KAPERSKY ANTI-VIRUS 7.0 User Manual

Table of Contents

Quick Links

Download this manual

KASPERSKY LAB

Kaspersky Anti-Virus 7.0

USER GUIDE

Table of Contents

Need help?

Do you have a question about the ANTI-VIRUS 7.0 and is the answer not in the manual?

Questions and answers

Summary of Contents for KAPERSKY ANTI-VIRUS 7.0

Page 1 KASPERSKY LAB Kaspersky Anti-Virus 7.0 USER GUIDE...
Page 2 K A S P E R S K Y A N T I - V I R U S 7 . 0 User Guide Kaspersky Lab http://www.kaspersky.com Revision date: December, 2007...
Page 3: Table Of Contents
1.5. What to do if you suspect infection ..............15 1.6. Preventing Infection ..................... 16 CHAPTER 2. KASPERSKY ANTI-VIRUS 7.0 .............. 18 2.1. What‟s new in Kaspersky Anti-Virus 7.0 ............. 18 2.2. The elements of Kaspersky Anti-Virus Defense ..........20 2.2.1. Real-Time Protection Components.............. 21 2.2.2.
Page 4 Kaspersky Anti-Virus 7.0 3.2.5. Configuring a virus scan schedule ............... 36 3.2.6. Restricting program access ................37 3.2.7. Application Integrity Control ................37 3.2.8. Finishing the Setup Wizard ................38 3.3. Installing the program from the command prompt ..........38 CHAPTER 4.
Page 5 Contents CHAPTER 7. FILE ANTI-VIRUS ................... 73 7.1. Selecting a file security level ................74 7.2. Configuring File Anti-Virus ................... 75 7.2.1. Defining the file types to be scanned ............76 7.2.2. Defining protection scope ................78 7.2.3. Configuring advanced settings ..............80 7.2.4.
Page 6 Kaspersky Anti-Virus 7.0 10.3.2. Creating a Registry Guard rule ..............122 CHAPTER 11. SCANNING COMPUTERS FOR VIRUSES ........125 11.1. Managing virus scan tasks ................126 11.2. Creating a list of objects to scan ..............126 11.3. Creating virus scan tasks ................128 11.4.
Page 7: Contents
Contents 15.2.2. Configuring Backup settings ..............163 15.3. Reports ......................163 15.3.1. Configuring report settings ............... 166 15.3.2. The Detected tab ..................166 15.3.3. The Events tab ..................167 15.3.4. The Statistics tab ..................168 15.3.5. The Settings tab ..................169 15.3.6.
Page 8 Kaspersky Anti-Virus 7.0 16.11. Viewing Help ....................207 16.12. Return codes from the command line interface ........... 207 CHAPTER 17. MODIFYING, REPAIRING, AND REMOVING THE PROGRAM ..208 17.1. Modifying, repairing, and removing the program using Install Wizard... 208 17.2. Uninstalling the program from the command line .......... 210 CHAPTER 18.
Page 9: Chapter 1. Threats To Computer Security
CHAPTER 1. THREATS TO COMPUTER SECURITY As information technology has rapidly developed and penetrated many aspects of human existence, so the number and range of crimes aimed at breaching in- formation security has grown. Cyber criminals have shown great interest in the activities of both state structures and commercial enterprises.
Page 10: How Threats Spread
Kaspersky Anti-Virus 7.0 Internal, including the actions of company staff and users of home PCs. Actions taken by this group could be deliberate or accidental. The technological factor. This threat group is connected with technical problems – use of obsolete or poor-quality software and hardware to process information.
Page 11 Threats to Computer Security Intranet Your intranet is your internal network, specially designed for handling information within a company or a home network. An intranet is a unified space for storing, exchanging, and accessing information for all the computers on the network. Therefore, if any one network host is infected, other hosts run a significant risk of infection.
Page 12: Types Of Threats
Kaspersky Anti-Virus 7.0 1.3. Types of Threats There are a vast number of threats to computer security today. This section will review the threats that are blocked by Kaspersky Anti-Virus. Worms This category of malicious programs spreads itself largely by exploiting vul- nerabilities in computer operating systems.
Page 13 Threats to Computer Security Spyware This software collects information about a particular user or organization without their knowledge. Spyware often escapes detection entirely. In gen- eral, the goal of spyware is to: trace user actions on a computer; gather information on the contents of your hard drive; in such cas- es, this usually involves scanning several directories and the sys- tem registry to compile a list of software installed on the computer;...
Page 14: Signs Of Infection
Kaspersky Anti-Virus 7.0 word-cracking programs, and other types of programs for cracking network resources or penetrating a system. Kaspersky Anti-Virus uses two methods for detecting and blocking these threat types: Reactive: it is a method designed to search for malicious objects using continuously updating application databases.
Page 15: What To Do If You Suspect Infection
Threats to Computer Security It must be noted that these signs can arise from causes other than viruses. For example, in the case of email, infected messages can be sent with your return address but not from your computer. There are also indirect indications that your computer is infected: Your computer freezes or crashes frequently;...
Page 16: Preventing Infection
Kaspersky Anti-Virus 7.0 puter to the Internet, there is a chance that the virus will send important information to hackers or spread the virus to the addresses in your ad- dress book. That is why if you suspect that your computer has a virus, you should immediately disconnect from the Internet.
Page 17 Threats to Computer Security Rule No. 2: Use caution when copying new data to your computer: Scan all removable storage drives, for example floppies, CD/DVDs, and flash drives, for viruses before using them (see 5.5 on pg. 51). Treat emails with caution. Do not open any files attached to emails un- less you are certain that you were intended to receive them, even if they were sent by people you know.
Page 18: Chapter 2. Kaspersky Anti-Virus 7.0
VIRUS 7.0 Kaspersky Anti-Virus 7.0 heralds a new generation of data security products. What really sets Kaspersky Anti-Virus 7.0 apart from other software, even from other Kaspersky Lab products, is its multi-faceted approach to data security. 2.1. What’s new in Kaspersky Anti- Virus 7.0...
Page 19 Kaspersky Anti-Virus 7.0 scans using iChecker and iSwift. By operating this way, the program rules out scanning files twice. The scan process now runs as a background task, enabling the user to continue using the computer. If there is a competition for system re- sources, the virus scan will pause until the user‟s operation is com-...
Page 20: The Elements Of Kaspersky Anti-Virus Defense
Kaspersky Anti-Virus 7.0 New Program Interface Features The new Kaspersky Anti-Virus interface makes the program‟s functions clear and easy to use. You can also change the program‟s appearance by using your own graphics and color schemes. The program regularly provides you with tips as you use it: Kaspersky Anti-Virus displays informative messages on the level of protection and includes a thorough Help section.
Page 21: Real-Time Protection Components
Kaspersky Anti-Virus 7.0 Kaspersky Anti-Virus includes: Real-time protection components (see 2.2.1 on pg. 21) providing real- time protection of all data transfer and input paths through your com- puter. Virus Scan Tasks (see 2.2.2 on pg. 22) used to scan individual files, folders, drives, or areas for viruses or to perform a full computer scan.
Page 22: Virus Scan Tasks
Kaspersky Anti-Virus 7.0 Web Anti-Virus is specially designed to combat these risks, by intercepting and blocking scripts on web sites if they pose a threat, and by thoroughly monitoring all HTTP traffic. Proactive Defense The number of malicious programs grows daily. Such programs become more complex combining several types of threats and modifying delivery routes.
Page 23: Update
Kaspersky Anti-Virus 7.0 There is also the option to create other virus-scan tasks and create a schedule for them. For example, you can create a scan task for mailboxes once per week, or a virus scan task for the My Documents folder.
Page 24: Hardware And Software System Requirements
Kaspersky Anti-Virus by phone. 2.3. Hardware and software system requirements For Kaspersky Anti-Virus 7.0 to run properly, your computer must meet these minimum requirements: General Requirements: 50 MB of free hard drive space CD/DVD-ROM drive (for installing Kaspersky Anti-Virus 7.0 from an in-...
Page 25: Software Packages
Kaspersky Anti-Virus 7.0 128 MB of RAM Microsoft Windows Vista, Microsoft Windows Vista x64: Intel Pentium 800 MHz 32-bit (x86)/ 64-bit (x64) or faster (or compati- ble) 512 MB of RAM 2.4. Software packages You can purchase the boxed version of Kaspersky Anti-Virus from our resellers, or download it from Internet shops, including the eStore section of www.kaspersky.com.
Page 26: Support For Registered Users
Kaspersky Anti-Virus 7.0 2.5. Support for registered users Kaspersky Lab provides its registered users with an array of services to make Kaspersky Anti-Virus more effective. When the program has been activated, you become a registered user and will have the following services available until the key expires:...
Page 27: Chapter 3. Installing Kaspersky Anti-Virus 7.0
CHAPTER 3. INSTALLING KASPERSKY ANTI-VIRUS There are several ways to install Kaspersky Anti-Virus 7.0 to a host: interactively, using the application Installation Wizard (see 3.1 on pg. 27); this mode requires user input for the install to proceed; non-interactively, this type of install is performed from the command line and does not require any user input for the install to proceed (see 3.3...
Page 28 Kaspersky Anti-Virus 7.0 Next – accepts an action and moves forward to the next step of installa- tion. Back – goes back to the previous step of installation. Cancel – cancels product installation. Finish – completes the program installation procedure.
Page 29 Installing Kaspersky Anti-Virus 7.0 well as configure the installation using a special wizard (see 3.2 on pg. 31). Under the former option, the install will be performed non-interactively, i. e. sub- sequent steps described in this section will be skipped. In the latter case, you will be required to enter or confirm certain data.
Page 30 Kaspersky Anti-Virus 7.0. We also recommend saving Quarantine and Backup objects. These objects will automat- ically be moved to the Kaspersky Anti-Virus Quarantine and Backup and you can continue working with them.
Page 31: Setup Wizard
Next to go on to the Setup Wizard. 3.2. Setup Wizard The Kaspersky Anti-Virus 7.0 Setup Wizard starts once the program has finished installation. It is designed to help you configure the initial program settings to conform to the features and uses of your computer.
Page 32: Using Objects Saved With Version 5.0
Kaspersky Anti-Virus 7.0 You can skip this initial settings stage when installing the program by closing the Wizard window. In the future, you can run it again from the program interface if you restore the default settings for Kaspersky Anti-Virus (see 15.9.4 on pg. 189).
Page 33: Entering The Activation Code
Anti-Virus 7.0. Activate later. If you choose this option, you will skip the activation stage. Kaspersky Anti-Virus 7.0 will be installed on your computer and you will have access to all program features except updates (you can only update the application once after installation).
Page 34: User Registration
3.2.2.5. Selecting a Key File If you have a key file for Kaspersky Anti-Virus 7.0, the Wizard will ask if you want to install it. If you do, use the Browse button and select the file path for the file with the .key extension in the file selection window.
Page 35: Completing Program Activation
Installing Kaspersky Anti-Virus 7.0 3.2.2.6. Completing program activation The Setup Wizard will inform you that the program has been successfully acti- vated. It will also display information on the license key installed: owner name, key code, key type (commercial, for beta testing, trial, etc.), and expiration date.
Page 36: Configuring Update Settings
Kaspersky Anti-Virus 7.0 3.2.4. Configuring update settings Your computer‟s security depends directly on updating databases and program modules on a regular basis. In this window, the Setup Wizard asks you to select a mode for program updates, and to configure a schedule.
Page 37: Restricting Program Access
Installing Kaspersky Anti-Virus 7.0 Full computer scan For a full virus scan of your computer to run automatically, check the appro- priate box. You can configure the schedule by clicking Change. The default setting, for scheduled running of this task, is disabled. However, we recommend running a full virus scan of your computer immediately after installing the program.
Page 38: Finishing The Setup Wizard
Kaspersky Anti-Virus 7.0 In the future, Kaspersky Anti-Virus will use information obtained while analyzing application structure to prevent malicious code from being imbedded in applica- tion modules. Analyzing the applications installed on your computer may take some time. 3.2.8. Finishing the Setup Wizard The last window of the Wizard will ask if you want to restart your computer to complete the program installation.
Page 39: Chapter 4. Program Interface
CHAPTER 4. PROGRAM INTERFACE Kaspersky Anti-Virus has a straightforward, user-friendly interface. This chapter will discuss its basic features: Icon in the taskbar notification area (see 4.1 on pg. 39) Context menu (see 4.2 on pg. 40) Main window (see 4.3 on pg. 41) Program settings window (see 4.4 on pg.
Page 40: The Context Menu
Kaspersky Anti-Virus 7.0 Emails are being scanned. Scripts are being scanned. A file that you or some program is opening, saving, or running is being scanned. Kaspersky Anti-Virus databases and program modules are being up- dated. Computer needs to reboot to apply updates.
Page 41: Main Program Window
Program interface Activate – activate the program. You must activate your version of Kas- persky Anti-Virus to obtain registered user status which provides access to the full functionality of the application and Technical Support. This menu item is only available if the program is not activated. Settings –...
Page 42 Kaspersky Anti-Virus 7.0 computer is properly protected while yellow and red are indications of various problems in Kaspersky Anti-Virus configuration or operation. To obtain detailed troubleshooting information and speedy problem res- olution, use the Security Wizard which opens when the security threat notification link is clicked.
Page 43 Program interface Main Window Section Purpose The primary purpose of the Protection section is to provide access to your com- puter‟s basic real-time protection compo- nents. To view the status of a protection compo- nent or its modules, to configure its settings or open a relevant report, select this com- ponent from the list under Protection.
Page 44 Kaspersky Anti-Virus 7.0 The Update section contains information on application updates: database publica- tion date and virus signature record count. Appropriate links may be used to start an update, view a detailed report, configure updates, and roll an update back to a pre- vious version.
Page 45: Program Settings Window
Program interface The lower left-hand side of the window houses two buttons: Help, which provides access to the Kaspersky Anti-Virus help system, and Settings, which opens the application settings window. 4.4. Program settings window You can open the Kaspersky Anti-Virus settings window from the main window (see 4.3 on pg.
Page 46 Kaspersky Anti-Virus 7.0 Figure 3. Kaspersky Anti-Virus settings window...
Page 47: Chapter 5. Getting Started
CHAPTER 5. GETTING STARTED One of Kaspersky Lab‟s main goals in creating Kaspersky Anti-Virus was to pro- vide optimum configuration for each of the program‟s options. This makes it possible for a user with any level of computer literacy to quickly protect their computer straight after installation.
Page 48 Kaspersky Anti-Virus 7.0 The following color codes are used to show protection status: Application Main Window is green. This status is an indication that your computer is properly protected. Which means that the databases have been updated in a timely man-...
Page 49: Verifying The Status Of Each Individual Protection Component
Getting started Postpone threat elimination. If for any reason you cannot immediately eliminate the threat, you can postpone that action and come back to it later. To do so, use the Postpone link. Note that this option is not available for serious threats. Such threats in- clude, for example, malicious objects that cannot be disinfected, crash- es in components, or corrupted program database files.
Page 50: How To Scan Your Computer For Viruses
Kaspersky Anti-Virus 7.0 your own, save the component report to a file using Action → Save As and contact Kaspersky Lab Technical Support. Component status may be followed by information on settings being used by the component (such as, security level, action to be applied to dangerous objects). If a component consists of more than one module, module status is displayed: enabled or disabled.
Page 51: How To Scan Critical Areas Of The Computer
Getting started 5.4. How to scan critical areas of the computer There are areas on your computer that are critical from a security perspective. These are the targets of malicious programs aimed at damaging your operating system, processor, memory, etc. It is extremely important to protect these critical areas so that your computer keeps running.
Page 52: How To Update The Program
Kaspersky Anti-Virus 7.0 Figure 4. Scanning an object selected using a standard Microsoft Windows context-sensitive menu A scan of the selected object will then begin, and the details will be shown in a special window. When you click the Close button, the window with information about installation progress will be hidden.
Page 53: What To Do If Protection Is Not Running
Getting started As a result, Kaspersky Anti-Virus will begin the update process, and display the details of the process in a special window. 5.7. What to do if protection is not running If problems or errors arise in the performance of any protection component, be sure to check its status.
Page 54: Chapter 6. Protection Management System
By default, Kaspersky Anti-Virus boots at startup and protects your computer the entire time you are using it. The words Kaspersky Anti-Virus 7.0 in the upper right-hand corner of the screen let you know this. All real-time protection com- ponents (see 2.2.1 on pg.
Page 55: Pausing Protection
Protection management system Note that in this case protection is discussed in the context of the protection components. Disabling or pausing protection components does not affect the performance of virus scan tasks or program updates. 6.1.1. Pausing protection Pausing real-time protection means temporarily disabling all the protection com- ponents that monitor the files on your computer, incoming and outgoing email, executable scripts and application behavior.
Page 56: Stopping Protection
Kaspersky Anti-Virus 7.0 Figure 5. Pause protection window 6.1.2. Stopping protection Stopping protection means fully disabling your real-time protection components. Virus scans and updates continue to work in this mode. If protection is stopped, it can be only be resumed by the user: protection com- ponents will not automatically resume after system or program restarts.
Page 57: Pausing / Stopping Individual Protection Components
Protection management system 6.1.3. Pausing / Stopping Individual Protection Components There are several ways to stop a protection component. Before doing so, you are strongly advised to establish why you need to stop it. It is likely that the problem can be solved in another way, for example, by changing the security level.
Page 58: Advanced Disinfection Technology
Advanced malware can infiltrate the lowest levels of the operating system which makes them practically impossible to remove. When an active threat is discov- ered on the system, Kaspersky Anti-Virus 7.0 suggests a special extended disin- fection procedure which will disable and remove the threat from the computer.
Page 59: Runtime Computer Performance
Protection management system tection, and check Disable scheduled scans while running on battery power under Additional (see Figure 6). 6.4. Runtime Computer Performance To limit CPU and storage subsystem loads, virus scan tasks may be postponed. Scanning for viruses increases CPU and storage subsystem loads thereby slow- ing other programs down.
Page 60: Running Virus Scans And Updates As Another User
6.6. Running Virus Scans and Updates as Another User Kaspersky Anti-Virus 7.0 has a feature that can start scan tasks under another user profile (impersonation). This feature is by default disabled, and tasks are run as the current user.
Page 61: Configuring Scheduled Tasks And Notifications
Protection management system Figure 8. Configuring an update task from another profile 6.7. Configuring Scheduled Tasks and Notifications Scheduling configuration is the same for virus scan tasks, application updates, and Kaspersky Anti-Virus runtime messages. By default, the virus scan tasks created at application install are disabled. The only exception is a scan of startup objects which is run every time Kaspersky Anti-Virus is started.
Page 62 Kaspersky Anti-Virus 7.0 Figure 9. Creating Task Execution Schedule Days. Tasks will be started or notifications sent every few days. Specify the interval length in the schedule settings: Select Every N days and specify N, if you wish to keep an interval of a certain number of days.
Page 63: Types Of Malware To Monitor
Protection management system 6.8. Types of Malware to Monitor Kaspersky Anti-Virus protects you from various types of malicious programs. Regardless of your settings, the program always protects your computer from the most dangerous types of malware such as viruses, trojans, and hack tools. These programs can do significant damage to your computer.
Page 64: Creating A Trusted Zone
Kaspersky Anti-Virus 7.0 Figure 10. Selecting Threats to Monitor 6.9. Creating a trusted zone A trusted zone is a list of objects created by the user, that Kaspersky Anti-Virus does not monitor. In other words, it is a set of programs excluded from protec- tion.
Page 65: Exclusion Rules
Protection management system Figure 11. Creating a trusted zone 6.9.1. Exclusion rules Exclusion rules are sets of conditions that Kaspersky Anti-Virus uses to deter- mine not to scan an object. You can exclude files of certain formats from the scan, use a file mask, or ex- clude a certain area, such as a folder or a program, program processes, or ob- jects according to their Virus Encyclopedia threat type classification.
Page 66 Kaspersky Anti-Virus 7.0 Kaspersky Anti-Virus, see the Virus Encyclopedia at www.viruslist.com). After the scan, these programs may be blocked. Since several of them are very common, you have the option of excluding them from the scan. To do so, you must add threat name or mask to the trusted zone using the Virus Encyclopedia classifica- tion.
Page 67 Protection management system Figure 12. Creating an exclusion rule Assign values to the selected exclusion types. To do so, left-click in the Rule description section on the specify link located next to the exclu- sion type: For the Object type, enter its name in the window that opens (this can be a file, a particular folder, or a file mask (see A.2 on pg.
Page 68 Kaspersky Anti-Virus 7.0 Launching Internet Browser. For this threat, you can list browser open settings as additional exclusion settings. For example, you blocked browsers from opening with certain settings in the Proactive Defense application activity analysis. However, you want to allow the browser to open for the domain www.kasperky.com with a link from Microsoft Office Outlook as...
Page 69 Protection management system In the window that opens, be sure that all the exclusion rule settings match your needs. The program will fill in the object name and threat type automatically, based on information from the notification. To create the rule, click OK. To create an exclusion rule from the report window: Select the object in the report that you want to add to the exclusions.
Page 70: Trusted Applications
Kaspersky Anti-Virus 7.0 6.9.2. Trusted applications Kaspersky Anti-Virus provides the capability to create a list of trusted applica- tions whose activity, suspicious or otherwise, or file, network, and system registry access, is not monitored. For example, you feel that objects and processes used by Microsoft Windows Notepad are safe and do not need to be scanned.
Page 71 Protection management system The file path is inserted automatically when you select its name. Figure 15. Trusted application list Figure 16. Adding an application to the trusted list...
Page 72 Kaspersky Anti-Virus 7.0 Specify which actions performed by this process will not be monitored: Do not scan opened files – excludes from the scan all files that the trusted application process. Do not restrict application activity – excludes from Proactive De- fense monitoring any activity, suspicious or otherwise, that the trusted application performs.
Page 73: Chapter 7. File Anti-Virus
CHAPTER 7. FILE ANTI-VIRUS The Kaspersky Anti-Virus component that protect your computer files against infection is called File Anti-Virus. It loads when you start your operating system, runs in your computer‟s RAM, and scans all files opened, saved, or executed. The component‟s activity is indicated by the Kaspersky Anti-Virus icon in the taskbar notification area, which looks like this whenever a file is being...
Page 74: Selecting A File Security Level
Kaspersky Anti-Virus 7.0 7.1. Selecting a file security level File Anti-Virus protects files that you are using at one of the following levels (see Figure 17): Maximum Protection – the level with the most comprehensive monitor- ing of files opened, saved, or run.
Page 75: Configuring File Anti-Virus
File Anti-Virus Example: The work you do on your computer uses a large number of file types, and some the files may be fairly large. You would not want to run the risk of skipping any files in the scan because of the size or extension, even if this would somewhat affect the productivity of your computer.
Page 76: Defining The File Types To Be Scanned
Kaspersky Anti-Virus 7.0 7.2.1. Defining the file types to be scanned When you select file types to be scanned, you establish what file formats, sizes, and what drives will be scanned for viruses when opened, executed, or saved. To make configuration easier, all files are divided into two groups: simple and compound.
Page 77 File Anti-Virus Figure 18. Selecting the file types scanned for viruses Tip: Do not forget that someone could send a virus to your computer with an exten- sion (e.g. .txt) that is actually an executable file renamed as a .txt file. If you select Scan programs and documents (by extension), the scan would skip such a file.
Page 78: Defining Protection Scope
Kaspersky Anti-Virus 7.0 Scan archives – scans .zip, .cab, .rar, and .arj archives. Scan installation packages – scans self-extracting archives for viruses. Scan embedded OLE objects – scans objects imbedded in files (for exam- ple, Microsoft Office Excel spreadsheets or macros imbedded in a Microsoft Office Word file, email attachments, etc.).
Page 79 File Anti-Virus Combine methods one and two – create a protection scope that ex- cludes a number of objects. Figure 19. Creating a protected zone You can use masks when you add objects for scanning. Note that you can only enter masks will absolute paths to objects: C:\dir\*.* or C:\dir\* or C:\dir\ –...
Page 80: Configuring Advanced Settings
Kaspersky Anti-Virus 7.0 Warning! Remember that File Anti-Virus will scan only the files that are included in the pro- tection scope created. Files not included in that scope will be available for use without being scanned. This increases the risk of infection on your computer.
Page 81 File Anti-Virus The file scanning mode determines the File Anti-Virus processing conditions. You have following options: Smart mode. This mode is aimed at speeding up file processing and return them to the user. When it is selected, a decision to scan is made based on analyzing the operations performed with the file.
Page 82: Using Heuristic Analysis
Kaspersky Anti-Virus 7.0 You can temporarily disable the pause on File Anti-Virus when using a specific application. To do so, uncheck the name of the application. You do not have to delete it from the list. Figure 22. Creating an application list 7.2.4.
Page 83 File Anti-Virus Delete the object Skip (if you are positive that the object cannot be malicious). To use the heuristic method, select Use heuristic analyzer. You can addi- tionally select the level of detail of the scan. To do so, move the slider to one of these positions: Shallow, Medium, or Detail.
Page 84: Restoring Default File Anti-Virus Settings
Kaspersky Anti-Virus 7.0 The Heuristic analyzer tab (see Figure 23) may be used to disable / enable File Anti-Virus heuristic analysis for unknown threats. This requires that the following steps be performed: Open the application settings window and select File Anti-Virus under Protection.
Page 85 File Anti-Virus To edit an action for an object: open the application settings window and select File Anti-Virus under Pro- tection. All potential actions are displayed in the appropriate sections (see Figure 24). Figure 24. Possible File Anti-Virus actions with dangerous objects If the action selected was When it detects a dangerous object File Anti-Virus issues a warning message contain-...
Page 86: Postponed Disinfection
Kaspersky Anti-Virus 7.0 If the action selected was When it detects a dangerous object will delete it. Delete When disinfecting or deleting an object, Kaspersky Anti-Virus creates a backup copy before it attempts to treat the object or delete it, in case the object needs to be restored or an opportunity arises to treat it.
Page 87: Chapter 8. Mail Anti-Virus
CHAPTER 8. MAIL ANTI-VIRUS Mail Anti-Virus is Kaspersky Anti-Virus‟s component to prevent incoming and outgoing email from transferring dangerous objects. It starts running when the operating system boots up, stays active in your system memory, and scans all email on protocols POP3, SMTP, IMAP, MAPI and NNTP, as well as secure connections (SSL) using POP3 and IMAP.
Page 88: Selecting An Email Security Level
Kaspersky Anti-Virus 7.0 If no malicious code is discovered in the email, it is immediately made available again to the user. A special plug-in (see 8.2.2 on pg. 92) is provided for Microsoft Office Outlook that can configure email scans more exactly.
Page 89: Configuring Mail Anti-Virus
Mail Anti-Virus You can raise or lower the email security level by selecting the level you want, or editing the settings for the current level. To change the security level: Adjust the sliders. By altering the security level, you define the ratio of scan speed to the total number of objects scanned: the fewer email objects are scanned for dangerous objects, the higher the scan speed.
Page 90: Selecting A Protected Email Group
Kaspersky Anti-Virus 7.0 Settings defining the use of heuristic methods(see 8.2.4 on pg. 95) Email scan settings for Microsoft Office Outlook (see 8.2.2 on pg. 92) and The Bat! (see 8.2.3 on pg. 93) settings that define actions for dangerous email objects (see 8.2.4 on pg.
Page 91 Mail Anti-Virus Figure 26. Mail Anti-Virus settings You can configure the filtration conditions for objects connected to an email in the Attachment Filter section: Disable filtering – do not use additional filtration for attachments. Rename selected attachment types – filter out a certain attachment format and replace the last character of the file name with an unders- core.
Page 92: Configuring Email Processing In Microsoft Office Outlook
Kaspersky Anti-Virus 7.0 8.2.2. Configuring email processing in Microsoft Office Outlook If you use Microsoft Office Outlook as your email client, you can set up custom configurations for virus scans. A special plug-in is installed in Microsoft Office Outlook when you install Kas- persky Anti-Virus.
Page 93: Configuring Email Scans In The Bat
Mail Anti-Virus Figure 27. Configuring Mail Anti-Virus settings in Microsoft Office Outlook 8.2.3. Configuring email scans in The Bat! Actions taken on infected email objects in The Bat! are defined with the pro- gram's own tools.
Page 94 Kaspersky Anti-Virus 7.0 Warning! The Mail Anti-Virus settings that determine whether incoming and outgoing email is scanned, as well as actions on dangerous email objects and exclu- sions, are ignored. The only settings that The Bat! takes into account relate to scanning archived attachments and time limits on scanning emails (see 8.2.1...
Page 95: Using Heuristic Analysis
Mail Anti-Virus The actions taken by the email client when dangerous objects are de- tected in emails. For example, you could select: Try to cure infected parts – tries to treat the infected email object, and if the object cannot be disinfected, it stays in the email. Kaspersky Anti-Virus will always inform you if an email is infected.
Page 96: Restoring Default Mail Anti-Virus Settings
Kaspersky Anti-Virus 7.0 Figure 29. Using Heuristic Analysis Heuristic methods of detecting new threats may be enabled / disabled for the Mail Anti-Virus component using the Heuristic Analyzer tab. This requires that the following steps be performed: Open the application settings window and select Mail Anti-Virus under Protection.
Page 97: Selecting Actions For Dangerous Email Objects
Mail Anti-Virus To restore the default Mail Anti-Virus settings: Open the application settings window and select Mail Anti-Virus under Protection. Click the Default button under Security Level (see Figure 25). 8.2.6. Selecting actions for dangerous email objects If a scan shows that an email or any of its parts (body, attachment) is infected or suspicious, the steps taken by Mail Anti-Virus depend on the object status and the action selected.
Page 98 Kaspersky Anti-Virus 7.0 If the action selected was When a dangerous object is detected Mail Anti-Virus will issue a warning mes- Prompt for action sage containing information about what malicious program has infected (potentially infected) the file and gives you the choice of one of the following actions.
Page 99: Chapter 9. Web Anti-Virus
CHAPTER 9. WEB ANTI-VIRUS Whenever you use the Internet, information stored on your computer is open to the risk of infection by dangerous programs, which can penetrate your computer when you read an article on the Internet. Web Anti-Virus is Kaspersky Anti-Virus‟s component for guarding your computer during Internet use.
Page 100: Selecting Web Security Level
Kaspersky Anti-Virus 7.0 Web Anti-Virus guards HTTP traffic as follows: Each web page or file that can be accessed by the user or by a certain application via HTTP is intercepted and analyzed by Web Anti-Virus for malicious code. Malicious objects are detected using both the databas- es included in Kaspersky Anti-Virus, and the heuristic algorithm.
Page 101 Web Anti-Virus but limits the caching time for file fragments, thus accelerating the scan and returning objects to the user sooner. High Speed – the security level with settings that let you comfortably use resource-intensive applications, since the scope of objects scanned is reduced by using a limited set of application databases.
Page 102: Configuring Web Anti-Virus
Kaspersky Anti-Virus 7.0 through HTTP traffic, because there is no centralized web protection and due to the use of dial-up to connect to the Internet. It is recommended that you use Maximum Protection as your starting point, with the following changes: you are advised to limit the caching time for file fragments during the scan.
Page 103 Web Anti-Virus pying and processing large objects because of the connection with the HTTP client timing out. We suggest limiting the caching time for web object fragments downloaded from the Internet to solve this problem. When this time limit expires, the user will re- ceive the downloaded part of the file without it being scanned, and once the ob- ject is fully copied, it will be scanned in its entirety.
Page 104: Creating A Trusted Address List
Kaspersky Anti-Virus 7.0 9.2.2. Creating a trusted address list You have the option of creating a list of trusted addresses whose contents you fully trust. Web Anti-Virus will not analyze data from those addresses for danger- ous objects. This option can be used in cases where Web Anti-Virus repeatedly blocks the download of a particular file.
Page 105: Restoring Default Web Anti-Virus Settings
Web Anti-Virus Open the application settings window and select Web Anti-Virus under Protection. Click the Customize button in the Security Level area. Select Heuristic Analyzer tab in the resulting dialog (see Figure 33). To use heuristic methods, check Use Heuristic Analyzer. In addition, scan resolution may be set by moving the slider to one of the following settings: Shal- low, Medium, or Detail.
Page 106: Selecting Responses To Dangerous Objects
Kaspersky Anti-Virus 7.0 Click the Default button under Security Level (see Figure 31). 9.2.5. Selecting responses to dangerous objects If analyzing an HTTP object shows that it contains malicious code, the Web Anti- Virus response depends on the actions you select.
Page 107 Web Anti-Virus Web Anti-Virus always blocks dangerous scripts, and issues popup messages that inform the user of the action taken. You cannot change the response to a dangerous script, other than by disabling the script scanning module.
Page 108: Chapter 10. Proactive Defense
CHAPTER 10. PROACTIVE DEFENSE Warning! There is no Application Integrity Control component in this version of the ap- plication for computers running Microsoft Windows XP Professional x64 Edition, Microsoft Windows Vista or Microsoft Windows Vista x64. Kaspersky Anti-Virus protects you both from known threats and from new ones about which there is no information in the application databases.
Page 109 Proactive Defense Proactive Defense tracks and blocks all dangerous operations by using the set of rules together with a list of excluded applications. In operation, Proactive Defense uses a set of rules included with the program, as well as rules created by the user while using the program. A rule is a set of crite- ria that determine a set of suspicious behaviors and Kaspersky Anti-Virus's reac- tion to them.
Page 110 Kaspersky Anti-Virus 7.0 base of dangerous activity types comes with Kaspersky Anti-Virus and is updated with the application databases). Integrity of the program modules of the programs installed on your computer, which helps avoid application modules being substituted for malicious code embedded in them.
Page 111 Proactive Defense ules, and of the application itself. You can create rules (see 10.2 on pg. 115) for monitoring the integrity of modules from any application. To do so, add that application to the list of monitored applications. Figure 35. Proactive Defense settings This Proactive Defense component is not available under Microsoft Windows XP Professional x64 Edition, Microsoft Windows Vista or Mi- crosoft Windows Vista x64.
Page 112: Activity Monitoring Rules
Kaspersky Anti-Virus 7.0 10.1. Activity Monitoring Rules Note that configuring application control under Microsoft Windows XP Profes- sional x64 Edition, Microsoft Windows Vista or Microsoft Windows Vista x64 dif- fers from the configuration process on other operating systems. Information about configuring activity control for these operating systems is pro- vided at the end of this section.
Page 113 Proactive Defense Suspicious values in registry. The system registry is a database for stor- ing system and user settings that control the operation of Microsoft Windows, as well as any utilities established on the computer. Malicious programs, attempting to mask their presence in the system, copy incor- rect values in registry keys.
Page 114 Kaspersky Anti-Virus 7.0 Figure 36. Configuring application activity control To edit a dangerous activity monitoring rule, select it from the list and assign the rule settings in the lower part of the tab: Assign the Proactive Defense response to the dangerous activity.
Page 115: Application Integrity Control
Proactive Defense suspicious activities basing on the list of rules, created by Kaspersky Lab spe- cialists. If you want Kaspersky Anti-Virus to monitor the activity of system processes in addition to user processes, select the Watch system user accounts check- box (see Figure 37).
Page 116: Configuring Application Integrity Control Rules
Kaspersky Anti-Virus 7.0 Proactive Defense monitors critical applications and analyzes their activity, inte- grity of the modules of those applications, and observes other processes which they spawn. Kaspersky Anti-Virus comes with a list of critical applications, each of which has its own monitoring rule to control application activity. You can ex- tend this list of critical applications, and delete or edit the rules for the applica- tions on the list provided.
Page 117 Proactive Defense Proactive Defense analyzes the following operations involving critical applica- tions: their launch, changing the makeup of application modules, and starting an application as a child process. You can select the Proactive Defense response to each of the operations listed (allow or block the operation), and also specify whether to log component activity in the component report.
Page 118: Creating A List Of Common Components
Kaspersky Anti-Virus 7.0 Define the Proactive Defense response to attempts to execute the critical application, change its makeup, or start it as a child process. You can use any of these actions as a response: allow, prompt for action, or block. Left-click on the action link until it reaches the val- ue that you need.
Page 119: Registry Guard
Proactive Defense To add to the trusted module list, click Add and in the standard file selection window, and select the module. Figure 39. Configuring the trusted module list 10.3. Registry Guard One of the goals of many malicious programs is to edit the Microsoft Windows system registry on your computer.
Page 120 Kaspersky Anti-Virus 7.0 Click the Settings button in the Registry Guard section (see Figure 35). Kaspersky Lab has created a list of rules that control registry file operations, and have included it in the program. Operations with registry files are categorized into logical groups such as System Security, Internet Security, etc.
Page 121: Selecting Registry Keys For Creating A Rule
Proactive Defense Take these steps in the window that opens: Enter the name of the new file group for monitoring system registry keys in the Group name field. Select the Keys tab, and create a list of registry files that will be in- cluded in the monitored group (see 10.3.1 on pg.
Page 122: Creating A Registry Guard Rule
Kaspersky Anti-Virus 7.0 Figure 41. Adding controlled registry keys 10.3.2. Creating a Registry Guard rule A Registry Guard rule specifies: The program whose access to the system registry is being monitored Proactive Defense‟s response when a program attempts to execute an...
Page 123 Proactive Defense The rule is created for any application by default. If you want the rule to apply to a specific application, left-click on any and it will change to this. Then click on the specify application name link. A context menu will open: click Browse to see the standard file selec- tion window, or click Applications to see a list of open applica- tions, and select one of them as necessary.
Page 124 Kaspersky Anti-Virus 7.0 You can also create an allow rule (i.e. all actions are allowed) for a system regi- stry object from a notification window stating that a program is trying to execute an operation with an object. To do so, click Create allow rule in the notification and specify the system registry object that the rule will apply to in the window that opens.
Page 125: Chapter 11. Scanning Computers For Viruses
CHAPTER 11. SCANNING COMPUTERS FOR VIRUSES One of the important aspects of protecting your computer is scanning user- defined areas for viruses. Kaspersky Anti-Virus can scan individual items – files, folders, disks, removable devices – or the entire computer. Scanning for viruses stops malicious code which has gone undetected by real-time protection compo- nents from spreading.
Page 126: Managing Virus Scan Tasks
Kaspersky Anti-Virus 7.0 with the standard tools of the Microsoft Windows operating system (for example, in the Explorer program window or on your Desktop). You can view a complete list of virus scan tasks for your computer by clicking on Scan in the left-hand pane of the main application window.
Page 127 Scanning computers for viruses Figure 43. List of objects to scan Object scan lists are already made for default tasks created when you install the program. When you create your own tasks or select an object for a virus scan task, you can create a list of objects.
Page 128: Creating Virus Scan Tasks
Kaspersky Anti-Virus 7.0 Figure 44. Scanning objects from the Microsoft Windows context menu 11.3. Creating virus scan tasks To scan objects on your computer for viruses, you can use built-in scan tasks included with the program and create your own tasks. New scan tasks are created using existing tasks that a template.
Page 129: Configuring Virus Scan Tasks
Scanning computers for viruses To rename an existing task: select the task under Scan in the application main window and click Re- name. Enter the new name for the task in the window that opens and click OK. The task name will also be changed in the Scan section.
Page 130: Selecting A Security Level
Kaspersky Anti-Virus 7.0 In addition, you can configure global settings (see 11.4.8 on pg. 139) for running all tasks. The following sections examine the task settings listed above in detail. 11.4.1. Selecting a security level Each virus scan task can be assigned a security level (see Figure 45): Maximum Protection –...
Page 131: Specifying The Types Of Objects To Scan
Scanning computers for viruses Click on Customize under Security Level (see Figure 45). Edit file protection parameters in the resulting window and click OK. 11.4.2. Specifying the types of objects to scan By specifying the types of objects to scan, you establish which file formats, files sizes, and drives will be scanned for viruses when this task runs.
Page 132 Kaspersky Anti-Virus 7.0 Figure 46. Configuring scan settings In the Productivity section, you can specify that only new files and those that have been modified since the previous scan or new files should be scanned for viruses. This mode noticeably reduces scan time and increases the program‟s performance speed.
Page 133: Additional Virus Scan Settings
Scanning computers for viruses Warning! Kaspersky Anti-Virus does not delete compressed file formats that it does not support (for example, .ha, .uue, .tar) automatically, even if you select the option of automatically curing or deleting if the objects cannot be cured. To delete such compressed files, click the Delete archives link in the dangerous object detection notification.
Page 134 Kaspersky Anti-Virus 7.0 the application databases, the date the object was last scanned, and modifi- cations to scan settings. Figure 47. Advanced scan settings For example, you have an archived file that the program scanned and as- signed the status of not infected. The next time, the program will skip this archive, unless it has been modified or the scan settings have been changed.
Page 135: Scanning For Rootkits
Scanning computers for viruses dow (see para. 15.3.2 on pg. 166). If this box is unchecked, dangerous ob- ject data will not be recorded in the report; therefore, these objects will be impossible to process. Concede resources to other applications – pause that virus scan task if the processor is busy with other applications.
Page 136: Using Heuristic Methods
Kaspersky Anti-Virus 7.0 Figure 48. Configuring rootkit scans and heuristic methods 11.4.5. Using heuristic methods Heuristic methods are utilized by several real-time protection components and virus scan tasks (see 7.2.4 at p. 82 for more detail). The Heuristic Analyzer tab (see Figure 48) may be used to disable / enable virus scan heuristic analysis for unknown threats.
Page 137: Restoring Default Scan Settings
Scanning computers for viruses 11.4.6. Restoring default scan settings When configuring scan task settings, you can always return to the recommended settings. Kaspersky Lab considers them to be optimal and has combined them in the Recommended security level. To restore the default virus scan settings: Open the application settings window and select a task under Scan.
Page 138 Kaspersky Anti-Virus 7.0 If the action selected was When it detects a malicious or potential- ly infected object Prompt for action when the The program does not process the objects scan is complete until the end of the scan. When the scan is...
Page 139: Setting Up Global Scan Settings For All Tasks
Scanning computers for viruses When disinfecting or deleting an object, Kaspersky Anti-Virus creates a backup copy of it, and sends it to Backup (see 15.2 on pg. 161) in case the object needs to be restored or an opportunity arises later to treat it. 11.4.8.
Page 140: Chapter 12. Testing Kaspersky Anti-Virus Features
CHAPTER 12. TESTING KASPERSKY ANTI-VIRUS FEATURES After installing and configuring Kaspersky Anti-Virus, we recommend that you verify that settings and program operation are correct using a test virus and vari- ations of it. 12.1. The EICAR test virus and its variations The test virus was specially developed by (The European Institute for...
Page 141 Testing Kaspersky Anti-Virus features Prefix Test virus status Corresponding action when the application processes the ob- ject CORR– Corrupted. The application could access the object but could not scan it, since the object is corrupted (for exam- ple, the file structure is breached, or it is an invalid file format).
Page 142: Testing File Anti-Virus
Kaspersky Anti-Virus 7.0 the status and reaction of Kaspersky Anti-Virus to various types of test virus. The third column contains information on objects with the same status that the appli- cation has processed. Values in the anti-virus scan settings determine the action taken on each of the objects.
Page 143: Testing Virus Scan Tasks
Testing Kaspersky Anti-Virus features When you select different options for dealing with detected objects, you can test File Anti-Virus's reaction to detecting various object types. You can view details on File Anti-Virus performance in the report on the compo- nent. 12.3.
Page 144 Kaspersky Anti-Virus 7.0 Figure 51. Dangerous object detected This way, by selecting different options for actions, you can test Kaspersky Anti- Virus reactions to detecting various object types. You can view details on virus scan task performance in the report on the compo-...
Page 145: Chapter 13. Program Updates
CHAPTER 13. PROGRAM UPDATES Keeping your anti-virus software up-to-date is an investment in your computer‟s security. Because new viruses, Trojans, and malicious software emerge daily, it is important to regularly update the application to keep your information constant- ly protected. Updating the application involves the following components being downloaded and installed on your computer: Anti-virus databases and network drivers...
Page 146: Starting The Updater
Kaspersky Anti-Virus 7.0 If you do not have access to Kaspersky Lab‟s update servers (for example, your computer is not connected to the Internet), you can call the Kaspersky Lab main office at +7 (495) 797-87-00, +7 (495) 645-79-39, +7 (495) 956-00-00 to request contact information for Kaspersky Lab partners, who can provide you with zipped updates on floppy disks or CD/DVDs.
Page 147: Rolling Back To The Previous Update
Program updates To start the Updater from the shortcut menu: Right click the application icon in the taskbar notification area to open the shortcut menu. Select Update. To start the Updater from the main program window: Open application main window and select the Update component. Click Update databases link.
Page 148: Selecting An Update Source
Kaspersky Anti-Virus 7.0 Which user will the update run as (see 6.6 on pg. 60) Whether downloaded updates are to be copied to a local directory (see 13.3.3 on pg. 152) What actions are to be performed after updating is complete (see 13.3.3 on pg.
Page 149 Program updates Figure 52. Selecting an update source To download updates from another FTP or HTTP site: Click Add. In the Select Update Source dialog box, select the target FTP or HTTP site or specify the IP address, character name, or URL address of this site in the Source field.
Page 150: Selecting An Update Method And What To Update
Kaspersky Anti-Virus 7.0 Kaspersky Anti-Virus adds new update sources at the top of the list, and auto- matically enables the source, by checking the box beside the source name. If several resources are selected as update sources, the application tries to con- nect to them one after another, starting from the top of the list, and retrieves the updates from the first available source.
Page 151 Program updates If you want to download and install updates for program modules: open application settings window, select Update, and check Update ap- plication modules. If there is an application module update on the update source, the applica- tion will download the required updates and apply them after the system is restarted.
Page 152: Update Distribution
Kaspersky Anti-Virus 7.0 13.3.3. Update distribution If your home computers are connected through a home network, you do not need to download and installed updates on each of them separately, since this would consume more network bandwidth. You can use the update distribution feature,...
Page 153: Actions After Updating The Program
Program updates Figure 55. Copy updates tool settings Note that Kaspersky Anti-Virus 7.0 only retrieves update packages for v. 7.0 ap- plications from the Kaspersky Lab update servers. If you want other computers on the network to update from the folder that con- tains updates copied from the Internet, you must take the following steps: Grant public access to this folder.
Page 154 Kaspersky Anti-Virus 7.0 Why these objects should be scanned? The quarantine area contains objects that have been flagged by the program as suspicious or possibly infected (see 15.1 on pg. 158). Using the latest version of the databases, Kaspersky Anti-Virus may be able to identify the threat and elimi- nate it.
Page 155: Chapter 14. Managing Keys
CHAPTER 14. MANAGING KEYS Kaspersky Anti-Virus needs a key file to operate. You are provided with a key when you buy the program. It gives you the right to use the program from the day you install the key. Without a key, unless a trial version of the application has been activated, Kas- persky Anti-Virus will run in one update mode.
Page 156 Kaspersky Anti-Virus 7.0 Figure 56. Key Management Kaspersky Lab regularly has special pricing offers on license extensions for our products. Check for specials on the Kaspersky Lab website in the Prod- ucts  Sales and special offers area.
Page 157: Chapter 15. Advanced Options
CHAPTER 15. ADVANCED OPTIONS Kaspersky Anti-Virus has other features that expand its functionality. The program places some objects in special storage areas, in order to ensure maximum protection of data with minimum losses. Backup contains copies of objects that Kaspersky Anti-Virus has changed or deleted (see 15.2 on pg.
Page 158: Quarantine For Potentially Infected Objects
Kaspersky Anti-Virus 7.0 The program also provides detailed reports (see 15.3 on pg. 163) on the opera- tion of all protection components, virus scan tasks, and updates. Monitored ports can regulate which Kaspersky Anti-Virus modules control data transferred on select ports (see 15.4 on pg. 171). Configuration of proxy server settings (see 15.7 on pg.
Page 159: Actions With Quarantined Objects
Advanced options A potentially infected object can be detected and placed in quarantine by File Anti-Virus, Mail Anti-Virus, Proactive Defense or in the course of a virus scan. You can place an object in quarantine by clicking Quarantine in the notification that pops up when a potentially infected object is detected.
Page 160: Setting Up Quarantine
Kaspersky Anti-Virus 7.0 bases, and email format files placed in Quarantine, you must also select the directory to restore them to. Figure 57. List of quarantined objects Tip: We recommend that you only restore objects with the status false posi- tive, OK, and disinfected, since restoring other objects could lead to in- fecting your computer.
Page 161: Backup Copies Of Dangerous Objects
Advanced options Set up automatic scans for objects in Quarantine after each application database update (for more details, see 13.3.3 on pg. 152). Warning! The program will not be able to scan quarantined objects immediately after updating the databases if you are accessing the Quarantine area. Set the maximum Quarantine storage time.
Page 162: Actions With Backup Copies
Kaspersky Anti-Virus 7.0 15.2.1. Actions with backup copies The total number of backup copies of objects placed in the repository is dis- played in the Reports and data files section of the main window. In the right- hand part of the screen there is a special Backup section that displays: the number of backup copies of objects created by Kaspersky Anti-Virus the current size of Backup.
Page 163: Configuring Backup Settings
Advanced options You can restore selected copies using the Restore button. The object is restored from Backup with the same name that it had prior to disinfection. If there is an object in the original location with that name (this is possible if a copy was made of the object being restored prior to disinfection), a warning will be given.
Page 164 Kaspersky Anti-Virus 7.0 The Reports tab (see Figure 60) lists the latest reports on all components and virus scan and update tasks run during the current session of Kaspersky Anti- Virus. The status is listed beside each component or task, for example, running, paused, or complete.
Page 165 Advanced options The Settings tab displays settings used by protection components, vi- rus scans, or application database updates. The Registry tabs are only in the Proactive Defense report and contain information about all attempts to modify the operating system registry. You can export the entire report as a text file.
Page 166: Configuring Report Settings
Kaspersky Anti-Virus 7.0 process all the objects on the list). After each object is processed, a message will appear on screen. Here you will have to decide what to do with them next. If you check Apply to all in the notification window, the action selected will be applied to all objects with the status selected from the list before beginning processing.
Page 167: The Events Tab
Advanced options If you want the list to contain both dangerous objects and successfully neutra- lized objects, check Show neutralized objects. Figure 62. List of detected dangerous objects Dangerous objects detected by Kaspersky Anti-Virus are processed using the Disinfect button (for one object or a group of selected objects) or Disinfect all (to process all the objects on the list).
Page 168: The Statistics Tab
Kaspersky Anti-Virus 7.0 Important events are events that must be investigated, since they reflect important situations in the operation of the program. For example, stopped. Informative messages are reference-type messages which generally do not contain important information. For example, OK, not processed.
Page 169: The Settings Tab
Advanced options How many objects were scanned for dangerous traits in this session of a component, or after a task is completed. The number of scanned arc- hives, compressed files, and password protected and corrupted objects is displayed. How many dangerous objects were detected, not disinfected, deleted, or placed in Quarantine.
Page 170: The Registry Tab
Kaspersky Anti-Virus 7.0 Figure 65. Component settings Set the computer‟s mode of operation for after a virus scan is complete. You can configure the computer to shut down, restart, or go into stand- by or sleep mode. To select an option, left-click on the hyperlink until it displays the option you need.
Page 171: Rescue Disk
Advanced options Figure 66. Read and modify system registry events The tab lists the full name of the key, its value, the data type, and information about the operation that has taken place: what action was attempted, at what time, and whether it was allowed. 15.4.
Page 172: Creating A Rescue Disk
Kaspersky Anti-Virus 7.0 You can only create a rescue disk under Microsoft Windows XP or Microsoft Windows Vista. The rescue disk feature is not available under other supported operating systems, including Microsoft Windows XP Professional x64 Edition and Microsoft Windows Vista x64.
Page 173: Using The Rescue Disk
Advanced options Step 2. Creating an .iso file After PE Builder has completed creating the rescue disk files, a Create .iso file window will open. The .iso file is a CD image of the disk, saved as an archive. The majority of CD burning programs correctly recognize .iso files (Nero, for example).
Page 174: Creating A Monitored Port List
Kaspersky Anti-Virus 7.0 Bart PE has built-in network support for using your LAN. When the pro- gram starts, it will ask you if you want to enable it. You should enable network support if you plan to update application databases from the LAN before scanning your computer.
Page 175 Advanced options To edit the monitored port list, take the following steps: Open the application settings window and select Traffic Monitoring. Click Port Settings. Update the list of monitored ports in the Port Settings dialog (see Figure 67). Figure 67. List of monitored ports This window provides a list of ports monitored by Kaspersky Anti-Virus.
Page 176: Scanning Secure Connections
Kaspersky Anti-Virus 7.0 When any of its components starts, Kaspersky Anti-Virus opens port 1110 as a listening port for all incoming connections. If that port is busy at the time, it se- lects 1111, 1112, etc. as a listening port.
Page 177 Advanced options Figure 68. Notification on SSL connection detection To scan encrypted connections, Kaspersky Anti-Virus replaces the security certif- icate requested with a self-signed one. In some cases, programs that are estab- lishing connections will not accept this certificate, resulting in no connection be- ing established.
Page 178: Configuring Proxy-Server
Kaspersky Anti-Virus 7.0 Do not check encrypted connections – do not scan traffic incoming on SSL protocol for viruses. Figure 69. Configuring Secure Connection Scans 15.7. Configuring Proxy-Server Connection to a proxy server may be configured using the Proxy Server section (see Figure 70) of the application settings window (if connection to the Internet is through a proxy).
Page 179 Advanced options Figure 70. Configuring Proxy-Server Specify whether the proxy server uses authentication. Authentication is a procedure to verify user account information for the purposes of access control. If authentication is required to connect to the proxy server, check Use authentication and enter user name and password in the appro- priate fields.
Page 180: Configuring The Kaspersky Anti-Virus Interface
Kaspersky Anti-Virus 7.0 By default, the update server connection timeout is 1 minute. If connection fails, an attempt will be made to connect to the next update server once this timeout expires. This enumeration continues until a connection is successfully estab- lished or until all available update servers are enumerated.
Page 181 Advanced options In the right-hand part of the settings window, you can configure: User defined graphical components and color scheme in the application interface. By the default the graphical user interface uses system colors and styles. These can be replaced by unchecking Use System colors and styles.
Page 182: Using Advanced Options
Kaspersky Anti-Virus 7.0 protected from all threat types. If you do not want to use the protection indicator, uncheck Show icon above Microsoft Windows login window. Note that modifications of Kaspersky Anti-Virus interface settings are not saved when default settings are restored or if the application is uninstalled.
Page 183: Kaspersky Anti-Virus Event Notifications
Advanced options Figure 72. Configuring Advanced Options 15.9.1. Kaspersky Anti-Virus event notifications Different kinds of events occur in Kaspersky Anti-Virus. They can be of an infor- mative nature or contain important information. For example, an event can inform you that the program has updated successfully, or can record an error in a com- ponent that must be immediately eliminated.
Page 184: Types Of Events And Notification Delivery Methods
Kaspersky Anti-Virus 7.0 Define the event types from Kaspersky Anti-Virus for which you want notifications, and the notification delivery method (see 15.9.1.1 on pg. 184). Configure email notification delivery settings, if that is the notification method that is being used (see 15.9.1.2 on pg. 185).
Page 185: Configuring Email Notification
Advanced options Email notification To use this type of notice, check the E-Mail column across from the event about which you want to be informed, and configure settings for sending notices (see 15.9.1.2 on pg. 185). Logging events To record information in the log about events that occur, check in the Log column and configure event log settings (see 15.9.1.3 on pg.
Page 186: Configuring Event Log Settings
Kaspersky Anti-Virus 7.0 Use the Events notification settings window (see Figure 73) to check events that should trigger email notification in the E-mail column. In the window (see Figure 74) that opens when you click Email set- tings, configure the following settings for sending e-mail notifications: Assign the sending notification setting for From: Email address.
Page 187: Self-Defense And Access Restriction
Advanced options Click Advanced under Events notification. Use the Events Notification settings window to select the option of logging information for an event and click the Log Settings button. Kaspersky Anti-Virus has the option of recording information about events that arise while the program is running, either in the Microsoft Windows general event log (Application) or in a dedicated Kaspersky Anti-Virus (Kaspersky Event Log).
Page 188 Kaspersky Anti-Virus 7.0 trusted applications list, and the setting Do not monitor application activity should be enabled (see 6.9.2 on pg. 70). If any of the actions listed are attempted, a message will appear over the application icon in the taskbar notification area (unless the notification service has been disabled by user).
Page 189: Importing And Exporting Kaspersky Anti-Virus Settings
Advanced options 15.9.3. Importing and exporting Kaspersky Anti-Virus settings Kaspersky Anti-Virus allows you to import and export application settings. This feature is useful when, for example, the program is installed both on your home computer and in your office. You can configure the program the way you want it at home, save those settings on a disk, and using the import feature, load them on your computer at work.
Page 190: Technical Support
Kaspersky Anti-Virus 7.0 Examples of special settings would be trusted address lists used by Web Anti- Virus; exclusion rules created for program components, and application rules for Proactive Defense. These lists are populated gradually by using the program, based on individual tasks and security requirements.
Page 191 Advanced options User registration is performed using the Activation Wizard (see 3.2.2 on pg. 32), if the application is being activated using an activation code. A client ID will be assigned at the end of the registration process which may be viewed under Sup- port (see Figure 76) of the main window.
Page 192: Closing Application
Kaspersky Anti-Virus 7.0 Figure 76. Technical Support Information For urgent assistance, use the contact numbers provided in the Help System (see B.2 on pg. 228). Telephone support is provided 24/7 in Russian, English, French, German, and Spanish. Use the Online Course link to obtain further information on training events for Kaspersky Lab products.
Page 193 If the application is shut down, protection may be re-enabled by restarting Kas- persky Anti-Virus by selecting Start Programs Kaspersky Anti-Virus 7.0 Kaspersky Anti-Virus 7.0. Protection will also restart automatically following an operating system reboot.. To enable this mode, select Service (see Figure 72) in the application settings window and check Launch application at startup under Autoload.
Page 194: Chapter 16. Working With The Program From The Command Line
CHAPTER 16. WORKING WITH THE PROGRAM FROM THE COMMAND LINE You can use Kaspersky Anti-Virus from the command line. You can execute the following operations: Starting, stopping, pausing and resuming the activity of application components Starting, stopping, pausing and resuming virus scans Obtaining information on the current status of components, tasks and statistics on them Scanning selected objects...
Page 195: Activating The Application
Working with the program from the command line RESUME Resumes a component or a task STOP Stops a component or a task (command can only be ex- ecuted if the password assigned through the program interface is entered) STATUS Displays the current component or task status on screen STATISTICS Displays statistics for the component or task on screen HELP...
Page 196: Managing Program Components And Tasks
Kaspersky Anti-Virus 7.0 ADDKEY <file_name> /password=<your_password> Parameter description: <activation_code> Program activation code provided when you pur- chased it. <file_name> Name of the key file with the extension .key. Password for accessing Kaspersky Anti-Virus as- <your_password> signed in the application interface.
Page 197 Working with the program from the command line or task. STATUS - display the current status of the real-time protection component or task. STATISTICS – outputs statistics to the screen on real- time protection component or task operation. Note that you cannot execute the commands PAUSE and STOP without entering the password.
Page 198 Kaspersky Anti-Virus 7.0 avp.com START <profile>, with the value for the specific protection component entered for <pro- file>. For example, avp.com START FM. File Anti-Virus Mail Anti-Virus Web Anti-Virus Values for Web Anti-Virus subcomponents: httpscan – scans http traffic sc – scans scripts...
Page 199: Anti-Virus Scans
Working with the program from the command line To view the current status of Proactive Defense on your computer, type the fol- lowing text at the command prompt: avp.com STATUS BM To stop a My Computer scan task from the command prompt, enter: avp.com STOP SCAN_MY_COMPUTER /password=<your_password>...
Page 200 Kaspersky Anti-Virus 7.0 /REMDRIVES All removable media drives /FIXDRIVES All internal drives /NETDRIVES All network drives /QUARANTINE Quarantined objects /ALL Complete scan /@:<filelist.lst> Path to a file containing a list of objects and folders to be included in the scan. The file should be in a text format and each scan object must start a new line.
Page 201 Working with the program from the command line <file types> - this parameter defines the file types that will be subject to the anti- virus scan. If this parameter is not defined, the default value is /fi. Scan only potentially infected files by extension Scan only potentially infected files by contents (de- fault) Scan all files...
Page 202 Kaspersky Anti-Virus 7.0 <report settings> - this parameter determines the format of the report on scan results. You can use an absolute or relative path to the file. If the parameter is not de- fined, the scan results are displayed on screen, and all events are displayed.
Page 203: Program Updates
Working with the program from the command line 16.4. Program updates The syntax for updating Kaspersky Anti-Virus databases and modules from the command prompt is as follows: avp.com UPDATE [<update_source>] [/R[A]:<report_file>] [/C:<file_name>] [/APP=<on|off>] Parameter description: [<update_source>] HTTP or FTP server or network folder for download- ing updates.
Page 204: Rollback Settings
Kaspersky Anti-Virus 7.0 Update the Kaspersky Anti-Virus program modules by using the settings in the configuration file updateapp.ini: avp.com UPDATE /APP=on/C:updateapp.ini Sample configuration file: "ftp://my_server/kav updates" /RA:avbases_upd.txt /app=on 16.5. Rollback settings Command syntax: ROLLBACK [/R[A]:<report_file>] [/password=<password>] /R:<report_file> - /R[A]:<report_file> record only important events in the report.
Page 205: Importing Settings
Working with the program from the command line <file_name> Path to the file to which the Kaspersky Anti-Virus settings are exported. You can use an absolute or relative path. The configuration file is saved in binary format (.dat), and it can be used later to import application settings on other computers.
Page 206: Stopping The Program
Kaspersky Anti-Virus 7.0 16.9. Stopping the program Command syntax: EXIT /password=<your_password> <your_password> Kaspersky Anti-Virus password assigned in the pro- gram interface. Note that you cannot execute this command without entering the password. 16.10. Creating a trace file You might need to create a trace file if you have problems with the program to troubleshoot them more exactly with the specialists at Technical Support.
Page 207: Viewing Help
Working with the program from the command line To create a trace file to send to Technical Support with a maximum trace level of 500: avp.com TRACE file on 500 16.11. Viewing Help This command is available for viewing Help on command prompt syntax: avp.com [ /? | HELP ] To get help on the syntax of a specific command, you can use one of the follow- ing commands:...
Page 208: Chapter 17. Modifying, Repairing, And Removing The Program
Select Start Programs Kaspersky Anti-Virus 7.0 Modify, Repair, or Remove. An installation wizard then will open for the program. Let‟s take a closer took at the steps of repairing, modifying, or deleting the program.
Page 209 Modifying, repairing, and removing the program remove the entire program. To execute the operation you need, click the appro- priate button. The program‟s response depends on the operation you select. Modifying the program is like custom program installation where you can specify which components you want to install, and which you want to delete.
Page 210: Uninstalling The Program From The Command Line
Kaspersky Anti-Virus 7.0 Step 2. Completing program modification, repair, or remov- The modification, repair, or removal process will be displayed on screen, after which you will be informed of its completion. Removing the program generally requires you to restart your computer, since this is necessary to account for modifications to your system.
Page 211: Chapter 18. Frequently Asked Questions
Kaspersky Anti-Virus; here we shall try to answer them here in detail. Question: Is it possible to use Kaspersky Anti-Virus 7.0 with anti-virus products of other vendors? No. We recommend uninstalling anti-virus products of other vendors prior to installation of Kaspersky Anti-Virus to avoid software conflicts.
Page 212 Kaspersky Anti-Virus 7.0 Open Kaspersky Anti-Virus. Open the application settings window and select Service. Uncheck Launch application at startup and click OK. Reboot the operating system in regular mode. Send a request to Kaspersky Lab Technical Support. Open the application main window, select Support, and click Send Request.
Page 213: Appendix A. Reference Information
APPENDIX A. REFERENCE INFORMATION This appendix contains reference materials on the file formats and extension masks used in Kaspersky Anti-Virus settings. A.1. List of files scanned by extension If the Scan Programs and Documents (By Extension) is selected as the File Antivirus scan option or virus scan task, files with the extensions listed below will be analyzed closely for viruses.
Page 214 Kaspersky Anti-Virus 7.0 cla – Java class vbs – Visual Basic script vbe – BIOS video extension js, jse – JavaScript source text htm – hypertext document htt – Microsoft Windows hypertext header hta – hypertext program for Microsoft Internet Explorer asp –...
Page 215: Valid File Exclusion Masks
Appendix A emf – Enhanced Metafile format Next generation of Microsoft Windows OS metafiles. EMF files are not supported by 16-bit Microsoft Windows ico – icon file ov? – Microsoft DOC executable files xl* - Microsoft Office Excel documents and files, such as: xla – Microsoft Of- fice Excel add-on, xlc –...
Page 216: Valid Exclusion Masks By Virus Encyclopedia Classification
Kaspersky Anti-Virus 7.0 C:\dir\*.* or C:\dir\* or C:\dir\ – all files in folder C:\dir\ C:\dir\*.exe – all files with extension .exe in folder C:\dir\ C:\dir\*.ex? – all files with extension .ex? in folder C:\dir\, where ? can represent any one character C:\dir\test –...
Page 217 Appendix A threat name by mask. For example: not-a-virus* – excludes potential dangerous programs from the scan, as well as joke programs. *Riskware.* – excludes riskware from the scan. *RemoteAdmin.* – excludes all remote administration programs from the scan.
Page 218: Appendix B. Kaspersky Lab
APPENDIX B. KASPERSKY LAB Founded in 1997, Kaspersky Lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious programs, unsolicited and unwanted email messages, and hacker attacks.
Page 219: Other Kaspersky Lab Products
Appendix B B.1. Other Kaspersky Lab Products Kaspersky Lab News Agent The News Agent is intended for timely delivery of news published by Kaspersky Lab, notifications about the current status of virus activity, and fresh news. The program reads the list of available news feeds and their content from the Kas- persky Lab news server at specified intervals.
Page 220 Kaspersky Anti-Virus 7.0 Select standard/extended databases for scanning Save a report on the scanning results in .txt or .html formats ® Kaspersky Internet Security 7.0 ® Kaspersky Internet Security 7.0 is an integrated solution for protection of per- sonal computers against the major information- threats (viruses, hackers, spam and spyware).
Page 221 Appendix B The program employs an all-inclusive approach to anti-spam filtering of incoming e-mail messages: Verification against black and white lists of recipients (including ad- dresses of phishing sites) Inspection of phrases in message body Analysis of message text using a learning algorithm Recognition of spam sent in image files Kaspersky Anti-Virus Mobile ®...
Page 222 Kaspersky Anti-Virus 7.0 Use of optimization technologies when scanning objects in the server file system; System rollback after virus attacks; Scalability of the software package within the scope of system re- sources available; Monitoring of the system load balance; Creating a list of trusted processes whose activity on the server is not subject to control by the software package;...
Page 223 Appendix B Proactive Defense from new malicious programs whose signatures are not yet added to the database; Personal Firewall with intrusion detection system and network at- tack warnings; Rollback for malicious system modifications; Protection from phishing attacks and junk mail; Dynamic resource redistribution during complete system scans;...
Page 224 Kaspersky Anti-Virus 7.0 iSwift technology to avoid rescanning files within the network; Distribution of load among server processors; Quarantining suspicious objects from workstations; Rollback for malicious system modifications; scalability of the software package within the scope of system re- sources available;...
Page 225 Appendix B Remote administration of the software package, including centra- lized installation, configuration, and administration; Support for Cisco ® NAC (Network Admission Control); Proactive Defense for workstations from new malicious programs whose signatures are not yet added to the database ; Personal Firewall with intrusion detection system and network at- tack warnings ;...
Page 226 Kaspersky Anti-Virus 7.0 Centralized reporting on protection status; Remote administration of the software package, including centra- lized installation, configuration, and administration; Support for Cisco® NAC (Network Admission Control); Support for hardware proxy servers; Filters Internet traffic using a trusted server list, object types, and user groups;...
Page 227 Appendix B Junk mail filtering; Scans incoming and outgoing e-mails and attachments; Scans all e-mails on Microsoft Exchange Server for viruses, including shared folders; Processes e-mails, databases, other objects Lotus Notes/Domino servers; Filters e-mails by attachment type; Quarantines suspicious objects; Easy-to-use administration system for the program;...
Page 228: Contact Us
Kaspersky Anti-Virus 7.0 Support for hardware proxy servers; Scalability of the software package within the scope of system re- sources available ; Automatic database updates. ® Kaspersky Anti-Spam ® Kaspersky Anti-Spam is a cutting-edge software suite designed to help organi- zations with small- and medium-sized networks wage war against the onslaught of unsolicited e-mail messages (spam).
Page 229 Appendix B General WWW: http://www.kaspersky.com information http://www.viruslist.com E-mail: info@kaspersky.com...
Page 230: Appendix C. License Agreement
APPENDIX C. LICENSE AGREEMENT Standard End User License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT (“AGREEMENT”), FOR THE LICENSE OF KASPERSKY ANTI- VIRUS (“SOFTWARE”) PRODUCED BY KASPERSKY LAB (“KASPERSKY LAB”). IF YOU HAVE PURCHASED THIS SOFTWARE VIA THE INTERNET BY CLICKING THE ACCEPT BUTTON, YOU (EITHER AN INDIVIDUAL OR A SINGLE ENTITY) CONSENT TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT.
Page 231 All references to “Software” herein shall be deemed to include the software acti- vation code with which you will be provided by Kaspersky Lab as part of the Kaspersky Anti-Virus 7.0. 1. License Grant. Subject to the payment of the applicable license fees, and sub-...
Page 232 Kaspersky Anti-Virus 7.0 1.1.7 You shall not provide the activation code or license key file to third parties or allow third parties access to the activation code or license key. The activation code and license key are confidential data. 1.1.8 Kaspersky Lab may ask User to install the latest version of the Software (the latest version and the latest maintenance pack).
Page 233 Appendix C Technical support via Internet and hot phone-line provided by Ven- dor and/or Reseller; Virus detection and disinfection updates in 24-hours period Support Services are provided only if and when you have the latest ver- sion of the Software (including maintenance packs) as available on the official Kaspersky Lab website (www.kaspersky.com) installed on your computer.
Page 234 Kaspersky Anti-Virus 7.0 be reasonably necessary to assist the Supplier in resolving the defective item. The warranty in (i) shall not apply if you (a) make or cause to be made any modifications to this Software without the consent of Kaspersky Lab, (b) use the Software in a manner for which it was not intended, or (c) use the Software other than as permitted under this Agreement.
Page 235 Appendix C (iii) Subject to paragraph (i), the liability of Kaspersky Lab (whether in con- tract, tort, restitution or otherwise) arising out of or in connection with the supply of the Software shall in no circumstances exceed a sum equal to the amount equally paid by you for the Software.

KAPERSKY ANTI-VIRUS 7.0 User Manual

Chapter 1. Threats to Computer Security

Chapter 2. Kaspersky Anti-Virus 7.0

Chapter 3. Installing Kaspersky Anti-Virus 7.0

Chapter 4. Program Interface

Chapter 5. Getting Started

Chapter 6. Protection Management System

Chapter 7. File Anti-Virus

Chapter 8. Mail Anti-Virus

Chapter 9. Web Anti-Virus

Chapter 10. Proactive Defense

Chapter 11. Scanning Computers for Viruses

Chapter 12. Testing Kaspersky Anti-Virus Features

Chapter 13. Program Updates

Chapter 14. Managing Keys

Chapter 15. Advanced Options

Chapter 16. Working with the Program from the Command Line

Chapter 17. Modifying, Repairing, and Removing the Program

Chapter 18. Frequently Asked Questions

Appendix A. Reference Information

Appendix B. Kaspersky Lab

Appendix C. License Agreement

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for KAPERSKY ANTI-VIRUS 7.0

Summary of Contents for KAPERSKY ANTI-VIRUS 7.0