1. Manuals
  2. Brands
  3. KAPERSKY Manuals
  4. Software
  5. ANTI-VIRUS 5.5 - FOR CHECK POINT FIREWALL-1
  6. Administrator's manual

KAPERSKY ANTI-VIRUS 5.5 - FOR CHECK POINT FIREWALL-1 Administrator's Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
KASPERSKY LAB
®
Kaspersky Anti-Virus
5.5
TM
for Check Point
Firewall-1®
Administrator's Guide

Advertisement

Table of Contents
loading

Related Manuals for KAPERSKY ANTI-VIRUS 5.5 - FOR CHECK POINT FIREWALL-1

Summary of Contents for KAPERSKY ANTI-VIRUS 5.5 - FOR CHECK POINT FIREWALL-1

  • Page 1 KASPERSKY LAB ® Kaspersky Anti-Virus for Check Point Firewall-1® Administrator's Guide...
  • Page 2 ® K A S P E R S K Y A N T I - V I R U S 5 . 5 F O R C H E C K P O I N T ® F I R E W A L L - 1 Administrator's Guide ©...

  • Page 3: Table Of Contents

    Table of Contents CHAPTER 1. INTRODUCTION ..................6 1.1. Computer viruses and malicious software............6 1.2. Purpose, main functions and structure of Kaspersky Anti-Virus......8 1.3. What's new in version 5.5? ................. 10 1.4. Software and hardware requirements ..............11 1.5.
  • Page 4 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 5.7. Protection without additional configuration ............47 5.8. Verifying the application performance ..............48 5.8.1. Test “virus” EICAR and its modifications ............. 48 5.8.2. Testing the HTTP traffic protection .............. 49 5.8.3. Testing the SMTP traffic protection.............. 49 5.8.4.
  • Page 5 Table of Contents 10.1. Configuring the diagnostics level ..............99 10.2. Configuring log files settings ................101 CHAPTER 11. LICENSE KEYS.................. 102 11.1. License information ..................104 11.2. License key details ..................105 11.3. License-related notifications................107 11.4. Installing the license key ................. 107 11.5.

  • Page 6: Chapter 1. Introduction

    CHAPTER 1. INTRODUCTION The main source of viruses today is the global Internet. Most virus infections happen via e-mail. The facts that almost every computer has e-mail client applications installed and that malicious programs are able to take a full advantage of software address books in order to find new victims are favorable factors for the distribution of malware.
  • Page 7 Introduction • Viruses –programs that infect other programs by adding their code to the infected program's code in order to gain control when infected files are run. This simple definition helps determine that the major action a virus performs is infecting computer programs. Viruses spread somewhat slower than worms.

  • Page 8: Purpose, Main Functions And Structure Of Kaspersky Anti-Virus

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 • Automatic dialers (Pornware) - programs that establish modem connection with various pay-per-visit internet (as a rule, pornographic) websites. • Hacking tools - tools used by hackers to obtain access to the user's computer.
  • Page 9 Introduction • creates list of objects that will not be scanned for viruses. • saves backup copies of objects to a special storage before disinfecting, deleting or blocking the object for the consequent restoring which pre- vents the loss of data. Configurable filters allow to easily locate the origi- nal copies of objects.

  • Page 10: What's New In Version 5.5

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 agement module is implemented as the extension of the Microsoft Man- agement Console (MMC). 1.3. What's new in version 5.5? ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 has the following distinctions from the previous version: •...

  • Page 11: Software And Hardware Requirements

    Introduction log and in the application's logs. An ability to configure the degree of in- formation completeness and the extent of detail has been added. Logs can be viewed using the Microsoft Windows Events Viewer tool and standard text editors, such as Notepad. •...

  • Page 12: Distribution Kit

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 • Microsoft Windows Server 2003 Enterprise Edition or higher. Management console: • Hardware requirements: • processor Intel Pentium II 300 MHz or higher; • 256 MB RAM; • 10 MB free disk space. •...

  • Page 13: License Agreement

    Introduction 1.5.1. License Agreement License Agreement is a legal contract between you and Kaspersky Lab Ltd., which contains the terms and conditions, on which you may use the anti-virus product you have purchased. Read the License Agreement carefully! If you do not agree with the terms of the license agreement, you can return Kaspersky Anti-Virus to your dealer for a full refund.
  • Page 14 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Format feature Meaning/Usage Bold font Titles of menus, menu items, windows, dialog boxes and their elements, etc. Additional information, notes Note Information requiring special attention Attention! Description of the successive user's In order to perform, steps and possible actions Step 1.

  • Page 15: Chapter 2. Operation Of Kaspersky Anti-Virus

    CHAPTER 2. OPERATION OF KASPERSKY ANTI-VIRUS ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 acts as a filter: processes data, transferred over HTTP, FTP and SMTP protocols, identifies monitored objects, analyzes them for the presence of malicious code and blocks attempts of infected files and web documents to penetrate the local network.
  • Page 16 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Install the Security Server component on the computer that has a TCP/IP connection to the computer where the Check Point ® Firewall-1 application is installed. The installation is performed from the installation CD. ®...

  • Page 17: Anti-Virus Protection System Maintenance

    Operation of Kaspersky Anti-Virus • Fine-tune the anti-virus database update settings (see Chapter 6, page 51). • Verify the correctness of the settings and of the Anti-Virus operation using a test "virus" EICAR (see section 5.8, page 48). • Configure the event logs and reports settings (see Chapter 10, page 98 and Chapter 9, page 89).

  • Page 18: Chapter 3. Installing And Removing The Application

    CHAPTER 3. INSTALLING AND REMOVING THE APPLICATION Before the installation of Kaspersky Anti-Virus, make sure that the software and hardware of the computers used meet the installation requirements. The minimum allowable configuration is described in section 1.4, page 2. For installation of Kaspersky Anti-Virus 5.5 for Check Point Firewall- ®...

  • Page 19: First-Time Installation

    Installing and removing the application 3.1.1. First-time installation In order to install Kaspersky Anti-Virus, run the executable file from the installation CD. The installation process will be facilitated by the setup wizard. Setup wizard will offer you to configure the installation settings and start the installation.
  • Page 20 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Step 4. Selecting application components to be installed If you selected the custom installation option, specify application components to be installed on your computer. You can also change the default folder into which they will be installed.
  • Page 21 Installing and removing the application Note that databases used by the application are created only once, during the installation of the Security Server. If you decide change the application data folder, then in order to ensure the correct data transfer into the new folder, the entire content of the old folder shall be copied, including the subfolders structure and the names of the subfolders shall remain intact.

  • Page 22: Reinstalling The Application

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 If, at the time of the installation, you still do not have the license key (for example you ordered it from Kaspersky Lab via internet but have not received it yet), you can install it later when you run the application for the first time using the Management Console.

  • Page 23: Chapter 4. Integration Of Kaspersky Anti-Virus With Check Point Tm Firewall-1

    CHAPTER 4. INTEGRATION OF KASPERSKY ANTI-VIRUS WITH CHECK POINT FIREWALL-1 ® The process of integration of Kaspersky Anti-Virus with Check Point Firewall- ® is a standard procedure for OPSEC applications and involves two steps: ® Registration of the Security Server with Check Point Firewall-1 as an OPSEC application.
  • Page 24 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 1. Creating a Security Server network object When creating a new object, that is an OPSEC application (OPSEC Application/New) in the General tab of the OPSEC Application Properties settings configuration window (see Figure 2), perform the following: •...
  • Page 25 Integration of Kaspersky Anti-Virus with Check Point • In the Server Entities and Client Entities sections, select CVP, AMON and ELA as protocols supported by the application. Configuring the protocols settings is not required. Kaspersky Anti-Virus uses the default Check Point ®...
  • Page 26 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Setup a secure connection of the Security Server to Check Point ® Firewall-1 (Secure Internal Communications). The following will be created as the result: • key to obtain a Security Server certificate; •...
  • Page 27 Integration of Kaspersky Anti-Virus with Check Point Figure 3. Creating a URI-resource. The CVP tab • to create an FTP resource check the GET and the PUT boxes in the Methods section on the Match tab (see Figure 4);...
  • Page 28 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 4. Creating an FTP resource. The Match tab • to create a URI resource, select the Enforce URI capabilities option in the Use this resource to section on the General tab (see Figure 5).
  • Page 29 Integration of Kaspersky Anti-Virus with Check Point Figure 5. Creating a URI resource. The General tab In order to increase the efficiency of the anti-virus scan, specify the following settings values on the CVP tab (see Figure 3): • Check the CVP server is allowed to modify content box for URI-, SMTP- and FTP-resources.
  • Page 30 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 • Select the Return data before content is approved option in the Reply Order section for URI, SMTP and FTP resource. This parameter determines the possibility of early data transfer to the user before this data is scanned (see section 7.4, page 65).
  • Page 31 Integration of Kaspersky Anti-Virus with Check Point Figure 6. Configuring the SMTP resource settings. The Action2 tab...

  • Page 32: Obtaining A Security Server Certificate

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 ® Figure 7. Configuring the settings of Check Point Firewall-1 Restricting the message size 4.2. Obtaining a Security Server certificate Obtaining the certificate is a standard procedure for applications integrated with ® Check Point Firewall-1 .
  • Page 33 Integration of Kaspersky Anti-Virus with Check Point The settings will be assigned values set during the registration of the Security ® Server with Check Point Firewall-1 (see section 4.1, page 23). In order to obtain the Security Server certificate: run executable file opsec_pull_cert.exe included into the Kaspersky Anti-Virus distribution kit on the computer on which the Security Server is installed using the command line with the following keys: opsec_pull_cert.exe –h <IP address>...

  • Page 34: Chapter 5. Starting Using The Application

    CHAPTER 5. STARTING USING THE APPLICATION 5.1. Starting the application The server part of the application, the Security Server, is launched automatically at the startup of the operating system on the computer on which the Security System is installed. If the settings used for the interaction of the Security Server ®...
  • Page 35 Starting using the application Figure 8. Main application window ® The Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 namespace contains the list of monitored servers (that is, computers that are monitored by Kaspersky Anti-Virus via this console) in the form of nodes. Immediately after the installation of the Management Console the namespace does not contain any elements.

  • Page 36: Shortcut Menu

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 If the connection to the monitored server was established, the <Computer name> node will include nested folders; each of these folders will be used for managing a particular function of the application. •...

  • Page 37: Creating The List Of Monitored Servers

    Starting using the application Additional shortcut menu commands are also provided for report templates and for the backup storage: • using the Create a report command you can create a report based on the selected template and save it as a file; •...

  • Page 38: Connecting The Management Console To The Server

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 In order to establish connection between the Management Console and the Security Server when adding the server, check the Con- nect now box (details see section 5.4. page 38). The Security Server component must be installed on the se- lected computer in order to ensure connection.

  • Page 39: Connecting The Security Server To Check Point Tm Firewall-1

    Starting using the application component installed on the monitored server. The application will then receive information from the server and display it as the console tree. In order to connect to the Security Server select the node that corresponds to the server you need in the console tree, open the shortcut menu and select the Connect to the server command or use the corresponding item in the Action menu.
  • Page 40 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Connecting applications using a secured protocol is recommended by Check Point company. By default, Kaspersky Anti-Virus uses a secured connection protocol ® and the default Check Point Firewall-1 settings. The interaction between the applications is provided using three protocols. CVP and AMON protocols are used by the Security Server when it is expecting the ®...
  • Page 41 Starting using the application • the port number on the Security Server that will be used to ® receive requests for connection from Check Point Firewall-1 By default, these are port 18181 for CVP protocol and port 18193 for AMON protocol. •...
  • Page 42 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 • ELA Server: NetBIOS name or the full domain name (FQDN) or the IP address of the computer, on which Check Point ® Firewall-1 is installed, • ELA SIC-Server name. the internal SIC name of Check ®...
  • Page 43 Starting using the application Figure 10. Configuring OPSEC settings The Connection tab In order to specify settings required to configure connection between ® Kaspersky Anti-Virus and Check Point Firewall-1 that are not included in the Connection tab, press the Advanced button. This will open the Configuring additional OPSEC settings window (see Figure 11).
  • Page 44 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 For detailed information about secure connection types and default values for various versions of Check Point Firewall- ® visit the Check Point corporate website at: http://www.opsec.com/developer/gw_comm_mode.html Figure 11. Configuring additional OPSEC settings Select the Parameters tab (see Figure 12).
  • Page 45 Starting using the application Do not notify option if you do not want notifications to be issued. Specify the frequency for the Security Server to attempt to ® restore the connection with Check Point Firewall-1 if the connection fails, in the Try to connection every field. Information about the events that happened while the con- nection was out, will be transferred to Check Point Fire-...

  • Page 46: Minimum Required Settings

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 12. OPSEC setting configuration. The Parameters tab After you are done with the settings, press the Apply or the OK button. You can restore the default settings by pressing the Restore the default settings button.

  • Page 47: Protection Without Additional Configuration

    Starting using the application 5.7. Protection without additional configuration The anti-virus protection will start operating immediately after the parameters for the interaction between Kaspersky Anti-Virus and Check Point Fiewall-1 are configured. The default operation mode of the Anti-Virus is as follows: •...

  • Page 48: Verifying The Application Performance

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 The message sent by you contains an infected object <virus name>. The message has been blocked. Suspicious, protected and corrupted objects will be delivered to the user intact. • The anti-virus database is updated hourly via internet from the Kaspersky Lab's HTTP and FTP updates servers.

  • Page 49: Testing The Http Traffic Protection

    Starting using the application X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS- TEST-FILE!$H+H* The file downloaded from the EICAR website or created as described above contains the body of a standard test “virus”. Kaspersky Anti-Virus will detect it, assign it the Infected category and apply the action defined by the administrator for processing objects of this type.

  • Page 50: Testing The Ftp Traffic Protection

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Kaspersky Anti-Virus will detect this object, identify it as infected and will perform an action specified in the SMTP traffic scan settings as the default action for this type of objects (see section 5.7, page 47): •...

  • Page 51: Chapter 6. Updating The Anti-Virus Database

    CHAPTER 6. UPDATING THE ANTI-VIRUS DATABASE Users of Kaspersky Lab's products can update the anti-virus database used by Kaspersky Anti-Virus to detect malware and to disinfect infected objects. Kaspersky Lab's anti-virus database contains the description of the following objects categories: a.
  • Page 52 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Categories of objects that will be detected by the Anti-Virus in the traffic passing through the firewall will be determined by the selected level of the anti-virus protection (see section 7.2, page 63). As new malicious programs are created daily, it is extremely important that you maintain your anti-virus database up-to-date.
  • Page 53 Updating the anti-virus database Figure 13. Anti-virus database updates settings window. Configuring internet updates downloading For automatic updates, create an updates downloading schedule (details see section 6.3, page 56). If updates are required immediately, press the Update now button (details see section 6.4, page 57) to download the updates manually.

  • Page 54: Downloading Updates From The Internet

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 6.1. Downloading updates from the internet In order to ensure that Kaspersky Anti-Virus receives the anti-virus da- tabase updates from the internet, Select the node corresponding to the required server in the console tree and follow the Anti-virus scan link in the results pane.

  • Page 55: Installing Updates From A Network Folder

    Updating the anti-virus database • If you connect to the internet using a proxy server, check the Use proxy server box and specify the connection settings: address and number of the port used for connection. If you use a password in order to access the proxy server, specify the proxy user's authentication settings.

  • Page 56: Automatic Updates

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 updates source and enter the path to the required folder in the corresponding field manually or using the Browse button. After you are done with the settings, press the Apply or the OK button.

  • Page 57: Updating The Anti-Virus Database In The Manual Mode

    Updating the anti-virus database After you are done with the settings, press the Apply or the OK button. You can restore the default settings by pressing the Restore the default settings button. As a result, the application will be automatically updating the anti-virus database at the specified interval and in accordance with the specified settings.

  • Page 58: Chapter 7. Anti-Virus Protection

    CHAPTER 7. ANTI-VIRUS PROTECTION The main task of Kaspersky Anti-Virus is scanning mail traffic passing through ® Check Point Firewall-1 and disinfecting or blocking e-mail messages using the information contained in the current (latest) version of the anti-virus database. Depending on the anti-virus protection level (see section 7.1, page 60) the application can detect: •...
  • Page 59 Anti-virus protection Kaspersky Anti-Virus allows the user to configure notifications about the results of the anti-virus scan of objects (see Chapter 12 on page 110). When scanning e-mail messages transferred via SMTP protocol the program scans the body of the message and all attached files of any format. It is to be noted that Kaspersky Anti-Virus distinguishes between simple objects (the message body, simple attachment, for example an executable file) and containers (consisting of several objects, for example an archive, a message with...

  • Page 60: Anti-Virus Objects Processing

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 object is not infected, the rest of the information will be transferred to the user. Otherwise, the application will break the connection with the source and display a message informing the user that the information can not be downloaded. The object will be processed using the anti-virus scan settings and information about such objects will be logged in the events log and in the report.

  • Page 61: Actions Performed With Objects Transferred Via Http Protocol

    Anti-virus protection You can configure notifications about the detection of infected, suspicious, protected and corrupted objects (see Chapter 12 on page 110). No notification is made about objects that are not infected. Before the processing, a copy of the object can be saved in the backup storage to be restored or deleted later.

  • Page 62: Actions Performed With Objects Transferred Via Ftp Protocol

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 7.1.2. Actions performed with objects transferred via FTP protocol The following actions can be performed to disinfect infected objects detected during the scan of data transferred via FTP protocol. • Disinfect – disinfect and pass the object to the user, once disinfected. If the object cannot be disinfected, apply the action specified for objects that cannot be disinfected.

  • Page 63: Anti-Virus Protection Level

    Anti-virus protection The selected action will be applied to the entire message irrespective of whether an infected, suspicious, protected or corrupted object is detected in the message body or in one of the attached files. Copies of clean and skipped objects can also be saved in the backup storage. 7.2.
  • Page 64 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 It is to be noted that disabling the anti-virus server protection consid- erably increases the risk of malware penetration via the firewall. We do not recommend disabling the anti-virus protection for a long time. In order to enable or disable the anti-virus protection or to change its level, Select the node corresponding to the required server in the console...

  • Page 65: Scanning Http Traffic

    Anti-virus protection Figure 16. Enabling anti-virus protection 7.4. Scanning HTTP traffic In order to configure the settings for scanning data transferred via HTTP protocol: Select the node corresponding to the required server in the console tree and follow the HTTP traffic settings link in the results pane.
  • Page 66 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 • transfer of information, downloaded from the source in parts, to the user. • Transfer of data that does not include service information to the user. Figure 17. HTTP traffic scan settings The Settings tab •...
  • Page 67 Anti-virus protection sending interval field. The value of this setting is set based on the parameters of the client program and shall not exceed the time period after which the client displays a message about the failed attempt to connect to the specified address. The suggested default value is 10 seconds.
  • Page 68 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 18. HTTP traffic scan settings. The Actions tab Specify which actions will be performed upon detection of infected, suspicious, protected and corrupted objects on the Actions tab (see Figure 18). Determine the order of processing for each status individually.
  • Page 69 Anti-virus protection When the Save copies of clean and passed objects check box is selected, the Disinfect, save a copy action will be applied to all in- fected objects instead of the Disinfect action. The original copies of disinfected objects and the objects that cannot be disinfected will also be saved if the Skip, make no changes action is selected for such ob- jects.

  • Page 70: Scanning Ftp Traffic

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 20. HTTP traffic scan settings The Exclusions tab In order to apply the changes, press the Apply or the OK button. You can restore the default settings by pressing the Restore the default settings button.
  • Page 71 Anti-virus protection This will open the FTP scan settings window (see Figure 21). Configure the anti-virus operation settings for scanning FTP traffic on the tabs of this window. The settings are configured similarly to the settings used for HTTP traffic. (see section 7.4, page 65). Figure 21.
  • Page 72 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 22. FTP traffic scan settings. The Actions tab On the Exclusions tab (see Figure 23) provide the list of objects that will not be scanned for the presence of malicious code. In order to do this, check boxes next to the corresponding types of objects in the list...

  • Page 73: Scanning Smtp Traffic

    Anti-virus protection Figure 23. FTP traffic scan settings. The Exclusions tab In order to apply the changes, press the Apply or the OK button. You can restore the default settings by pressing the Restore the default settings button. In order to disable scanning data transferred via FTP protocol: uncheck the Scan FTP traffic box on the Settings tab of the FTP scan settings window (see Figure 21) and press the Apply or the OK button.
  • Page 74 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 In order to ensure that traffic will be scanned, check the Scan SMTP traffic box (see Figure 24) on the Settings tab. Figure 24 SMTP traffic scan settings The Settings tab Specify which actions will be performed upon detection of infected, suspicious, protected and corrupted objects on the Actions tab (see Figure 25).

  • Page 75: Anti-Virus Scan Efficiency

    Anti-virus protection Figure 25 SMTP traffic scan settings The Actions tab In order to apply the changes, press the Apply or the OK button. You can restore the default settings by pressing the Restore the default settings button. In order to disable scanning data transferred via SMTP protocol: uncheck the Scan SMTP traffic box on the Settings tab of the SMTP scan settings window (see Figure 24) and press the Apply or the OK button.
  • Page 76 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Select the Performance tab in the Anti-virus protection window that will open (see Figure 26) and specify the values for the settings displayed on this tab. Figure 26. Kaspersky Anti-Virus Performance settings •...
  • Page 77 Anti-virus protection graphic objects less than 2 MB; all other objects (except applications) less than 256 KB. • The maximum number of objects scanned in RAM without saving to the working folder on the hard drive. You can set this value in the range between 1 to 1000.
  • Page 78 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 As archives are a type of containers, the restrictions to scan- ning containers apply to archives as well. If you impose a restriction on scanning containers, the same nesting level restrictions will be applied to archives (if ar- chives have not been explicitly excluded from the scan ).

  • Page 79: Chapter 8. Backup Storage

    CHAPTER 8. BACKUP STORAGE Kaspersky Anti-Virus allows saving a backup copy of an infected object before processing. A copy of such object is created in the backup storage. Later such object stored in the backup storage can be restored (see section 8.3, page 84) or deleted (see section 8.4, page 86).

  • Page 80: Viewing The Backup Storage

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 For convenient viewing, search for information in the backup storage and for structuring the storage the application includes configurable user filters (see section 8.2, page 81). Filters, created for the backup storage, can be viewed in the Backup Storage folder as subfolders under names assigned by the administrator when the filters were created.

  • Page 81: Backup Storage Filter

    Backup storage • To. IP address of the computer from which the object was requested or e-mail address of the recipient for objects transferred via SMTP protocol. • Size. Object’s size in bytes. • Status. Status assigned to the object as a result of the anti- infected, disinfected, suspicious,...
  • Page 82 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 28. Creating a filter Specify a name under which the filter will be saved in the Backup Storage folder. Specify the parameter values that will be used to perform the search for (filtering of) objects stored in the backup storage. You can specify any number of parameters.
  • Page 83 Backup storage • HTTP, FTP address of the source of the subject of the message for objects transferred via SMTP protocol; • time interval during which the object was detected. After you are done with the settings press the Apply or the OK button.

  • Page 84: Restoring Objects From The Backup Storage

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 29. Configuring filter Change the values of the filter's parameters as required. In order to apply the changes, press the Apply or the OK button. For exit without saving the changes made, press the Cancel button. As a result, the information displayed in the results pane will be updated according to the new values of the filter's parameters.
  • Page 85 Backup storage As a result of these actions the object will be moved from the backup storage into the specified folder and saved with the specified name. The restored object will have the same format as it had when it first processed by Kaspersky Anti-Virus.

  • Page 86: Deleting Objects From The Backup Storage

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 31. Restoring an object from the backup storage 8.4. Deleting objects from the backup storage The following objects are automatically deleted from the backup storage: • objects for which the storage period has expired; •...

  • Page 87: Configuring The Backup Storage Settings

    Backup storage Select the object you wish to delete in the table displaying the content of the backup storage (see Figure 27). You can use filters for searching for the object (see section 8.2, page 81). Open the shortcut menu and use the Delete command or the analogous command under the Action menu.
  • Page 88 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 32. Configuring the backup storage settings In order to apply the changes, press the Apply or the OK button. For exit without saving the changes made, press the Cancel button. You can restore the default settings by pressing the Restore the default settings button.

  • Page 89: Chapter 9. Reports

    CHAPTER 9. REPORTS Kaspersky Anti-Virus allows receiving reports about the results of the anti-virus traffic scan. Reports contain information registered during a certain period of time and provide information about: • general scan results • the total number of scanned objects: •...
  • Page 90 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 33. The Report templates folder Apart from the template name the table contains the following information for each template: • Status: status of the report created based on the template. • Expected: date and time of creation of the next report according to the schedule or on-demand, if the automatic report creation is disabled.

  • Page 91: Creating Reports

    Reports 9.1. Creating reports In order to create an anti-virus scan report: Create a report template (see section 9.2, page 92) or select an existing template. Check the Create report box on the General tab of the report template configuration window (see Figure 35). As a result, a new report will be created within intervals specified in the schedule.

  • Page 92: Creating The Report Template

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Open the shortcut menu and use the Properties command or the analogous command under the Action menu. In the Properties: Report templates window that will open (see Figure 34): Figure 34. Configuring the reports settings •...
  • Page 93 Reports Open the shortcut menu and use the Create a report template or the analogous command under the Action menu. As a result, a report template settings window <New report template> will open (see Figure 35); this window consists of the following tabs: General and Parameters.
  • Page 94 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Specify the reporting period and the report creation schedule set- tings in the Settings tab (see Figure 36). • The following options are available when specifying the reporting period: specify the time interval. In this case, the report will contain information for the specified period starting with the report creation date and time.

  • Page 95: Viewing Reports

    Reports Figure 36. Report template. The Settings tab 9.3. Viewing reports In order to view a report using the file system: Enter the folder where the logs are stored. By default, it is the Reports folder located on the server in the application's data folder. Select and open an html file with the name corresponding to the date and time of report creation in the following format <DD.MM.YYYY_HH-MM-SS>.
  • Page 96 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 37. Viewing reports General scan results The left frame of the report contains the list of the report’s sections (table of contents); the heading and the content of the selected section are displayed in the right frame.
  • Page 97 Reports Open the shortcut menu and use the View report or the analogous command under the Action menu. As the result the last report created based on the selected template will be displayed. Reports are viewed using the default system browser.

  • Page 98: Chapter 10. Application Event Log

    CHAPTER 10. APPLICATION EVENT LOG Kaspersky Anti-Virus allows the user to perform full diagnostic of its operation and to register events in the Microsoft Windows application log in the Kaspersky Anti-Virus application's log. The degree of the completeness of the information entered into the logs depends on the diagnostics levels selected in the application’s settings (see section 10.1, page 99).

  • Page 99: Configuring The Diagnostics Level

    Application event log New records entered into Kaspersky Anti-Virus logs are appended to the end of the newest file. The log size is not restricted. Kaspersky Anti-Virus logs can be viewed by using the file system. By default, logs are stored in the Logs folder. This folder is created in the application's data folder during the installation of the Security Server component.
  • Page 100 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 39. The Diagnostics tab The Diagnostics level for system components section located in the tab contains a table. The left part of the table contains the list of all components included into the structure of the program. The right section of the table displays the groups of the diagnostic messages for the selected component and the diagnostics level for each of the groups.

  • Page 101: Configuring Log Files Settings

    Application event log After you are done with the settings, press the Apply or the OK button. You can restore the default settings by pressing the Restore the default settings button. 10.2. Configuring log files settings In order to configure logs files settings, Select the node corresponding to the required server in the console tree and follow the General settings link in the results pane.

  • Page 102: Chapter 11. License Keys

    CHAPTER 11. LICENSE KEYS When you purchase Kaspersky Anti-Virus, you enter into a license agreement with Kaspersky Lab Ltd. Based on this agreement you are entitled to use this software during the specified period of time to protect the mail traffic received and requested from the number of workstations specified in the license.
  • Page 103 License keys about the expiration date of the currently installed license key. Notification period can be changed (see section 11.3 on page 107). Kaspersky Anti-Virus settings also provide for a possibility to configure notifications of the forthcoming expiration of the license and restrictions of the application's functionality (see Chapter 12 on page 110).

  • Page 104: License Information

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 11.1. License information In order to view the license: Select the node corresponding to the required server in the console tree and follow the General settings link in the results pane. Go to the General tab in the General parameters window that will open (see Figure 40).

  • Page 105: License Key Details

    License keys • license expiry date: • the status of the current license key. • application functionality available based on the current license key: All functions. The application operates as provided for in the license agreement. Updating function is not available. The anti-virus data- base updating feature is not available.
  • Page 106 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 • The type of the license key installed, for example: commercial, trial. • License owner information • License expiration date. • Serial number. • The maximum number of protected workstations. The following license key details are displayed in the Backup li- cense key section.

  • Page 107: License-Related Notifications

    License keys 11.3. License-related notifications The application verifies the compliance with the terms and conditions of the license agreement on a regular basis and each time the anti-virus database is updated. If the following is the case based on the verification results: •...

  • Page 108: Removing A License Key

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 If the current license key is found in the “black list”, the backup key will not be activated. In this case you have to replace the current license key. You can manually install the backup license key as the current key. There is a provision for the replacement of the current license key that prevents the restriction of the application functionality if the replacement is performed as the consecutive procedure of the removal of the old current key and installation...
  • Page 109 License keys Select the node corresponding to the required server in the console tree and follow the General settings link in the results pane. Go to the License keys tab in the General settings window that will open (see Figure 41). On the License keys tab: •...

  • Page 110: Chapter 12. Notifications

    CHAPTER 12. NOTIFICATIONS Notifications about events registered in the operation of the Kaspersky Anti-Virus application can be configured by the use of the in-built notification feature of ® Check Point Firewall-1 . For this the following features must be configured: •...
  • Page 111 Notifications the application functionality at the expiration of the license, restoration of the functionality after the license is renewed. In order to configure notifications made via Kaspersky Anti-Virus: Select the node corresponding to the required server in the console tree and follow the General settings link in the results pane.
  • Page 112 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 An example of a program to be launched is a script file alert.js included in the application distribution package. After the installation of the Security Server file alert.js is saved into the component installation folder in the service folder Scripts.
  • Page 113 Notifications events has its own set of variables, the complete list of variables is provided in Appendix A on page 118.

  • Page 114: Chapter 13. Frequently Asked Questions

    CHAPTER 13. FREQUENTLY ASKED QUESTIONS This chapter is devoted to questions most frequently asked by users regarding the installation, setup, and operation of Kaspersky Anti-Virus. We will try to answer them here in detail. Question: Can Kaspersky Anti-Virus be used with other vendors’ anti- virus software? In order to avoid conflicts we recommend that you remove any third- party anti-virus software before you install Kaspersky Anti-Virus.
  • Page 115 Frequently asked questions only work either for two weeks or for a month. When this period expires, the key will be blocked. Question: What happens when my Kaspersky Anti-Virus license ex- pires? After the expiration of the license, Kaspersky Anti-Virus will continue operating, but anti-virus database updating feature will be disabled.
  • Page 116 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 and can only help you if they fully understand it and have been able to reproduce it. Forward to the technical support service the following data packed in one archive: • the current application events logs produced with the Debug diagnostic level for each application module;...
  • Page 117 Frequently asked questions Question: I use a proxy server and cannot perform updates. What should I do? Failure to receive updates via a proxy server can be attributed to the fol- lowing: • Incorrect network settings. When configuring the update service you can specify the net- work settings using one of the two below methods: using your MS Internet Explorer settings or using custom settings.

  • Page 118: Notification Settings

    APPENDIX A. NOTIFICATION SETTINGS This section contains description of settings passed to the application launched in order to issue notification about a Kaspersky Anti-Virus event (see Chapter 12 on page 110). Settings are passed using Microsoft Windows environment variables. Provided below is the list of events that cause the application to be launched and the list of variables being passed for each event.
  • Page 119 Appendix A Event description Settings passed kav4cpf1_to = <message_recipient> (for SMTP only) kav4cpf1_virus = <virus_name> or <empty> kav4cpf1_error = <er- ror_description> or <empty> kav4cpf1_event = "overflow" Object anti-virus scan notifications queue kav4cpf1_number = <num- overflow ber_of_missed_notifications> kav4cpf1_time = <event_occurrence_time> Anti-virus database updating kav4cpf1_event = "update"...
  • Page 120 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Event description Settings passed Report creation kav4cpf1_event = "report" Report created successfully. kav4cpf1_title = <report_name> (specified in the report set- tings) kav4cpf1_path = <path_to_report_file> kav4cpf1_error = <empty> kav4cpf1_time = <event_occurrence_time> kav4cpf1_event = "report" Error creating report.
  • Page 121 Appendix A Event description Settings passed is restored as the result of the license renewal. kav4cpf1_event = "status" Only management functionality is available. kav4cpf1_error = "disabled" kav4cpf1_time = The event occurs in case <event_occurrence_time> of a violation of the license agreement, trial key expiration or anti- virus database...

  • Page 122: Glossary

    APPENDIX B. GLOSSARY The product's documentation contains terms and concepts specific to the field of anti-virus protection. This glossary contains definitions of such concepts. For your convenience, the terms are arranged in the alphabetic order. А Administrator’s workstation– a computer on which the Management Con- sole (a component of Kaspersky Anti-Virus) is installed.
  • Page 123 Appendix B Black list – a database that contains information about license keys whose owners infringed the terms of the License Agreement and about keys that have been created but, for any reason, have not been sold. The content of the black list is updated on a daily basis. Container object –...
  • Page 124 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 License period– a period of time for which you are granted the right to use all features of Kaspersky Anti-Virus. The license period is determined by the license key; a standard license period is one year after the license key is installed.
  • Page 125 Appendix B Traffic scan – anti-virus scan of e-mail messages received by the server in the real-time mode using the current (latest) version of the anti-virus da- tabase. Virus outbreak counter – a template used to create and issue notifications about a virus outbreak threat.

  • Page 126: Kaspersky Lab

    APPENDIX C. KASPERSKY LAB Founded in 1997, Kaspersky Lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious programs, unsolicited and unwanted e- mail messages, and hacker attacks.

  • Page 127: Other Kaspersky Lab Products

    Appendix C C.1. Other Kaspersky Lab Products ® Kaspersky Anti-Virus Personal ® Kaspersky Anti-Virus Personal has been designed to provide anti-virus protection to personal computers running Microsoft Windows 98/ME or Microsoft Windows 2000/NT/XP against all known viruses, including potentially dangerous software.
  • Page 128 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 unique second-generation heuristic analyzer efficiently detects unknown viruses. A simple and convenient interface allows users to configure the program quickly making work with it easier than ever. ® Kaspersky Anti-Virus Personal Pro has the following features: •...
  • Page 129 Appendix C ® Kaspersky Personal Security Suite ® Kaspersky Personal Security Suite is a software suite designed for organizing comprehensive protection of personal computers running Microsoft Windows. The suite prevents malicious and potentially dangerous programs from penetrating through any possible data sources and protects you from unauthorized attempts to access your computer’s data, as well as blocking spam.
  • Page 130 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 • Save a report on the scanning results in txt or html formats. ® Kaspersky OnLine Scanner Pro This program is a subscription service available to visitors of the corporate website allowing to perform efficient anti-virus scan of your computer and disinfection of infected files online.
  • Page 131 Appendix C • System restoration after malicious spyware influence accomplished due to recording of all changes in the registry and computer file system and an opportunity to perform their roll-back at user's discretion. ® Kaspersky Internet Security 6.0 ® Kaspersky Internet Security 6.0 is an integrated solution for protection of personal computers against the main information-related threats, i.e.
  • Page 132 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 • Verification against black and white lists of recipients (including addresses of phishing sites). • Inspection of phrases in message body. • Analysis of message text using a self-learning algorithm. • Recognition of spam sent in image files. ®...
  • Page 133 Appendix C You are free to choose from any of these anti-virus applications, according to the operating systems and applications you use. ® Kaspersky Corporate Suite This package provides corporate networks of any size and complexity with comprehensive, scalable anti-virus protection. The package components have been developed to protect every tier of a corporate network, even in mixed ®...

  • Page 134: Contact Us

    ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Installed at the entrance to a network, where it monitors incoming e-mail traffic ® streams for spam, Kaspersky Anti-Spam acts as a barrier to unsolicited e-mail. The product is compatible with any mail system and can be installed on either an existing mail server or a dedicated one.
  • Page 135 Appendix C any matters related to our product by phone or via email. All of your recommendations and suggestions will be thoroughly reviewed and considered. Technical Please find the technical support information at support http://www.kaspersky.com/supportinter.html General WWW: http://www.kaspersky.com information http://www.viruslist.com Email: info@kaspersky.com ©...

  • Page 136: License Agreement

    APPENDIX D. LICENSE AGREEMENT End User License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LE- GAL AGREEMENT ("AGREEMENT") FOR THE LICENSE OF SPECI- FIED SOFTWARE ("SOFTWARE") PRODUCED BY KASPERSKY LAB ("KASPERSKY LAB"). IF YOU HAVE PURCHASED THIS SOFTWARE VIA THE INTERNET BY CLICKING THE ACCEPT BUTTON, YOU (EITHER AN INDIVIDUAL OR A SINGLE LEGAL ENTITY) CONSENT TO BE BOUND BY AND BE- COME PARTY TO THIS AGREEMENT.
  • Page 137 Appendix D THIS CASE, KASPERSKY LAB WILL NOT BE HELD BY THE PART- NER'S CLAUSES. THE RIGHT TO RETURN AND REFUND EXTENDS ONLY TO THE ORIGINAL PURCHASER. All references to "Software" herein shall be deemed to include the software activation key ("Key Identification File") with which you will be provided by Kaspersky Lab as part of the Software.
  • Page 138 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 steps to achieve interoperability, provided that you only reverse engineer or decompile the Software to the extent permitted by law. 1.1.4 You shall not make error corrections to, or otherwise modify, adapt, or translate the Software, nor create derivative works of the Software, nor permit any third party to copy the Software (other than as expressly permitted herein).
  • Page 139 Appendix D described herein. Upon any termination or expiration of this Agreement, you must immediately destroy all copies of the Software and the Documentation. You may terminate this Agreement at any point by destroying all copies of the Software and the Documentation. 3.
  • Page 140 ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 You shall implement reasonable security measures to protect such confidential information, but without limitation to the foregoing shall use best endeavours to maintain the security of the Key Identification File. 6. Limited Warranty. (i) Kaspersky Lab warrants that for six (6) months from first download or installation the Software purchased on a physical medium will perform substantially in accordance with the functionality described in the Documentation...
  • Page 141 Appendix D (whether such losses or damage were foreseen, foreseeable, known or otherwise): (a) Loss of revenue; (b) Loss of actual or anticipated profits (including for loss of profits on contracts); (c) Loss of the use of money; (d) Loss of anticipated savings; (e) Loss of business;...

Table of Contents