Properties dialog box - Advanced Update Options page Next, follow these steps: 1. Tell the AutoUpgrade utility what you want it to do before or as it performs an update. Your options are: •...

  • Page 250: Using The Autoupgrade And Superdat Utilities Together

    Using the AutoUpgrade and SuperDAT utilities together For this release, you must modify the SuperDAT package you download from the McAfee website in order to use it with the AutoUpgrade utility. Š NOTE: VirusScan v4.5 and later releases require you to use the SuperDAT v1.2 or later utility.
  • Page 251 Updating and Upgrading VirusScan Software 3. If you want to, create and copy a SETUP.ISS file into the directory from which you tell AutoUpgrade to download new files. SETUP.ISS is a simple text file that governs how the AutoUpgrade utility upgrades your software.
  • Page 252 The AutoUpgrade utilities will download and install the new files from this package. To learn more about how the SuperDAT utility works, download the SuperDAT User’s Guide from the McAfee website at: http://www.nai.com/asp_set/download/upgrade/login.asp Otherwise, consult the README.TXT file that comes with each weekly SuperDAT release.

  • Page 253: Chapter 8. Using Specialized Scanning Tools

    Using Specialized Scanning Tools Scanning Microsoft Exchange and Outlook mail VirusScan software provides you with two complementary methods to protect your Microsoft Exchange or Outlook e-mail system: • The VShield scanner includes an E-Mail Scan module that runs continuous background scan operations on e-mail as it arrives on your server. •...

  • Page 254: Using The E-Mail Scan Extension

    E-mail Scan extension buttons from the list of available buttons in the Customize Toolbar dialog box. Once you’ve started it, the E-Mail Scan extension will immediately begin to scan your Exchange or Outlook mailbox for viruses (see Figure 8-1 on page 255). McAfee VirusScan Anti-Virus Software...

  • Page 255: Configuring The E-Mail Scan Extension

    Using Specialized Scanning Tools By default, the E-Mail Scan extension examines all of the mail messages stored in your mailbox on the Exchange mail server, looking for messages and attachments susceptible to virus infection. If you have a large number of messages stored there that you have not yet downloaded, this scan operation can take a long time.
  • Page 256 2. Choose E-Mail Scan Properties from the Tools menu, or click in the client application toolbar. The E-Mail Scan Properties dialog box will appear (Figure 8-2). Figure 8-2. E-Mail Scan Properties dialog box - Detection page McAfee VirusScan Anti-Virus Software...
  • Page 257 If, however, you installed the E-Mail Scan extension after you have installed and used your mail system for some time, McAfee recommends that you perform at least one such scan operation to ensure that your older mail messages do not contain viruses.
  • Page 258 Š NOTE: McAfee recommends that you choose this option for your first scan operation, or periodically thereafter, to ensure that your mailbox is virus-free. You can then limit the scope of later scan operations.
  • Page 259 – Enable macro and program file heuristics scanning. Choose this option to have the extension use both types of heuristics scanning. McAfee recommends that you use this option for complete anti-virus protection. Š NOTE: The extension will use heuristic scanning techniques only on the file types you designate in the Program File Extensions dialog box.
  • Page 260 Figure 8-4. E-Mail Scan Properties dialog box - Action page 2. Choose a response from the When a virus is found list. The area immediately beneath the list will change to show you additional options for each response. McAfee VirusScan Anti-Virus Software...
  • Page 261 Using Specialized Scanning Tools Your choices are: • Prompt for user action. Choose this response if you expect to be at your computer when the E-Mail Scan extension examines your mailbox—the program will display an alert message when it finds a virus and offer you a range of possible responses.
  • Page 262 To have the extension tell you immediately when it finds a virus so that you can take appropriate action, however, configure it to send an alert message to you. McAfee VirusScan Anti-Virus Software...
  • Page 263 2. Select the Notify Alert Manager checkbox to have the E-Mail Scan extension send alert messages to Alert Manager for distribution. Alert Manager is a separate McAfee software component that collects alert messages and uses a variety of methods to send them to recipients that you specify.
  • Page 264 The message you create for a response is a template—the E-Mail Scan extension will send the message you compose automatically to each recipient you designate, so McAfee recommends that you enter a message that all recipients can read and understand. Apart from the steps you take to compose this template message, the extension will not give you an opportunity to edit the message before it sends it.
  • Page 265 Using Specialized Scanning Tools c. Enter a subject for the message that conveys its urgency, then add any comments you want to make in the body of the message, below a standard infection notice that the extension itself will supply. You may add up to 1024 characters of text.
  • Page 266 To set E-Mail Scan to record its actions in a log file, follow these steps: 1. Click the Report tab in the E-Mail Scan Properties dialog box to display the correct property page (Figure 8-6). Figure 8-6. E-Mail Scan Properties dialog box - Report page McAfee VirusScan Anti-Virus Software...
  • Page 267 Using Specialized Scanning Tools 2. Select the Log to file checkbox. By default, the E-Mail Scan extension writes log information to the file MAILSCAN.TXT in the VirusScan program directory. You can enter a different name in the text box provided, or click Browse to locate a suitable file elsewhere on your hard disk or on your network.
  • Page 268 Apply. To save your changes and close the dialog box, click OK. To close the dialog box without saving your changes, click Cancel. Š NOTE: Clicking Cancel will not undo any changes you already saved by clicking Apply. McAfee VirusScan Anti-Virus Software...

  • Page 269: Scanning Cc:mail

    Using Specialized Scanning Tools Scanning cc:Mail VirusScan software includes native support for Microsoft Exchange and Outlook clients, and for Lotus cc:Mail v6.0, v7.0, and v8.0. The cc:Mail clients use a proprietary e-mail system that the E-Mail Scan extension does not support directly.
  • Page 270 4. Choose which parts of your system you want the ScreenScan utility to examine for viruses. You can • Add scan targets. Click Add to open the Add Scan Item dialog box (see Figure 8-8 on page 271). McAfee VirusScan Anti-Virus Software...
  • Page 271 Using Specialized Scanning Tools Figure 8-8. The Add Scan Item dialog box Next, choose the scan target from the list provided. Your choices are: – All local drives. This tells the utility to scan all drives physically attached to your computer, including removable media drives.
  • Page 272 Š NOTE: McAfee recommends that you choose this option for your first scan operation, or periodically thereafter, to ensure that your system is virus-free. You can then limit the scope of later scan operations.
  • Page 273 Using Specialized Scanning Tools Figure 8-10. Advanced Scan Settings dialog box The presence of a sufficient number of these characteristics in a file leads the utility to identify the file as potentially infected with a new or previously unidentified virus. Because the utility looks simultaneously for file characteristics that rule out the possibility of virus infection, it will rarely give you a false indication of a virus infection.
  • Page 274 Using Specialized Scanning Tools – Enable macro and program file heuristics scanning. Choose this option to have the utility use both types of heuristics scanning. McAfee recommends that you use this option for complete anti-virus protection. Š NOTE: The utility will use heuristic scanning techniques only on the file types you designate in the Program File Extensions dialog box.
  • Page 275 Using Specialized Scanning Tools Slide the control toward Low to give the other background tasks higher priority than you do to the ScreenScan utility. This causes the ScreenScan utility to run more slowly. • Tell the utility to log its actions. Select the Enable logging of ScreenScan activities to file checkbox to have the ScreenScan utility summarize the actions it took as it ran in the file SCREENSCAN ACTIVITY LOG.TXT.
  • Page 276 Using Specialized Scanning Tools McAfee VirusScan Anti-Virus Software...

  • Page 277: Chapter 9. Using Virusscan Utilities

    Š NOTE: McAfee strongly recommends that you set the VirusScan management service to load at startup. If you do not, you might not be able to start some VirusScan components, and you will lose the benefit of data sharing between components.

  • Page 278: Choosing Virusscan Control Panel Options

    VirusScan management service (AVSYNMGR.EXE) as soon as you start your computer. The management service oversees all communications between VirusScan program components, determines which components must load to accomplish program tasks, and allows you to start or stop all program components at once. McAfee VirusScan Anti-Virus Software...
  • Page 279 Manager. If your computer runs Windows 95 or Windows 98, this service is not directly accessible. Š NOTE: McAfee strongly recommends that you set the VirusScan management service to load at startup. If you do not, you might not be able to start some VirusScan components, and you will lose the benefit of data sharing between components.
  • Page 280 Click OK to save your changes and close the control panel. Click Cancel to close the control panel without saving your changes. Š NOTE: The VirusScan management service must restart itself and all active VirusScan components in order to implement any changes you make. McAfee VirusScan Anti-Virus Software...

  • Page 281: Using The Alert Manager Client Configuration Utility

    Using VirusScan Utilities Using the Alert Manager Client Configuration utility All McAfee anti-virus software includes wide range of methods to alert you when it has detected a virus or other malicious software. These methods include: • graphical and full-screen warnings that appear on your local computer, often with response options •...

  • Page 282: Virusscan Software As An Alert Manager Client

    .ALR files, and distributing the alert messages from any it finds. Š NOTE: McAfee recommends that you send alert events directly to an Alert Manager server rather than via Centralized Alerting, unless your network configuration does not permit you to use Alert Manager servers.
  • Page 283 Configuration utility not to pass alert messages from your anti-virus software to the Alert Manager server or to your Desktop Management Interface (DMI) administrative software. By default, this checkbox is clear. McAfee recommends that you leave it clear so that the client sends alert messages out. Š...
  • Page 284 Alert Manager server if you have Active Directory Services installed on this computer and running on your network. To prevent the client utility from doing so, select the Disable Active Directory Lookup checkbox, when it appears. McAfee VirusScan Anti-Virus Software...
  • Page 285 Using VirusScan Utilities When you’ve chosen a destination for your alert messages, click OK to close the dialog box. • Enable Centralized alerting. Click this button to have VirusScan components send alert messages to a Centralized Alerting directory somewhere on your network. Choosing this option prevents you from sending alert events to an Alert Manager server.
  • Page 286 Consult your system administrator for specific details that apply to your DMI software. When you have entered a number, click OK to close the dialog box. 4. Click OK to save your changes and close the Alert Manager Client Configuration dialog box. McAfee VirusScan Anti-Virus Software...

  • Page 287: Appendix A. Default Vulnerable And Compressed File Extensions

    Default Vulnerable and Compressed File Extensions Adding file name extensions for scanning Because viruses ordinarily cannot infect files that contain no executable code, VirusScan software initially looks for viruses only in files that are susceptible to infection. The software uses a list of file name extensions to keep track of vulnerable files.

  • Page 288: Current List Of Vulnerable File Name Extensions

    Microsoft Excel spreadsheet (.XLS) and template (.XLT) files. Š NOTE: McAfee recommends that you scan your system thoroughly during your first scan operation, or periodically thereafter, without limiting the scope of the scan operation to these file types. This ensures that your system starts in a virus-free condition.
  • Page 289 Default Vulnerable and Compressed File Extensions Table 9-1. Vulnerable file name extensions Extension File Type File Description .COM Program Command/binary image files. These common files run as infectable executable programs. DOS and Windows system files frequently make use of this extension. .CSC Script/macro Corel script files.
  • Page 290 Windows screen saver files. .SHS Program Windows shell script (scrap object) files. These files can introduce commands that cause unwanted behavior on the host computer. .SMM Macro Lotus AmiPro spreadsheet files. These files include macro capabilities. McAfee VirusScan Anti-Virus Software...
  • Page 291 Default Vulnerable and Compressed File Extensions Table 9-1. Vulnerable file name extensions Extension File Type File Description .SYS Program DOS or Windows system files and device drivers. These executable files frequently start along with or as part of program execution. .TAR Archive UNIX tape archive files.

  • Page 292: Current List Of Compressed Files Scanned

    Program Extensions extension to the Program dialog box, to have the Extensions dialog box, to scanner look for viruses in have the scanner examine the compressed file. the archive as a file. McAfee VirusScan Anti-Virus Software...
  • Page 293 Default Vulnerable and Compressed File Extensions Both VirusScan components include built-in support for a number of compressed and archived file formats. The table below lists each format and describes how each component scans it when you select the Compressed Files checkbox.
  • Page 294 .ZIP PKZip or • Scans archive • Scans archive as a WinZip file file if listed in the • Scans compressed Program Extensions files within archive dialog box • Will not scan compressed files within archive McAfee VirusScan Anti-Virus Software...

  • Page 295: Appendix B. Network Associates Support Services

    Network Associates Support Services Adding value to your McAfee product Choosing McAfee anti-virus, Sniffer Technologies network management, and PGP security software helps to ensure that the critical technology you rely on functions smoothly and effectively. Taking advantage of a Network...
  • Page 296 Network Associates website • Electronic incident and query submission • Technical documents, including user’s guides, FAQ lists, and release notes • Data file updates and product upgrades via the Network Associates website McAfee VirusScan Anti-Virus Software...
  • Page 297 Network Associates Support Services The PrimeSupport Priority plan The PrimeSupport Priority plan gives you round-the-clock telephone access to essential product assistance from experienced Network Associates technical support staff members. You can purchase the PrimeSupport Priority plan on an annual basis when you purchase a Network Associates product, either with a subscription license or a one-year license.

  • Page 298: Ordering A Corporate Primesupport Plan

    Friday from 8:00 a.m. to 7:00 p.m. Central Time. Press 3 on your telephone keypad for sales assistance. • In Europe, the Middle East, and Africa, contact your local Network Associates office. Contact information appears near the front of this guide. McAfee VirusScan Anti-Virus Software...
  • Page 299 Network Associates Support Services Table B-1. Corporate PrimeSupport Plans at a Glance Plan Knowledge Feature Center Connect Priority Enterprise Technical support via website Software updates Technical — Monday–Friday Monday–Friday, after Monday–Friday, after support via hours emergency hours emergency telephone access access North America: North America:...

  • Page 300: Primesupport Options For Home Users

    – Visit the Network Associates CompuServe forum at GO NAI – Visit Network Associates on America Online: keyword MCAFEE • Free access to the PrimeSupport KnowledgeBase: online access to technical solutions from a searchable knowledge base, electronic incident submission, and technical documents such as user’s guides, FAQs, and release notes.
  • Page 301 Network Associates online or electronic services. • Quarterly Disk/CD Plan. This plan gives you automatic quarterly delivery of upgrade disks or CDs if you cannot obtain product upgrades online. This service is available for McAfee VirusScan and NetShield software only. User’s Guide...

  • Page 302: How To Reach International Home User Support

    • In North America, call Network Associates Customer Service at (972) 855-7044 • In international locations, contact the Network Associates retail technical support center closest to your location for more information. Some support options may not be available in some locations. McAfee VirusScan Anti-Virus Software...

  • Page 303: Network Associates Consulting And Training

    Network Associates Support Services Network Associates consulting and training The Network Associates Total Service Solutions program provides you with expert consulting and comprehensive education that can help you maximize the security and performance of your network investments. The Total Service Solutions program includes the Network Associates Professional Consulting arm and the Total Education Services program.

  • Page 304: Total Education Services

    • Contact your regional sales representative. • Call Network Associates Total Education Services at (800) 395-3151 Ext. 2670 (for private course scheduling) or (888) 624-8724 (for public course scheduling). • Visit the Network Associates website at: http://www.nai.com/services/education/ McAfee VirusScan Anti-Virus Software...

  • Page 305: Appendix C. Using The Securecast Service To Get New Data Files

    Using the SecureCast Service to Get New Data Files Introducing the SecureCast service The Network Associates SecureCast service provides a convenient method you can use to receive the latest virus definition (.DAT) file updates automatically, as they become available, without your having to download them.

  • Page 306: Why Should I Update My Data Files

    Your software relies on information in its virus definition files (.DAT) files to identify viruses. More than 200 new viruses appear each month, however, and older .DAT files might not recognize them. To meet this challenge, McAfee releases new .DAT files each week. You are entitled to these free data file updates for use with your version of the software.

  • Page 307: Installing The Backweb Client And Securecast Service

    Using the SecureCast Service to Get New Data Files Installing the BackWeb client and SecureCast service Setting up SecureCast service and the BackWeb client is a two-phase process: 1. Download and install the BackWeb client 2. Register to receive SecureCast service InfoPaks To get started with the SecureCast service, review the system requirements shown below, then follow the steps outlined in each section.
  • Page 308 3. Read the instructions and warnings on this panel, then click Next> to continue. 4. The BackWeb license agreement appears (Figure C-2). Figure C-2. BackWeb Software License Agreement panel 5. Click Yes to continue. 6. The Choose Destination Location panel appears (Figure C-3 on page 309). McAfee VirusScan Anti-Virus Software...
  • Page 309 Using the SecureCast Service to Get New Data Files Figure C-3. Choose Destination Location panel 7. Enter a new location for Setup to install the client software, if you wish, or click Browse to locate a suitable folder. Click Next> to continue. Setup will begin to copy BackWeb program files to your computer.
  • Page 310 This allows you to control how the BackWeb client behaves with respect to other applications you might have running when SecureCast InfoPaks arrive at your desktop. For more information, see the BackWeb online help at http://www.backweb.com/. Next, skip to Step McAfee VirusScan Anti-Virus Software...
  • Page 311 Using the SecureCast Service to Get New Data Files 10. If you chose HTTP via proxy as your connection method, the HTTP Proxy Setup panel appears (Figure C-6). Figure C-6. HTTP Proxy Setup panel 11. Enter the name of your proxy server in the Proxy text box, then enter the port the server uses for communication in the Port text box.
  • Page 312 SecureCast channels to which you InfoPaks subscribe downloaded appear here. to your system appear here. Choose which service information you want to SecureCast see in this Flash Banner area. Figure C-9. The Enterprise SecureCast client window McAfee VirusScan Anti-Virus Software...
  • Page 313 Using the SecureCast Service to Get New Data Files The SecureCast service alerts you that an InfoPak has arrived with the Flash message shown at the bottom right corner of Figure C-9. Ë IMPORTANT: If you are a corporate user and have a high-speed Internet connection, the window may list Register Now as an already received InfoPak.
  • Page 314 Parent Company Information dialog box appears (see Figure C-13 on page 315). Skip to Step 7 on page 315. • If you have cleared the Subsidiary of a Parent Company checkbox, continue with Step 6 on page 315. McAfee VirusScan Anti-Virus Software...
  • Page 315 Using the SecureCast Service to Get New Data Files Figure C-13. SecureCast Parent Company Information form 6. If your company is the subsidiary of another company, enter contact information for your parent company in the text boxes provided. When you have finished, click Next>. The Proxy Communication Configuration dialog box appears (Figure C-14).
  • Page 316 You can use this page to download product updates and upgrades, contact technical support, and get other information directly from Network Associates. The terms of your grant will determine what information you see here and what you can download. McAfee VirusScan Anti-Virus Software...

  • Page 317: Troubleshooting The Enterprise Securecast Service

    Using the SecureCast Service to Get New Data Files Troubleshooting the Enterprise SecureCast service Registration problems If you try to register during a busy time of day on the web, you may encounter a delay while the server tries to process your registration request. If you receive the error message “1105 Error”...

  • Page 318: Backweb Client

    Using the SecureCast Service to Get New Data Files BackWeb client • For a comprehensive guide to BackWeb, including additional troubleshooting advice, see the online BackWeb User’s Manual: http://www.backweb.com/ McAfee VirusScan Anti-Virus Software...

  • Page 319: Appendix D. Understanding Idat Technology

    50,000 virus definitions. With this VirusScan release, McAfee introduced a new incremental virus definition (.DAT or iDAT) technology that consists of small parcels that contain only the virus definitions that have changed between weekly .DAT file...

  • Page 320: How Does Idat Updating Work

    AutoUpdate utility can look in the DELTA.INI file to learn that it needs to download the 10th, 11th, and 12th .UPD file releases to have all of the virus definitions that the current .DAT file release does. McAfee VirusScan Anti-Virus Software...

  • Page 321: What Does Mcafee Post Each Week

    What does McAfee post each week? Each week McAfee posts a complete .DAT file update, along with a new weekly iDAT update, and a new DELTA.INI file that has updated Multiple Patch Table and Incremental Resolver entries. You can download these files...

  • Page 322: Best Practices

    2. From the baseline state, use a web browser or FTP client software each week to download new .UPD files directly from the McAfee FTP site to a central server on your network.

  • Page 323: Frequently Asked Questions

    If you configure your computers to download iDAT files directly from the McAfee website, be sure to schedule your updates for a time after the regular weekly .DAT file postings.
  • Page 324 Scheduling issues Q: How often should I check for updates? A: Normally, McAfee posts updated .DAT files on a weekly basis. You may, however, check more or less often as your network security needs require. Be aware that your risk of virus infection grows as the period between updates to the virus data files grows.

  • Page 325: Index

    Alert Manager consequences of running multiple vendor using Centralized Alerting with versions Alert Manager Client Configuration utility reporting new viruses not detected by to McAfee configuring audible alert messages, sounding understanding and using alert messages automatic start, setting for scan task...
  • Page 326 VShield scanner on COMMAND.COM files, virus infections Windows 95 and Windows 98 systems components, included with possible VirusScan conflicts with VirusScan anti-virus features of CompuServe, technical support via xvii boot blocks computer problems, attributing to scanning viruses McAfee VirusScan Anti-Virus Software...
  • Page 327 Index Concept virus, introduction of definition of scan task in configuration deleting tasks from choosing options for VirusScan in detection options for VirusScan, Console configuring from of E-Mail program disabling and enabling tasks from component exclusion options for VirusScan, of ScreenScan configuring from of VirusScan Advanced necessity to have running to start scan...
  • Page 328 VirusScan Advanced in Task menu detections, false, understanding DELTA.INI files Disable description and use of in Task menu descriptions, of VirusScan program disguising virus infections components Desktop Management Interface (DMI) alerts, use of with Alert Manager server McAfee VirusScan Anti-Virus Software...
  • Page 329 Index disks e-mail choosing as scan targets addresses for reporting new viruses to McAfee floppy as agent for virus transmission as medium for virus client software transmission choosing in configuration wizard distribution choosing in E-Mail Scan Properties of update files, recommended methods...
  • Page 330 VirusScan upgrades folders file-infecting viruses choosing as scan targets definition and behavior of Force Update, use of to replace corrupted setting heuristic scanning options .DAT files FTP (File Transfer Protocol) use of to obtain VirusScan upgrades McAfee VirusScan Anti-Virus Software...
  • Page 331 Index installation aborting if virus detected during Help testing effectiveness of opening from the Console Internet opening from VirusScan Classic and VirusScan Advanced e-mail clients, choosing Help Topics in configuration wizard in Help menu in E-mail Scan Properties dialog heuristic scanning spread of viruses via definition of Internet Explorer...
  • Page 332 Visual Basic, as macro virus programming viruses xiii language Java classes as xiii Word and Excel files, as agents for virus payload transmission script viruses as military time, using to schedule scan tasks spread via World Wide Web McAfee VirusScan Anti-Virus Software...
  • Page 333 VirusScan new scan task, creating Action New Task Alert in Task menu configuring new viruses, reporting to McAfee Detection numbering conventions for .DAT files Exclusion Report Security objects, Java and ActiveX VirusScan Advanced as malicious software xiii...
  • Page 334 PrimeSupport wizard corporate Properties at a glance in Task menu KnowledgeCenter property pages ordering locking and unlocking PrimeSupport Connect proxy servers, working through to obtain PrimeSupport Enterprise updates and upgrades PrimeSupport Prioity for home users McAfee VirusScan Anti-Virus Software...
  • Page 335 VShield configuration in the E-Mail Scan program component quitting VShield in VirusScan Advanced in VirusScan Classic reporting viruses not detected to McAfee response options scanning as part of scan task choosing virus infections in when Download Scan module finds a...
  • Page 336 Console security options, configuring copying settings from one to another speeding up defaults starting included with VirusScan automatically Console need for Console to be running definition of status, checking deleting stopping detection options targets for McAfee VirusScan Anti-Virus Software...
  • Page 337 Index adding Select session settings removing recorded in log file Where & What options, session summary configuring recorded in log file scan tasks settings scheduling and enabling VShield, choosing with configuration as purpose of Console wizard possible applications for Setup speeding up aborting if virus detected during scanning...
  • Page 338 Small Office/Home Office Annual definition of Plan deleting Quarterly Disk/CD plan detection options hours of availability choosing for VirusScan in resources for SecureCast Console via electronic services configuring in VirusScan system crashes, attributing to viruses Advanced McAfee VirusScan Anti-Virus Software...
  • Page 339 Index disabling and enabling task list entering schedule times for default tasks in exclusion options, configuring Task menu for VirusScan Advanced View Activity Log for VirusScan in Console Task menu logging options, configuring Delete for VirusScan in Console Disable in VirusScan Advanced Enable in VirusScan Classic New Task...
  • Page 340 Status Bar Title Bar Toolbar uninfected computer, use of to create Emergency Disk Virus List Universal Naming Convention (UNC) Virus Information Libarary, connecting to notation, use of to designate update and from VirusScan upgrade sites McAfee VirusScan Anti-Virus Software...
  • Page 341 Concept from infected files costs of viii reporting new strains to McAfee current numbers of role of PCs in spread of deciding when to start scan operations script language default response to spread of via e-mail and Internet...
  • Page 342 Action alert options for VirusScan, configuring from Alert configuring tasks in Detection copying and pasting tasks in Exclusion creating new tasks in Report default scan tasks included with Security deleting tasks from Where & What McAfee VirusScan Anti-Virus Software...
  • Page 343 Index detection options for VirusScan, E-mail Scan module configuring from configuring disabling and enabling tasks from default response options for necessity to have running to start scan Internet Filter module tasks configuring overview of default response options for possible applications for Properties dialog box purpose of Download Scan module...
  • Page 344 VirusScan Classic why worry about viruses? viii window elements, in VirusScan Console Wizard, button in VShield Properties dialog Word files, as agents for virus transmission World Wide Web, as source of malicious software worms, definition of viii McAfee VirusScan Anti-Virus Software...

This manual is also suitable for:

Avdcde-ba-ca - active virus defense suiteVirusscan

Table of Contents