Table of Contents CHAPTER 1. INTRODUCTION ..................6 1.1. Computer viruses and malicious software............6 1.2. Purpose, main functions and structure of Kaspersky Anti-Virus......8 1.3. What's new in version 5.5? ................. 10 1.4. Software and hardware requirements ..............11 1.5.
Page 4
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 5.7. Protection without additional configuration ............47 5.8. Verifying the application performance ..............48 5.8.1. Test “virus” EICAR and its modifications ............. 48 5.8.2. Testing the HTTP traffic protection .............. 49 5.8.3. Testing the SMTP traffic protection.............. 49 5.8.4.
CHAPTER 1. INTRODUCTION The main source of viruses today is the global Internet. Most virus infections happen via e-mail. The facts that almost every computer has e-mail client applications installed and that malicious programs are able to take a full advantage of software address books in order to find new victims are favorable factors for the distribution of malware.
Page 7
Introduction • Viruses –programs that infect other programs by adding their code to the infected program's code in order to gain control when infected files are run. This simple definition helps determine that the major action a virus performs is infecting computer programs. Viruses spread somewhat slower than worms.
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 • Automatic dialers (Pornware) - programs that establish modem connection with various pay-per-visit internet (as a rule, pornographic) websites. • Hacking tools - tools used by hackers to obtain access to the user's computer.
Page 9
Introduction • creates list of objects that will not be scanned for viruses. • saves backup copies of objects to a special storage before disinfecting, deleting or blocking the object for the consequent restoring which pre- vents the loss of data. Configurable filters allow to easily locate the origi- nal copies of objects.
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 agement module is implemented as the extension of the Microsoft Man- agement Console (MMC). 1.3. What's new in version 5.5? ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 has the following distinctions from the previous version: •...
Introduction log and in the application's logs. An ability to configure the degree of in- formation completeness and the extent of detail has been added. Logs can be viewed using the Microsoft Windows Events Viewer tool and standard text editors, such as Notepad. •...
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 • Microsoft Windows Server 2003 Enterprise Edition or higher. Management console: • Hardware requirements: • processor Intel Pentium II 300 MHz or higher; • 256 MB RAM; • 10 MB free disk space. •...
Introduction 1.5.1. License Agreement License Agreement is a legal contract between you and Kaspersky Lab Ltd., which contains the terms and conditions, on which you may use the anti-virus product you have purchased. Read the License Agreement carefully! If you do not agree with the terms of the license agreement, you can return Kaspersky Anti-Virus to your dealer for a full refund.
Page 14
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Format feature Meaning/Usage Bold font Titles of menus, menu items, windows, dialog boxes and their elements, etc. Additional information, notes Note Information requiring special attention Attention! Description of the successive user's In order to perform, steps and possible actions Step 1.
CHAPTER 2. OPERATION OF KASPERSKY ANTI-VIRUS ® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 acts as a filter: processes data, transferred over HTTP, FTP and SMTP protocols, identifies monitored objects, analyzes them for the presence of malicious code and blocks attempts of infected files and web documents to penetrate the local network.
Page 16
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Install the Security Server component on the computer that has a TCP/IP connection to the computer where the Check Point ® Firewall-1 application is installed. The installation is performed from the installation CD. ®...
Operation of Kaspersky Anti-Virus • Fine-tune the anti-virus database update settings (see Chapter 6, page 51). • Verify the correctness of the settings and of the Anti-Virus operation using a test "virus" EICAR (see section 5.8, page 48). • Configure the event logs and reports settings (see Chapter 10, page 98 and Chapter 9, page 89).
CHAPTER 3. INSTALLING AND REMOVING THE APPLICATION Before the installation of Kaspersky Anti-Virus, make sure that the software and hardware of the computers used meet the installation requirements. The minimum allowable configuration is described in section 1.4, page 2. For installation of Kaspersky Anti-Virus 5.5 for Check Point Firewall- ®...
Installing and removing the application 3.1.1. First-time installation In order to install Kaspersky Anti-Virus, run the executable file from the installation CD. The installation process will be facilitated by the setup wizard. Setup wizard will offer you to configure the installation settings and start the installation.
Page 20
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Step 4. Selecting application components to be installed If you selected the custom installation option, specify application components to be installed on your computer. You can also change the default folder into which they will be installed.
Page 21
Installing and removing the application Note that databases used by the application are created only once, during the installation of the Security Server. If you decide change the application data folder, then in order to ensure the correct data transfer into the new folder, the entire content of the old folder shall be copied, including the subfolders structure and the names of the subfolders shall remain intact.
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 If, at the time of the installation, you still do not have the license key (for example you ordered it from Kaspersky Lab via internet but have not received it yet), you can install it later when you run the application for the first time using the Management Console.
CHAPTER 4. INTEGRATION OF KASPERSKY ANTI-VIRUS WITH CHECK POINT FIREWALL-1 ® The process of integration of Kaspersky Anti-Virus with Check Point Firewall- ® is a standard procedure for OPSEC applications and involves two steps: ® Registration of the Security Server with Check Point Firewall-1 as an OPSEC application.
Page 24
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 1. Creating a Security Server network object When creating a new object, that is an OPSEC application (OPSEC Application/New) in the General tab of the OPSEC Application Properties settings configuration window (see Figure 2), perform the following: •...
Page 25
Integration of Kaspersky Anti-Virus with Check Point • In the Server Entities and Client Entities sections, select CVP, AMON and ELA as protocols supported by the application. Configuring the protocols settings is not required. Kaspersky Anti-Virus uses the default Check Point ®...
Page 26
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Setup a secure connection of the Security Server to Check Point ® Firewall-1 (Secure Internal Communications). The following will be created as the result: • key to obtain a Security Server certificate; •...
Page 27
Integration of Kaspersky Anti-Virus with Check Point Figure 3. Creating a URI-resource. The CVP tab • to create an FTP resource check the GET and the PUT boxes in the Methods section on the Match tab (see Figure 4);...
Page 28
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 4. Creating an FTP resource. The Match tab • to create a URI resource, select the Enforce URI capabilities option in the Use this resource to section on the General tab (see Figure 5).
Page 29
Integration of Kaspersky Anti-Virus with Check Point Figure 5. Creating a URI resource. The General tab In order to increase the efficiency of the anti-virus scan, specify the following settings values on the CVP tab (see Figure 3): • Check the CVP server is allowed to modify content box for URI-, SMTP- and FTP-resources.
Page 30
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 • Select the Return data before content is approved option in the Reply Order section for URI, SMTP and FTP resource. This parameter determines the possibility of early data transfer to the user before this data is scanned (see section 7.4, page 65).
Page 31
Integration of Kaspersky Anti-Virus with Check Point Figure 6. Configuring the SMTP resource settings. The Action2 tab...
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 ® Figure 7. Configuring the settings of Check Point Firewall-1 Restricting the message size 4.2. Obtaining a Security Server certificate Obtaining the certificate is a standard procedure for applications integrated with ® Check Point Firewall-1 .
Page 33
Integration of Kaspersky Anti-Virus with Check Point The settings will be assigned values set during the registration of the Security ® Server with Check Point Firewall-1 (see section 4.1, page 23). In order to obtain the Security Server certificate: run executable file opsec_pull_cert.exe included into the Kaspersky Anti-Virus distribution kit on the computer on which the Security Server is installed using the command line with the following keys: opsec_pull_cert.exe –h <IP address>...
CHAPTER 5. STARTING USING THE APPLICATION 5.1. Starting the application The server part of the application, the Security Server, is launched automatically at the startup of the operating system on the computer on which the Security System is installed. If the settings used for the interaction of the Security Server ®...
Page 35
Starting using the application Figure 8. Main application window ® The Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 namespace contains the list of monitored servers (that is, computers that are monitored by Kaspersky Anti-Virus via this console) in the form of nodes. Immediately after the installation of the Management Console the namespace does not contain any elements.
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 If the connection to the monitored server was established, the <Computer name> node will include nested folders; each of these folders will be used for managing a particular function of the application. •...
Starting using the application Additional shortcut menu commands are also provided for report templates and for the backup storage: • using the Create a report command you can create a report based on the selected template and save it as a file; •...
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 In order to establish connection between the Management Console and the Security Server when adding the server, check the Con- nect now box (details see section 5.4. page 38). The Security Server component must be installed on the se- lected computer in order to ensure connection.
Starting using the application component installed on the monitored server. The application will then receive information from the server and display it as the console tree. In order to connect to the Security Server select the node that corresponds to the server you need in the console tree, open the shortcut menu and select the Connect to the server command or use the corresponding item in the Action menu.
Page 40
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Connecting applications using a secured protocol is recommended by Check Point company. By default, Kaspersky Anti-Virus uses a secured connection protocol ® and the default Check Point Firewall-1 settings. The interaction between the applications is provided using three protocols. CVP and AMON protocols are used by the Security Server when it is expecting the ®...
Page 41
Starting using the application • the port number on the Security Server that will be used to ® receive requests for connection from Check Point Firewall-1 By default, these are port 18181 for CVP protocol and port 18193 for AMON protocol. •...
Page 42
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 • ELA Server: NetBIOS name or the full domain name (FQDN) or the IP address of the computer, on which Check Point ® Firewall-1 is installed, • ELA SIC-Server name. the internal SIC name of Check ®...
Page 43
Starting using the application Figure 10. Configuring OPSEC settings The Connection tab In order to specify settings required to configure connection between ® Kaspersky Anti-Virus and Check Point Firewall-1 that are not included in the Connection tab, press the Advanced button. This will open the Configuring additional OPSEC settings window (see Figure 11).
Page 44
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 For detailed information about secure connection types and default values for various versions of Check Point Firewall- ® visit the Check Point corporate website at: http://www.opsec.com/developer/gw_comm_mode.html Figure 11. Configuring additional OPSEC settings Select the Parameters tab (see Figure 12).
Page 45
Starting using the application Do not notify option if you do not want notifications to be issued. Specify the frequency for the Security Server to attempt to ® restore the connection with Check Point Firewall-1 if the connection fails, in the Try to connection every field. Information about the events that happened while the con- nection was out, will be transferred to Check Point Fire-...
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 12. OPSEC setting configuration. The Parameters tab After you are done with the settings, press the Apply or the OK button. You can restore the default settings by pressing the Restore the default settings button.
Starting using the application 5.7. Protection without additional configuration The anti-virus protection will start operating immediately after the parameters for the interaction between Kaspersky Anti-Virus and Check Point Fiewall-1 are configured. The default operation mode of the Anti-Virus is as follows: •...
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 The message sent by you contains an infected object <virus name>. The message has been blocked. Suspicious, protected and corrupted objects will be delivered to the user intact. • The anti-virus database is updated hourly via internet from the Kaspersky Lab's HTTP and FTP updates servers.
Starting using the application X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS- TEST-FILE!$H+H* The file downloaded from the EICAR website or created as described above contains the body of a standard test “virus”. Kaspersky Anti-Virus will detect it, assign it the Infected category and apply the action defined by the administrator for processing objects of this type.
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Kaspersky Anti-Virus will detect this object, identify it as infected and will perform an action specified in the SMTP traffic scan settings as the default action for this type of objects (see section 5.7, page 47): •...
CHAPTER 6. UPDATING THE ANTI-VIRUS DATABASE Users of Kaspersky Lab's products can update the anti-virus database used by Kaspersky Anti-Virus to detect malware and to disinfect infected objects. Kaspersky Lab's anti-virus database contains the description of the following objects categories: a.
Page 52
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Categories of objects that will be detected by the Anti-Virus in the traffic passing through the firewall will be determined by the selected level of the anti-virus protection (see section 7.2, page 63). As new malicious programs are created daily, it is extremely important that you maintain your anti-virus database up-to-date.
Page 53
Updating the anti-virus database Figure 13. Anti-virus database updates settings window. Configuring internet updates downloading For automatic updates, create an updates downloading schedule (details see section 6.3, page 56). If updates are required immediately, press the Update now button (details see section 6.4, page 57) to download the updates manually.
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 6.1. Downloading updates from the internet In order to ensure that Kaspersky Anti-Virus receives the anti-virus da- tabase updates from the internet, Select the node corresponding to the required server in the console tree and follow the Anti-virus scan link in the results pane.
Updating the anti-virus database • If you connect to the internet using a proxy server, check the Use proxy server box and specify the connection settings: address and number of the port used for connection. If you use a password in order to access the proxy server, specify the proxy user's authentication settings.
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 updates source and enter the path to the required folder in the corresponding field manually or using the Browse button. After you are done with the settings, press the Apply or the OK button.
Updating the anti-virus database After you are done with the settings, press the Apply or the OK button. You can restore the default settings by pressing the Restore the default settings button. As a result, the application will be automatically updating the anti-virus database at the specified interval and in accordance with the specified settings.
CHAPTER 7. ANTI-VIRUS PROTECTION The main task of Kaspersky Anti-Virus is scanning mail traffic passing through ® Check Point Firewall-1 and disinfecting or blocking e-mail messages using the information contained in the current (latest) version of the anti-virus database. Depending on the anti-virus protection level (see section 7.1, page 60) the application can detect: •...
Page 59
Anti-virus protection Kaspersky Anti-Virus allows the user to configure notifications about the results of the anti-virus scan of objects (see Chapter 12 on page 110). When scanning e-mail messages transferred via SMTP protocol the program scans the body of the message and all attached files of any format. It is to be noted that Kaspersky Anti-Virus distinguishes between simple objects (the message body, simple attachment, for example an executable file) and containers (consisting of several objects, for example an archive, a message with...
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 object is not infected, the rest of the information will be transferred to the user. Otherwise, the application will break the connection with the source and display a message informing the user that the information can not be downloaded. The object will be processed using the anti-virus scan settings and information about such objects will be logged in the events log and in the report.
Anti-virus protection You can configure notifications about the detection of infected, suspicious, protected and corrupted objects (see Chapter 12 on page 110). No notification is made about objects that are not infected. Before the processing, a copy of the object can be saved in the backup storage to be restored or deleted later.
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 7.1.2. Actions performed with objects transferred via FTP protocol The following actions can be performed to disinfect infected objects detected during the scan of data transferred via FTP protocol. • Disinfect – disinfect and pass the object to the user, once disinfected. If the object cannot be disinfected, apply the action specified for objects that cannot be disinfected.
Anti-virus protection The selected action will be applied to the entire message irrespective of whether an infected, suspicious, protected or corrupted object is detected in the message body or in one of the attached files. Copies of clean and skipped objects can also be saved in the backup storage. 7.2.
Page 64
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 It is to be noted that disabling the anti-virus server protection consid- erably increases the risk of malware penetration via the firewall. We do not recommend disabling the anti-virus protection for a long time. In order to enable or disable the anti-virus protection or to change its level, Select the node corresponding to the required server in the console...
Anti-virus protection Figure 16. Enabling anti-virus protection 7.4. Scanning HTTP traffic In order to configure the settings for scanning data transferred via HTTP protocol: Select the node corresponding to the required server in the console tree and follow the HTTP traffic settings link in the results pane.
Page 66
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 • transfer of information, downloaded from the source in parts, to the user. • Transfer of data that does not include service information to the user. Figure 17. HTTP traffic scan settings The Settings tab •...
Page 67
Anti-virus protection sending interval field. The value of this setting is set based on the parameters of the client program and shall not exceed the time period after which the client displays a message about the failed attempt to connect to the specified address. The suggested default value is 10 seconds.
Page 68
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 18. HTTP traffic scan settings. The Actions tab Specify which actions will be performed upon detection of infected, suspicious, protected and corrupted objects on the Actions tab (see Figure 18). Determine the order of processing for each status individually.
Page 69
Anti-virus protection When the Save copies of clean and passed objects check box is selected, the Disinfect, save a copy action will be applied to all in- fected objects instead of the Disinfect action. The original copies of disinfected objects and the objects that cannot be disinfected will also be saved if the Skip, make no changes action is selected for such ob- jects.
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 20. HTTP traffic scan settings The Exclusions tab In order to apply the changes, press the Apply or the OK button. You can restore the default settings by pressing the Restore the default settings button.
Page 71
Anti-virus protection This will open the FTP scan settings window (see Figure 21). Configure the anti-virus operation settings for scanning FTP traffic on the tabs of this window. The settings are configured similarly to the settings used for HTTP traffic. (see section 7.4, page 65). Figure 21.
Page 72
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 22. FTP traffic scan settings. The Actions tab On the Exclusions tab (see Figure 23) provide the list of objects that will not be scanned for the presence of malicious code. In order to do this, check boxes next to the corresponding types of objects in the list...
Anti-virus protection Figure 23. FTP traffic scan settings. The Exclusions tab In order to apply the changes, press the Apply or the OK button. You can restore the default settings by pressing the Restore the default settings button. In order to disable scanning data transferred via FTP protocol: uncheck the Scan FTP traffic box on the Settings tab of the FTP scan settings window (see Figure 21) and press the Apply or the OK button.
Page 74
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 In order to ensure that traffic will be scanned, check the Scan SMTP traffic box (see Figure 24) on the Settings tab. Figure 24 SMTP traffic scan settings The Settings tab Specify which actions will be performed upon detection of infected, suspicious, protected and corrupted objects on the Actions tab (see Figure 25).
Anti-virus protection Figure 25 SMTP traffic scan settings The Actions tab In order to apply the changes, press the Apply or the OK button. You can restore the default settings by pressing the Restore the default settings button. In order to disable scanning data transferred via SMTP protocol: uncheck the Scan SMTP traffic box on the Settings tab of the SMTP scan settings window (see Figure 24) and press the Apply or the OK button.
Page 76
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Select the Performance tab in the Anti-virus protection window that will open (see Figure 26) and specify the values for the settings displayed on this tab. Figure 26. Kaspersky Anti-Virus Performance settings •...
Page 77
Anti-virus protection graphic objects less than 2 MB; all other objects (except applications) less than 256 KB. • The maximum number of objects scanned in RAM without saving to the working folder on the hard drive. You can set this value in the range between 1 to 1000.
Page 78
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 As archives are a type of containers, the restrictions to scan- ning containers apply to archives as well. If you impose a restriction on scanning containers, the same nesting level restrictions will be applied to archives (if ar- chives have not been explicitly excluded from the scan ).
CHAPTER 8. BACKUP STORAGE Kaspersky Anti-Virus allows saving a backup copy of an infected object before processing. A copy of such object is created in the backup storage. Later such object stored in the backup storage can be restored (see section 8.3, page 84) or deleted (see section 8.4, page 86).
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 For convenient viewing, search for information in the backup storage and for structuring the storage the application includes configurable user filters (see section 8.2, page 81). Filters, created for the backup storage, can be viewed in the Backup Storage folder as subfolders under names assigned by the administrator when the filters were created.
Backup storage • To. IP address of the computer from which the object was requested or e-mail address of the recipient for objects transferred via SMTP protocol. • Size. Object’s size in bytes. • Status. Status assigned to the object as a result of the anti- infected, disinfected, suspicious,...
Page 82
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 28. Creating a filter Specify a name under which the filter will be saved in the Backup Storage folder. Specify the parameter values that will be used to perform the search for (filtering of) objects stored in the backup storage. You can specify any number of parameters.
Page 83
Backup storage • HTTP, FTP address of the source of the subject of the message for objects transferred via SMTP protocol; • time interval during which the object was detected. After you are done with the settings press the Apply or the OK button.
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 29. Configuring filter Change the values of the filter's parameters as required. In order to apply the changes, press the Apply or the OK button. For exit without saving the changes made, press the Cancel button. As a result, the information displayed in the results pane will be updated according to the new values of the filter's parameters.
Page 85
Backup storage As a result of these actions the object will be moved from the backup storage into the specified folder and saved with the specified name. The restored object will have the same format as it had when it first processed by Kaspersky Anti-Virus.
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 31. Restoring an object from the backup storage 8.4. Deleting objects from the backup storage The following objects are automatically deleted from the backup storage: • objects for which the storage period has expired; •...
Backup storage Select the object you wish to delete in the table displaying the content of the backup storage (see Figure 27). You can use filters for searching for the object (see section 8.2, page 81). Open the shortcut menu and use the Delete command or the analogous command under the Action menu.
Page 88
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 32. Configuring the backup storage settings In order to apply the changes, press the Apply or the OK button. For exit without saving the changes made, press the Cancel button. You can restore the default settings by pressing the Restore the default settings button.
CHAPTER 9. REPORTS Kaspersky Anti-Virus allows receiving reports about the results of the anti-virus traffic scan. Reports contain information registered during a certain period of time and provide information about: • general scan results • the total number of scanned objects: •...
Page 90
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 33. The Report templates folder Apart from the template name the table contains the following information for each template: • Status: status of the report created based on the template. • Expected: date and time of creation of the next report according to the schedule or on-demand, if the automatic report creation is disabled.
Reports 9.1. Creating reports In order to create an anti-virus scan report: Create a report template (see section 9.2, page 92) or select an existing template. Check the Create report box on the General tab of the report template configuration window (see Figure 35). As a result, a new report will be created within intervals specified in the schedule.
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Open the shortcut menu and use the Properties command or the analogous command under the Action menu. In the Properties: Report templates window that will open (see Figure 34): Figure 34. Configuring the reports settings •...
Page 93
Reports Open the shortcut menu and use the Create a report template or the analogous command under the Action menu. As a result, a report template settings window <New report template> will open (see Figure 35); this window consists of the following tabs: General and Parameters.
Page 94
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Specify the reporting period and the report creation schedule set- tings in the Settings tab (see Figure 36). • The following options are available when specifying the reporting period: specify the time interval. In this case, the report will contain information for the specified period starting with the report creation date and time.
Reports Figure 36. Report template. The Settings tab 9.3. Viewing reports In order to view a report using the file system: Enter the folder where the logs are stored. By default, it is the Reports folder located on the server in the application's data folder. Select and open an html file with the name corresponding to the date and time of report creation in the following format <DD.MM.YYYY_HH-MM-SS>.
Page 96
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 37. Viewing reports General scan results The left frame of the report contains the list of the report’s sections (table of contents); the heading and the content of the selected section are displayed in the right frame.
Page 97
Reports Open the shortcut menu and use the View report or the analogous command under the Action menu. As the result the last report created based on the selected template will be displayed. Reports are viewed using the default system browser.
CHAPTER 10. APPLICATION EVENT LOG Kaspersky Anti-Virus allows the user to perform full diagnostic of its operation and to register events in the Microsoft Windows application log in the Kaspersky Anti-Virus application's log. The degree of the completeness of the information entered into the logs depends on the diagnostics levels selected in the application’s settings (see section 10.1, page 99).
Application event log New records entered into Kaspersky Anti-Virus logs are appended to the end of the newest file. The log size is not restricted. Kaspersky Anti-Virus logs can be viewed by using the file system. By default, logs are stored in the Logs folder. This folder is created in the application's data folder during the installation of the Security Server component.
Page 100
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Figure 39. The Diagnostics tab The Diagnostics level for system components section located in the tab contains a table. The left part of the table contains the list of all components included into the structure of the program. The right section of the table displays the groups of the diagnostic messages for the selected component and the diagnostics level for each of the groups.
Application event log After you are done with the settings, press the Apply or the OK button. You can restore the default settings by pressing the Restore the default settings button. 10.2. Configuring log files settings In order to configure logs files settings, Select the node corresponding to the required server in the console tree and follow the General settings link in the results pane.
CHAPTER 11. LICENSE KEYS When you purchase Kaspersky Anti-Virus, you enter into a license agreement with Kaspersky Lab Ltd. Based on this agreement you are entitled to use this software during the specified period of time to protect the mail traffic received and requested from the number of workstations specified in the license.
Page 103
License keys about the expiration date of the currently installed license key. Notification period can be changed (see section 11.3 on page 107). Kaspersky Anti-Virus settings also provide for a possibility to configure notifications of the forthcoming expiration of the license and restrictions of the application's functionality (see Chapter 12 on page 110).
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 11.1. License information In order to view the license: Select the node corresponding to the required server in the console tree and follow the General settings link in the results pane. Go to the General tab in the General parameters window that will open (see Figure 40).
License keys • license expiry date: • the status of the current license key. • application functionality available based on the current license key: All functions. The application operates as provided for in the license agreement. Updating function is not available. The anti-virus data- base updating feature is not available.
Page 106
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 • The type of the license key installed, for example: commercial, trial. • License owner information • License expiration date. • Serial number. • The maximum number of protected workstations. The following license key details are displayed in the Backup li- cense key section.
License keys 11.3. License-related notifications The application verifies the compliance with the terms and conditions of the license agreement on a regular basis and each time the anti-virus database is updated. If the following is the case based on the verification results: •...
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 If the current license key is found in the “black list”, the backup key will not be activated. In this case you have to replace the current license key. You can manually install the backup license key as the current key. There is a provision for the replacement of the current license key that prevents the restriction of the application functionality if the replacement is performed as the consecutive procedure of the removal of the old current key and installation...
Page 109
License keys Select the node corresponding to the required server in the console tree and follow the General settings link in the results pane. Go to the License keys tab in the General settings window that will open (see Figure 41). On the License keys tab: •...
CHAPTER 12. NOTIFICATIONS Notifications about events registered in the operation of the Kaspersky Anti-Virus application can be configured by the use of the in-built notification feature of ® Check Point Firewall-1 . For this the following features must be configured: •...
Page 111
Notifications the application functionality at the expiration of the license, restoration of the functionality after the license is renewed. In order to configure notifications made via Kaspersky Anti-Virus: Select the node corresponding to the required server in the console tree and follow the General settings link in the results pane.
Page 112
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 An example of a program to be launched is a script file alert.js included in the application distribution package. After the installation of the Security Server file alert.js is saved into the component installation folder in the service folder Scripts.
Page 113
Notifications events has its own set of variables, the complete list of variables is provided in Appendix A on page 118.
CHAPTER 13. FREQUENTLY ASKED QUESTIONS This chapter is devoted to questions most frequently asked by users regarding the installation, setup, and operation of Kaspersky Anti-Virus. We will try to answer them here in detail. Question: Can Kaspersky Anti-Virus be used with other vendors’ anti- virus software? In order to avoid conflicts we recommend that you remove any third- party anti-virus software before you install Kaspersky Anti-Virus.
Page 115
Frequently asked questions only work either for two weeks or for a month. When this period expires, the key will be blocked. Question: What happens when my Kaspersky Anti-Virus license ex- pires? After the expiration of the license, Kaspersky Anti-Virus will continue operating, but anti-virus database updating feature will be disabled.
Page 116
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 and can only help you if they fully understand it and have been able to reproduce it. Forward to the technical support service the following data packed in one archive: • the current application events logs produced with the Debug diagnostic level for each application module;...
Page 117
Frequently asked questions Question: I use a proxy server and cannot perform updates. What should I do? Failure to receive updates via a proxy server can be attributed to the fol- lowing: • Incorrect network settings. When configuring the update service you can specify the net- work settings using one of the two below methods: using your MS Internet Explorer settings or using custom settings.
APPENDIX A. NOTIFICATION SETTINGS This section contains description of settings passed to the application launched in order to issue notification about a Kaspersky Anti-Virus event (see Chapter 12 on page 110). Settings are passed using Microsoft Windows environment variables. Provided below is the list of events that cause the application to be launched and the list of variables being passed for each event.
Page 120
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Event description Settings passed Report creation kav4cpf1_event = "report" Report created successfully. kav4cpf1_title = <report_name> (specified in the report set- tings) kav4cpf1_path = <path_to_report_file> kav4cpf1_error = <empty> kav4cpf1_time = <event_occurrence_time> kav4cpf1_event = "report" Error creating report.
Page 121
Appendix A Event description Settings passed is restored as the result of the license renewal. kav4cpf1_event = "status" Only management functionality is available. kav4cpf1_error = "disabled" kav4cpf1_time = The event occurs in case <event_occurrence_time> of a violation of the license agreement, trial key expiration or anti- virus database...
APPENDIX B. GLOSSARY The product's documentation contains terms and concepts specific to the field of anti-virus protection. This glossary contains definitions of such concepts. For your convenience, the terms are arranged in the alphabetic order. А Administrator’s workstation– a computer on which the Management Con- sole (a component of Kaspersky Anti-Virus) is installed.
Page 123
Appendix B Black list – a database that contains information about license keys whose owners infringed the terms of the License Agreement and about keys that have been created but, for any reason, have not been sold. The content of the black list is updated on a daily basis. Container object –...
Page 124
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 License period– a period of time for which you are granted the right to use all features of Kaspersky Anti-Virus. The license period is determined by the license key; a standard license period is one year after the license key is installed.
Page 125
Appendix B Traffic scan – anti-virus scan of e-mail messages received by the server in the real-time mode using the current (latest) version of the anti-virus da- tabase. Virus outbreak counter – a template used to create and issue notifications about a virus outbreak threat.
APPENDIX C. KASPERSKY LAB Founded in 1997, Kaspersky Lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious programs, unsolicited and unwanted e- mail messages, and hacker attacks.
Appendix C C.1. Other Kaspersky Lab Products ® Kaspersky Anti-Virus Personal ® Kaspersky Anti-Virus Personal has been designed to provide anti-virus protection to personal computers running Microsoft Windows 98/ME or Microsoft Windows 2000/NT/XP against all known viruses, including potentially dangerous software.
Page 128
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 unique second-generation heuristic analyzer efficiently detects unknown viruses. A simple and convenient interface allows users to configure the program quickly making work with it easier than ever. ® Kaspersky Anti-Virus Personal Pro has the following features: •...
Page 129
Appendix C ® Kaspersky Personal Security Suite ® Kaspersky Personal Security Suite is a software suite designed for organizing comprehensive protection of personal computers running Microsoft Windows. The suite prevents malicious and potentially dangerous programs from penetrating through any possible data sources and protects you from unauthorized attempts to access your computer’s data, as well as blocking spam.
Page 130
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 • Save a report on the scanning results in txt or html formats. ® Kaspersky OnLine Scanner Pro This program is a subscription service available to visitors of the corporate website allowing to perform efficient anti-virus scan of your computer and disinfection of infected files online.
Page 131
Appendix C • System restoration after malicious spyware influence accomplished due to recording of all changes in the registry and computer file system and an opportunity to perform their roll-back at user's discretion. ® Kaspersky Internet Security 6.0 ® Kaspersky Internet Security 6.0 is an integrated solution for protection of personal computers against the main information-related threats, i.e.
Page 132
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 • Verification against black and white lists of recipients (including addresses of phishing sites). • Inspection of phrases in message body. • Analysis of message text using a self-learning algorithm. • Recognition of spam sent in image files. ®...
Page 133
Appendix C You are free to choose from any of these anti-virus applications, according to the operating systems and applications you use. ® Kaspersky Corporate Suite This package provides corporate networks of any size and complexity with comprehensive, scalable anti-virus protection. The package components have been developed to protect every tier of a corporate network, even in mixed ®...
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Installed at the entrance to a network, where it monitors incoming e-mail traffic ® streams for spam, Kaspersky Anti-Spam acts as a barrier to unsolicited e-mail. The product is compatible with any mail system and can be installed on either an existing mail server or a dedicated one.
APPENDIX D. LICENSE AGREEMENT End User License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LE- GAL AGREEMENT ("AGREEMENT") FOR THE LICENSE OF SPECI- FIED SOFTWARE ("SOFTWARE") PRODUCED BY KASPERSKY LAB ("KASPERSKY LAB"). IF YOU HAVE PURCHASED THIS SOFTWARE VIA THE INTERNET BY CLICKING THE ACCEPT BUTTON, YOU (EITHER AN INDIVIDUAL OR A SINGLE LEGAL ENTITY) CONSENT TO BE BOUND BY AND BE- COME PARTY TO THIS AGREEMENT.
Page 137
Appendix D THIS CASE, KASPERSKY LAB WILL NOT BE HELD BY THE PART- NER'S CLAUSES. THE RIGHT TO RETURN AND REFUND EXTENDS ONLY TO THE ORIGINAL PURCHASER. All references to "Software" herein shall be deemed to include the software activation key ("Key Identification File") with which you will be provided by Kaspersky Lab as part of the Software.
Page 138
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 steps to achieve interoperability, provided that you only reverse engineer or decompile the Software to the extent permitted by law. 1.1.4 You shall not make error corrections to, or otherwise modify, adapt, or translate the Software, nor create derivative works of the Software, nor permit any third party to copy the Software (other than as expressly permitted herein).
Page 139
Appendix D described herein. Upon any termination or expiration of this Agreement, you must immediately destroy all copies of the Software and the Documentation. You may terminate this Agreement at any point by destroying all copies of the Software and the Documentation. 3.
Page 140
® Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 You shall implement reasonable security measures to protect such confidential information, but without limitation to the foregoing shall use best endeavours to maintain the security of the Key Identification File. 6. Limited Warranty. (i) Kaspersky Lab warrants that for six (6) months from first download or installation the Software purchased on a physical medium will perform substantially in accordance with the functionality described in the Documentation...
Page 141
Appendix D (whether such losses or damage were foreseen, foreseeable, known or otherwise): (a) Loss of revenue; (b) Loss of actual or anticipated profits (including for loss of profits on contracts); (c) Loss of the use of money; (d) Loss of anticipated savings; (e) Loss of business;...