Page 2
Protected trademarks are not marked as such in this manual. This does not mean, however, that they may be used freely. Copyright information Code provided by third party providers was used for Avira Professional Security. We thank the copyright owners for making the code available to us.
Control Center overview .......................... 30 4.1.4 Configuration ............................... 31 4.1.5 Accessing the Configuration ........................32 4.1.6 Configuration operation ..........................33 4.1.7 Configuration profiles ..........................34 4.1.8 Tray icon ............................... 35 4.1.9 Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 4
In the help ..............................67 8.2.2 In the Control Center ..........................67 8.2.3 8.3 Windows Security Center ...................... 70 General ................................70 8.3.1 The Windows Security Center and your Avira product ..............70 8.3.2 Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 5
11.6 Firewall under SMC ......................138 General settings ............................138 11.6.1 Incoming Rules ............................143 11.6.2 Application list ............................151 11.6.3 Trusted vendors ............................152 11.6.4 Further settings ............................153 11.6.5 Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Introduction 1. Introduction Your Avira product protects your computer against viruses, worms, Trojans, adware and spyware and other risks. In this manual these are referred to as viruses or malware (harmful software) and unwanted programs. The manual describes the program installation and operation.
Page 8
Italics File name or path data. Displayed software interface elements (e.g. window section or error message). Bold Clickable software interface elements (e.g. menu item, navigation area, option box or button). Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Product information 2. Product information This chapter contains all information relevant to the purchase and use of your Avira product: see Chapter: Delivery scope see Chapter: System requirements see Chapter: Licensing and Upgrade see Chapter: License Manager Avira products are comprehensive and flexible tools you can rely on to protect your computer from viruses, malware, unwanted programs and other dangers.
High-performance multithreading function (simultaneous high-speed scanning of multiple files) Avira FireWall for protecting your computer from unauthorized access from the Internet or another network and from unauthorized access to the Internet/network by unauthorized users 2.2 System requirements The system requirements are as follows: ...
Internet connection where appropriate (see Installation) 2.3 Licensing and Upgrade In order to be able to use your Avira product, you require a license. You thereby accept the license terms. The license is issued via a digital license code in the form of the file hbedv.key. This digital license code is the key to your personal license.
Page 12
If a license already exists, a note appears as to whether the existing license file is to be replaced. In this case the existing file is overwritten by the new license file. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Standard components will be installed. The program files are installed into a specified default folder under C:\Program Files. Your Avira product is installed with default settings. You have the option of defining custom settings using the configuration wizard. Custom ...
The uninstallation of one or more of the selected programs requires a restart of your computer. After reboot the installation will continue. Warning Your computer will not be protected until the installation of the Avira product is finished. Note If the Avira product on your computer is administered by the Avira Management Console (AMC) you will not be asked to remove incompatible software programs yourself.
Internet-based installation: For the Internet-based installation of the program, an installation program is provided that loads the current program file prior to installation by the Avira web servers. This process ensures that your Avira product is installed with the latest virus definition file.
Page 16
Installation and uninstallation The dialog Language selection appears. Select the language you want to use to install your Avira product and confirm your language selection by clicking Next. The dialog box Download appears. All files necessary for installation are downloaded from the Avira web servers. The Download window closes after conclusion of the download.
Click Next to continue with the installation. The dialog Language selection appears. Select the language you want to use to install your Avira product and confirm your language selection by clicking Next. The dialog box Download appears. All files necessary for installation are downloaded from the Avira web servers.
Page 18
The Install components dialog appears: Select or deselect components from the list and confirm with Next to proceed. If you have chosen to install the ProActiv component, the Avira ProActiv Community window appears. You have the option of confirming participation in the Avira ProActiv Community: If this option is enabled, Avira ProActiv sends data on suspicious programs detected by the ProActiv component to the Avira Malware Research Center.
Where appropriate, activate further threat categories and continue the installation by clicking Next. If you have selected the Avira FireWall installation module, the Default rules for accessing the network and using network resources dialog box appears. You can define whether the Avira FireWall should permit external access to enabled resources as well as network access by applications of trusted companies.
Add or Remove Programs in the Windows control panel to Change/Remove programs. Select your Avira product and click Change. In the Welcome dialog of the program, select the option Modify. You will be guided through the installation changes. 3.7 Installation modules In a user-defined installation or a change installation, the following installation modules can be selected, added or removed.
Page 21
Whenever a user carries out a file operation (e.g. load document, execute, copy), the Avira product automatically scans the file. Renaming a file does not trigger a scan by Avira Realtime Protection.
Installation and uninstallation 3.8 Uninstallation If you wish to remove the Avira product from your computer, you can use the option Add or Remove Programs to Change/Remove programs in the Windows Control Panel. To uninstall your Avira product (e.g. in Windows XP and Windows Vista): Open the Control Panel via the Windows Start menu.
Page 23
An installation file for Internet-based installation cannot be used. Avira products can be easily shared on the network with a server login script or via SMS. For information on installation and uninstallation on the network: ...
Note The setup program for the uninstallation should be started on the PC on which the Avira product is to be uninstalled; do not start the setup program from a network drive. 3.9.1 Command line parameters for the setup program...
Page 25
In the control file setup.inf, you can set the following parameters in the [DATA] field for the automatic installation of the Avira product. The sequence of the parameters is unimportant. If a parameter setting is missing or wrong, the setup routine is aborted and an error message is displayed.
Page 26
Guard, are ignored. Modify: Modifies (reconfigures) an existing installation. In the process no files are copied into the destination path. Remove: Uninstalls your Avira product from the system. Example: SetupMode=Update Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 27
Example: WebGuard=1 RootKit Installs the Avira Rootkits Protection module. Without Avira Rootkits Protection the System Scanner will not be able to scan for rootkits on the system! 1: Install Avira Rootkits Protection 0: Do not install Avira Rootkits Protection Example: RootKit=1 ...
Overview of Avira Professional Security 4. Overview of Avira Professional Security This chapter contains an overview of the functionality and operation of your Avira product. see Chapter Interface and operation see Chapter How to...? 4.1 User interface and operation You operate your Avira product via three program interface elements: ...
To start the Control Center the following options are available: Double-click the program icon on your desktop Via the program entry in the Start > Programs menu. Via the Tray Icon of your Avira product. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
The Realtime Protection section displays information on scanned files, as well as other statistical data, which can be reset at any time, and enables access to the Avira Professional Security - User Manual (Status: 23 Sep. 2011)
The Quarantine section contains the so-called quarantine manager. This is the central point for files already placed in quarantine or for suspect files that you would like to place in quarantine. It is also possible to send a selected file to the Avira Malware Research Center by email.
If you are accessing configuration via the Configuration button in the Control Center, go to the Configuration register of the section which is active in the Control Center. Expert mode must be activated to select individual Avira Professional Security - User Manual (Status: 23 Sep. 2011)
If you want to restore all configuration settings to default values: Click Restore defaults. All settings of the configuration are restored to default values. All amendments and custom entries are lost when default settings are restored. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Use on company networks: Update via intranet server, Web Protection disabled Use at home: Update via default Avira web server, Web Protection enabled If no switching rules have been defined, you can switch to a configuration manually in the context menu of the tray icon.
Configuration of acoustic alerts when malware is detected 4.1.9 Tray icon After installation, you will see the tray icon of your Avira product in the system tray of the taskbar: Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Product information, Version information, License information. Avira on the Internet: Opens the Avira web portal on the Internet. The condition for this is that you have an active connection to the Internet. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
To activate your Avira product’s license: Activate your license for your Avira product with the license file hbedv.key. You can obtain the license file by email from Avira. The license file contains the license for all products that you have ordered in one order process.
Page 38
Your newly created job appears on the start page of the Administration > Scheduler section with the status enabled (check mark). Where appropriate, deactivate jobs that are not to be performed. Use the following icons to further define your jobs: Avira Professional Security - User Manual (Status: 23 Sep. 2011)
PC protection > Update > Product update To start an update of your Avira product manually: With the right-hand mouse button, click the Avira tray icon in the taskbar. A context menu appears. Select Start update. The Updater dialog box appears.
Go to Control Center and select the section PC protection >System Scanner. Predefined scan profiles appear. Select one of the predefined scan profiles. -OR- Adapt the scan profile Manual selection. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
To scan for viruses and malware systematically using drag & drop: The Control Center of your Avira product has been opened. Highlight the file or directory you want to scan. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
The dialog box Selection of the profile appears. Select the profile to be scanned. Click Next. The dialog box Time of the job appears. Select a time for the scan: Immediately Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 43
Where appropriate, deactivate jobs that are not to be performed. Use the following icons to further define your jobs: View properties of a job Edit job Delete job Start job Stop job Avira Professional Security - User Manual (Status: 23 Sep. 2011)
When the scan is completed, the results are displayed. 4.2.9 React to detected viruses and malware For the individual protection components of your Avira product, you can define how your Avira product reacts to a detected virus or unwanted program in the Configuration under the section Action on detection.
Page 45
Which actions are available for selection depends on the operating system, the protection components (Avira Realtime Protection, Avira System Scanner, Avira Mail Protection, Avira Web Protection) reporting the detection, and the type of malware detected. Actions of the System Scanner and the Realtime Protection (not ProActiv detections): Repair The file is repaired.
Page 46
Action options when infected boot sectors are detected: A number of options are available for repairing infected diskette drives. If your Avira product is unable to perform the repair, you can download a special tool for detecting and removing boot sector viruses.
Page 47
The infected attachment is replaced by a default text. If the body of the email is affected, it is deleted and also replaced by a default text. The email itself is delivered. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 48
The website requested from the web server and/or any data or files transferred are not sent to your web browser. An error message to notify you that access has been denied is displayed in the web browser. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
The website requested from the web server and/or any data or files transferred are moved to quarantine. The affected file can be recovered from quarantine manager if it has an informative value or - if necessary - sent to the Avira Malware Research Center.
Page 50
Highlight the file and click on You have to confirm your choice with Yes. If you want to upload the file to a Avira Malware Research Center web server for analysis: Highlight the file you want to upload. Click on A dialog opens with a form for inputting your contact data.
Control Center with extended administrator rights. These extended administrator rights must be granted at the start of each scan via a scan profile. This icon restores the files to a directory of your choice. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 52
A message appears asking if you want to restore the file. Click Yes. The Windows default window Save As for selecting the directory appears. Select the directory to restore the file to and confirm. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
The Windows default window for selecting a file appears. Select the file and confirm with Open. The file is moved to quarantine. You can scan files in quarantine with the Avira System Scanner (see Chapter: Quarantine: Handling quarantined files (*.qua)).
The desktop shortcut is created. 4.2.15 Filter events Events that have been generated by program components of your Avira product are displayed in the Control Center under Administration > Events (analogous to the event display of your Windows operating system). The program components, in alphabetical order, are the following: ...
There are various security levels to choose from. Depending on which you choose, you have different adapter rule configuration options. The following security levels are available: Flooding and port scan are detected. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 56
User-defined rules: If this security level is selected, the program automatically recognizes that the adapter rules have been modified. Note The default security level setting for all predefined rules of the Avira FireWall is Medium. To define the security level for the FireWall: Go to the Control Center and select the section Internet protection >...
The system scan via the context menu (right-hand mouse button - entry Scan selected files with Avira) is recommended if, for example, you wish to scan individual files and directories. Another advantage is that it is not necessary to first start the Control Center for a system scan via the context menu.
To carry out regular updates, the Updater component is integrated into your Avira product. The Updater ensures that your Avira product is always up-to-date and able to deal with the new viruses that appear every day. Updater updates the following components: ...
Page 59
Internet and makes them available to other computers on the network. This is useful if you want to update Avira products on more than one computer in a network. A download server on an intranet can be used to ensure Avira products are up-to-date on the protected computers using a minimum of resources.
Firewall 7. Firewall Avira FireWall monitors and regulates incoming and outgoing data traffic on your computer system and protects you from a wide range of attacks and threats from the Internet: Incoming or outgoing data traffic or listening to ports will be allowed or denied based on security guidelines.
AviraMail Protection does not work. There is no network connection available in a virtual machine (e.g. VMWare, Virtual PC, ...) if Avira FireWall is installed on the host machine and the security level of Avira FireWall is set to medium or high. ...
Page 62
The status of the tray icon is disabled. Reason: Avira Realtime Protection is disabled. In the Control Center in the section Status in the Avira Realtime Protection area, click on the Enable button. Reason: Avira Realtime Protection is blocked by a firewall.
Page 63
Internet connection is not established. The same applies to Avira Mail Protection. Avira Mail Protection does not work. Please check correct functioning of Avira Realtime Protection with the aid of the following checklists if problems occur with Avira Mail Protection.
Page 64
There is no network connection available in a virtual machine (e.g. VMWare, Virtual PC, ...) if Avira FireWall is installed on the host machine and the security level of Avira FireWall is set to medium or high. If Avira FireWall is installed on a computer on which a virtual machine (for example VMWare, virtual PC, etc.) is also running, the Avira FireWall will block all network...
Page 65
After working with the virtual machine change to your previous security level. Virtual Private Network (VPN) Connection is blocked, if the security level of Avira FireWall is set to medium or high. Reason: This problem is caused by the last rule Deny all IP packets which discards all packets that do not comply with any of the rules above it.
Activate or deactivate a check box, if the active option is a check box. Alt + underlined Select option or start command. letter Alt + ↓ Open selected drop-down list. Close selected drop-down list. Cancel command and close dialog. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page up Browse through a subject. Page down 8.2.3 In the Control Center General Shortcut Description Display help Alt + F4 Close Control Center Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 68
Start scan with the selected profile Create desktop link for the selected profile Create new profile Delete selected profile FireWall section Shortcut Description Return Properties Quarantine section Shortcut Description Rescan object Restore object Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Firewall ACTIVE / Firewall on Firewall INACTIVE / Firewall off Firewall ACTIVE / Firewall on After installing your Avira product and turning off Windows Firewall, you will receive the following message: Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 71
Firewall INACTIVE / Firewall off You will receive the following message as soon as you disable the Avira FireWall: Note You can enable or disable the Avira FireWall via the Status tab in the Control Center. Warning If you turn the Avira FireWall off, your computer is no longer prevented by unauthorized users from gaining access to it through a network or the Internet.
Page 72
If you have already installed Windows XP Service Pack 2 or Windows Vista and then install your Avira product or you install Windows XP Service Pack 2 or Windows Vista on a system on which your Avira product has already been installed, you will receive the...
Page 73
FAQ, Tips Note You can enable or disabled Avira Realtime Protection in the Overview > Status section of the Control Center. You can also see that the Avira Realtime Protection is enabled if the red umbrella in your taskbar is open.
The connection data allow many conclusions on the usage behavior and are problematic in terms of data security. Your Avira product detects Adware. If the Adware option is enabled with a check mark in the configuration under...
Page 75
Executable files that hide their real file extension in a suspicious way. This camouflage method is often used by malware. Your Avira product recognizes "Double Extension Files". If the option Double Extension files is enabled with a check mark in the configuration under...
Page 76
Threat categories, you receive a corresponding alert if your Avira product detects a game. The game is now over in the truest sense of the word, because you can simply delete it. Jokes Jokes are merely intended to give someone a fright or provide general amusement without causing harm or reproducing.
"Internet crawling spiders" and then used without your permission to commit fraud or other crimes. Your Avira product recognizes "Phishing". If the option Phishing is enabled with a check mark in the configuration under...
Page 78
A honeypot is a service (program or server) installed in a network. Its function is to monitor a network and log attacks. This service is unknown to the legitimate user - because of this Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 79
Trojans. In contrast to a worm, a virus always requires a program as host, where the virus deposits its virulent code. The program execution of the host itself is not changed as a rule. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 80
A zombie PC is a computer that is infected with malware programs and that enables hackers to abuse computers via remote control for criminal purposes. On command, the affected PC starts denial-of-service (DoS) attacks, for example, or sends spam and phishing emails. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Your feedback for more security 10.1 Contact address If you have any questions or requests concerning the Avira product range, we will be pleased to help you. For our contact addresses, please refer to the Control Center under Help > About Avira Professional Security.
10.4 Reporting false positives If you believe that your Avira product is reporting a detection in a file that is most likely "clean", send the relevant file packed (WinZIP, PKZip, Arj etc.) as an email attachment to the following address: virus-professional@avira.com...
If this option is enabled, the selection of the files scanned for viruses or unwanted programs is automatically chosen by the program. This means that your Avira program decides whether the files are scanned or not based on their content. This procedure is...
Page 84
Integrity checking of system files When this option is enabled, the most important Windows system files are subjected to a particularly secure check for changes by malware during every on-demand scan. If Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 85
Note This option is only available on multi-processor systems. If your Avira program is managed with AMC, the option is always displayed and can be enabled: If the managed system does not have more than one processor, the System Scanner option is not used.
Page 86
The System Scanner has the highest priority. Simultaneous work with other applications is almost impossible. However, the System Scanner completes its scan at maximum speed. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 87
The System Scanner moves the file to Quarantine. The file can be recovered from quarantine manager if it has an informative value or - if necessary - sent to the Avira Malware Research Center. Depending on the file, further selection options are available in the quarantine manager.
Page 88
The back-up copy is saved in Quarantine, where the file can be restored if it is of informative value. You can also send the backup copy to the Avira Malware Research Center for further investigation. Display detection alerts If this option is activated, then for each detection of a virus or unwanted program an alert appears showing the actions being executed.
Page 89
Quarantine If this option is enabled, the System Scanner moves the file to the quarantine. These files can later be repaired or - if necessary - sent to the Avira Malware Research Center. Delete If this option is enabled, the file is deleted.
Page 90
Quarantine If this option is enabled, the System Scanner moves the file to Quarantine. These files can later be repaired or - if necessary - sent to the Avira Malware Research Center. Delete If this option is enabled, the file is deleted. This process is much faster than "overwrite and delete".
Page 91
If this option is enabled, you limit the depth of the scan in multi-packed archives to a certain number of packing levels (maximum recursion depth). This saves time and computer resources. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 92
In this case you should remove the name of this file from this list again. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 93
System Scanner, D:\folder\file.txt will not be excluded from the scan. Note If you are managing the Avira program in AMC, you can use variables in the path details for file exceptions. You can find a list of variables you can use under Variables: Realtime Protection und System Scanner Exceptions.
Advanced Heuristic Analysis and Detection (AHeAD) enable AHeAD Your Avira program contains a very powerful heuristic in the form of Avira AHeAD technology, which can also detect unknown (new) malware. If this option is enabled, you can define how "aggressive" this heuristic should be. This option is enabled as the default setting.
The Realtime Protection can use a filter to scan only those files with a certain extension (type). All files If this option is enabled, all files are scanned for viruses or unwanted programs, irrespective of their content and their file extension. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 96
Here the time for scanning of a file is defined. Scan when reading If this option is enabled, the Realtime Protection scans the files before they are read or executed by the application or the operating system. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 97
If this option is enabled, monitored files on network drives will be made available in the Realtime Protection's cache. Monitoring of network drives without the caching function is more secure, but does not perform as well as the monitoring of network drives with caching. Archives Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 98
In this display box you can specify the virus management actions that should be available as further actions in the dialog box. You must activate the corresponding options for this. Repair Realtime Protection repairs the infected file if possible. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 99
Realtime Protection moves the file to Quarantine. The file can be recovered from Quarantine manager if it has an informative value or - if necessary - sent to the Avira Malware Research Center. Depending on the file, further options are available in the Quarantine manager.
Page 100
Quarantine If this option is enabled, the Realtime Protection moves the file to Quarantine. The files in this directory can later be repaired or - if necessary - sent to the Avira Malware Research Center. Delete If this option is enabled, the file is deleted.
Page 101
Quarantine If this option is enabled, the Realtime Protection moves the file to Quarantine. The files can later be repaired or - if necessary - sent to the Avira Malware Research Center. Delete If this option is enabled, the file is deleted. This process is much faster than Overwrite and delete.
Page 102
The specified path and file name of the process should contain a maximum of 255 characters. You can enter up to 128 processes. The entries in the list must not result in more than 6000 characters in total. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 103
The "Processes" button opens the "Process selection" window in which the running processes are displayed. With this button, you can add the process entered in the input box to the display window. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 104
You can determine the alias of the operating system to be used from the Realtime Protection report file. The button opens a window in which you can select the file object to be excluded. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 105
Control Center under Local protection > Realtime Protection. If you are managing the Avira product in AMC, you can use variables in the path details for process and file exceptions. You can find a list of variables you can use under...
Page 106
Macrovirus heuristics Macrovirus heuristics Your Avira product contains a highly powerful macrovirus heuristic. If this option is enabled, all macros in the relevant document are deleted in the event of a repair, Avira Professional Security - User Manual (Status: 23 Sep. 2011)
11.2.2 ProActiv Avira ProActiv protects you from new and unknown threats for which there are not yet any virus definitions or heuristics available. ProActiv technology is integrated into the Realtime Protection component and observes and analyzes the program actions performed. The behavior of the program is checked against typical malware action patterns: Type of action and action sequences.
Page 108
(executable files) to the Avira Malware Research Center for advanced online scanning. After evaluation, these data are added to the ProActiv behavioral analysis rule sets. In this way, you become part of the Avira ProActiv community and contribute to the continuous improvement and refinement of the ProActiv security technology.
Page 109
Realtime Protection. To change the exclusion type, click on the type displayed. Warning Only use the Path type in exceptional cases. Malcode can be added to an Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Note Some trusted applications, including for example all application components of your Avira product, are by default excluded from monitoring by the ProActiv component even though they are not included in the list. Input box In this box you enter the application to be excluded from monitoring by the ProActiv component.
11.3 Variables: Realtime Protection and System Scanner exceptions If your Avira product is managed with AMC, you may use variables to configure exceptions for the Realtime Protection and the System Scanner. When saving the configuration on the managed system, the variables are automatically replaced by true values corresponding to the operating system and its language.
You can specify various update intervals and activate or deactivate automatic updating. Note If you configure your Avira product in the Avira Management Console, automatic updates are not available. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 113
You can access further settings for updating via a file server under: Configuration > Local protection > Update > File server. If this option is enabled, you can configure the file server you are using. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
If this option is enabled, no automatic product updates or notifications of available product updates by the Updater are performed. Updates to the virus definition file and search engine are performed independently of this setting. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Restart settings. (Options available in expert mode only.) 11.4.2 Restart settings When a product update for your Avira product is performed, you may have to restart your computer system. If you have selected automatic product updates under Local protection >...
File Server / Shared folders option has been selected. Download Enter the name of the file server on which the update files for your Avira product and the required directories '/release/update/' are located. The following must be specified: file:// <IP address of the file server>/release/update/.
This option is not available under Vista and Windows 7. Under these operating systems the dial-up connection opened for the update is always terminated as soon as the download has been performed. Download Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 118
If you do not specify a port, port 80 will be used. By default, the accessible Avira web servers are specified for updating. You can, however, use your own web servers on the company intranet. If a number of web servers are specified, separate each one by a comma.
In the Avira FireWall, an adapter represents a software simulated hardware device (e.g. miniport, bridge connection, etc.) or a real hardware device (e.g. network card). The Avira FireWall displays the adapter rules of all existing adapters on your computer for which a driver was installed. (Options available in expert mode only.) ...
Page 120
Reference: Configuration options Note The default Security level setting for all predefined rules of the Avira FireWall is Medium. ICMP protocol The Internet Control Message Protocol (ICMP) is used to exchange error and information messages on networks. The protocol is also used for status messages with ping or tracer.
Page 121
TCP port scan is assumed. Event database With a mouse click on the link you have the choice between "log" and "don't log" the attacker's IP address. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 122
With a mouse click on the link you have the choice between "log" and "don't log" the attacker's IP address. Rule With a mouse click on the link you have the choice between "add" and "don't add" the rule to block the UDP port scan attack. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 123
Reference: Configuration options Incoming Rules Incoming rules are defined to control incoming data traffic by the Avira FireWall. Warning When a packet is filtered, the corresponding rules are applied successively, therefore the rule order is very important. Change the rule order only if you are completely aware of what you are doing.
Page 124
Apply for packets of existing connections. Don't log when packet matches rule. Advanced: Select packets that have following bytes <empty> with mask <empty> at offset 0. Allow/ Deny TCP packets Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 125
Filtered content: offset With a mouse click on the link a dialog box appears in which you can define the filtered content offset. The offset is computed from where TCP header ends. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 126
IPv4 or IPv6 address. IP mask By clicking on this link with the mouse, a dialog box opens in which you can enter the required IPv4 or IPv6 mask. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 127
Filtered content: offset With a mouse click on the link a dialog box appears in which you can define the filtered content offset. The offset is computed from where UDP header ends. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 128
With a mouse click on the link a dialog box appears in which you can select a file that contains the specific buffer. Filtered content: mask With a mouse click on the link a dialog box appears in which you can select the specific mask. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 129
You can define a rule for incoming or outgoing IP Protocol. See Add new rule. Allow/ Deny By clicking on the link with the mouse, you can decide whether you want to accept or reject specially defined IP packages. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 130
Outgoing Rules Outgoing rules are defined to control outgoing data traffic by the Avira FireWall. You can define an outgoing rule for one of the following protocols: IP, ICMP, UDP, TCP. See Add new rule.
Avira FireWall was installed. Normal view Column Description Application Name of the application. Active Number of active connections opened by the application. Connections Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 132
Reference: Configuration options Action Shows the action that the Avira FireWall will automatically take when the application is using the network, whatever the network usage type is. With a mouse click on the link you can switch to another action type. The action types are Ask, Allow or Deny.
Page 133
In this box you can see details of the application selected in the application list box. Name - Name of the application. Path - Full path to the executable file. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
If this option is enabled, the application provided with the signature of a known and trusted provider is automatically permitted access to the network. The option is enabled as the default setting. Vendors The list shows all vendors classified as trusted. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Options available in expert mode only. Advanced options Turn on FireWall If the option is activated, the Avira FireWall is enabled and protects your computer from risks originating from the Internet and other networks. Stop Windows Firewall on startup If this option is enabled, the Windows Firewall is deactivated when the computer is rebooted.
Page 136
If this option is enabled, you can regulate different network accesses of an application on an individual basis. Basic settings If this option is enabled, only one action can be set for different network accesses of the application. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Show details In this group of configuration options, you can setup the display of detailed information in the Network event window. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Application rules: Network access by applications can be allowed or denied. There is no way of creating specific application rules. If your Avira product is managed by the Avira Management Console, the following FireWall setting options in the Control Center are deactivated on client computers: ...
Page 139
Set security level High You also have the option of modifying individual adapter rules to suit your own particular requirements. Note The default security level setting for all predefined rules of the Avira FireWall is Medium. ICMP protocol Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 140
With a mouse click on the link a list of ICMP packet types is displayed. From this list you can specify the desired incoming ICMP message types you want to block. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 141
With a mouse click on this link a dialog box appears in which you can enter the time span for a certain number of port scans, so that a TCP port scan is assumed. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 142
UDP port scan is assumed. Report file With a mouse click on the link you have the choice to log or not to log the attacker's IP address. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
With a mouse click on the link you have the choice to add or not to add the rule to block the UDP port scan attack. 11.6.2 Incoming Rules Incoming rules are defined to control incoming data traffic by the Avira FireWall. Warning When a packet is filtered the corresponding rules are applied successively, therefore the rule order is very important.
Page 144
{0-65535}. Apply for all packets. Don't log when packet matches rule. Advanced: Discard packets that have following bytes <empty> with mask <empty> at offset 0. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 145
The advanced feature enables content filtering. For example packets can be rejected if they contain some specific data at a certain offset. If you do not want to use this option do not select a file or choose an empty file. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 146
{0-65535}. Apply for all ports. Don't log when packet matches rule. Advanced: Discard packets that have following bytes <empty> with mask <empty> at offset 0. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 147
The advanced feature enables content filtering. For example packets can be rejected if they contain some specific data at a certain offset. If you do not want to use this option do not select a file or choose an empty file. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 148
IPv4 or IPv6 mask. Report file By clicking on the link with the mouse you can decide whether to write to a report file or not if the package complies with the rule. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 149
IPv4 or IPv6 address. IP mask By clicking on this link with the mouse, a dialog box opens in which you can enter the required IPv4 or IPv6 mask. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 150
Outgoing Rules Outgoing rules are defined to control outgoing data traffic by the Avira FireWall. You can define an outgoing rule for one of the following protocols: IP, ICMP, UDP and TCP. See Add new rule.
Access to networks by applications with the Allow rule is permitted. Access to networks by applications with the Deny rule is denied. When applications are added, the Allow rule is set. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
A list of trusted software producers is displayed under Trusted vendors. Applications from the listed software manufacturers will be granted access to the network. You can add and remove manufacturers from the list. Vendors The list shows all vendors classified as trusted. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
11.6.5 Further settings Options available in expert mode only. Notifications Notifications define the events under which you wish to receive a desktop notification from the FireWall. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Always disabled When this option is enabled, the option "Remember action for this application" of the dialog box "Network event" is disabled as the default setting. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Web Protection protects you against viruses or malware that reach your computer from web pages that you load on your web browser from the Internet. The Scan options can be Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 156
Web Protection, website contents are not downloaded incrementally in the Internet browser, as they are scanned for viruses and malware before being displayed in the Internet browser. This option is disabled as the default setting. Permitted actions Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 157
In the event of a virus or malware being detected, the website requested from the web server and/ or the transferred data and files are moved into quarantine. The affected Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 158
The list of blocked file and MIME types is ignored if they are entered in the list of excluded file and MIME types under Web Protection > Scan > Exceptions. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 159
When the option is enabled, all URLs matching the selected categories in the Web filter list are blocked. Web filter list In the Web filter list you can select the content categories whose URLs are to be blocked by Web Protection. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 160
All file types and content types on the exclusion list are downloaded into the Internet browser without further scanning of the blocked requests (List of file and MIME types to be blocked in Web Protection > Scan > Blocked requests) or Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 161
You can also use the wildcard * for any number of characters when specifying URLs. You can also use leading or following dots in combination with wildcards to indicate the domain level: Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 162
URLs with the domain www.avira.de are not excluded from Web Protection scans. avira.com -OR- *.avira.com = All URLs with the second and top-level domain avira.com are excluded from Web Protection scans: The specification implies all existing subdomains for .avira.com: www.avira.com, forum.avira.com, etc.
Page 163
Advanced Heuristic Analysis and Detection (AHeAD) enable AHeAD Your Avira program contains a very powerful heuristic in the form of Avira AHeAD technology, which can also detect unknown (new) malware. If this option is enabled, you can define how "aggressive" this heuristic should be. This option is enabled as the default setting.
20%. Write configuration in report file If this option is enabled, the configuration of the on-access scan is recorded in the report file. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
In this field you should enter the port to be used as the inbox by the IMAP protocol. Multiple ports are separated by commas. (Option available in expert mode only.) Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 166
If this option is enabled, the Mail Protection shows a progress bar during downloading of emails. This option can only be enabled if the option "Interactive" has been selected. Permitted actions Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 167
The body of the email is replaced by the default text given below. The same applies to all attachments included; these are also replaced by a default text. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 168
Protection finds a virus or unwanted program in an email or in an attachment. (Options available in expert mode only.) Note These actions are performed exclusively when a virus is detected in incoming emails. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 169
Advanced Heuristic Analysis and Detection (AHeAD) Enable AHeAD Your Avira program contains a very powerful heuristic in the form of Avira AHeAD technology, which can also detect unknown (new) malware. If this option is enabled, Avira Professional Security - User Manual (Status: 23 Sep. 2011)
With this button you can add the email address entered in the input box to the list of email addresses not to be scanned. Delete This button deletes a highlighted email address from the list. Email address Email that is no longer to be scanned. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 171
Configuration > Mail Protection > Scan). You can use the defined Avira Mail Protection footer to confirm the sent email has been scanned by a virus protection program. You also have the option of inserting text yourself for a user- defined footer.
If this option is enabled, the Avira Mail Protection footer is displayed beneath the message text of the sent email. The Avira Mail Protection footer confirms that the sent email has been scanned for viruses and unwanted programs by Avira . The Avira Mail Protection footer contains the following text: "Scanned with Avira Mail Protection...
11.9 General 11.9.1 Threat categories Selection of extended threat categories (Options available in expert mode only) Your Avira product protects you against computer viruses. In addition, you can scan according to the following extended threat categories. Adware ...
The password is case-sensitive! Areas protected by password (Options available in expert mode only) Your Avira product can protect individual areas with a password. By clicking the relevant box, the password request can be disabled or re-enabled for individual areas as required.
Page 175
If this option is enabled, the pre-defined affected password is required to restore an object. objects Rescan If this option is enabled, the pre-defined affected password is required to rescan an object. objects Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 176
. Installation / If this option is enabled, the pre-defined uninstallation password is required for installation or uninstallation of the program. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Task-Manager. This option is enabled as the default setting. Advanced process protection If this option is enabled, all processes of the program are protected with advanced options against unwanted termination. Advanced process protection requires Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Windows systems. Your Avira product supports WMI and provides data (status information, statistical data, reports, planned requests, etc.) as well as events...
Enter the computer name or IP address of the proxy server you want to use to connect to the web server. Port Please enter the port number of the proxy server you want to use to connect to the web server. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
The list in this window shows names of computers that receive a message when a virus or unwanted program is found. Note A computer can always be entered only once in this list. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 181
Inserts a line break. Enter The message can include wildcards for information found during the search. These wildcards are replaced by the actual text when sent. The following wildcards can be used: Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 182
The window shows the message sent to the selected workstation when a virus or unwanted program is detected. You can edit this message. A text may contain a maximum of 500 characters. You can use the following key combinations for formatting the message: Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 183
The button restores the predefined default text for an alert. Email Realtime Protection email alerts Avira Realtime Protection can send alerts by email to one or more recipients for certain events. Email alerts If this option is enabled, Avira Realtime Protection sends email messages with the most important information when a certain event occurs.
Page 184
If this option is enabled, the program sends email messages with the most important information when a certain event occurs. This option is disabled as the default setting. Email messages for the following events Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 185
If this option is enabled, the Update component sends email messages with the most important data when a specific event occurs. This option is disabled as the default setting. Email messages for the following events Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 186
Add report file as attachment If this option is enabled, the current report file of the Updater component is added to the email as an attachment when sending Updater notifications. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 187
Fully qualified domain name %TIMESTAMP% Event time stamp: Time and date format as per the language settings of the operating system %COMPUTERNAME% NetBIOS computer name %USERNAME% Name of user accessing the component Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 188
Protection %VIRUSNAME% Name of the virus or unwanted Realtime program Protection %ACTION% Action performed after the Realtime detection Protection %MACADDR% MAC address of the first Realtime registered network card Protection Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 189
Number of infected files renamed System Scanner %DELETEDCOUNT% Number of infected files deleted System Scanner %WIPECOUNT% Number of infected files System overwritten and deleted Scanner %MOVEDCOUNT% Number of infected files moved System to quarantine Scanner Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 190
Realtime Protection > Scan > Action detection. No warning When this option is enabled, there is no acoustic alert when a virus is detected by the System Scanner or Realtime Protection. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 191
This button is used to test the selected WAVE file. Alerts Your Avira product generates so-called slide-ups, desktop notifications for specific events, which give information on successful or failed program sequences such as updates. Under Alerts you can enable or disable the notifications for specific events.
When this option has been activated, the size of the event database is not limited. However, a maximum of 20,000 entries are displayed in the program interface under Events. 11.9.8 Reports Options available in expert mode only. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
In this input box, enter the path where the program will store its temporary files. The button opens a window in which you can select the required temporary path. Default The button restores the pre-defined directory for the temporary path. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 194
This box contains the path to the quarantine directory. The button opens a window in which you can select the required directory. Default The button restores the predefined path to the quarantine directory. Avira Professional Security - User Manual (Status: 23 Sep. 2011)
Page 195
This manual was created with great care. However, errors in design and contents cannot be excluded. The reproduction of this publication or parts thereof in any form is prohibited without previous written consent from Avira Operations GmbH & Co. KG. Issued Q4-2011 Brand and product names are trademarks or registered trademarks of their respective owners.
Need help?
Do you have a question about the PROFESSIONAL SECURITY and is the answer not in the manual?
Questions and answers