1. Manuals
  2. Brands
  3. Symantec Manuals
  4. Software
  5. 10551441 - AntiVirus Corporate Edition
  6. Client manual

Symantec 10551441 - AntiVirus Corporate Edition Client Manual

Client guide
Hide thumbs Also See for 10551441 - AntiVirus Corporate Edition:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administrator's Manual, Reference Manual
Symantec AntiVirus™
Corporate Edition Client Guide

Advertisement

Table of Contents
loading

Related Manuals for Symantec 10551441 - AntiVirus Corporate Edition

Summary of Contents for Symantec 10551441 - AntiVirus Corporate Edition

  • Page 1 Symantec AntiVirus™ Corporate Edition Client Guide...
  • Page 2 NO WARRANTY. The technical documentation is being delivered to you AS-IS, and Symantec Corporation makes no warranty as to its accuracy or use. Any use of the technical documentation or the information contained therein is at the risk of the user.

  • Page 3: Technical Support

    Technical support As part of Symantec Security Response, the Symantec global Technical Support group maintains support centers throughout the world. The Technical Support group’s primary role is to respond to specific questions on product feature/ function, installation, and configuration, as well as to author content for our Web-accessible Knowledge Base.

  • Page 4: Customer Service

    Recent software configuration changes and/or network changes ■ Customer Service To contact Enterprise Customer Service online, go to www.symantec.com, select the appropriate Global Site for your country, then choose Service and Support. Customer Service is available to assist with the following types of issues: Questions regarding product licensing or serialization ■...

  • Page 5: Table Of Contents

    Virus types ....................12 About the master boot record ..............13 About security risks .................... 14 How Symantec AntiVirus responds to viruses and security risks ....16 How Symantec AntiVirus protects your computer ........17 What keeps Symantec AntiVirus protection current ........18 About the role of Symantec Security Response ........
  • Page 6 Enabling, disabling, and configuring Tamper Protection ..... 47 Creating Tamper Protection messages ............ 48 Scanning for viruses and security risks ............50 How Symantec AntiVirus detects viruses and security risks ....50 What happens during a scan ..............51 About definitions files ................52 About scanning compressed and encoded files ........
  • Page 7 Deleting files from the Quarantine ............82 Automatically purging files from the Quarantine, Backup Items, and Repaired Items ................83 Submitting a potentially infected file to Symantec Security Response for analysis .................... 84 Viewing the Event Log ..................84 Filtering items in the Event Log ..............85 About clearing items from the Event Log ..........
  • Page 8 8 Contents...

  • Page 9: Introducing Symantec Antivirus

    What keeps Symantec AntiVirus protection current ■ About Symantec AntiVirus You can install Symantec AntiVirus™ virus and security risk protection as either a stand-alone or an administrator-managed installation. A stand-alone installation means that your Symantec AntiVirus software is not managed by a network administrator.

  • Page 10: About Updating Stand-Alone Computers

    If you installed Symantec AntiVirus on a stand-alone computer, you are responsible for updating the virus and security risk definitions. New definitions files are available several times each month from Symantec. You will be alerted when definitions files need replacing.

  • Page 11: About Remote Computers That Connect To A Corporate Network

    Blended threats use multiple methods and techniques to propagate and attack, and cause widespread damage throughout a network. In the context of Symantec AntiVirus, the term virus is used to cover all threats that work in a virus-like manner. Symantec AntiVirus can detect, delete, and quarantine viruses, and repair the side effects of viruses.

  • Page 12: How Viruses Spread

    12 Introducing Symantec AntiVirus About viruses How viruses spread Viruses can spread through any network, modem, or magnetic medium. Most boot viruses can only spread by way of floppy disks. Multipartite viruses are especially elusive because they can travel as file viruses, infect boot sectors, and be transmitted through floppy disks.

  • Page 13: About The Master Boot Record

    Introducing Symantec AntiVirus About viruses There are three subclassifications of file viruses: Memory-resident: Stay in memory as terminate-stay-resident (TSR) ■ programs and typically infect all executed files. Direct action: Execute, infect other files, and unload. ■ Companion: Associate themselves with executable files without modifying ■...

  • Page 14: About Security Risks

    Unlike viruses and worms, security risks do not self-replicate. Symantec AntiVirus can detect, quarantine, delete, and remove or repair the side effects of security risks in the following categories: Spyware: Stand-alone programs that can secretly monitor system activity ■...
  • Page 15 Web sites, email messages, or instant messenger software. It can then obtain confidential information regarding user behavior. By default, all Symantec AntiVirus scans, including Auto-Protect scans, check for viruses, Trojan horses, worms, and all categories of security risks. “Using Auto-Protect”...

  • Page 16: How Symantec Antivirus Responds To Viruses And Security Risks

    How Symantec AntiVirus responds to viruses and security risks Symantec AntiVirus safeguards computers from viruses and security risks no matter what the source. Computers are protected from viruses and security risks that spread from hard drives and floppy disks, and others that travel across networks.

  • Page 17: How Symantec Antivirus Protects Your Computer

    Auto-Protect scans uncompressed program and document files automatically as they are downloaded. Symantec AntiVirus responds to files that are infected by viruses or by security risks with first actions and second actions. When a virus is detected during a scan, Symantec AntiVirus, by default, attempts to clean the virus from the infected file and repair the effects of the virus.

  • Page 18: What Keeps Symantec Antivirus Protection Current

    When Symantec AntiVirus scans for viruses and security risks, it is searching for these types of signatures.

  • Page 19: About The Role Of Symantec Security Response

    Your administrator determines how your virus and security risk definitions are updated. You may not have to do anything to receive new definitions. The LiveUpdate feature in Symantec AntiVirus can be set up by your administrator to make sure that your virus and security risk protection remains current.
  • Page 20 20 Introducing Symantec AntiVirus What keeps Symantec AntiVirus protection current...

  • Page 21: Symantec Antivirus Basics

    For more information ■ About content licensing A content license is a grant by Symantec Corporation to update computers using Symantec software. Content licensing ensures that Symantec products receive the latest updates for a specified period of time. Content updates include virus and security risk definitions.

  • Page 22: Installing A Content License To An Unmanaged Client

    Symantec clients can receive one content update without a content license. This ensures that newly installed software can provide the most current protection while giving you time to request a content license from Symantec for future updates. Thereafter, computers without valid content licenses do not receive content updates.

  • Page 23: Opening Symantec Antivirus

    Your administrator determines whether this icon appears on the taskbar. On the Windows or Windows XP taskbar, click Start > ■ Programs > Symantec Client Security > Symantec AntiVirus or Start > More Programs > Symantec Client Security > Symantec AntiVirus, as appropriate.

  • Page 24: Navigating In The Symantec Antivirus Main Window

    Navigating in the Symantec AntiVirus main window Navigating in the Symantec AntiVirus main window The Symantec AntiVirus main window is divided into two panes. The left pane groups activities that you can perform into categories. For example, Scan a Floppy Disk, Custom Scan, Quick Scan, and Full Scan are tasks in the Scan category.

  • Page 25: Viewing Symantec Antivirus Categories

    Symantec AntiVirus basics Navigating in the Symantec AntiVirus main window Viewing Symantec AntiVirus categories The activities that you can perform using Symantec AntiVirus are organized into several main categories. Each category has a number of options that you can set.
  • Page 26 Backup Items. Symantec AntiVirus backs up files that are infected by security risks when the files are put into Quarantine. It also keeps copies of the registry settings and system load points that are affected by security risks such as spyware and adware.
  • Page 27 Symantec AntiVirus basics Navigating in the Symantec AntiVirus main window Table 2-2 Scan category Option Description Custom Scan Perform a manual scan of a file, folder, drive, or entire computer at any time. “Initiating manual scans” on page 52. Quick Scan...
  • Page 28 28 Symantec AntiVirus basics Navigating in the Symantec AntiVirus main window Histories category You can use the Histories category to track information about the scans that run on your computer, and virus infections and security risks that are found. Table 2-4...
  • Page 29 Symantec AntiVirus basics Navigating in the Symantec AntiVirus main window Table 2-5 Startup Scans category Option Description Auto-Generated QuickScan This scan checks the files in memory and other common infection points on the computer for viruses and security risks each time that a user logs on to the computer.

  • Page 30: Enabling And Disabling Auto-Protect

    Enable Auto-Protect when File System Auto- Protect is enabled. The Symantec AntiVirus icon is covered by a universal no sign, a red circle with a diagonal slash, when File System Auto-Protect is disabled.

  • Page 31: Pausing And Delaying Scans

    If the Pause the Scan button is not available, your network administrator has disabled the Pause feature. Note: If Symantec AntiVirus is scanning a compressed file when you choose to pause a scan, it may take several minutes to respond.
  • Page 32 32 Symantec AntiVirus basics Pausing and delaying scans If it’s an administrator-scheduled scan, the Scheduled Scan Pause dialog box appears. In the Scheduled Scan Pause dialog box, click Pause. The administrator-scheduled scan stops where it is and the scan dialog box remains open until you start the scan again.

  • Page 33: Keeping Virus And Security Risk Protection Current

    Always update immediately if a new virus scare is reported. With LiveUpdate, Symantec AntiVirus connects automatically to a special Symantec Web site, and determines if virus and security risk definitions need to be updated. If so, it downloads the proper files and installs them in the proper location.
  • Page 34 In the Virus Definition Update Schedule dialog box, specify the frequency, day, and time that you want LiveUpdate to run. Click OK until you return to the main Symantec AntiVirus window. To set advanced LiveUpdate schedule options On the File menu, click Schedule Updates.

  • Page 35: Updating Protection Immediately With Liveupdate

    For more information, use the online Help from LiveUpdate. Click Next to start the automatic update. Updating without LiveUpdate Symantec supplies a special program called Intelligent Updater as an alternative to LiveUpdate. You can download the updates from the Symantec Security Response Web site.

  • Page 36: Using Symantec Antivirus With Windows Security Center

    Using Symantec AntiVirus with Windows Security Center If you are using Windows Security Center (WSC) running on Windows XP Service Pack 2 to monitor security status, you can see Symantec AntiVirus status in WSC. Table 2-8 shows the protection status reporting in WSC.

  • Page 37: For More Information

    Symantec AntiVirus basics For more information For more information If you need more information about Symantec AntiVirus, you can access the online Help. In addition, information about viruses and security risks can be obtained from the Symantec Web site. Accessing online Help...

  • Page 38: Accessing The Symantec Security Response Web Site

    For more information Accessing the Symantec Security Response Web site If you are connected to the Internet, you can visit the Symantec Security Response Web site to view items such as the following: The Virus Encyclopedia, which contains information about all known ■...

  • Page 39: Protecting Your Computer From Viruses And Security Risks

    ■ About the antivirus and security risk policy Symantec AntiVirus comes preset with an antivirus and security risk policy that is appropriate for most users. You can change settings based on your personal needs. You can separately customize policy settings for Auto-Protect, manual, scheduled, startup, and user-defined scans.

  • Page 40: What To Scan

    Scanning by file types enables Symantec AntiVirus to scan files that have been renamed by a malicious virus. However, this option is slower than scanning by extensions.
  • Page 41 Protecting your computer from viruses and security risks About the antivirus and security risk policy To select file types to scan In Symantec AntiVirus, in the left pane, select the scan that you want to change. If you selected a scan from the Scan category, click Options.

  • Page 42: What To Do If A Virus Or Security Risk Is Detected

    About the antivirus and security risk policy About scanning all file types Symantec AntiVirus can scan all of the files on your computer, regardless of extension or file type. Scanning all file types ensures the most thorough scan, because this option enables Symantec AntiVirus to detect viruses and security risks in files that might not otherwise be searched.

  • Page 43: Using Auto-Protect

    Quarantining the security risk ensures that the security risk is no longer active on your computer, and also ensures that Symantec AntiVirus can reverse the changes, if necessary. If Symantec AntiVirus cannot do this, the second action is to log the risk and leave it alone.

  • Page 44: About Auto-Protect And Email Scanning

    For Lotus Notes and Microsoft Exchange email scanning, Symantec AntiVirus scans only the attachments that are associated with email. For Internet email scanning of messages that use the POP3 or SMTP protocols, Symantec AntiVirus scans both the body of the message and any attachments that are included.

  • Page 45: Disabling Email Scanning If You Use Ssl Connections

    If your Internet service provider uses the SSL protocol, you might have problems sending email messages when Symantec AntiVirus email scanning is enabled. In this case, you might need to disable Symantec AntiVirus email scanning. File System Auto-Protect continues to protect your computer from viruses and security risks in attachments even after you disable Internet E-mail client scanning.

  • Page 46: Modifying Auto-Protect And Using Smartscan

    SmartScan is enabled by default. Symantec AntiVirus may complete scans faster by scanning only files with selected extensions, such as .exe, .com, .dll, .doc, and .xls. Although this method offers less protection, it is an efficient way to scan for viruses because viruses affect only certain file types.

  • Page 47: Using Tamper Protection

    Enabling, disabling, and configuring Tamper Protection When Tamper Protection is enabled, you can configure Symantec AntiVirus to block or log attempts to modify Symantec applications. You can also configure a message to appear on your computer when Symantec AntiVirus detects a tampering attempt.

  • Page 48: Creating Tamper Protection Messages

    ■ To log unauthorized activity but allow the activity to take place, click ■ Log Only. Check or uncheck Keep Tamper Protection enabled even if Symantec AntiVirus is shut down. Under Notifications, check or uncheck Display message on affected computer.
  • Page 49 Table 3-1 Tamper Protection message field names and descriptions Field Description Actor Process ID The ID number of the process that attacked a Symantec application. Actor Process Name The name of the process that attacked a Symantec application. Target Pathname The location of the target that the process attacked.

  • Page 50: Scanning For Viruses And Security Risks

    Symantec AntiVirus prevents virus infections on a computer by scanning the computer’s boot sector, memory, and files for viruses and security risks. The Symantec AntiVirus Scan Engine uses virus and security risk signatures that are found in definitions files to do an exhaustive search for known viruses that are inside executable files.

  • Page 51: What Happens During A Scan

    If a virus is found, by default Symantec AntiVirus attempts to clean the virus from the file. If the file cannot be cleaned, Symantec AntiVirus quarantines the file to prevent...

  • Page 52: About Definitions Files

    If a virus match is found, the file is infected. Symantec AntiVirus uses the definitions file to determine which virus caused the infection and to repair its side effects.
  • Page 53 Note: This feature is not supported on 64-bit operating systems. To initiate a manual scan within Symantec AntiVirus In Symantec AntiVirus, in the left pane, expand Scan. In the left pane, select one of the following: Scan a Floppy Disk ■...
  • Page 54 In the Scan Advanced Options dialog box, under Dialog options, in the drop- down list, click Show scan progress, and then click OK. In the Scan Options dialog box, click OK. In the Symantec AntiVirus main window, click Scan. Symantec AntiVirus begins the scan and reports the results.

  • Page 55: Configuring Scanning

    Scans folder. The Scheduled Scans folder only displays scans that you’ve scheduled. To create a scheduled scan In Symantec AntiVirus, in the left pane, click Scheduled Scans. In the right pane, click New Scheduled Scan. Select one of the following types of scan to schedule: Quick Scan ■...
  • Page 56 56 Protecting your computer from viruses and security risks Configuring scanning Specify the frequency and when to scan, and then click Next. If you selected Custom Scan, then in the right pane, check the appropriate check boxes to specify where to scan. You can check anything from the entire computer to a single file.

  • Page 57: Creating Startup Scans

    13 In the Symantec AntiVirus main window, click Save. Your computer must be turned on and Symantec AntiVirus Services must be loaded when the scan is scheduled to take place. By default, Symantec AntiVirus Services are loaded when you start your computer.
  • Page 58 Show scan progress, and then click OK. 11 In the Scan Options dialog box, click OK. 12 In the Symantec AntiVirus main window, click Save. The scan runs every time that you start your computer and Windows loads.

  • Page 59: Creating User-Defined Scans

    You can create a user-defined scan that can be run manually at any time. To create a user-defined scan In Symantec AntiVirus, in the left pane, click User-defined Scans. In the right pane, click New User-defined Scan. Select one of the following types of scan to schedule: Quick Scan ■...

  • Page 60: Editing And Deleting Startup, User-Defined, And Scheduled Scans

    Certain options may be grayed out if they are not configurable for a particular type of scan. To edit a scan In Symantec AntiVirus, in the left pane, select the scan to edit. Click Edit. Do any of the following: If it is a user-defined scan, then on the Files tab, select the files, folders, ■...

  • Page 61: Configuring Actions For Viruses And Security Risks

    An important part of scanning for both viruses and security risks is to configure the actions that you want Symantec AntiVirus to take when it detects a virus or security risk. You can configure a first action and a second action to take if the first action fails.
  • Page 62 When Symantec AntiVirus cleans a file, it removes the virus from the infected file, boot sector, or partition tables, and eliminates the ability of the virus to spread. Symantec AntiVirus can usually find and clean a virus before it causes damage to your computer.
  • Page 63 For security risks, leaves the infected file as is and places ■ an entry in the Risk History to keep a record of the risk. Use this option to take manual control of how Symantec AntiVirus handles a security risk. This is the default second action for security risks.
  • Page 64 64 Protecting your computer from viruses and security risks Configuring scanning “Tips for assigning second actions for viruses” on page 65. “Tips for assigning second actions for security risks” on page 66. Repeat steps 4 and 5 for each category for which you want to set specific actions.
  • Page 65 Next. 10 In the Configure risks dialog box, select the first and second actions that you want Symantec AntiVirus to take when it detects the risks that you selected, and then click Finish.
  • Page 66 Though you might delete a security risk this way, you could potentially cause another application on your computer to stop working. Use the Quarantine risk action instead so that you can reverse the changes that Symantec AntiVirus makes, if necessary.

  • Page 67: Configuring Notifications For Viruses And Security Risks

    Configuring scanning Configuring notifications for viruses and security risks By default, you are notified when a Symantec AntiVirus scan find a virus or security risk. By default, you are also notified when Symantec AntiVirus needs to terminate services or stop processes to remove or repair the effects of virus or security risk.
  • Page 68 68 Protecting your computer from viruses and security risks Configuring scanning Table 3-2 Notifications message variable fields Field Description Location The drive on the computer on which the virus or security risk was located. Computer The name of the computer on which the virus or security risk was found.
  • Page 69 Automatically terminate If checked, Symantec AntiVirus automatically processes terminates processes when it needs to do so to remove or repair a virus or security risk. You will not be prompted to save data before Symantec AntiVirus terminates the processes.
  • Page 70 Scan. Interaction with notifications If you leave the defaults, then you are notified when Symantec AntiVirus finds a virus or a security risk. The Auto-Protect Results dialog box appears: If Symantec AntiVirus needs to terminate a process or application or stop a service, the Remove Risk button is active.

  • Page 71: Interpreting Scan Results

    Protecting your computer from viruses and security risks Interpreting scan results If Symantec AntiVirus needs to restart the computer to complete the removal or repair, the Reboot button is active. When you click Reboot, the following message appears: This gives you the opportunity to save your work and close open applications, if you haven’t already done so.
  • Page 72 “Creating user-defined scans” on page 59. If you configure Symantec AntiVirus to display a scan progress dialog box, you can pause, restart, or stop the scan. When the scan is completed, results appear in the list. If no viruses or security risks are detected, the list remains empty and the status is completed.

  • Page 73: Excluding Files From Scans

    Because the virus definition must be necessarily broad, Symantec AntiVirus sometimes reports that a clean file is infected. If Symantec AntiVirus continues to report a clean file as infected, you can exclude the file from scans. Exclusions are items that you don't want or need to include in scans.
  • Page 74 74 Protecting your computer from viruses and security risks Excluding files from scans...

  • Page 75: What To Do If A Virus Or Security Risk Is Found

    ■ Acting on infected files The Symantec AntiVirus preset options for Auto-Protect and all scan types are to clean a virus from an infected file on detection, but to place the file in the Quarantine if it cannot be cleaned. For security risks, the default is to quarantine the infected files and remove or repair their side effects, and to log the detection if it cannot be repaired.
  • Page 76 Properties: Displays information about the virus or security risk. ■ Depending on the preset action for a virus or security risk detection, Symantec AntiVirus might not be able to perform the action you selected.

  • Page 77: About Damage That Viruses Cause

    Symantec AntiVirus removes the virus, but does not remove the word wazzu that the virus places in the infected document. In this case, Symantec AntiVirus cannot repair the damage that has been done to the infected file.

  • Page 78: Leave Files That Are Infected By Security Risks In The Quarantine

    Delete files that are infected by viruses in the Quarantine If you delete a file in Quarantine, Symantec AntiVirus permanently deletes it from your computer’s hard disk. Deleting a file that is infected by a virus reduces the threat that a virus might spread by removing the file (and thus the virus) from your computer.

  • Page 79: Managing The Quarantine

    You manually select a file and add it to the Quarantine. ■ The Symantec AntiVirus preset options for Auto-Protect and all scan types are to clean a virus from an infected file on detection, but to place the file in the Quarantine if it cannot be cleaned.
  • Page 80 80 What to do if a virus or security risk is found Managing the Quarantine If, after Symantec AntiVirus rescans the file in the Quarantine, it still can’t remove the virus, you can submit the infected file to Symantec Security Response for analysis.

  • Page 81: When A Repaired File Can't Be Returned To Its Original Location

    Repaired Items instead. You must release the file and specify a location. To release a cleaned file from Repaired Items In Symantec AntiVirus, in the left pane, click View. In the right pane, click Repaired Items. Right-click the file, and then click Restore.

  • Page 82: Clearing Backup Items

    Managing the Quarantine Clearing Backup Items As a data safety precaution, by default Symantec AntiVirus is configured to make backup copies of items that are infected by viruses and security risks before attempting a clean or a repair. After an item has been successfully cleaned of a virus, you should manually delete it from Backup Items because the backup is still infected.

  • Page 83: Automatically Purging Files From The Quarantine, Backup Items, And Repaired Items

    Automatically purging files from the Quarantine, Backup Items, and Repaired Items You can set up Symantec AntiVirus to automatically remove items after a specified time interval from the Quarantine, Backup Items, and Repaired Items. This prevents the buildup of files that you may forget to remove manually from these areas.

  • Page 84: Submitting A Potentially Infected File To Symantec Security Response For Analysis

    If you submit the file to Symantec Security Response, they can analyze your file to make sure that it is not infected. You must have an Internet connection to submit a sample.

  • Page 85: Filtering Items In The Event Log

    You can filter items that appear in the Risk History, Scan History, Event Log, and Tamper History by date. By default, Symantec AntiVirus enters events in the Event Log in the order in which the events happen. All of the events that occurred on your computer since Symantec AntiVirus was installed are stored.

  • Page 86: About Clearing Items From The Event Log

    Events are recorded in .log files for each day of the week in the Symantec AntiVirus Logs directory. These files are named according to the day that they were created. Deleting .log files is not recommended, because you will permanently lose the historical virus protection data that is contained in them.
  • Page 87 Viewing the Event Log You can export only the data that is displayed. For example, if you changed Symantec AntiVirus settings to show information for the last seven days, only information for the last seven days would appear in the .csv file.
  • Page 88 88 What to do if a virus or security risk is found Viewing the Event Log...
  • Page 89 Quarantine 80 about 82 rescanning files manually in the clearing 82 Quarantine 80 purging files 83 submitting to Symantec Security Response 84 Backup Items view 26 floppy disks, scanning 52 blended threats 11 Full Scan 27 categories of product options 25...
  • Page 90 82 LiveUpdate rescanning files automatically 80 how it works 19 rescanning files manually 80 how to handle missed events 34 submitting files to Symantec Security immediate update 35 Response 84 scheduled update 34 viewing file details 79 logs 28...
  • Page 91 60 Windows Security Center, seeing antivirus status Symantec AntiVirus from 36 navigating 24 worms 11 opening 23 Symantec Security Response about 19 accessing 38 submitting files to 84 Web site 38 system tray, icon 23 Tamper History 28...

This manual is also suitable for:

Antivirus corporate edition

Table of Contents