KAPERSKY ANTI-VIRUS 6.0 User Manual

Hide thumbs Also See for ANTI-VIRUS 6.0:
Table of Contents

Advertisement

Quick Links

KASPERSKY LAB
®
Kaspersky
Anti-Virus 6.0
USER GUIDE

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ANTI-VIRUS 6.0 and is the answer not in the manual?

Questions and answers

Summary of Contents for KAPERSKY ANTI-VIRUS 6.0

  • Page 1 KASPERSKY LAB ® Kaspersky Anti-Virus 6.0 USER GUIDE...
  • Page 2 K A S P E R S K Y A N T I - V I R U S 6 . 0 User Guide © Kaspersky Lab http://www.kaspersky.com Revision date: January 2006...
  • Page 3: Table Of Contents

    1.5. What to do if you suspect infection ..............16 1.6. Preventing Infection..................... 17 CHAPTER 2. KASPERSKY ANTI-VIRUS 6.0.............. 19 2.1. What’s new in Kaspersky Anti-Virus 6.0............. 19 2.2. The elements of Kaspersky Anti-Virus Defense..........21 2.2.1. Protection components................. 22 2.2.2.
  • Page 4 Kaspersky Anti-Virus 6.0 3.2.7. Application Integrity Control................36 3.2.8. Finishing the Setup Wizard ................36 3.3. Installing the program from the command prompt ..........36 3.4. Upgrading from 5.0 to 6.0 ................... 37 CHAPTER 4. PROGRAM INTERFACE ............... 38 4.1. System tray icon ....................38 4.2.
  • Page 5 Table of Contents CHAPTER 7. FILE ANTI-VIRUS ................... 73 7.1. Selecting a file security level ................73 7.2. Configuring File Anti-Virus................... 75 7.2.1. Defining the file types to be scanned ............75 7.2.2. Defining protection scope................78 7.2.3. Configuring advanced settings..............79 7.2.4.
  • Page 6 Kaspersky Anti-Virus 6.0 CHAPTER 11. SCANNING FOR VIRUSES ON YOUR COMPUTER ..... 121 11.1. Managing virus scan tasks................122 11.2. Creating a list of objects to scan ..............122 11.3. Creating virus scan tasks ................124 11.4. Configuring virus scan tasks ................125 11.4.1.
  • Page 7 Table of Contents 14.3.2. The Detected tab ..................161 14.3.3. The Events tab..................162 14.3.4. The Statistics tab ..................163 14.3.5. The Settings tab..................164 14.3.6. The Macros tab..................165 14.3.7. The Registry tab ..................166 14.4. General information about the program ............167 14.5.
  • Page 8 Kaspersky Anti-Virus 6.0 15.7. Importing settings .................... 198 15.8. Starting the program..................199 15.9. Stopping the program..................199 15.10. Viewing Help....................199 15.11. Return codes from the command line interface ........... 200 CHAPTER 16. MODIFYING, REPAIRING, AND REMOVING THE PROGRAM ..201 16.1.
  • Page 9: Chapter 1. Threats To Computer Security

    CHAPTER 1. THREATS TO COMPUTER SECURITY As information technology has rapidly developed and penetrated many aspects of human existence, so the number and range of crimes aimed at breaching information security has grown. Cyber criminals have shown great interest in the activities of both state structures and commercial enterprises.
  • Page 10: How Threats Spread

    Kaspersky Anti-Virus 6.0 • Internal, including the actions of company staff and users of home PCs. Actions taken by this group could be deliberate or accidental. • The technological factor. This threat group is connected with technical problems – use of obsolete or poor-quality software and hardware to process information.
  • Page 11 Threats to Computer Security Intranet Your intranet is your internal network, specially designed for handling information within a company or a home network. An intranet is a unified space for storing, exchanging, and accessing information for all the computers on the network. This means that if one computer on the network is infected, the others are at great risk of infection.
  • Page 12: Types Of Threats

    Kaspersky Anti-Virus 6.0 1.3. Types of Threats There are a vast number of threats to computer security today. This section will review the threats that are blocked by Kaspersky Anti-Virus. Worms This category of malicious programs spreads itself largely by exploiting vulnerabilities in computer operating systems.
  • Page 13 Threats to Computer Security traffic that the user cannot control. This can lead to a security breach and to direct financial losses. Spyware This software collects information about a particular user or organization without their knowledge. Spyware often escapes detection entirely. In general, the goal of spyware is to: •...
  • Page 14 Kaspersky Anti-Virus 6.0 Other dangerous programs These are programs created to, for instance, set up denial of service (DoS) attacks on remote servers, hack into other computers, and programs that are part of the development environment for malicious programs. These programs include hack tools, virus builders, vulnerability scanners, password-cracking programs, and other types of programs for cracking network resources or penetrating a system.
  • Page 15: Signs Of Infection

    Threats to Computer Security Kaspersky Anti-Virus uses two methods for detecting and blocking these threat types: • Reactive – this method searches for malicious files using a threat signature database that is regularly updated. • Proactive – in contrast to reactive protection, this method is not based on analyzing code but on the system’s behavior.
  • Page 16: What To Do If You Suspect Infection

    Kaspersky Anti-Virus 6.0 • The web browser program (for example, Microsoft Internet Explorer) freezes or behaves unexpectedly (for example, you cannot close the program window). In 90% of cases, these indirect systems are caused by malfunctions in hardware or software. Despite the fact that such symptoms rarely indicate infection, we recommend that, upon detecting them, you run a complete scan of your computer (see 5.2 on pg.
  • Page 17: Preventing Infection

    Threats to Computer Security 1.6. Preventing Infection Not even the most reliable and deliberate measures can provide 100% protection against computer viruses and Trojans, but following such a set of rules significantly lowers the likelihood of virus attacks and the level of potential damage.
  • Page 18 Kaspersky Anti-Virus 6.0 once you download the threat signature updates, you will have plenty of time to protect yourself against the new virus. Rule No. 4: Do not trust virus hoaxes, such as prank programs and emails about infection threats.
  • Page 19: Chapter 2. Kaspersky Anti-Virus 6.0

    VIRUS 6.0 Kaspersky Anti-Virus 6.0 heralds a new generation of data security products. What really sets Kaspersky Anti-Virus 6.0 apart from other software, even from other Kaspersky Lab products, is its multi-faceted approach to data security. 2.1. What’s new in Kaspersky Anti- Virus 6.0...
  • Page 20 Kaspersky Anti-Virus 6.0 ТМ ТМ speed of file scans. iChecker and iSwift help achieve this. This method rules out the application repeating scans of the same files. • The scan process now runs as a background task, enabling the user to continue using the computer.
  • Page 21: The Elements Of Kaspersky Anti-Virus Defense

    Kaspersky Anti-Virus 6.0 accompanies its operation with hints and tips, and includes a thorough Help section. New Program Update Features • This version of the application debuts our improved update procedure: Kaspersky Anti-Virus automatically checks the update source for update packages.
  • Page 22: Protection Components

    Kaspersky Anti-Virus 6.0 2.2.1. Protection components These protection components defend your computer in real time: File Anti-Virus A file system can contain viruses and other dangerous programs. Malicious programs can remain inactive in your file system for years after one day being copied from a floppy disk or from the Internet, without showing themselves at all.
  • Page 23: Virus Scan Tasks

    Kaspersky Anti-Virus 6.0 actions: is it potentially dangerous? Proactive Defense protects your computer both from known viruses and from new ones that have yet to be discovered. 2.2.2. Virus scan tasks In addition to constantly monitoring all potential pathways for malicious programs, it is extremely important to periodically scan your computer for viruses.
  • Page 24 Kaspersky Anti-Virus 6.0 modules retrieved from Kaspersky Lab servers, and then give other computers access to them to save bandwidth. Data Files Each security component, virus search task, and program update creates a report as it runs. The reports contain information on executed operations and their results.
  • Page 25: Hardware And Software System Requirements

    Kaspersky Anti-Virus 6.0 2.3. Hardware and software system requirements For Kaspersky Anti-Virus 6.0 to run properly, your computer must meet these minimum requirements: General Requirements: • 50 MB of free hard drive space • CD-ROM drive (for installing Kaspersky Anti-Virus 6.0 from an installation •...
  • Page 26: Support For Registered Users

    Kaspersky Anti-Virus 6.0 • A sealed envelope with an installation CD containing the program files • A User Guide • The program activation code, attached to the installation CD envelope • The end-user license agreement (EULA) Before breaking the seal on the installation disk envelope, carefully read through the EULA.
  • Page 27: Chapter 3. Installing Kaspersky Anti-Virus 6.0

    CHAPTER 3. INSTALLING KASPERSKY ANTI-VIRUS You can fully or partially install Kaspersky Anti-Virus on your computer. If you choose partial installation, you can select the components to install or automatically install just anti-virus components (see Step 9 of the installation procedure).
  • Page 28 <Drive>\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0. You can specify a different folder by clicking the Browse button and selecting it in the folder selection window, or by entering the path to the folder in the field available.
  • Page 29 Installing Kaspersky Anti-Virus 6.0 To continue installation, click the Next button. Step 5. Selecting an installation type In this stage, you select how much of the program you want to install on your computer. You have three options: Complete. If you select this option, all Kaspersky Anti-Virus components will be installed.
  • Page 30 We do not recommend deselecting the Enable Self-Defense before installation the when initially installing Kaspersky Anti-Virus 6.0. By enabling the protection modules, you can correctly roll back installation if errors occur while installing the program. If you are reinstalling the program, we recommend that you deselect this checkbox.
  • Page 31: Setup Wizard

    Next to go on to the Setup Wizard. 3.2. Setup Wizard The Kaspersky Anti-Virus 6.0 Setup Wizard starts after the program has finished installation. It is designed to help you configure the initial program settings to conform to the features and uses of your computer.
  • Page 32: Selecting A Program Activation Method

    Kaspersky Anti-Virus 6.0 obtained earlier. Activate later. If you choose this option, you will skip the activation stage. Kaspersky Anti-Virus 6.0 will be installed on your computer and you will have access to all program features except updates (you can only update the threat signatures once after installing the program).
  • Page 33: Obtaining A License Key

    3.2.2.4. Selecting a license key file If you have a license key file for Kaspersky Anti-Virus 6.0, the Wizard will ask if you want to install it. If you do, use the Browse button and select the file path for the key file with the .key extension in the file selection window.
  • Page 34: Configuring Update Settings

    Kaspersky Anti-Virus 6.0 Interactive. This mode provides more customized defense of your computer’s data than Basic mode. It can trace attempts to alter system settings and suspicious activity in the system. All of the activities listed above could be signs of malicious programs or standard activity for some of the programs you use on your computer.
  • Page 35: Configuring A Virus Scan Schedule

    Installing Kaspersky Anti-Virus 6.0 If you want to configure updates (set up network properties, select the resource from which updates will be downloaded, or select the update server located nearest to you), click Settings. 3.2.5. Configuring a virus scan schedule Scanning selected areas of your computer for malicious objects is one of the key steps in protecting your computer.
  • Page 36: Application Integrity Control

    You can wait to restart, but if you do, some program components will not work. 3.3. Installing the program from the command prompt To install Kaspersky Anti-Virus 6.0, enter this at the command prompt: msiexec /i <package_name> The Installation Wizard will start (see 3.1 on pg. 27). Once the program is...
  • Page 37: Upgrading From 5.0 To 6.0

    3.4. Upgrading from 5.0 to 6.0 If Kaspersky Anti-Virus 5.0 Personal or Kaspersky Anti-Virus 5.0 Personal Pro is installed on your computer, you can upgrade it to Kaspersky Anti-Virus 6.0. After you start the Kaspersky Anti-Virus 6.0 installation program, you will be given the choice of first uninstalling the already installed version 5.0.
  • Page 38: Chapter 4. Program Interface

    CHAPTER 4. PROGRAM INTERFACE Kaspersky Anti-Virus has a straightforward, user-friendly interface. This chapter will discuss its basic features: • System tray icon (see 4.1 on pg. 38) • Context menu (see 4.2 on pg. 39) • Main window (see 4.3 on pg. 40) •...
  • Page 39: The Context Menu

    Program interface Scripts are being scanned. A file that you or some program is opening, saving, or running is being scanned. Kaspersky Anti-Virus threat signatures and program modules are being updated. An error has occurred in some Kaspersky Anti-Virus component. The icon also provides access to the basics of the program interface: the context menu (see 4.2 on pg.
  • Page 40: Main Program Window

    Kaspersky Anti-Virus 6.0 computer, etc. You can add to the list, select files to be scanned, and start virus scans. Update – download updates to program modules and threat signatures and install them on your computer. Activate… – activate the program. This menu item is only available if the program is not activated.
  • Page 41 Program interface Figure 2. Kaspersky Anti-Virus main window After selecting a section or component in the left part of the window, you will find information in the right-hand part that matches your selection.
  • Page 42 Kaspersky Anti-Virus 6.0 We will now examine the elements in the main window’s navigation panel in greater detail. Main Window Section Purpose This window mostly informs you of the Here will find general protection status of your computer. The information about Kaspersky Anti-...
  • Page 43: Program Settings Window

    Program interface The Service section includes additional Here you can update the program, Kaspersky Anti-Virus features. view reports on the performance of any of the Kaspersky Anti-Virus components, work with quarantined objects backup copies, review technical support information, create a Rescue Disk manage license keys.
  • Page 44 Kaspersky Anti-Virus 6.0 • the right part of the window contains a detailed list of settings for the item selected in the left part of the window. When you select any section, component, or task in the left part of the settings window, the right part will display its basic settings.
  • Page 45: Chapter 5. Getting Started

    CHAPTER 5. GETTING STARTED One of Kaspersky Lab’s main goals in creating Kaspersky Anti-Virus was to provide optimum configuration for each of the program’s options. This makes it possible for a user with any level of computer literacy to quickly protect their computer straight after installation.
  • Page 46: Protection Indicators

    Kaspersky Anti-Virus 6.0 5.1.1. Protection indicators Protection status is determined by three indicators, each of which reflect a different aspect of your computer’s protection at any given moment, and indicate any problems in program settings and performance. Figure 4. Indicators reflecting the computer protection status Each indicator has three possible appearances: –...
  • Page 47 Getting started Kaspersky Anti-Virus has treated all infected files and programs, and deleted those that could not be treated. Hacker attack has been blocked Kaspersky Anti-Virus has detected and blocked an attempted network attack. Threats have been detected Your computer is at risk of infection. Kaspersky Anti-Virus has detected malicious programs (viruses, Trojans, worms, etc.) that must be neutralized.
  • Page 48 Kaspersky Anti-Virus 6.0 soon as possible. To do so, use the Update link.. Signatures are corrupted or partially corrupted The threat signature files are fully or partially damaged. If this occurs, it is recommended to run program updates again. If you encounter the same error message again, contact the Kaspersky Lab Technical Support Service.
  • Page 49: Kaspersky Anti-Virus Component Status

    Getting started Some protection components have malfunctioned One or more Kaspersky Anti-Virus components has internal errors. If this occurs, you are advised to enable the component or restart the computer, as it is possible that the component drivers have to be registered after being updated. 5.1.2.
  • Page 50: Program Performance Statistics

    Kaspersky Anti-Virus 6.0 individual modules, their status, security level, and, for some components, the response to dangerous programs are displayed. There is no Status box for virus scan and update tasks. The security level, the action applied to dangerous programs for virus scan tasks, and the run mode for updates are listed in the Settings box.
  • Page 51: How To Scan Critical Areas Of The Computer

    Getting started After you select the task named My Computer, the right-hand panel will display the following: statistics for the most recent computer scan; task settings; what level of protection is selected, and what actions will be taken for dangerous objects.
  • Page 52: How To Update The Program

    Kaspersky Anti-Virus 6.0 scanning with the standard tools of the Windows operating system (for example, in the Explorer program window, on your Desktop, etc.). To scan an object, Place the cursor over the name of the selected object, open the Windows context menu by right-clicking, and select Scan for Viruses (see fig.
  • Page 53: What To Do If Protection Is Not Running

    Getting started To update Kaspersky Anti-Virus manually, select the Update component in the Service section of the main program window and click the Update now! button in the right-hand part of the window. As a result, Kaspersky Anti-Virus will begin the update process, and display the details of the process in a special window.
  • Page 54: Chapter 6. Protection Management System

    By default, Kaspersky Anti-Virus boots at startup and protects your computer the entire time you are using it. The words Kaspersky Anti-Virus 6.0 in the upper right-hand corner of the screen let you know this. All protection components (see 2.2 on pg.
  • Page 55 Protection management system To pause a Kaspersky Anti-Virus operation: Select Pause protection in the program’s context menu (see 4.2 on pg. 39). In the Pause Protection window that opens (see fig. 7), select how soon you want protection to resume: •...
  • Page 56: Stopping Protection

    Kaspersky Anti-Virus 6.0 • The third protection indicator (see 5.1.1 on pg. 46) on your computer, which shows that No protection components are enabled. 6.1.2. Stopping protection Stopping protection means fully disabling your protection components. Virus scans and updates continue to work in this mode.
  • Page 57: Restoring Protection On Your Computer

    Protection management system To pause protection components, virus scans, and update tasks: Select the component or task from the left-hand part of the main window and click the button on the status bar. The component/task status will change to paused. The component or task will be paused until you resume it by clicking the button.
  • Page 58: Shutting Down The Program

    Kaspersky Anti-Virus 6.0 6.1.5. Shutting down the program If you have to shut down Kaspersky Anti-Virus, select Exit from the program's context menu (see 4.2 on pg. 39). This will close the program, leaving your computer unprotected. If network connections that the program monitors are active on your computer when you close the program, a notice will appear on the screen stating that these connections will be interrupted.
  • Page 59: Creating A Trusted Zone

    Protection management system minimum admissible security level. Per recommendations of Kaspersky Lab experts, Kaspersky Anti-Virus always monitors this category of malicious programs. Spyware, adware, dialers. This group includes potentially dangerous software that may inconvenience the user or incur serious damage. Potentially dangerous software (riskware).
  • Page 60: Exclusion Rules

    Kaspersky Anti-Virus 6.0 Click the Trusted zone button in the General section. Configure exclusion rules for objects and create a list of trusted applications in the window that opens (see fig. 8). Figure 8. Creating a trusted zone 6.3.1. Exclusion rules Exclusion rules are sets of conditions that Kaspersky Anti-Virus uses to determine not to scan an object.
  • Page 61 Protection management system clients, FTP servers, all-purpose utilities for stopping or hiding processes, keyloggers, password macros, autodialers, etc. These programs are not classified as viruses. They can be divided into several types, e.g. Adware, Jokes, Riskware, etc. (for more information on potentially dangerous programs detected by Kaspersky Anti-Virus, see the Virus Encyclopedia at www.viruslist.com).
  • Page 62 Kaspersky Anti-Virus 6.0 Figure 9. Creating an exclusion rule If you check both boxes at once, a rule will be created that object with a certain Virus Encyclopedia classification. In such a case, the following rules apply: • If you specify a certain file as the Object and a certain status in the Verdict section, the file specified will only be an exclusion if during the scan it is classified as the threat selected.
  • Page 63 Protection management system For some classifications, you can assign advanced conditions for applying rules in the Advanced settings field. In most cases, the program fills this field in automatically when you add an exclusion rule from a Proactive Defense notice. You can add advanced settings for the following verdicts, among others: Invader (injects into program processes).
  • Page 64 Kaspersky Anti-Virus 6.0 Figure 10. Dangerous object detection notification In the window that opens, be sure that all the exclusion rule settings match your needs. The program will fill in the object name and threat type automatically, based on information from the notification. To create the rule, click OK.
  • Page 65: Trusted Applications

    Protection management system Figure 11. Creating an exclusion rule from a report 6.3.2. Trusted applications You can only exclude trusted applications from the scan in Kaspersky Anti-Virus if installed on a computer running Microsoft Windows NT 4.0/2000/XP/Vista. Kaspersky Anti-Virus can create a list of trusted applications, that need not have their file and network activity monitored, suspicious or otherwise.
  • Page 66 Kaspersky Anti-Virus 6.0 programs and stop monitoring their activity, you are advised to add them to the trusted application list. Excluding trusted applications can also solve potential compatibility conflicts between Kaspersky Anti-Virus and other applications (for example, network traffic from another computer that has already been scanned by the anti-virus application) and can boost computer productivity, which is especially important when using server applications.
  • Page 67 Protection management system To add a program to the trusted application list: 1. Click the Add button on the right-hand part of the window. 2. In the Trusted application window (see fig. 13) that opens, select the application using the Browse button. A context menu will open, and by clicking Browse you can go to the file selection window and select the path to the executable file, or by clicking Applications you can go to a list of applications currently running and select them as...
  • Page 68: Starting Virus Scan And Update Tasks Under Another User Account

    Note that this feature is unavailable in Microsoft Windows 98/МЕ. Kaspersky Anti-Virus 6.0 has a feature that can start scan tasks under another user account. This feature is by default disabled, and tasks are run under the account under which you are logged into the system.
  • Page 69: Configuring Virus Scan And Update Schedules

    Protection management system Figure 14. Configuring an update task from another profile 6.5. Configuring virus scan and update schedules You can run virus scan and update tasks manually, or automatically using a schedule. Virus scans preinstalled with the application are started automatically according to a selected schedule.
  • Page 70 Kaspersky Anti-Virus 6.0 Figure 15. Configuring a task schedule The most important step is to determine the frequency at which the task starts. You can select one of these options: At a specified time. The task will run once on the day and at the time that you specify.
  • Page 71: Power Options

    Protection management system In addition to the frequency, specify what time of day or night the scan task will run in the Time field. Weekly – the scan task will run on certain days of the week. If you select this option, put checkmarks next to the days of the week that on which you want the scan to run in the schedule settings.
  • Page 72: Advanced Disinfection Technology

    Technology Today's malicious programs can invade the lowest levels of an operating system, which makes them practically impossible to delete. Kaspersky Anti-Virus 6.0 asks you if you want to run Advanced Disinfection Technology when it detects a threat currently active in the system. This will neutralize the threat and delete it from the computer.
  • Page 73: Chapter 7. File Anti-Virus

    CHAPTER 7. FILE ANTI-VIRUS The Kaspersky Anti-Virus component that protect your computer files against infection is called File Anti-Virus. It loads when you start your operating system, runs in your computer’s RAM, and scans all files opened, saved, or executed. The component’s activity is indicated by the Kaspersky Anti-Virus system tray icon, which looks like this whenever a file is being scanned.
  • Page 74 Kaspersky Anti-Virus 6.0 High – the level with the most comprehensive monitoring of files opened, saved, or run. Recommended – Kaspersky Lab recommends this settings level. It will scan the following object categories: • Programs and files by contents •...
  • Page 75: Configuring File Anti-Virus

    File Anti-Virus put your data at risk. You want to scan the files you use by contents, not by extension. You are advised to start with the Recommended security level and make the following changes: remove the restriction on scanned file sizes and optimize File Anti-Virus operation by only scanning new and modified files.
  • Page 76 Kaspersky Anti-Virus 6.0 Scan all files. With this option selected, all file system objects that are opened, run, or saved will be scanned without exceptions. Scan programs and documents (by content). If you select this group of files, File Anti-Virus will only scan potentially infected files – files that a virus could imbed itself in.
  • Page 77 File Anti-Virus Scan programs and documents (by extension). If you select this option, File Anti-Virus will only scan potentially infected files, but the file format will be determined by the filename’s extension. Using the extension link, you can review a list of file extensions (see A.1 on pg. 206) that are scanned with this option.
  • Page 78: Defining Protection Scope

    Kaspersky Anti-Virus 6.0 7.2.2. Defining protection scope By default, File Anti-Virus scans all files when they are used, regardless of where they are stored, whether it be a hard drive, CD/DVD-ROM, or flash drive. You can limit the scope of protection. To do so: 1.
  • Page 79: Configuring Advanced Settings

    File Anti-Virus • Create a list of objects that do not need to be protected. • Combine methods one and two – create a protection scope that excludes a number of objects. You can use masks when you add objects for scanning. Note that you can only enter masks will absolute paths to objects: •...
  • Page 80 Kaspersky Anti-Virus 6.0 Figure 20. Configuring additional File Anti-Virus settings The file scanning mode determines the File Anti-Virus processing conditions. You have following options: • Smart mode. This mode is aimed at speeding up file processing and return them to the user. When it is selected, a decision to scan is made based on analyzing the operations performed with the file.
  • Page 81 File Anti-Virus user regains access to files quickly, we recommend configuring the component to disable at a certain time or while certain programs are used. To pause the component for a certain length of time, check On schedule and in the window that opens (see Figure 8) click Schedule to assign a time frame for disabling and resuming the component.
  • Page 82: Restoring Default File Anti-Virus Settings

    Kaspersky Anti-Virus 6.0 You can temporarily disable the pause on File Anti-Virus when using a specific application. To do so, uncheck the name of the application. You do not have to delete it from the list. 7.2.4. Restoring default File Anti-Virus...
  • Page 83 File Anti-Virus Figure 23. Possible File Anti-Virus actions with dangerous objects If the action selected was When it detects a dangerous object File Anti-Virus issues warning Prompt for action message containing information about what malicious program has infected or potentially infected the file, and gives you a choice of actions.
  • Page 84: Postponed Disinfection

    Kaspersky Anti-Virus 6.0 If the action selected was When it detects a dangerous object object and will delete it. Disinfect Delete When disinfecting or deleting an object, Kaspersky Anti-Virus creates a backup copy and sends it to Backup in case the object needs to be restored or an opportunity arises to treat it.
  • Page 85: Chapter 8. Mail Anti-Virus

    CHAPTER 8. MAIL ANTI-VIRUS Mail Anti-Virus is Kaspersky Anti-Virus’s component to prevent incoming and outgoing email from transferring dangerous objects. It starts running when the operating system boots up, stays active in your system memory, and scans all email on protocols POP3, SMTP, IMAP, MAPI and NNTP, as well as encryption for POP3 and IMAP (SSL).
  • Page 86: Selecting An Email Protection Level

    Kaspersky Anti-Virus 6.0 • If no malicious code is discovered in the email, it is immediately made available again to the user. A special plug-in (see 8.2.2 on pg. 89) is provided for Microsoft Outlook that can configure email scans more exactly.
  • Page 87: Configuring Mail Anti-Virus

    Mail Anti-Virus To change the security level: Adjust the sliders. By altering the security level, you define the ratio of scan speed to the total number of objects scanned: the fewer email objects are scanned for dangerous objects, the higher the scan speed. If none of the preinstalled levels meets your needs, you can edit its settings.
  • Page 88: Selecting A Protected Email Group

    Kaspersky Anti-Virus 6.0 • settings that define actions for dangerous email objects (see 8.2.4 on pg. 92) The following sections examine these settings in detail. 8.2.1. Selecting a protected email group Mail Anti-Virus allows you to select exactly what group of emails to scan for dangerous objects.
  • Page 89: Configuring Email Processing In Microsoft Office Outlook

    Mail Anti-Virus In addition to selecting an email group, you can specify whether archived attachments should be scanned, and also set the maximum amount of time for scanning a single email object. These settings are configured in the Restrictions section. If your computer is not protected by any local network software, and accesses the Internet without using a proxy server or firewall, you are advised not to disable the archived attachment scan and not to set a time limit on scanning.
  • Page 90 Kaspersky Anti-Virus 6.0 The plug-in comes in the form of a special Mail Anti-Virus tab located under Service → Options (see fig. 26). Figure 26. Configuring Mail Anti-Virus settings in Microsoft Outlook Select an email scan mode: Scan upon receiving – analyzes each email when it enters your Inbox.
  • Page 91: Configuring Email Scans In The Bat

    Mail Anti-Virus The action that will be taken on dangerous email objects is set in the Mail Anti- Virus settings, which can be configured by following the click here link in the Status section. 8.2.3. Configuring email scans in The Bat! Actions taken on infected email objects in The Bat! are defined with the program's own tools.
  • Page 92: Restoring Default Mail Anti-Virus Settings

    Kaspersky Anti-Virus 6.0 Figure 27. Configuring email scans in The Bat! Warning! The Bat! does not mark emails containing dangerous objects with special headers. 8.2.4. Restoring default Mail Anti-Virus settings When configuring Mail Anti-Virus, you can always return to the default performance settings, which Kaspersky Lab considers to be optimal and has combined in the Recommended security level.
  • Page 93: Selecting Actions For Dangerous Email Objects

    Mail Anti-Virus 8.2.5. Selecting actions for dangerous email objects If a scan shows that an email or any of its parts (body, attachment) is infected or suspicious, the steps taken by Mail Anti-Virus depend on the object status and the action selected. One of the following statuses can be assigned to the email object after the scan: •...
  • Page 94 Kaspersky Anti-Virus 6.0 object. Information about this is recorded in the report (see 14.3 on pg. 158). Later you can attempt to disinfect this object. E-Mail Anti-Virus will block access to the Block access object and will attempt to disinfect it. If it is...
  • Page 95: Chapter 9. Web Anti-Virus

    CHAPTER 9. WEB ANTI-VIRUS Whenever you use the Internet, information stored on your computer is open to the risk of infection by dangerous programs, which can penetrate your computer when you read an article on the Internet. Web Anti-Virus is Kaspersky Anti-Virus’s component for guarding your computer during Internet use.
  • Page 96: Selecting The Web Security Level

    Kaspersky Anti-Virus 6.0 malicious code. Malicious objects are detected using both the threat signatures included in Kaspersky Anti-Virus, and the heuristic algorithm. The signatures contain descriptions of all malicious programs known to date, and methods for neutralizing them. The heuristic algorithm can detect new viruses that have not yet been entered in the threat signatures.
  • Page 97 Web Anti-Virus Figure 29. Selecting a web security level By default, the protection level is set to Recommended. You can raise or lower the security level by selecting the level you want or editing the settings for the current level. To edit the security level: Adjust the sliders.
  • Page 98: Configuring Web Anti-Virus

    Kaspersky Anti-Virus 6.0 9.2. Configuring Web Anti-Virus Web Anti-Virus scans all objects that are loaded on your computer via HTTP and monitors any WSH scripts (JavaScript or Visual Basic Scripts, etc.) run. You can configure Web Anti-Virus settings to increase component operation speed, specifically: •...
  • Page 99: Creating A Trusted Address List

    Web Anti-Virus To select the scanning algorithm that Web Anti-Virus will use: Click on the Customize button in the Web Anti-Virus configuration window. In the window that opens (see fig. 30), select the option you want in the Scan method section. By default, Web Anti-Virus performs a buffered scan on Internet data, and uses the complete threat signature set.
  • Page 100: Restoring Default Web Anti-Virus Settings

    Kaspersky Anti-Virus 6.0 To create a list of trusted addresses: Click on the Customize button in the Web Anti-Virus configuration window. In the window that opens (see fig. 30), create a list of trusted servers in the Trusted URLs section. To do so, use the buttons to the right of the list.
  • Page 101: Selecting Responses To Dangerous Objects

    Web Anti-Virus 9.2.4. Selecting responses to dangerous objects If analyzing an HTTP object shows that it contains malicious code, the Web Anti- Virus response depends on the actions you select. To configure Web Anti-Virus reactions to detecting a dangerous object: Open the Kaspersky Anti-Virus settings window and select Web Anti- Virus.
  • Page 102: Chapter 10. Proactive Defense

    CHAPTER 10. PROACTIVE DEFENSE Warning! This version of the application does not have the proactive defense component: There are no Proactive Defense components in this version of the application (Application Integrity Control and Office Guard) for computers running Microsoft Windows XP Professional x64 Edition or computers running Microsoft Windows Vista or Microsoft Windows Vista x64.
  • Page 103 Proactive Defense Dangerous activity is determined by overall program behavior. For example, when actions are detected such as a program copying itself to network resources, the startup folder, or the system registry, and then sending copies of itself, it is highly likely that this program is a worm. Dangerous behavior also includes: •...
  • Page 104 Kaspersky Anti-Virus 6.0 the rules at your own discretion by adding, deleting, or editing them. Rules can block actions or grant permissions. Let’s examine the Proactive Defense algorithms: Immediately after the computer is started, Proactive Defense analyzes the following factors, using the set of rules and exclusions: •...
  • Page 105: Proactive Defense Settings

    Proactive Defense 10.1. Proactive Defense settings The categories of settings (see fig. 32) for the Proactive Defense component are as follows: • Whether application activity is monitored on your computer This Proactive Defense feature is enabled by checking the box Enable Application Activity Analyzer.
  • Page 106: Activity Control Rules

    Kaspersky Anti-Virus 6.0 This Proactive Defense component is not available under Microsoft Windows XP Professional x64 Edition, Microsoft Windows Vista or Microsoft Windows Vista x64. Figure 32. Proactive Defense settings You can configure exclusions (see 6.3.1 on pg. 60) for Proactive Defense modules and create a trusted application list (see 6.3.2 on pg.
  • Page 107 Proactive Defense Kaspersky Anti-Virus monitors application activity on your computer. The application includes a set of event descriptions that can be tracked as dangerous. A monitoring rule is created for each such event. If the activity of any application is classified as a dangerous event, Proactive Defense will strictly adhere to the instructions stated in the rule for that event.
  • Page 108 Kaspersky Anti-Virus 6.0 • Keyloggers. This activity is used in attempts by malicious programs to read passwords and other confidential information which you have entered using your keyboard. • Windows Task Manager protection. Kaspersky Anti-Virus protects Task Manager from malicious modules injecting themselves into it when aimed at blocking Task Manager operation.
  • Page 109 Proactive Defense Figure 33. Configuring application activity control To edit a dangerous activity monitoring rule, select it from the list and assign the rule settings in the lower part of the tab: • Assign the Proactive Defense response to the dangerous activity. •...
  • Page 110: Application Integrity Control

    Kaspersky Anti-Virus 6.0 addition to dangerous activity, selected the Watch system user accounts checkbox (see 34). Figure 34. Configuring application integrity control in Microsoft Windows XP Professional x64 Edition, Microsoft Windows Vista, Microsoft Windows Vista x64 10.1.2. Application Integrity Control...
  • Page 111: Configuring Application Integrity Control Rules

    Proactive Defense Besides the list of critical applications, there is a set of trusted modules allowed to be opened in all controlled applications. For example, modules which are digitally signed by the Microsoft Corporation. It is highly unlikely that these modules would be malicious, so it is not necessary to monitor them closely, which in turn lightens the load on your computer when using Proactive Defense.
  • Page 112 Kaspersky Anti-Virus 6.0 To add an application to the critical application list and create a rule for it: Click Add on the Critical applications tab. A context menu will open: click Browse to open the standard file selection window, or click Applications to see a list of currently active applications and select one of them as necessary.
  • Page 113: Creating A List Of Shared Components

    Proactive Defense • Choose if you want to generate a report about the activity, by clicking log / do not log. To turn off the monitoring of an application’s activity, uncheck the next to its name. Use the Details button to view a detailed list of modules for the application selected.
  • Page 114: Office Guard

    Kaspersky Anti-Virus 6.0 Figure 36. Configuring the trusted module list 10.1.3. Office Guard This Proactive Defense component does not work under Microsoft Windows XP Professional x64 Edition, Microsoft Windows Vista, or Microsoft Windows Vista x64. You can enable scanning and processing of dangerous macros run on your computer by checking Enable Office Guard (see fig.
  • Page 115 Proactive Defense You can configure Kaspersky Anti-Virus's reactions to macros executing suspicious behavior. If you are sure that this macro is not dangerous when working with a specific file, for example, a Microsoft Word document, we recommend creating an exclusion rule. If a situation occurs that matches the terms of the exclusion rule, the suspicious action performed by the macro will not be processed by Proactive Defense.
  • Page 116: Registry Guard

    Kaspersky Anti-Virus 6.0 For Kaspersky Anti-Virus not to block the macro: uncheck the box next to that action. The program will no longer consider that behavior dangerous and Proactive Defense will not process it. By default, whenever the program detects an action initiated by a macro on your computer, the application will ask you if you want to allow or block that macro.
  • Page 117 Proactive Defense You can stop using any group of rules in the following ways: • Uncheck the box next to the group’s name. Then the group of rules will remain on the list but will not be used. • Delete the group of rules from the list. We do not recommend deleting the groups created by Kaspersky Lab, since they contain a list of system registry files most often used by malicious programs.
  • Page 118: Selecting Registry Keys For Creating A Rule

    Kaspersky Anti-Virus 6.0 10.1.4.1. Selecting registry keys for creating a rule The file group created should contain at least one system registry file. The Keys tab shows the list of files to which the rule(s) apply. To add a system registry file: Click on the Add button in the Edit group window (see fig.
  • Page 119: Creating A Registry Guard Rule

    Proactive Defense If you select a folder of registry files using a mask and specify a specific value for it, the rule will be applied to that value for any key in the group selected. 10.1.4.2. Creating a Registry Guard rule A Registry Guard rule specifies: •...
  • Page 120 Kaspersky Anti-Virus 6.0 The rule is created for any application by default. If you want the rule to apply to a specific application, left-click on any and it will change to this. Then click on the specify application name link.
  • Page 121: Chapter 11. Scanning For Viruses On Your Computer

    CHAPTER 11. SCANNING FOR VIRUSES ON YOUR COMPUTER One of the important aspects of protecting your computer is scanning user- defined areas for viruses. Kaspersky Anti-Virus can scan individual items – files, folders, disks, plug-and-play devices – or the entire computer. Scanning for viruses stops malicious code which has gone undetected by real-time protection components from spreading.
  • Page 122: Managing Virus Scan Tasks

    Kaspersky Anti-Virus 6.0 11.1. Managing virus scan tasks You can run a virus scan task manually or automatically using a schedule (see 6.5 on pg. 69). To start a virus scan task manually: Check the box beside the task name in the Scan section of the main program window, and click the button on the status bar.
  • Page 123 Scanning for viruses on your computer Object scan lists are already made for default tasks created when you install the program. When you create your own tasks or select an object for a virus scan task, you can create a list of objects. You can add to or edit an object scan list using the buttons to the right of the list.
  • Page 124: Creating Virus Scan Tasks

    Kaspersky Anti-Virus 6.0 11.3. Creating virus scan tasks To scan objects on your computer for viruses, you can use built-in scan tasks included with the program and create your own tasks. New scan tasks are created using existing tasks that a template.
  • Page 125: Configuring Virus Scan Tasks

    Scanning for viruses on your computer 11.4. Configuring virus scan tasks The methods are used to scan objects on your computer are determined by the properties assigned for each task. To configure task settings: Select the task name in the Scan of the main window. Right-click on the task name to open the context menu, or click the Actions button on the right of the list of scan objects, and select Settings.
  • Page 126: Specifying The Types Of Objects To Scan

    Kaspersky Anti-Virus 6.0 Figure 43. Selecting a virus scan security level By default, the File Anti-Virus security level is set to Recommended. You can raise or lower the scan security level by selecting the level you want or changing the settings for the current level.
  • Page 127 Scanning for viruses on your computer Note: There are files in which viruses cannot insert themselves, since the contents of such files does not contain anything for the virus to hook onto. An example would be .txt files. And vice versa, there are file formats that contain or can contain executable code.
  • Page 128 Kaspersky Anti-Virus 6.0 Tip: Do not forget that someone could send a virus to your computer with the extension .txt that is actually an executable file renamed as a .txt file. If you select the Scan programs and documents (by extension) option, the scan would skip such a file.
  • Page 129: Restoring Default Scan Settings

    Scanning for viruses on your computer Parse email formats – scan email files and email databases. If this checkbox is selected, Kaspersky Anti-Virus will parse the mail file and analyze every component of the e-mail (body, attachments) for viruses. If this checkbox is deselected, the mail file will be scanned as a single object.
  • Page 130 Kaspersky Anti-Virus 6.0 To edit an action for an object: select the task name in the Scan section of the main program window and use the Settings link to open the task settings window. The possible responses are displayed in the appropriate sections(see fig. 45).
  • Page 131: Advanced Virus Scan Options

    Scanning for viruses on your computer potentially infected, and it will be moved to Quarantine (see 14.1 on pg. 153). Information about this is recorded in the report (see 14.3 on pg. 158). Later you can attempt to disinfect this object. Do not prompt for action The program attempts to treat the object detected without asking the user...
  • Page 132 Kaspersky Anti-Virus 6.0 Figure 46. Advanced scan settings Enable iSwift technology – This technology is a development of iChecker technology for computers using an NTFS file system. There are limitations to iSwift: it is bound to a specific location for the file in the file system and can only be applied to objects in an NTFS file system.
  • Page 133: Setting Up Global Scan Settings For All Tasks

    Scanning for viruses on your computer 11.4.6. Setting up global scan settings for all tasks Each scan task is executed according to its own settings. By default, the tasks created when you install the program on your computer use the settings recommended by Kaspersky Lab.
  • Page 134: Chapter 12. Testing Kaspersky Anti-Virus Features

    CHAPTER 12. TESTING KASPERSKY ANTI-VIRUS FEATURES After installing and configuring Kaspersky Anti-Virus, we recommend that you verify that settings and program operation are correct using a test virus and variations of it. 12.1. The EICAR test virus and its variations The test virus was specially developed by (The European Institute for Computer Antivirus Research) for testing antivirus functionality.
  • Page 135 Testing Kaspersky Anti-Virus features Prefix Test virus status Corresponding action when the application processes object prefix, The file contains a test The application will identify the standard test virus. You cannot disinfect object malicious virus the object. subject to treatment and will delete it.
  • Page 136: Testing File Anti-Virus

    Kaspersky Anti-Virus 6.0 Prefix Test virus status Corresponding action when the application processes object CURE– The file contains a test The object contains a virus that virus. It can be cured. can be cured. The application will scan the object for viruses, after The object is subject to which it will be fully cured.
  • Page 137: Testing Virus Scan Tasks

    Testing Kaspersky Anti-Virus features Figure 47. Dangerous object detected When you select different options for dealing with detected objects, you can test File Anti-Virus's reaction to detecting various object types. You can view details on File Anti-Virus performance in the report on the component.
  • Page 138 Kaspersky Anti-Virus 6.0 Figure 48. Dangerous object detected This way, by selecting different options for actions, you can test Kaspersky Anti- Virus reactions to detecting various object types. You can view details on virus scan task performance in the report on the...
  • Page 139: Chapter 13. Program Updates

    CHAPTER 13. PROGRAM UPDATES Keeping your anti-virus software up-to-date is an investment in your computer’s security. Because new viruses, Trojans, and malicious software emerge daily, it is important to regularly update the application to keep your information constantly protected. This task is managed by the Updater component. Updating the application involves the following components being downloaded and installed on your computer: •...
  • Page 140: Starting The Updater

    Kaspersky Anti-Virus 6.0 If you do not have access to Kaspersky Lab’s update servers (for example, your computer is not connected to the Internet), you can call the Kaspersky Lab main office at +7 (495) 797-87-00 to request contact information for Kaspersky Lab partners, who can provide you with zipped updates on floppy disks or CDs.
  • Page 141: Rolling Back To The Previous Update

    Program updates To start the Updater from the shortcut menu: Right click the application icon in the system tray to open the shortcut menu. Select Update. To start the Updater from the main program window: Select Update in the Service section. Click the Update now! Button in the right panel of the main window or use the button on the status bar.
  • Page 142 Kaspersky Anti-Virus 6.0 For example, you installed Kaspersky Anti-Virus on a laptop that you use at home and at your office. At home, you update the program from the Kaspersky Lab update servers, and at the office, from a local folder that stores the updates you need.
  • Page 143: Configuring Update Settings

    Program updates 13.4. Configuring update settings The Updater settings specify the following parameters: • The source from which the updates are downloaded and installed (see 13.4.1 on pg. 143) • The run mode for the updating procedure (see 13.4.2 on pg. 145) •...
  • Page 144 Kaspersky Anti-Virus 6.0 Figure 49. Selecting an update source To download updates from another FTP or HTTP site: Click Add. In the Select update source dialog box, select the target FTP or HTTP site or specify the IP address, character name, or URL address of this site in the Source field.
  • Page 145: Selecting An Update Method And What To Update

    Program updates If several resources are selected as update sources, the application tries to connect to them one after another, starting from the top of the list, and retrieves the updates from the first available source. You can change the order of sources in the list using the Move up and Move down buttons.
  • Page 146 Kaspersky Anti-Virus 6.0 If there are currently program module updates on the update source, the program will download the updates it needs and apply them after the computer restarts. The module updates will not be installed until the computer is restarted.
  • Page 147: Configuring Connection Settings

    Program updates Manually. With this option, you start the Updater manually. Kaspersky Anti- Virus notifies you when it needs to be updated: • A popup message, informing you that updating is required, appears above the application icon in the system tray (in notices are enabled; see 14.11.1 on pg.
  • Page 148 Kaspersky Anti-Virus 6.0 Figure 52. Configuring network update settings Check Use proxy server if you are using a proxy server to access the Internet and, if necessary, select the following settings: • Select the proxy server settings that will be used during updating: Automatically detect proxy server settings.
  • Page 149: Update Distribution

    Program updates If authentication is required to connect to the proxy server, check Proxy requires authorization and specify the username and password in the fields below. In this event, first NTLM authentication and then BASIC authentication will be attempted. If this checkbox is not selected or if the data is not entered, NTLM authentication will be attempted using the user account used to start the update (see 0 on pg.
  • Page 150: Actions After Updating The Program

    Copy updates for all components checkbox. • custom, which only copies threat signatures and updates for the Kaspersky Anti-Virus 6.0 components that are installed. If you want to select this update method, you must deselect the Copy updates for all components checkbox.
  • Page 151 Program updates Kaspersky Lab recommends that you scan quarantined objects and startup objects each time after the database is updated. Why these objects should be scanned? The quarantine area contains objects that have been flagged by the program as suspicious or possibly infected (see 14.1 on pg. 153). Using the latest version of the threat signatures, Kaspersky Anti-Virus may be able to identify the threat and eliminate it.
  • Page 152: Chapter 14. Advanced Options

    CHAPTER 14. ADVANCED OPTIONS Kaspersky Anti-Virus has other features that expand its functionality. The program places some objects in special storage areas, in order to ensure maximum protection of data with minimum losses. • Backup contains copies of objects that Kaspersky Anti-Virus has changed or deleted (see 14.2 on pg.
  • Page 153: Quarantine For Potentially Infected Objects

    Advanced options Monitored ports can regulate which Kaspersky Anti-Virus modules control data transferred on select ports (see 14.7 on pg. 171). The Rescue Disk can help restore your computer’s functionality after an infection (see 14.10 on pg. 176). This is particularly helpful when you cannot boot your computer’s operating system after malicious code has damaged system files.
  • Page 154: Actions With Quarantined Objects

    Kaspersky Anti-Virus 6.0 When you place an object in Quarantine, it is moved, not copied. The object is deleted from the disk or email and is saved in the Quarantine folder. Files in Quarantine are saved in a special format and are not dangerous.
  • Page 155: Setting Up Quarantine

    Advanced options Figure 54. List of quarantined objects Tip: We recommend that you only restore objects with the status false positive, OK, and disinfected, since restoring other objects could lead to infecting your computer. • Delete any quarantined object or group of selected objects. Only delete objects that cannot be disinfected.
  • Page 156: Backup Copies Of Dangerous Objects

    Kaspersky Anti-Virus 6.0 Warning! The program will not be able to scan quarantined objects immediately after updating the threat signatures if you are accessing the Quarantine area. • Set the maximum Quarantine storage time. The default storage time 30 days, at the end of which objects are deleted.
  • Page 157 Advanced options • the number of backup copies of objects created by Kaspersky Anti-Virus • the current size of Backup. Here you can delete all the copies in Backup with the Clean up button. Note that in doing so the Quarantine objects and report files will also be deleted. To access dangerous object copies: Left-click anywhere in the Backup box to open the Protection window, which summarises protection given by the application.
  • Page 158: Configuring Backup Settings

    Kaspersky Anti-Virus 6.0 If there is an object in the original location with that name (this is possible if a copy was made of the object being restored prior to disinfection), a warning will be given. You can change the location of the restored object or rename it.
  • Page 159 Advanced options The Reports tab lists the latest reports on all components and virus scan tasks run during the current session of Kaspersky Anti-Virus. The status is listed beside each component or task, for example, stopped or complete. If you want to view the full history of report creation for the current session of the program, check Show report history.
  • Page 160 Kaspersky Anti-Virus 6.0 • The Settings tab displays settings used by protection components, virus scans, or threat signature updates. • The Macros and Registry tabs are only in the Proactive Defense report and contain information about all macros which attempted to run on your computer, and on all attempts to modify the operating system registry.
  • Page 161: Configuring Report Settings

    Advanced options 14.3.1. Configuring report settings To configure settings for creating and saving reports: Open the Kaspersky Anti-Virus settings window by clicking Settings in the main program window. Select Data files from the settings tree. Edit the settings in the Reports box (see fig. 58) as follows: •...
  • Page 162: The Events Tab

    Kaspersky Anti-Virus 6.0 Figure 59. List of detected dangerous objects Dangerous objects detected by Kaspersky Anti-Virus are processed using the Neutralize button (for one object or a group of selected objects) or Neutralize all (to process all the objects on the list). When each object is processed, a notification will be displayed on the screen, where you must decide what actions will be taken next.
  • Page 163: The Statistics Tab

    Advanced options Figure 60. Events that take place in component operation The format for displaying events in the event log may vary with the component or task. The following information is given for update tasks: • Event name • Name of the object involved in the event •...
  • Page 164: The Settings Tab

    Kaspersky Anti-Virus 6.0 Figure 61. Component statistics 14.3.5. The Settings tab The Settings tab (see fig. 62) displays a complete overview of the settings for components, virus scans and program updates. You can find out the current security level for a component or virus scan, what actions are being taken with dangerous objects, or what settings are being used for program updates.
  • Page 165: The Macros Tab

    Advanced options Figure 62. Component settings • Set the computer’s mode of operation for after a virus scan is complete. You can configure the computer to shut down, restart, or go into standby or sleep mode. To select an option, left-click on the hyperlink until it displays the option you need.
  • Page 166: The Registry Tab

    Kaspersky Anti-Virus 6.0 Figure 63. Detected dangerous macros You can choose view mode for this tab. If you don’t want to view informational events uncheck Show all events. Registry 14.3.7. The The program records operations with registry keys that have been attempted since the program was started on the Registry tab (see fig.
  • Page 167: General Information About The Program

    Advanced options 14.4. General information about the program You can view general information on the program in the Service section of the main window (see fig. 65). Figure 65. Information on the program, the license, and the system it is installed on All the information is broken into three sections: •...
  • Page 168: Managing Licenses

    Kaspersky Anti-Virus 6.0 14.5. Managing licenses Kaspersky Anti-Virus needs a license key to operate. You are provided with a key when you buy the program. It gives you the right to use the program from the day you install the key.
  • Page 169 Advanced options Figure 66. License info Kaspersky Lab regularly has special pricing offers on license extensions for our products. Check for specials on the Kaspersky Lab website in the Products Sales and special offers area. Information about the license key used is available in the License info box in the Service section of the main program window.
  • Page 170: Technical Support

    Kaspersky Anti-Virus 6.0 14.6. Technical Support Kaspersky Anti-Virus provides you with a wide range of options for questions and problems related to program operation. They are all located in Support (see fig. 67) in the Service section. Figure 67. Technical support information Depending on the problem, we provide several technical support services: User forum.
  • Page 171: Creating A Monitored Port List

    Advanced options To obtain technical support online, click the Knowledge Base link. Comments on program operation. This service is designed for posting comments on program operation or describing a problem that surfaced in program operation. You must fill out a special form on the company’s website that describes the situation in detail.
  • Page 172 Kaspersky Anti-Virus 6.0 Figure 68. List of monitored ports To add a new port to the monitored port list: Click on the Add button in the Port settings window. Enter the port number and a description of it in the appropriate fields in the New Port window.
  • Page 173: Checking Your Ssl Connection

    These features of the protocol are used by hackers to spread malicious programs, since most antivirus programs do not scan SSL traffic. Kaspersky Anti-Virus 6.0 has the option of scanning SSL traffic for viruses. When an attempt is made to connect securely to a web resource, a notification will appear on screen (see Figure 69) prompting the user for action.
  • Page 174 Kaspersky Anti-Virus 6.0 Figure 69. Notification on SSL connection detection To scan encrypted connections, Kaspersky Anti-Virus replaces the security certificate requested with a certificate it signs itself. In some cases, programs that are establishing connections will not accept this certificate, resulting in no connection being established.
  • Page 175: Configuring The Kaspersky Anti-Virus Interface

    Advanced options 14.9. Configuring the Kaspersky Anti-Virus interface Kaspersky Anti-Virus gives you the option of changing the appearance of the program by creating and using skins. You can also configure the use of active interface elements such as the system tray icon and popup messages. To configure the program interface, take the following steps: 1.
  • Page 176: Rescue Disk

    Kaspersky Anti-Virus 6.0 Depending on the program operation performed, the system tray icon changes. For example, if a script is being scanned, a small depiction of a script appears in the background of the icon, and if an email is being scanned, an envelope.
  • Page 177: Creating A Rescue Disk

    Advanced options • Microsoft Windows XP Service Pack 2 system files • A set of operating system diagnostic utilities • Kaspersky Anti-Virus program files • Files containing threat signatures To create a rescue disk: Open the program’s main window and select Rescue disk in the Service section.
  • Page 178: Creating An .Iso File

    Kaspersky Anti-Virus 6.0 If you are not creating an emergency disk for the first time, this folder will already contain a set of files made the last time. To use files saved previously, check the corresponding box. Note that a previous version of the rescue disk files will contain outdated threat signatures.
  • Page 179 LAN before scanning your computer. If you do not need to update, cancel network support. To open Kaspersky Anti-Virus, click Start → Programs → Kaspersky Anti-Virus 6.0 → Start. The Kaspersky Anti-Virus main window will open. In system rescue mode, you can only access virus scans and threat signature updates from the LAN (if you have enabled network support in Bart PE).
  • Page 180: Using Advanced Options

    Kaspersky Anti-Virus 6.0 14.11. Using advanced options Kaspersky Anti-Virus provides you with the following advanced features: • Notifications of certain events that occur in the program. • Kaspersky Anti-Virus Self-Defense against modules being disabled, deleted, or edited, as well as password protection for the program.
  • Page 181: Types Of Events And Notification Delivery Methods

    Advanced options Figure 71. Enabling notifications Click on the Settings button to open the Notification settings window. On the Events tab, define the event types from Kaspersky Anti-Virus for which you want notifications, and the notification delivery method (see 14.11.1.1 on pg. 181). Click Email Settings to open Notification Settings window to configure email notification delivery settings, if that is the notification method that is being used (see 14.11.1.2 on pg.
  • Page 182 Kaspersky Anti-Virus 6.0 • Popup messages above the program icon in the system tray that contain an informative message on the event that occurred. To use this notification type, check in the Balloon section across from the event about which you want to be informed.
  • Page 183: Configuring Email Notification

    Advanced options 14.11.1.2. Configuring email notification After you have selected the events (see 14.11.1.1 on pg. 181) about which you wish to receive email notifications, you must set up notification delivery. To do Open the program setup window with the Settings link in the main window.
  • Page 184: Configuring Event Log Settings

    Kaspersky Anti-Virus 6.0 Figure 73. Configuring email notification settings 14.11.1.3. Configuring event log settings To configure event log settings: Open the application settings window with the Settings link in the main window. Select Service in the settings tree. Click Advanced in the Interaction with user section of the right-hand part of the screen.
  • Page 185: Self-Defense And Access Restriction

    Advanced options These limitations are because of the particulars of these operating systems. 14.11.2. Self-Defense and access restriction Kaspersky Anti-Virus ensures your computer’s security against malicious programs, and because of that , it can itself be the target of malicious programs that try to block it or delete it from the computer.
  • Page 186 Kaspersky Anti-Virus 6.0 Figure 74. Configuring program defense To password-protect the program, check Enable password protection. Click on the Settings button to open the Password protection window, and enter the password and area that the access restriction will cover (see fig. 75). You can...
  • Page 187: Resolving Conflicts With Other Applications

    Advanced options 14.11.3. Resolving conflicts with other applications In some cases, Kaspersky Anti-Virus may cause conflicts with other applications installed on a computer. This is because those programs have built-in self- defense mechanisms that turn on when Kaspersky Anti-Virus attempts to inspect them.
  • Page 188: Resetting To Default Settings

    Kaspersky Anti-Virus 6.0 Click the Load button and select the file from which you want to import Kaspersky Anti-Virus settings. 14.13. Resetting to default settings It is always possible to return to the default program settings, which are considered the optimum and are recommended by Kaspersky Lab. This can be done using the Setup Wizard.
  • Page 189: Chapter 15. Working With The Program From The Command Prompt

    CHAPTER 15. WORKING WITH THE PROGRAM FROM THE COMMAND PROMPT You can use Kaspersky Anti-Virus from the command prompt. You can execute the following operations: • Starting, stopping, pausing and resuming the activity of application components • Starting, stopping, pausing and resuming virus scans •...
  • Page 190: Activating The Application

    Kaspersky Anti-Virus 6.0 screen Displays statistics for the component or task on screen STATISTICS Help with command syntax and the list of commands HELP Scans objects for viruses SCAN Begins program update UPDATE Rolls back to the last program update made...
  • Page 191: Managing Program Components And Tasks

    Working with the program from the command prompt Parameter description: Program activation code provided when <activation_code> purchased it. Name of the license key file with the extension *.key. <file_name> Example: avp.com ACTIVATE 00000000-0000-0000-0000-000000000000 avp.com ADDKEY 00000000.key 15.2. Managing program components and tasks You can manage Kaspersky Anti-Virus components and tasks from the command prompt with these commands: •...
  • Page 192: Anti-Virus Scans

    Kaspersky Anti-Virus 6.0 File Anti-Virus Mail Anti-Virus Web Anti-Virus Proactive Defense Updater UPDATER Virus scan task SCAN_OBJECTS My Computer task SCAN_MY_COMPUTER Critical Areas task SCAN_CRITICAL_AREAS Startup Objects task SCAN_STARTUP User-defined task <task name> Components and tasks started from the command prompt are run with the settings configured with the program interface.
  • Page 193 Working with the program from the command prompt To scan objects, you can also start one of the tasks created in Kaspersky Anti- Virus from the command prompt (see 15.1 on pg. 190). The task will be run with the settings specified in the program interface. Parameter description.
  • Page 194 Kaspersky Anti-Virus 6.0 <action> - this parameter sets responses to malicious objects detected during the scan. If this parameter is not defined, the default value is /i2. take no action on the object; simply record information about it in the report.
  • Page 195 Working with the program from the command prompt <exclusions> - this parameter defines objects that are excluded from the scan. It can include several values from the list provided, separated by spaces. Do not scan archives /e:a Do not scan email databases /e:b Do not scan plain text emails /e:m...
  • Page 196: Program Updates

    Kaspersky Anti-Virus 6.0 Examples: Start a scan of RAM, Startup programs, email databases, the directories My Documents and Program Files, and the file test.exe: avp.com SCAN /MEMORY /STARTUP /MAIL "C:\Documents and Settings\All Users\My Documents" "C:\Program Files" "C:\Downloads\test.exe" Pause scan of selected objects and start full computer scan, then continue to scan for viruses within the selected objects: avp.com PAUSE SCAN_OBJECTS /password=<your_password>...
  • Page 197: Rollback Settings

    Working with the program from the command prompt Path to the configuration file with the settings for /C:<settings_file> program updates. You can enter an absolute or relative path to the file. If this parameter is not defined, the values for the settings in the Kaspersky Anti-Virus interface are used.
  • Page 198: Kaspersky Anti-Virus 6.0

    Kaspersky Anti-Virus 6.0 Parameter description: Component or task with the settings being exported. <profile> One of the following values may be used: RTP – all protection components FM – File Anti-Virus EM – Mail Anti-Virus WM – Web Anti-Virus BM - Proactive Defense Path to the file to which the Kaspersky Anti-Virus <filename>...
  • Page 199: Starting The Program

    Working with the program from the command prompt 15.8. Starting the program Command syntax: avp.com 15.9. Stopping the program Command syntax: EXIT /password=<password> Kaspersky Anti-Virus password assigned in the <password> program interface. Note that you cannot execute this command without entering the password. 15.10.
  • Page 200: Return Codes From The Command Line Interface

    15.11. Return codes from the command line interface This section contains a list of return codes from the command line. The general codes may be returned by any command from the command line. The return codes include general codes as well as codes specific to a specific type of task. General return codes Operation completed successfully Invalid setting value...
  • Page 201: Chapter 16. Modifying, Repairing, And Removing The Program

    (public access folder, folder on the hard drive, etc.), make sure that the installer package is in the folder and that you have access to it. Select Start → Programs → Kaspersky Anti-Virus 6.0 for Windows Workstations → Modify, Repair, or Remove.
  • Page 202 Kaspersky Anti-Virus 6.0 Step 1. Installation Welcome window If you take all the steps described above necessary to repair or modify the program, the Kaspersky Anti-Virus installation welcome window will appear. To continue, click the Next button. Step 2. Selecting an operation At this stage, you select which operation you want to run.
  • Page 203: Uninstalling The Program From The Command Prompt

    No. 16.2. Uninstalling the program from the command prompt To uninstall Kaspersky Anti-Virus 6.0 from the command prompt, enter: msiexec /x <package_name> The installation wizard will open. you can use it to uninstall the application (see Chapter 16 on pg. 201).
  • Page 204: Chapter 17. Frequently Asked Questions

    Kaspersky Anti-Virus; here we shall try to answer them here in detail. Question: Is it possible to use Kaspersky Anti-Virus 6.0 with anti-virus products of other vendors? No. We recommend uninstalling anti-virus products of other vendors prior to installation of Kaspersky Anti-Virus to avoid software conflicts.
  • Page 205 Chapter 17 Open Kaspersky Anti-Virus. Use the Settings link in the main window and select the Protection section in the program settings window. Uncheck Run application on system startup and click OK. Reboot the operating system in regular mode. After this contact the Technical Support Service through the Kaspersky Lab’s corporate website (Services Technical Support).
  • Page 206: Appendix A. Reference Information

    APPENDIX A. REFERENCE INFORMATION This appendix contains reference materials on the file formats and extension masks used in Kaspersky Anti-Virus settings. A.1. List of files scanned by extension If you select Scan programs and documents (by extension), File Anti-Virus will scan files with the extensions below in-depth for viruses. Mail Anti-Virus will also scan these files if you enable attachment filtration.
  • Page 207 Appendix A vbs – Visual Basic script vbe – BIOS video extension js, jse – JavaScript source text htm – hypertext document htt – Microsoft Windows hypertext header hta – hypertext program for Microsoft Internet Explorer asp – Active Server Pages script chm –...
  • Page 208: Possible File Exclusion Masks

    Kaspersky Anti-Virus 6.0 pp* – Microsoft Office PowerPoint documents and files, such as: pps – Microsoft Office PowerPoint slide, ppt – presentation, etc. md* – Microsoft Office Access documents and files, such as: mda – Microsoft Office Access work group, mdb – database, etc.
  • Page 209: Possible Threat Exclusion Classifications From The Virus Encyclopedia

    Appendix A Tip: *.* and * exclusion masks can only be used if you assign an excluded threat classification from the Virus Encyclopedia. Otherwise the threat specified will not be detected in any objects. Using these masks without selecting a classification essentially disables monitoring.
  • Page 210 Kaspersky Anti-Virus 6.0 Office Outlook as an exclusion rule. To do so, select Outlook as the exclusion Object and Launching Internet Browser as the Verdict, and enter an allowed domain mask in the Advanced settings field.
  • Page 211: Appendix B. Kaspersky Lab

    APPENDIX B. KASPERSKY LAB Founded in 1997, Kaspersky Lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious programs, unsolicited and unwanted email messages, and hacker attacks.
  • Page 212: Other Kaspersky Lab Products

    Kaspersky Anti-Virus 6.0 B.1. Other Kaspersky Lab Products ® Kaspersky Internet Security 6.0 ® Kaspersky Internet Security 6.0 is an integrated solution for protection of personal computers against the main information-related threats, i.e. viruses, hackers, spam and spyware. A common user interface allows configuration and management of all solution components.
  • Page 213 Appendix B The program employs complex approach to anti-spam filtering of incoming e-mail messages: • Verification against black and white lists of recipients (including addresses of phishing sites). • Inspection of phrases in message body. • Analysis of message text using a self-learning algorithm. •...
  • Page 214 Kaspersky Anti-Virus 6.0 computer and disinfection of dangerous files. Kaspersky OnLine Scanner Pro runs directly in your web browser. Using the service, visitors can: • Exclude archives and email databases from scanning. • Select standard/extended anti-virus databases for scanning. •...
  • Page 215 Appendix B ® Kaspersky Anti-Virus Business Optimal guarantees full-scale anti-virus protection for: • Workstations running Microsoft Windows 98/ME, Microsoft Windows NT/2000/XP Workstation and Linux. • File servers running Microsoft Windows NT 4.0 Server, Microsoft Windows 2000/2003 Server/Advanced Server, Microsoft Windows 2003 Server, Novell Netware, FreeBSD, and Linux, and Samba file storage systems.
  • Page 216 Kaspersky Anti-Virus 6.0 • Hand-held computers (PDAs), running Symbian OS, Microsoft Windows CE and Palm OS, and also smartphones running Microsoft Windows Mobile 2003 for Smartphone and Microsoft Smartphone 2002. ® ® Kaspersky Corporate Suite distribution includes Kaspersky Administration Kit, a unique tool for automated deployment and administration.
  • Page 217: Contact Us

    Appendix B (mail address, IP address, letter size, heading) and analyzes the content of messages and of their attachments using "smart' technologies, including unique graphic signatures for identifying graphic SPAM. The application scans both the message body and the attached files. ®...
  • Page 218: Appendix C. License Agreement

    APPENDIX C. LICENSE AGREEMENT Standard End User License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT (“AGREEMENT”), FOR THE LICENSE OF KASPERSKY ANTI- VIRUS (“SOFTWARE”) PRODUCED BY KASPERSKY LAB (“KASPERSKY LAB”). IF YOU HAVE PURCHASED THIS SOFTWARE VIA THE INTERNET BY CLICKING THE ACCEPT BUTTON, YOU (EITHER AN INDIVIDUAL OR A SINGLE ENTITY) CONSENT TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT.
  • Page 219 All references to “Software” herein shall be deemed to include the software activation code with which you will be provided by Kaspersky Lab as part of the Kaspersky Anti-Virus 6.0. 1. License Grant. Subject to the payment of the applicable license fees, and...
  • Page 220 Kaspersky Anti-Virus 6.0 1.1.7 Kaspersky Lab may ask User to install the latest version of the Software (the latest version and the latest maintenance pack). 1.1.8 You shall not use this Software in automatic, semi-automatic or manual tools designed to create virus signatures, virus detection routines, any other data or code for detecting malicious code or data.
  • Page 221 Appendix C Support Services are provided only if and when you have the latest version of the Software (including maintenance packs) as available on the official Kaspersky Lab website (www.kaspersky.com) installed on your computer. 3. Ownership Rights. The Software is protected by copyright laws. Kaspersky Lab and its suppliers own and retain all rights, titles and interests in and to the Software, including all copyrights, patents, trademarks and other intellectual property rights therein.
  • Page 222 Kaspersky Anti-Virus 6.0 use the Software in a manner for which it was not intended, or (c) use the Software other than as permitted under this Agreement. (vi) The warranties and conditions stated in this Agreement are in lieu of all...
  • Page 223 Appendix C 7. This Agreement contains the entire understanding between the parties with respect to the subject matter hereof and supersedes all and any prior understandings, undertakings and promises between you and Kaspersky Lab, whether oral or in writing, which have been given or may be implied from anything written or said in negotiations between us or our representatives prior to this Agreement and all prior agreements between the parties relating to the matters aforesaid shall cease to have effect as from the Effective Date.

Table of Contents