Avira ANTIVIR PREMIUM User Manual

Download

Page 1

Avira AntiVir Premium

User Manual

Page 2

Trademarks and Copyright

Trademarks

AntiVir is a registered trademark of Avira GmbH. Windows is a registered trademark of the Microsoft Corporation in the United States and other countries. All other brand and product names are trademarks or registered trademarks of their respective owners. Protected trademarks are not marked as such in this manual. This does not mean, however that they may be used freely.

A code provided by a third party has been used for Avira AntiVir Premium. We thank the copyright owners for making the code available to us. For detailed information on copyright, please refer to in the help of Avira AntiVir Premium under the Third Party Licenses.

Page 3

Table of Contents

1 Introduction .......................................................................................................... 1

2 Icons and emphases ................................................................................................ 2

3 Product information............................................................................................... 3

3.1 Delivery scope ........................................................................................................................3

3.2 System requirements.............................................................................................................4

3.3 Licensing and Upgrade ..........................................................................................................5

4 Installation and uninstallation ............................................................................... 6

4.1 Installation.............................................................................................................................6

4.2 Modification installation ....................................................................................................11

4.3 Installation modules............................................................................................................11

4.4 Uninstallation......................................................................................................................12

5 Overview of AntiVir Premium............................................................................... 13

5.1 User interface and operation ..............................................................................................13

5.1.1 Control Center .......................................................................................................13

5.1.2 Configuration.........................................................................................................15

5.1.3 Tray icon.................................................................................................................18

5.2 How to...? .............................................................................................................................19

5.2.1 Activate product.....................................................................................................19

5.2.2 Avira AntiVir Premium automatic update............................................................20

5.2.3 Start a manual update............................................................................................21

5.2.4 On-demand scan: Using a scan profile to scan for viruses and malware ............22

5.2.5 On-demand scan: Scan for viruses and malware using Dragamp;Drop ..............23

5.2.6 On-demand scan: Scan for viruses and malware via the context menu..............24

5.2.7 On-demand scan: Automatically scan for viruses and malware ..........................24

5.2.8 On-demand scan: Targeted scan for active rootkits ............................................25

5.2.9 Reacting to detected viruses and malware............................................................26

5.2.10 Quarantine: Handling quarantined files (*.qua)...................................................29

5.2.11 Quarantine: Restore the files in quarantine.........................................................30

5.2.12 Quarantine: move suspicious files to quarantine.................................................32

5.2.13 Scan profile: Amend or delete file type in a scan profile......................................32

5.2.14 Scan profile: Create desktop shortcut for scan profile.........................................32

5.2.15 Events: Filter events ..............................................................................................33

5.2.16 MailGuard: Exclude email addresses from scan ...................................................33

6 Scanner::Overview ............................................................................................... 36

7 Updates................................................................................................................ 37

8 FAQ, Tips ............................................................................................................. 38

8.1 Troubleshooting ..................................................................................................................38

8.2 Shortcuts..............................................................................................................................41

8.2.1 In dialog boxes .......................................................................................................41

8.2.2 In the help ..............................................................................................................42

8.2.3 In the Control Center.............................................................................................42

8.3 Windows Security Center....................................................................................................43

8.3.1 General ...................................................................................................................44

8.3.2 The Windows Security Center and Avira AntiVir Premium.................................44

Page 4

Table of Contents

Viruses and more.................................................................................................. 47

9.1 Extended threat categories .................................................................................................47

9.2 Viruses and other malware .................................................................................................49

10 Info and Service ................................................................................................... 53

10.1 Contact address ...................................................................................................................53

10.2 Technical Support................................................................................................................53

10.3 Suspicious file ......................................................................................................................53

10.4 Reporting false positives .....................................................................................................54

10.5 Your feedback for more security .........................................................................................54

11 Reference: Configuration options ......................................................................... 55

11.1 Scanner.................................................................................................................................55

11.1.1 Scan.........................................................................................................................55

11.1.1.1. Action for concerning files .............................................................................57

11.1.1.2. Exceptions .......................................................................................................60

11.1.1.3. Heuristic ..........................................................................................................61

11.1.2 Report.....................................................................................................................62

11.2 Guard....................................................................................................................................62

11.2.1 Scan.........................................................................................................................62

11.2.1.1. Action for concerning files .............................................................................64

11.2.1.2. Further actions................................................................................................66

11.2.1.3. Exceptions .......................................................................................................67

11.2.1.4. Heuristic ..........................................................................................................69

11.2.2 ProActiv ..................................................................................................................70

11.2.2.1. Application filter: Applications to be blocked ...............................................71

11.2.2.2. Application filter: Permitted applications .....................................................72

11.2.3 Report.....................................................................................................................73

11.3 MailGuard ............................................................................................................................73

11.3.1 Scan.........................................................................................................................73

11.3.1.1. Action for concerning files .............................................................................74

11.3.1.2. Other Actions ..................................................................................................75

11.3.1.3. Heuristic ..........................................................................................................76

11.3.2 General ...................................................................................................................77

11.3.2.1. Exceptions .......................................................................................................77

11.3.2.2. Cache ...............................................................................................................78

11.3.2.3. Footer ..............................................................................................................78

11.3.3 Report.....................................................................................................................79

11.4 WebGuard ............................................................................................................................79

11.4.1 Scan.........................................................................................................................80

11.4.1.1. Action for concerning files .............................................................................80

11.4.1.2. Locked requests...............................................................................................81

11.4.1.3. Exceptions .......................................................................................................83

11.4.1.4. Heuristic ..........................................................................................................85

11.4.2 Report.....................................................................................................................86

11.5 Update..................................................................................................................................87

11.5.1 Product update.......................................................................................................87

11.5.2 Restart settings ......................................................................................................88

11.5.3 Web server..............................................................................................................89

11.5.3.1. Proxy................................................................................................................90

11.6 General .................................................................................................................................90

11.6.1 Extended threat categories....................................................................................90

11.6.2 Password.................................................................................................................91

iii

Page 5

Avira AntiVir Premium

11.6.3

11.6.4 WMI........................................................................................................................94

11.6.5 Directories..............................................................................................................94

11.6.6 Events .....................................................................................................................94

11.6.7 Limit reports ..........................................................................................................95

11.6.8 Acoustic alerts ........................................................................................................95

11.6.9 Warnings ................................................................................................................96

Security...................................................................................................................93

Page 6

1 Introduction

Avira AntiVir Premium from Avira GmbH protects you computer against viruses, malware, adware and spyware, unwanted programs and other dangers. This manual deals with viruses and software in brief.

The manual describes the program installation and operation.

Please go to our website http://www.avira.com where you can download the Avira AntiVir Premium manual in PDF from, update Avira AntiVir Premium or renew your license.

You can also find information on our website such as telephone numbers for technical support and information on how to subscribe to our newsletter.

Your Avira GmbH team

Page 7

2 Icons and emphases

The following icons are used:

Icon / Designation

Explanation

Placed before a condition which must be fulfilled prior to implementation.

Warning

Note

Placed before an action step that you implement.

Placed before an event that follows the previous action.

Placed before a warning of the danger of critical data loss.

Placed before a link to particularly important information or a tip which makes Avira AntiVir Premium easier to use.

The following emphases are used:

Emphasis Explanation

Cursive

File name or path data.

Displayed software interface elements (e.g. window heading, window field or options box).

Bold

Clicked software interface elements (e.g. menu item, section or button)

Page 8

3 Product information

This chapter contains all information relevant to the purchase and use ofAvira AntiVir Premium:

– see chapter: Delivery scope – see chapter: System requirements – see chapter: Licensing – see chapter: License Manager

Avira AntiVir Premium is a comprehensive and flexible tool you can rely on to protect your computer from viruses, malware, unwanted programs, and other dangers

 Please note the following information:

Note Loss of valuable data usually has dramatic consequences. Even the best virus protection program cannot provide one hundred percent protection from data loss. Make regular copies (Backups) of your data for security purposes.

Note A program can only provide reliable and effective protection from viruses, malware, unwanted programs and other dangers if it is up-to-date. Make sure Avira AntiVir Premium is up-to-date with automatic updates. Configure the program accordingly.

3.1 Delivery scope

Avira AntiVir Premium gives you the following functions:

– Control Center for monitoring, administering and controlling the entire program – Central configuration with user-friendly standard and advanced options and

context-sensitive help

– Scanner (On-Demand Scan) with profile-controlled and configurable scan for all

known types of virus and malware

– Integration into the Windows Vista User Account Control allows you to carry out

tasks requiring administrator rights

– Guard (On-Access Scan) for continuous monitoring of all file access attempts – ProActive component for the permanent monitoring of program actions (for 32-

bit system only, not available under Windows 2000)

– MailGuard (POP3 Scanner, IMAP Scanner and SMTP Scanner) for the permanent

checking of emails for viruses and malware. Checking of email attachments is included

– WebGuard for monitoring data and files transferred from the Internet using the

HTTP protocol (monitoring of ports 80, 8080, 3128)

– Integrated quarantine management to isolate and process suspicious files

Page 9

Avira AntiVir Premium

– Rootkit protection for detecting hidden malware installed in your computer

– Direct access to detailed information on the detected viruses and malware via the

– Simple and quick updates to the program, virus definitions, and search engine

– User-friendly licensing in License Manager – Integrated Scheduler for planning one-off or recurring jobs such as updates or

– Extremely high virus and malware detection via innovative scanning technology

– Detection of all conventional archive types including detection of nested archives

– High-performance multithreading function (simultaneous high-speed scanning

system (rootkits) (Not available under Windows XP 64 bit)

Internet

through Single File Update and incremental VDF updates via a web server on the Internet

scans

(scan engine) including heuristic scanning method

and smart extension detection

of multiple files)

3.2 System requirements

For Avira AntiVir Premium to work perfectly, the computer system must fulfill the following requirements:

– Computer as from Pentium, at least 266 MHz – Operating system – Windows 2000, SP4 and update rollup 1 or – Windows XP, SP2 (32 or 64 Bit) or – Windows Vista (32 or 64 Bit, SP 1 recommended) – Windows 7 (32 or 64 Bit) – At least 150 MB of free hard disk memory space (more if using Quarantine for

temporary storage)

– At least 256 MB RAM under Windows 2000/XP – At least 1024 MB RAM under Windows Vista, Windows 7 – For the installation of Avira AntiVir Premium: Administrator rights – For all installations: Windows Internet Explorer 6.0 or higher – Internet connection where appropriate (see Installation)

Information for Windows Vista users

On Windows 2000 and Windows XP, many users work with administrator rights. However, this is not desirable from the point of view of security, because it is then easy for viruses and unwanted programs to infiltrate computers.

Page 10

For this reason, Microsoft is introducing the "User Account Control" with Windows Vista. This offers more protection for users who are logged in as administrators: thus in Windows Vista, one administrator only has the privileges of a normal user at first. Actions for which administrator rights are required are clearly marked in Windows Vista with an information icon. In addition, the user must explicitly confirm the required action. Privileges are only increased and the administrative task carried out by the operating system after this permission has been obtained.

Avira AntiVir Premium requires administrator rights for some actions in Windows Vista. These actions are marked with the following symbol:

button, administrator rights are required to carry out this action. If your current user account does not have administrator rights, the Windows Vista dialog of the User Account Control asks you to enter the administrator password. If you do not have an administrator password, you cannot carry out this action.

3.3 Licensing and Upgrade

In order to be able to use Avira AntiVir Premium, you require a license. You thereby accept the license conditions of Avira AntiVir Premium.

Product information

. If this symbol also appears on a

The license is provided in the form of an activation key. The activation key is a letter and figure code which you will receive after purchasing Avira AntiVir Premium . The activation key contains the exact data of your license, i.e. which programs have been licensed for which period of time.

The activation key will be sent to you by email, if you have purchased AntiVir Premium on the Internet or it is rendered on the product packaging.

In order to license your program, please enter your activation key to activate Avira AntiVir Premium. The product activation may be carried out during installation. However, you can also activate Avira AntiVir Premium after the installation in License Manager, under Help::License management .

In License Manager, you have the option of launching an upgrade for a product from the AntiVir desktop product family. Manual uninstallation of the old product and manual installation of the new product is not required. When upgrading from License Manager, you enter the activation code for the product you want to upgrade in the License Manager input box. The new product is automatically installed.

The following product upgrades can be executed automatically via License Manager:

– Upgrade of Avira AntiVir Personal to Avira AntiVir Premium – Upgrade of Avira AntiVir Personal to Avira Premium Security Suite – Upgrade of Avira AntiVir Premium to Avira Premium Security Suite

Page 11

4 Installation and uninstallation

This chapter contains information relating to the installation and uninstallation of your Avira AntiVir Premium:

– see Chapter Installation: Conditions, Installation types, Install – see Chapter Installation modules – see Chapter Modification installation – see Chapter Uninstallation: Uninstall

4.1 Installation

Before installing Avira AntiVir Premium, check whether your computer fulfils all the minimum system requirements. If your computer satisfies all requirements, you can install Avira AntiVir Premium.

Note From Windows XP, Avira AntiVir Premium generates a restore point of your computer before installation of Avira AntiVir Premium. This enables you to safely remove Avira AntiVir Premium if installation fails. Note that for this the option Turn off System Restore under: "Start | Settings | Control Panel | System | Tab System Restore" must not be marked. If you want to recover your system earlier, you can do so with the function "Start | Programs | Accessories | System Tools | System Restore". The restore point generated by Avira AntiVir Premium is indicated by the entry AntiVir Premium.

Installation types

During installation you can select a setup type in the installation wizard:

Express

– Not all program components are installed. The following components are not

installed:

AntiVir ProActiv

AntiVir Firewall

– The program files are installed into a given standard folder under C:\Program

Files .

– AntiVir Premium is installed with default settings. You have the option of

defining custom settings using the configuration wizard.

User-defined

– You can choose to install individual program components (see Chapter

Installation and uninstallation::Installation modules).

– A target folder can be selected for the program files to be installed. – You can disable Create a desktop icon and program group in the Start menu.

Page 12

Installation and uninstallation

– Using the configuration wizard, you can define custom settings for AntiVir

Premium and initiate a short system scan which is carried out automatically after installation.

Before starting installation

 Close your email program. It is also recommended to end all running applications.  Make sure that no other virus protection solutions are installed. The automatic

protection functions of various security solutions may interfere with each other.

 Establish an Internet connection: The Internet connection is necessary for

performing the following installation steps:

 Downloading the current program file and search engine, and the latest virus

definition files via the installation program (for internet-based installation)

 Activating Avira AntiVir Premium  Where appropriate, carrying out a AntiVir Premium update after completed

installation

 Have the license key for AntiVir Premium ready, if you want to activate AntiVir

Premium.

Note Internet-based installation: Avira GmbH provides an installation program for the internet-based installation of Avira AntiVir Premium, which loads the current program file prior to installation by the Avira GmbH web servers. This process ensures that AntiVir Premium is installed with the latest virus definition file. Installation with an installation package: The installation package contains both the installation program and all necessary program files. No language selection for AntiVir Premium is available for installation with an installation package. We recommend that you carry out an update of the virus definition file after installation.

Note For product activation Avira AntiVir Premium uses the HTTP protocol and Port 80 (web communication), as well as encryption protocol SSL and port 443, to communicate with the servers of Avira GmbH. If you are using a firewall, please ensure that the required connections and/or incoming or outgoing data are not blocked by the firewall.

Install

The installation program runs in self-explanatory dialog mode. Every window contains a certain selection of buttons to control the installation process.

The most important buttons are assigned the following functions:

– OK: Confirm action. – Abort: Abort action. – Next: Go to next step. – Back: Go to previous step.

How to install AntiVir Premium:

 Start the installation program by double-clicking on the installation file you have

downloaded from the Internet or insert the program CD.

Page 13

Avira AntiVir Premium

Internet-based installation

The dialog box Welcome... appears.

 Click Next to continue with the installation.

The dialog box Language selection appears.

 Select the language you want to use to install AntiVir Premium and confirm your

language selection by clicking Next.

The dialog box Download appears. All files necessary for installation are downloaded by the Avira GmbH web servers. The Download window closes after conclusion of the download.

Installation with an installation package

The installation wizard opens with the dialog box Avira AntiVir Premium.

 Click Accept to begin the installation.

The installation file is extracted. The installation routine is started.

The dialog box Welcome... appears.

 Click Next.

Continuing internet-based installation and installation with an installation package

The dialog box with the license agreement appears.

 Confirm that you accept the license agreement and click Continue.

The dialog box Generate serial number appears.

 Where appropriate, confirm that a random serial number has been generated and

transmitted during update, and click Continue.

The dialog box Select installation type appears.

 Decide whether you want to perform an express installation or a user-defined

installation.

 Enable the option Express orUser-defined and confirm by clicking Continue.

User-defined installation

The dialog box Select destination directory appears.

 Confirm the specified destination directory by clicking Continue.

- OR -

Use the Browse button to select a different destination directory and confirm by clicking Next.

The dialog box Install components appears:

 Enable or disable the required components and confirm by clicking Continue.

In the following dialog box you can decide whether to create a desktop shortcut and/or a program group in the Start menu.

 Click Next.

Resume: Express installation und user-defined installation

The license wizard is opened.

You have the following options to activate AntiVir Premium.

– Enter an activation key.

Page 14

Installation and uninstallation

By entering your activation key Avira AntiVir Premium is activated with your license.

– Select the option Product testing

If you select Product testing, an evaluation license will be generated during the activation process, with which Avira AntiVir Premium is activated. You can test Avira AntiVir Premium with its complete range of functions for a certain period of time.

Note By using the option Valid hbedv.key license file available you can load a valid license file. During product activation with a valid activation key the license file is generated and saved in the program folder of Avira AntiVir Premium. Use this option, if you have already activated a product and want to re-install Avira AntiVir Premium.

Note In some sales versions of Avira AntiVir Premium an activation key has already been included in the product. For this reason the activation need not be entered. If and when necessary, the activation key is displayed in the license wizard.

Note In order to activate AntiVir Premium a connection to the server of Avira GmbH is established. Under Proxy settings you can configure the Internet link by a proxy server.

 Select an activation procedure and click Next to acknowledge.

Product activation

A dialog box will be opened, in which you can enter your personal data.

 Enter your data and click Next

Your data will be transmitted to the servers of Avira GmbH and will be checked. Avira AntiVir Premium will be activated with your license.

Your license data will be displayed in the next window.

 Click Next.  Skip the following chapter on "Activate by selecting the option Valid hbedv.key

available ".

Select the option "Valid hbedv.key available"

A box will be opened for loading the license file.

 Select the license file hbedv.key with your license data for AntiVir Premium and click

Open

Your license data will be displayed in the next window.

 Click Next

Continuation after completed activation or loading of the license file

The program features will be installed. Installation progress is displayed in the dialog box.

In the following dialog box you can choose whether to open the Readme file after installation is completed and whether to restart your computer.

 Agree where appropriate and complete the installation by clicking Finish.

Page 15

Avira AntiVir Premium

The installation wizard is closed.

Resume: User-defined installation Configuration wizard

If you choose user-defined installation, the following step opens the configuration wizard. The configuration wizard enables you to define custom settings for AntiVir Premium.

 Click Next in the welcome window of the configuration wizard to begin

configuration of AntiVir Premium.

The Configure AHeAD dialog box enables you to select a detection level for the AHeAD technology. The detection level selected is used for the Scanner (On-demand scan) and Guard (On-access scan) AHeAD technology settings.

 Select a detection level and continue the installation by clicking Next.

In the following dialog box Select extended threat categories, you can adapt the protective functions of AntiVir Premium to the threat categories specified.

 Where appropriate, activate further threat categories and continue the installation

by clicking Next.

If you have selected the AntiVir Guard installation module, theGuard start mode dialog box appears. You can stipulate the Guard start time. At each computer reboot, the Guard will be started in the start mode specified.

Note The specified Guard start mode is saved in the registry and cannot be changed via the Configuration.

 Enable the required option and continue the configuration by clicking Next.

In the following dialog box, System scan, a short system scan can be enabled or disabled. The short system scan is carried out after the configuration has been completed and before the computer is rebooted, and scans running programs and the most important system files for viruses and malware.

 Enable or disable the Short system scan option and continue the configuration by

clicking Next.

In the following dialog box, you can complete the configuration by clicking Finish

 Click Finish to complete the configuration.

The specified and selected settings are accepted.

If you have enabled the Short system scan option, the Luke Filewalker window opens. The Scanner performs a short system scan.

Resume: Express installation und user-defined installation

If you selected the Restart computer option in the final installation wizard, the computer reboots.

After the computer restart, the AntiVir Premium Readme file is displayed, if you selected the Show Readme.txt option in the installation wizard.

After a successful installation, we recommend that you check AntiVir Premium is up-todate in the Control Center under Overview :: Status.

 Where appropriate, update AntiVir Premium to ensure the virus definition file is up-

to-date.

 Then perform a full system scan.

Page 16

4.2 Modification installation

You have the option of adding or removing individual program components of the current Avira AntiVir Premium installation (see ChapterInstallation and uninstallation::Installation modules)

If you wish to add or remove modules of the actual Avira AntiVir Premium installation, you can use the option Add or Remove Programs in the Windows control panel to Change/Remove programs.

Select Avira AntiVir Premium and click Change. In the welcome dialog of Avira AntiVir Premium select the option Modify. You will be guided through the installation changes.

4.3 Installation modules

In a user-defined installation or a modification installation, the following installation modules can be selected, added or removed.

– AntiVir Premium

This module contains all components required for successful installation of Avira AntiVir Premium.

– AntiVir Guard

The AntiVir Guard runs in the background. It monitors and repairs, if possible, files during operations such as open, write and copy in on-access mode. Whenever a user carries out a file operation (e.g. load document, execute, copy), Avira AntiVir Premium automatically scans the file. Renaming a file does not trigger a scan by AntiVir Guard.

– AntiVir ProActiv

The ProActiv component monitors application actions and alerts users to application behavior typical of malware. This behavior-based recognition enables you to protect yourself against unknown malware. The ProActiv component is integrated into AntiVir Guard.

– AntiVir MailGuard

MailGuard is the interface between your computer and the email server from which your email program (email client) downloads emails. MailGuard is connected as a so-called proxy between the email program and the email server. All incoming emails are routed through this proxy, scanned for viruses and unwanted programs and forwarded to your email program. Depending on the configuration, the program processes the affected emails automatically or asks the user for a certain action.

Installation and uninstallation

Page 17

Avira AntiVir Premium

– AntiVir WebGuard

– AntiVir Rootkit Protection

– Shell Extension

When surfing the Internet, you are using your web browser to request data from a web server. The data transferred from the web server (HTML files, script and image files, Flash files, video and music streams, etc.) will normally be moved directly into the browser cache for display in the web browser, meaning that an on-access scan as performed by AntiVir Guard is not possible. This could allow viruses and unwanted programs to access your computer system. WebGuard is what is known as an HTTP proxy which monitors the ports used for data transfer (80, 8080, 3128) and scans the transferred data for viruses and unwanted programs. Depending on the configuration, the program may process the affected files automatically or prompt the user for a specific action.

AntiVir Rootkit Protection checks whether software is already installed on your computer that can no longer be detected with conventional methods of malware protection after penetrating the computer system.

The Avira AntiVir Premium Shell Extension generates an entry in the context menu of the Windows Explorer (right-hand mouse button). Scan selected files with AntiVir. With this entry you can directly scan files or directories.

4.4 Uninstallation

If you wish to remove Avira AntiVir Premium from your computer, you can use the option Add or Remove Programs to Change/Remove programs in the Windows Control Panel.

To uninstall Avira AntiVir Premium (e.g. in Windows XP and Windows Vista):

 Open the Control Panel via the Windows Start menu.  Double click on Programs (Windows XP: Software).  Select Avira AntiVir Premium and clickRemove.

You will be asked if you really want to remove the program.

 Click Yes to confirm.

All components of the program are removed.

 Click on Finish to complete uninstallation.

Where appropriate, a dialog box appears recommending that your computer be restarted.

 Click Yes to confirm.

Avira AntiVir Premium is uninstalled, and all directories, files and registry entries for Avira AntiVir Premium are deleted when your computer is restarted.

Page 18

5 Overview of AntiVir Premium

This chapter contains an overview of the functionality and operation of AntiVir Premium.

– see Chapter Interface and operation – see ChapterHow to...?

5.1 User interface and operation

Your operate AntiVir Premium via three program interface elements:

– Control Center: Monitoring and control of AntiVir Premium – Configuration: Configuration of AntiVir Premium – Tray Icon in the system tray of the taskbar: Open the Control Centre and other

functions

5.1.1 Control Center

The Control Center is designed to monitor the protection status of your computer systems and control and operate the protection components and functions of AntiVir Premium.

The Control Center window is divided into three areas: themenu bar, thenavigation bar and the detail windowview:

– Menu bar: In the Control Center menu bar, you can access general program

functions and information on AntiVir Premium.

Page 19

Avira AntiVir Premium

– Navigation area: In the navigation area, you can easily swap between the

– View: This window shows the section selected in the navigation area. Depending

Starting and closing of Control Center

To start the Control Center the following options are available:

– Double-click the program icon on your desktop – via the AntiVir Premium program entry in the start menu | program. – via the Avira AntiVir Premium tray icon.

Close the Control Center via the menu command Close in the menu File or by clicking on the close tab in the Control Center.

individual sections of the Control Center. The individual sections contain information and functions of the program components of AntiVir Premium and are arranged in the navigation bar according to activity. Example: Activity Overview - SectionStatus.

on the section, you will find buttons to execute functions and actions in the upper bar of the detail window. Data or data objects are displayed in lists in the individual sections. You can sort the lists by clicking in the box defining how you wish to sort the list.

Operate Control Center

To navigate in the Control Center

 Select an activity in the navigation bar.

The activity opens and other sections appear. The first section of the activity is selected and displayed in the view.

 If necessary, click another section to display this in the detail window.

- OR -

 Select a section via the menu View.

Note You can activate the keyboard navigation in the menu bar with the help of the [ALT] key. If navigation is activated, you can move within the menu with the arrow keys. With the Return key you activate the active menu item. To open or close menus in the Control Center, or to navigate within the menus, you can also use the following key combinations: [Alt] + underlined letter in the menu or menu command. Hold down the [Alt] key if you want to access a menu, a menu command or a submenu.

To process data or objects displayed in the detail window:

 highlight the data or object you wish to edit.

To highlight multiple elements (elements in columns), hold down the control key or the shift key while selecting the elements.

 Click the appropriate button in the upper bar of the detail window to edit the object

Control Center overview

– Overview: In Overview you will find all sections with which you can monitor

the functioning of Avira AntiVir Premium.

Page 20

Overview of AntiVir Premium

– The Status section lets you see at a glance which Avira AntiVir Premium modules

are active and provides information on the last update carried out. You can also see whether you own a valid license.

– The Events section enables you to view events generated by certain Avira AntiVir

Premium modules.

– Die Reports section enables you to view the results of actions executed by Avira

AntiVir Premium.

– Local protection: InLocal protection you will find the components for

checking the files on your computer system for viruses and malware.

– The Scan section enables you to easily configure and start an on-demand scan.

Predefined profiles enable you to run a scan with preset default options. In the same way it is possible to adapt the scan for viruses and unwanted programs to your personal requirements with the help of manual selection (not saved) or by creating user-defined profiles, .

– The Guard section displays information on scanned files, as well as other

statistical data, which can be reset at any time, and enables access to the report file. More detailed information on the last virus or unwanted program detected can be obtained practically "at the push of a button".

– Online protection: In Online protection you will find the components to

protect your computer system against viruses and malware from the Internet, and against unauthorized network access.

– The MailGuard section shows you all the emails scanned by MailGuard, their

properties and other statistical data.

– The WebGuard section shows you information on scanned URLs and detected

viruses, as well as other statistical data, which can be reset at any time and enables access to the report file. More detailed information on the last virus or unwanted program detected can be obtained practically "at the push of a button".

– Administration: In Administration you will find tools for isolating and

managing suspicious or infected files, and for planning recurring tasks.

– The Quarantine section contains the so-called Quarantine Manager. This is the

central point for files already placed in quarantine or for suspect files which you would like to place in quarantine. It is also possible to send a selected file to the Avira Malware Research Center by email.

– The Scheduler section enables you to configure scheduled scanning and update

jobs and to adapt or delete existing jobs.

5.1.2 Configuration

You can define AntiVir Premium settings in the Configuration. After installation, AntiVir Premium is configured with standard settings, ensuring optimal protection for your computer system. However, your computer system or your specific requirements for AntiVir Premium may mean you need to adapt the protective components of AntiVir Premium.

Page 21

Avira AntiVir Premium

The Configuration opens a dialog box: You can save your configuration settings via the OK or Accept buttons, delete you settings by clicking the Cancel button, or restore your default configuration settings using the Restore defaults button. You can select individual configuration sections in the left-hand navigation bar.

Accessing the AntiVir Premium Configuration

You have several options for accessing the configuration:

– via the Windows control panel. – via the Windows Security Center - from Windows XP Service Pack 2. – via the Avira AntiVir Premium tray icon. – in the Avira AntiVir Premium Control Center via the menu item Extras |

Configuration.

– in the Avira AntiVir Premium Control Center via the Configuration button.

Note If you are accessing configuration via the Configuration button in the Control Center, go to the Configuration register of the section which is active in the Control Center. Expert mode must be activated to select individual configuration registers. In this case, a dialog appears asking you to activate expert mode.

Configuration operation

Navigate in the configuration window as you would in Windows Explorer:

 Click on an entry in the tree structure to display this configuration section in the

detail window

 Click on the plus symbol in front of an entry to expand the configuration section and

display configuration subsections in the tree structure.

Page 22

Overview of AntiVir Premium

 To hide configuration subsections, click on the minus symbol in front of the

expanded configuration section.

Note To enable or disable Configuration options and use the buttons, you can also use the following key combinations: [Alt] + underlined letter in the option name or button description.

Note All configuration sections are only displayed in expert mode. Activate expert mode to view all configuration sections. Expert mode can be protected by a password which must be defined during activation.

If you want to confirm your Configuration settings:

 Click OK.

The configuration window is closed and the settings are accepted.

- OR -

 Click Accept.

The settings are accepted. The configuration window remains open.

If you want to finish configuration without confirming your settings:

 Click Cancel.

The configuration window is closed and the settings are discarded.

If you want to restore all configuration settings to default values:

 Click Restore defaults.

All settings of the configuration are restored to default values. All amendments and custom entries are lost when default settings are restored.

Overview of configuration options

The following configuration options are available:

– Scanner: Configuration of on-demand scan

Scan options

Action on detections

File scan options

On-demand scan exceptions

On-demand scan heuristics

Report function setting

– Guard: Configuration of on-access scan

Scan options

Action on detections

On-access scan exceptions

On-access scan heuristics

Report function setting

– MailGuard: Configuration of MailGuard

Page 23

Avira AntiVir Premium

Scan options: Enable the monitoring of POP3 accounts, IMAP accounts, outgoing emails (SMTP)

Actions on malware

MailGuard scan heuristics

MailGuard scan exceptions

Configuration of cache, empty cache

Configuration of a footer in sent emails

Report function setting

– WebGuard: Configuration of WebGuard

Scan options, enabling and disabling the WebGuard

Action on detections

Blocked access: Unwanted file types and MIME types, Web filter for known unwanted URLS (malware, phishing, etc.)

WebGuard scan exceptions: URLs, file types, MIME types

WebGuard heuristics

Report function setting

– General:

Configuration of email using SMTP

Extended risk categories for on-demand and on-access scan

Password protection for access to the Control Center and the Configuration

Security: Update status display, full system scan status display, product protection

WMI: Enable WMI support

Event log configuration

Configuration of report functions

Setting of directories used

Update: Configuration of connection to download server, set-up of product updates

Configuration of acoustic alerts when malware is detected

5.1.3 Tray icon

After installation, you will see the AntiVir Premium tray icon in the system tray of the taskbar:

Icon Description

The tray icon displays the status of the AntiVir Guard service.

AntiVir Guard is enabled

AntiVir Guard is disabled

Page 24

Central functions of Avira AntiVir Premium can be quickly accessed via the context menu of the tray icon. To open the context menu, click on the tray icon with the righthand mouse button.

Entries in the context menu

– Activate AntiVir Guard: Enables or disables Avira AntiVir Guard. – Start AntiVir: Opens the Avira AntiVir Premium Control Center. – Configure AntiVir: Opens the Configuration – Start update Starts an update. – Help: opens this online help. – Avira on the Internet: Opens the web portal of AntiVir Premium on the

internet. The condition for this is that you have an active connection to the Internet.

5.2 How to...?

Overview of AntiVir Premium

5.2.1 Activate product

To activate Avira AntiVir Premium, you have the following options:

– Activation with a valid full license

To activate Avira AntiVir Premium with a full license, you need a valid activation key, which holds data of the license you have purchased. You have received the activation key from us either by email or it has been printed on the product packaging.

– Activation with an evaluation license

Avira AntiVir Premium is activated with an automatically generated evaluation license, with which you can test the Avira AntiVir Premium with its complete range of function for a limited period of time.

Note For product activation or for a test license you need an active Internet link. If no connection can be established to the servers of Avira GmbH, please check the settings of the firewall used: Connections via the HTTP protocol and Port 80 (web communication), and via the encryption protocol SSL and port 443 are used for product activation. Make sure that your firewall does not block incoming and outgoing data. First of all check whether you can access web pages with your web browser.

This is the way to activate the AntiVir Premium:

If you have not installed Avira AntiVir Premium yet:

 Install Avira AntiVir Premium.

During the installation process you will be asked to select an activation option

– Activate product

= Activation with a valid full license

– Test product

= Activation with an evaluation license

Page 25

Avira AntiVir Premium

 Enter the activation key for an activation with a full license.  Acknowledge the selection of the activation procedure by clicking Next.  If and when necessary, enter your personal data for registration and acknowledge by

clicking Next.

Your license data will be displayed in the next window. Avira AntiVir Premium has been activated.

 Continue to install.

If you have installed Avira AntiVir Premium already:

 In the Avira AntiVir Premium Control Center, select the Help :: License

management menu item.

The license wizard opens, in which you can select an activation option. The next steps of product activation are identical with the procedure described above.

5.2.2 Avira AntiVir Premium automatic update

To create a job with the AntiVir Scheduler to update Avira AntiVir Premium automatically:

 In the Control Center, select the Management :: Scheduler section.

 Click on the

The dialog box Name and description of job appears.

 Give the job a name and, where appropriate, a description.  Click Next.

The dialog box Type of job is displayed.

 Select Update job from the list.  Click Next.

The dialog box Time of job appears.

 Select a time for the update:

– Immediately – Daily – Weekly – Interval – Single – Login

Create new job with the wizard icon.

Note We recommend that you update Avira AntiVir Premium regularly and often. The recommended update interval is: 2 hours.

 Where appropriate, specify a date according to the selection.  Where appropriate, select additional options (availability depends on type of job):

– Also start job when Internet connection is established

In addition to the defined frequency, the job is carried out when an Internet connection is set up.

Page 26

Overview of AntiVir Premium

– Repeat job if the time has already expired

Past jobs are carried out that could not be carried out at the required time, for example because the computer was switched off.

 Click Next.

The dialog box Select display mode appears.

 Select the display mode of the job window:

– Minimize: progress bar only – Maximize: Entire job window – Hide: No job window

 Click Finish.

Your newly created job appears on the home page of the Administration :: Scan section as activated (check mark).

 Where appropriate, deactivate jobs which are not to be carried out.

Use the following icons to further define your jobs:

View properties of a job

Modify job

Delete job

Start job

Stop job

5.2.3 Start a manual update

You have various options for starting an Avira AntiVir Premium update manually: When an update is started manually, the virus definition file and search engine are always updated. A product update can only take place if you have activated the option Download and automatically install product updates in the configuration under General :: Update

To start an Avira AntiVir Premium update manually:

 With the right-hand mouse button, click on the Avira AntiVir Premium tray icon in

the taskbar.

A context menu appears.

 Select Start update.

The Updater dialog box appears.

- OR -

 In the Control Center, select the section Overview :: Status.  In the Last update field, click on the Start update link.

The Updater dialog box appears.

- OR -

Page 27

Avira AntiVir Premium

 In the Control Center, in the Update menu, select the menu command Start update.

The Updater dialog box appears.

Note We strongly recommend regular automatic updates for Avira AntiVir Premium. The recommended update interval is: 2 hours.

Note You can also carry out a manual update directly via the Windows security centre.

5.2.4 On-demand scan: Using a scan profile to scan for viruses and

malware

A scan profile is a set of drives and directories to be scanned.

The following options are available for scanning via a scan profile:

– Use predefined scan profile

if the predefined scan profile corresponds to your requirements.

– Customize and apply scan profile (manual selection)

if you want to scan with a customized scan profile.

– Create and apply new scan profile

if you want to create your own scan profile.

Depending on the operating system, various icons are available for starting a scan profile:

– In Windows XP and 2000:

This icon starts the scan via a scan profile.

– In Windows Vista:

In Microsoft Windows Vista, the control center at the moment only has limited rights, e.g. for access to directories and files. Certain actions and file accesses can only be carried out in the control centre with extended administrator rights. These extended administrator rights must be granted at the start of each scan via a scan profile.

This icon starts a limited scan via a scan profile. Only directories and files that

Windows Vista has granted access rights to are scanned.

This icon starts the scan with extended administrator rights. After

confirmation, all directories and files in the selected scan profile are scanned.

To scan for viruses and malware with a scan profile:

 Go to Control Center and select the section Local protection :: Scan.

Predefined scan profiles appear.

 Select one of the predefined scan profiles.

-OR-

 Adapt the scan profile Manual selection.

Page 28

-OR-

 Create a new scan profile

Overview of AntiVir Premium

 Click on the icon (Windows XP:  The Luke Filewalker window appears and an on-demand scan is started.

When the scan is completed, the results are displayed.

If you want to adapt a scan profile:

 In the scan profile, expand Manual Selection the file tree so that all the drives and

directories you want to scan are open.

– Click on the + symbol: The next directory level is displayed. – Click on the - symbol: The next directory level is hidden.

 Highlight the nodes and directories you want to scan by clicking on the relevantbox

of the appropriate directory level.

The following options are available, Select directories:

– Directory, including sub-directories (black check mark) – Directory excluding sub-directories (green check mark) – Sub-directories of one directory only (grey check mark, sub-directories have black

check marks)

– No directory (no check mark)

If you want to create a new scan profile:

or Windows Vista: ).

 Click on the

The profile New profile appears below the profiles previously created.

 Where appropriate, rename the scan profile by clicking on the icon  Highlight the nodes and directories to be saved by clicking on the check box of the

respective directory level.

The following options are available, Select directories:

check marks)

– No directory (no check mark)

Create new profile icon.

5.2.5 On-demand scan: Scan for viruses and malware using

Dragamp;Drop

To scan for viruses and malware systematically using Drag&Drop:

The Avira AntiVir Premium Control Center has been opened.

 Highlight the file or directoryyou want to scan.  Use the left-hand mouse button to drag the highlighted file or directory into the

Control Center.

The Luke Filewalker window appears and an on-demand scan is started.

Page 29

Avira AntiVir Premium

When the scan is completed, the results are displayed.

5.2.6 On-demand scan: Scan for viruses and malware via the context

To scan for viruses and malware systematically via the context menu:

 Click with the right-hand mouse button (e.g. in Windows Explorer, on the desktop or

in an open Windows directory) on the file or directoryyou want to scan.

The Windows Explorer context menu appears.

 Select Scan selected files with AntiVir in the context menu.

The Luke Filewalker window appears and an on-demand scan is started.

When the scan is completed, the results are displayed.

5.2.7 On-demand scan: Automatically scan for viruses and malware

Note After installation, the scan job Full system scan is created in the Scheduler: A full system scan is automatically carried out at a recommended interval.

To create a job to automatically scan for viruses and malware:

 In the Control Center, select the Management :: Scheduler section.

 Click on the icon

The dialog box Name and description of job appears.

 Give the job a name and, where appropriate, a description.  Click Next.

The dialog box Type of job appears.

 Select Scan job.  Click Next.

The dialog box Select profile appears.

 Select the profile to be scanned.  Click Next.

The dialog box Time of job appears.

 Select a time for the scan:

– Immediately – Daily

– Weekly – Interval – Single – Login

 Where appropriate, specify a date according to the selection.  Where appropriate, select the following additional options (availability depends on

job type):

– Repeat job if the time has already expired

Page 30

Overview of AntiVir Premium

Past jobs are carried out that could not be carried out at the required time, for example because the computer was switched off.

 Click Next.

The dialog box Select display mode appears.

 Select the display mode of the job window:

– Minimize: progress bar only – Maximize: Entire job window – Hide: No job window

 Select the Shut down computer option if you want the computer to shut down

automatically when the scan is finished. This option is only available if the display mode is set to minimized or maximized.

 Click Finish.

Your newly created order appears as activated (check mark) on the homepage of the section Administration :: Scheduler.

 Where appropriate, deactivate jobs which are not to be carried out.

Use the following icons to further define your jobs:

View properties of a job

Modify job

Delete job

Start job

Stop job

5.2.8 On-demand scan: Targeted scan for active rootkits

To scan for active rootkits, use the predefined scan profile Scan for rootkits.

To scan for active rootkits systematically:

 Go to Control Center and select the section Local protection :: Scan.

Predefined scan profiles appear.

 Select the predefined scan profile Scan for active malware.  Where appropriate, highlight other nodes and directories to be scanned by clicking

on the check box of the directory level.

 Click on the icon (Windows XP:

The Luke Filewalker window appears and an on-demand scan is started.

When the scan is completed, the results are displayed.

or Windows Vista: ).

Page 31

Avira AntiVir Premium

5.2.9 Reacting to detected viruses and malware

For the individual protection components of AntiVir Premium, you can define how AntiVir Premium reacts to a detected virus or unwanted program in the Configuration under the section Action for concerning files.

No configurable action options are available for the ProActiv component of the Guard: Notification of a detection is always given in the Guard: Suspicious application behavior window.

Action options for the Scanner:

– Interactive

In interactive action mode, the results of the Scanner scan are displayed in a dialog box. This option is enabled as the default setting. In the case of Scanner scan, you will receive an alert with a list of the affected files when the scan is complete. You can use the content-sensitive menu to select an action to be executed for the various infected files. You can execute the standard actions for all infected files or cancel the Scanner.

– Automatic

In automatic action mode, when a virus or unwanted program is detected, the action you selected in this area is executed automatically.

Action options for the Guard:

– Interactive

In interactive action mode, data access is denied and a desktop notification is displayed. In the desktop notification you can remove the malware detected or transfer the malware to the Scanner component using the Details button for further virus management. The Scanner opens a window containing notification of the detection, which gives you various options for managing the affected file via a context menu (see Detection::Scanner):

– Automatic

In automatic action mode, when a virus or unwanted program is detected, the action you selected in this area is executed automatically.

Action options for MailGuard, WebGuard:

– Interactive

In interactive action mode, if a virus or unwanted program is detected, a dialog box appears in which you can select what to do with the infected object. This option is enabled as the default setting.

– Automatic

In automatic action mode, when a virus or unwanted program is detected, the action you selected in this area is executed automatically.

In interactive action mode, you can react to detected viruses and unwanted programs by selecting an action for the infected object, displayed in the alert, and executing the selected action by clicking Confirm.

The following actions for handling infected objects are available for selection:

Note Which actions are available for selection depends on the operating system, the protection components (AntiVir Guard, AntiVir Scanner, AntiVir MailGuard, AntiVir WebGuard) reporting the detection, and the type of malware detected.

Page 32

Overview of AntiVir Premium

Actions of the Scannerand the Guard (not ProActiv detections):

– Repair

The file is repaired

This option is only available if the infected file can be repaired.

– Move to quarantine

The file is packaged into a special format (*.qua) and moved to the Quarantine directory INFECTED on your hard disk, so that direct access is no longer possible. Files in this directory can be repaired in Quarantine at a later data or, if necessary, sent to Avira GmbH.

– Delete

The file will be deleted. This process is much quicker than overwrite and delete. If a boot sector virus is detected, this can be deleted by deleting the boot sector. A new boot sector is written.

– Overwrite and delete

The file is overwritten with a default template and then deleted. It cannot be restored.

– Rename

The file is renamed with a *.vir extension. Direct access to these files (e.g. with double-click) is therefore no longer possible. Files can be repaired and given their original name at a later time.

– Ignore

Avira AntiVir Premium takes no further action. The infected file remains active on your computer.

Warning This could result in loss of data and damage to the operating system! Only select the Ignore option in exceptional cases.

– Deny access

Action option for Guard detections: Access to the infected file is blocked. The detection is only entered in the report file if the report function is enabled).

– Copy to quarantine

Action option for a rootkit detection: The detection is copied in quarantine.

– Repair boot sector | Download repair tool

Action options when infected boot sectors are detected: AntiVir Premium contains a number of options for repairing infected diskette drives. If AntiVir Premium is unable to perform the repair, you can download a special tool for detecting and removing boot sector viruses.

Note If you carry out actions on running processes, the processes in question are terminated before the actions are carried out.

Actions of the Guard for detections made by the ProActiv component (notification of application actions typical of malware):

– Trusted program

Page 33

Avira AntiVir Premium

The application continues to run. The program is added to the list of permitted applications and is excluded from monitoring by the ProActiv component. When adding to the list of permitted applications, the monitoring type is set to Content. This means that the application is only excluded from monitoring by the ProActiv component if the content remains unchanged (see Configuration::Guard::ProActiv::Application filter: Permitted applications).

– Block program once

The application is blocked, i.e. the application is terminated. The actions of the application continue to be monitored by the ProActiv component.

– Always block this program

The application is blocked, i.e. the application is terminated. The program is added to list of blocked applications and can no longer be run (see Configuration::Guard::ProActiv::Application filter: Applications to be blocked).

– Ignore

The application continues to run. The actions of the application continue to be monitored by the ProActiv component.

MailGuard actions: Incoming emails

– Move to quarantine

The email including all attachments is moved to quarantine. The affected email is deleted. The body of the text and any attachments of the email are replaced by a default text.

– Delete

The affected email is deleted. The body of the text and any attachments of the email are replaced by a default text.

– Delete attachment

The infected attachment is replaced by a default text. If the body of the email is affected, it is deleted and also replaced by a default text. The email itself is delivered.

– Move attachment to quarantine

The infected attachment is placed in quarantine and then deleted (replaced by a default text). The body of the email is delivered. The affected attachment can be delivered later by the quarantine manager.

– Ignore

The affected email is delivered.

Warning This could allow viruses and unwanted programs to access your computer system. Only select the Ignoreoption in exceptional cases. Disable the preview in your mail client, never open any attachments with a double click!

MailGuard actions: Outgoing emails

– Move mail to quarantine (do not send)

The email, together with all attachments, is copied to Quarantine and is not sent. The email remains in the outbox of your email client. You receive an error message in your email program. All other emails sent from your email account will be scanned for malware.

– Block sending of mails (do not send)

Page 34

Overview of AntiVir Premium

The email is not sent and remains in the outbox of your email client. You receive an error message in your email program. All other emails sent from your email account will be scanned for malware.

– Ignore

The affected email is sent.

Warning Viruses and unwanted programs can penetrate the computer system of the email recipient in this way.

WebGuard actions:

– Deny access

– Move to quarantine

The website requested from the web server and/or any data or files transferred are moved to quarantine. The affected file can be recovered from quarantine manager if it has an informative value or - if necessary - sent to the Avira Malware Research Center.

– Ignore

The website requested from the web server and/or the data and files that were transferred are forwarded on by WebGuard to your web browser.

Warning This could allow viruses and unwanted programs to access your computer system. Only select the Ignore option in exceptional cases.

Note We recommend that you move any suspicious file that cannot be repaired to Quarantine.

Note You can also send files reported by the heuristic to us for analysis. For example, you can upload these files to our website:http://www.avira.com/sampleupload You can identify files reported by the heuristic from the designation HEUR/ or HEURISTIC/ that prefixes the file name, e.g.: HEUR/testfile.*.

5.2.10 Quarantine: Handling quarantined files (*.qua)

To handle quarantined files:

 In the Control Center, select the section Administration :: Quarantine.  Check which files are involved, so that, if necessary, you can reload the original back

onto your computer from another location.

If you want to see more information on a file:

 Highlight the file and click on

The dialog box Properties appears with more information on the file.

If you want to rescan a file:

Page 35

Avira AntiVir Premium

Scanning a file is recommended if the Avira AntiVir Premium virus definition file has been updated and a false positive report is suspected. This enables you to confirm a false positive with a rescan and restore the file.

 Highlight the file and click on

The file is scanned for viruses and malware using the on-demand scan settings.

After the scan, the dialog Scan statistics appears which displays statistics on the status of the file before and after the rescan.

To delete a file:

 Highlight the file and click on

If you want to upload the file to a Avira Malware Research Center web server for analysis:

 Highlight the file you want to upload.

 Click on

A dialog opens with a form for inputting your contact data.

 Enter all the required data.  Select a type: Suspicious file or False positive.  Click OK.

The file is uploaded to a Avira Malware Research Center web server in compressed form.

Note In the following cases, analysis by the Avira Malware Research Center is recommended: Heuristic hits (Suspicious file): During a scan, a file has been classified as suspicious by AntiVir Premium and moved to quarantine: Analysis of the file by the Avira Malware Research Center has been recommended in the virus detection dialog box or in the report file generated by the scan. Suspicious file: You consider a file to be suspicious and have therefore moved this file to quarantine, but a scan of the file for viruses and malware is negative. False positive: You assume that a virus detection is a false positive: AntiVir Premium reports a detection in a file, which is very unlikely to have been infected by malware.

Note The size of the files you upload is limited to 20 MB uncompressed or 8 MB compressed.

Note You can only upload one file at a time.

If you want to export the properties of a quarantined object in a text file:

 Highlight the quarantined object and click on

A text file opens containing the data from the selected quarantined object.

 Save the text file.

You can also restore the files in Quarantine:

– see Chapter: Quarantine: Restoring files in quarantine

5.2.11 Quarantine: Restore the files in quarantine

Different icons control the restore procedure, depending on the operating system:

Page 36

Overview of AntiVir Premium

– In Windows XP and 2000:

This icon restores the files to their original directory.

This icon restores the files to a directory of your choice.

– In Windows Vista:

This icon restores the files to a directory of your choice.

This icon restores the files to their original directory. If extended administrator

rights are necessary to access this directory, a corresponding request appears.

To restore files in quarantine:

Warning This could result in loss of data and damage to the operating system of the computer! Only use the function Restore selected object in exceptional cases. Only restore files that could be repaired by a new scan.

File rescanned and repaired.

 In the Control Center, select the section Administration :: Quarantine.

Note

Emails and email attachments can only be restored using the option and if they have the extension *.eml.

To restore a file to its original location:

 Highlight the file and click on the (Windows 2000/XP:

This option is not available for emails.

Note

Emails and email attachments can only be restored using the option and if they have the extension *.eml.

A message appears asking if you want to restore the file.

 Click Yes.

, Windows Vista ).

The file is restored to the directory it was in before it was moved to quarantine.

To restore a file to a specified directory:

 Highlight the file and click on

A message appears asking if you want to restore the file.

 Click Yes.

The Windows default window for selecting the directory appears.

 Select the directory to restore the file to and confirm.

. .

Page 37

Avira AntiVir Premium

The file is restored to the selected directory.

5.2.12 Quarantine: move suspicious files to quarantine

To move a suspect file to quarantine manually:

 In the Control Center, select the section Administration :: Quarantine.

 Click on

The Windows default window for selecting a file appears.

 Select the file and confirm.

The file is moved to quarantine.

You can scan files in quarantine with the AntiVir Scanner:

 see Chapter: Quarantine: Handling quarantined files (*.qua)

. .

5.2.13 Scan profile: Amend or delete file type in a scan profile

To stipulate additional file types to be scanned or exclude specific file types from the scan in a scan profile (only possible for manual selection and customized scan profiles):

In the Control Center, go to the Local protection :: Scan section.

 With the right-hand mouse button, click on the scan profile you want to edit.

A context menu appears.

 Select File filter.  Expand the context menu further by clicking on the small triangle on the right-hand

side of the context menu.

The entries Default, Scan all files and User-defined appear.

 Select User-defined.

The File extensions dialog box appears with a list of all file types to be scanned with the scan profile.

If you want to exclude a file type from the scan:

 Highlight the file type and click Delete.

If you want to add a file type to the scan:

 Highlight the file type.  Click Add and enter the file extension of file type into the input box.

Use a maximum of 10 characters and do not enter the leading dot. Wildcards (* and ? ) are allowed as replacements.

5.2.14 Scan profile: Create desktop shortcut for scan profile

You can start an on-demand scan directly from your desktop via a desktop shortcut to a scan profile without accessing the Avira AntiVir Premium Control Center.

To create a desktop shortcut to the scan profile:

In the Control Center, go to the Local protection :: Scan section.

 Select the scan profile you want to create a shortcut for.

Page 38

Overview of AntiVir Premium

 Click on the icon

The desktop shortcut is created.

5.2.15 Events: Filter events

Events that have been generated by AntiVir Premium program components are displayed in the Control Center under Overview :: Events (analogous to the event display of your Windows operating system). The program components are:

– Updater – Guard – MailGuard – Scanner – Scheduler

The following event types are displayed:

– Information – Warning – Error – Detection

To filter displayed events:

 In the Control Center, select the section Overview :: Results.  Check the box of the program components to display the events of the activated

components.

- OR -

Uncheck the box of the program components to hide the events of the deactivated components.

 Check the event type box to display these events.

- OR -

Uncheck the event type box to hide these events.

5.2.16 MailGuard: Exclude email addresses from scan

To define which email addresses (senders) are excluded from the MailGuard scan (whitelisting):

 In the Control Center, select the section Online protection:: MailGuard.

The list shows incoming emails.

 Highlight the email you want to exclude from the MailGuard scan.  Click on the appropriate icon to exclude the email from the MailGuard scan:

In future, the selected email address will no longer be scanned for viruses and

unwanted programs.

Page 39

Avira AntiVir Premium

The email sender address is included in the exclusion list and no longer scanned for viruses, malware .

Warning Only exclude email addresses from the MailGuard scan if the senders are completely trustworthy.

Note Under MailGuard :: General :: Exceptions in the configuration, you can add more email addresses to the exclusion list or remove email addresses from the list.

Page 40

Page 41

Avira AntiVir Premium

6 Scanner::Overview

With the Scanner component, you can carry out targeted scans (on-demand scans) for viruses and unwanted programs. The following options are available for scanning for infected files:

– On-demand scan via context menu

The on-demand-scan via the context menu (right-hand mouse button - entry Scan selected files with AntiVir) is recommended if, for example, you wish to scan individual files and directories. Another advantage is that it is not necessary to first start the Avira AntiVir Premium Control Center for an on-demand scan via the context menu.

– On-demand scan via drag & drop

When a file or directory is dragged into the program window of the Avira AntiVir Premium Control Center, the Scanner scans the file or directory and all subdirectories it contains. This procedure is recommended if you wish to scan individual files and directories that you have saved, for example, on your desktop.

– On-demand scan via profiles

This procedure is recommended if you wish to regularly scan certain directories and drives (e.g. your work directory or drives on which you regularly store new files). You do not then need to select these directories and drives again for every new scan, you simply select using the relevant profile.

– On-demand scan via the Scheduler

The Scheduler enables you to carry out time-controlled scans.

Special processes are required when scanning for rootkits, boot sector viruses, and when scanning active processes. The following options are available:

– Scan for rootkits using the scan profile Scan for active malware – Scan active processes via the scan profile Active processes – Scan for boot sector viruses via the menu command Scan for boot sector

viruses in the Extras menu

Page 42

7 Updates

The effectiveness of anti-virus software depends on how up-to-date the program is, in particular the virus definition file and the search engine. To carry out updates, the Updater component is integrated into AntiVir Premium. The Updater ensures that Avira AntiVir Premium is always up-to-date and able to deal with the new viruses that appear every day. Updater updates the following components:

– Virus definition file:

The virus definition file contains the virus patterns of the harmful programs used by AntiVir Premium to scan for viruses and malware and repair infected objects.

– Search engine:

The search engine contains the methods used by AntiVir Premium to scan for viruses and malware.

– Program files (product update):

Update packages for product updates make extra functions available to the individual program components.

An update checks whether the virus definition file and search engine are up-to-date and if necessary implements an update. Depending on the settings in the configuration, the Updater also carries out a product update or informs you of the product updates available. After a product update, you may have to restart your computer system. If only the virus definition file and search engine are updated, the computer does not have to be restarted.

Note For security reasons, the Updater checks whether the Windows host file of your computer was altered to the effect that, for example, the Avira AntiVir Premium update URL was manipulated by malware and diverts the Updater to unwanted download sites. If the Windows host file has been manipulated, this is shown in the Updater report file.

AntiVir Premium is automatically updated in the following interval: 2 hours. You can edit or disable the automatic update through the configuration (Configuration::Update).

In the Control Center under Scheduler, you can create additional update jobs that are carried out by Updater at the specified intervals. You also have the option to start an update manually:

– In the Control Center: in the Update menu and in the Status section – via the context menu of the tray icon

Updates can be obtained from the Internet via a Web server of the manufacturer. The existing network connection is the default connection to the download servers of Avira GmbH. You can modify this standard setting in the configuration under General :: Update.

Page 43

8 FAQ, Tips

This chapter provides a collection of frequently asked questions (FAQs) relating to Avira AntiVir Premium, a troubleshooting section and tips and tricks for using Avira AntiVir Premium.

see Chapter Troubleshooting

see Chapter Keyboard commands

see ChapterWindows Security Center

8.1 Troubleshooting

Here you will find information on causes and solutions of possible problems.

– The error message The license file cannot be opened appears. – AntiVir MailGuard does not work. – An email sent via a TSL connection has been blocked by MailGuard. – Webchat is not operational: Chat messages will not be displayed

The error message

Reason: The file is encrypted.

To activate the license, you do not need to open the file, but rather you save it in the program directory of Avira AntiVir Premium.

The error message when attempting to start an update.

Reason: Your Internet connection is inactive. This is why Avira AntiVir Premium cannot find the web server on the Internet.

Test whether other Internet services such as WWW or email work. If not, reestablish the Internet connection.

Reason: The proxy server cannot be reached.

Check whether the login for the proxy server has changed and adapt it to your configuration if necessary.

Reason: The update.exe file is not fully approved by your personal firewall.

Ensure that the update.exe file is fully approved by your personal firewall.

Otherwise:

Check your settings in the Configuration (expert mode) under General :: Update.

The license file cannot be opened

Connection failed while downloading the file ...

appears.

appears

Viruses and malware cannot be moved or deleted.

Reason: The file was loaded by windows and is active.

Page 44

FAQ, Tips

Update Avira AntiVir Premium.

If you use the operating system Windows XP, deactivate System Restore.

Start the computer in Safe Mode.

Start Avira AntiVir Premium and the Configuration (expert mode).

Choose Scanner :: Scan :: Files :: All files and confirm with OK.

Start a scan of all local drives.

Start the computer in Normal Mode.

Carry out a scan in Normal Mode.

If no other viruses or malware have been found, activate System Restore if it is available and to be used.

The status of the tray icon is disabled.

Reason: AntiVir Guard is disabled.

In the Control Center in the section Overview :: Status in theAntiVir Guard panel, click on the Enable link.

Reason: AntiVir Guard is blocked by a firewall.

Define a general approval for AntiVir Guard in the configuration of your firewall. AntiVir Guard only works with the address 127.0.0.1 (localhost). An Internet connection is not established. The same applies to AntiVir MailGuard.

Otherwise:

Check the startup type of the AntiVir Guard service. If necessary, enable the service: In the taskbar, select "Start | Settings | Control Panel". Start the configuration panel "Services" with a double-click (under Windows 2000 and Windows XP the services applet is located in the sub-directory "Administrative Tools"). Find the entry "Avira AntiVir Guard". "Automatic" must be entered as the startup type and "Started" as the status. If necessary, start the service manually by selecting the relevant line and the button "Start". If an error message appears, please check the event display.

The computer is extremely slow when I perform a data back-up.

Reason: During the back-up procedure, AntiVir Guard scans all files being used by the back-up procedure.

In the configuration (expert mode), choose Guard :: Scan :: Exceptions and enter the names of the backup software processes.

My Firewall reports AntiVir Guard and AntiVir MailGuard immediately after activation.

Reason: Communication with AntiVir Guardand AntiVir MailGuardoccurs via the TCP/IP Internet protocol. A firewall monitors all connections via this protocol.

Define a general approval for AntiVir Guard and AntiVir MailGuard. AntiVir Guard only works with the address 127.0.0.1 (localhost). An Internet connection is not established. The same applies to AntiVir MailGuard.

AntiVir MailGuard does not work.

Page 45

Avira AntiVir Premium

Please check correct functioning of AntiVir MailGuard with the aid of the following checklists if problems occur with AntiVir MailGuard.

Checklist

Check whether your mail client logs in on the server via Kerberos, APOP or RPA. These verification methods are currently not

Check whether your mail client reports to the server through SSL (also often called TSL – Transport Layer Security). AntiVir MailGuard does not support SSL and therefore terminates any encrypted SSL connections. If you want to use encrypted SSL connections without having them protected by MailGuard, you will have to use a port that is not monitored by MailGuard for the connection. The ports monitored by MailGuard can be configured in the configuration under MailGuard::Scan.

Is the AntiVir MailGuard service active? If necessary, enable the service: In the taskbar, select "Start | Settings | Control Panel". Start the configuration panel "Services" with a double-click (under Windows 2000 and Windows XP the services applet is located in the sub-directory "Administrative Tools"). Find the entry "Avira AntiVir MailGuard". "Automatic" must be entered as the startup type and "Started" as the status. If necessary, start the service manually by selecting the relevant line and the button "Start". If an error message appears, please check the event display. If this is not successful, you may have to completely uninstall Avira AntiVir Premium via "Start | Settings | Control Panel | Add or Remove Programs", restart the computer and then reinstall Avira AntiVir Premium.

supported.

General

POP3 connections encrypted via SSL (Secure Sockets Layer, also frequently referred to as TLS (Transport Layer Security)) cannot currently be protected and are ignored.

Verification to the mail server is currently only supported via "passwords". "Kerberos" and "RPA" are not currently supported.

Avira AntiVir Premium does not check outgoing emails for viruses and unwanted programs.

Note We recommend regularly installing Microsoft updates to close any gaps in security.

An email sent via a TSL connection has been blocked by MailGuard.

Reason: Transport Layer Security (TLS: encryption protocol for data transfers on the Internet) is not supported by MailGuard at this time. The following options are available for sending the email:

Use a different port from port 25, which is used by SMTP. This will bypass monitoring by MailGuard.

Turn off the TSL encrypted connection and disable TSL support in your email client.

Disable (temporarily) monitoring of outgoing emails by MailGuard in the configuration under MailGuard::Scan.

Webchat is not operational: Chat messages are not displayed; data are being loaded in the browser.

This phenomenon may occur during chats, which are based on the HTTP protocol with 'transfer-encoding= chunked’.

Page 46

Reason: WebGuard checks the data sent completely for viruses and undesired programs first of all, before the data are loaded into the web browser. During a data transfer with ’transfer-encoding= chunked’, WebGuard cannot determine the message length or the data volume.

Enter the configuration of the URL of the web chats as an exception (see Configuration: WebGuard::Exceptions).

8.2 Shortcuts

Keyboard commands - also called shortcuts - offer a fast possibility to navigate, to retrieve individual modules and to start actions through Avira AntiVir Premium.

Below we provide you with an overview of the available keyboard commands in Avira AntiVir Premium. Please find further indications regarding the functionality in the corresponding chapter of the help.

8.2.1 In dialog boxes

FAQ, Tips

Shortcut Description

Ctrl + Tab Ctrl + Page down

Ctrl + Shift + Tab Ctrl + Page up

← ↑ → ↓

Tab Change to the next option or options group.

Shift + Tab Change to the previous option or options group.

← ↑ → ↓

Space

Alt + underlined letter

Navigation in the Control Center Go to next section.

Navigation in the Control Center Go to previous section.

Navigation in the configuration sections First, use the mouse to set the focus on a configuration section.

Change between the options in a marked drop-down list or between several options in a group of options.

Activate or deactivate a check box, if the active option is a check box.

Select option or start command.

Alt + ↓

Esc

Enter Start command for the active option or button.

Open selected drop-down list.

Close selected drop-down list. Cancel command and close dialog.

Page 47

Avira AntiVir Premium

8.2.2 In the help

Shortcut Description

Alt + Space Display system menu.

Alt + Tab Shift between the help and the other opened windows.

Alt + F4 Close help.

Shift + F10 Display context menu of the help.

Ctrl + Tab Go to next section in the navigation window.

Ctrl + Shift + Tab

Page up

Page down

Page up Page down

8.2.3 In the Control Center

General

Shortcut Description

F1 Display help

Alt + F4 Close Control Center

F5 Refresh

Go to previous section in the navigation window.

Change to the subject, which is displayed above in the contents, in the index or in the list of the search results.

Change to the subject, which is displayed below the current subject in the contents, in the index or in the list of the search results.

Browse through a subject.

F8 Open configuration

F9 Start update

Scan section

Shortcut Shortcut

F2 Rename selected profile

F3 Start scan with the selected profile

F4 Create desktop link for the selected profile

Ins Create new profile

Del Delete selected profile

Quarantine section

Page 48

Shortcut Description

F2 Rescan object

F3 Restore object

F4 Send object

F6 Restore object to...

Return Properties

Ins Add file

Del Delete object

Scheduler section

Shortcut Description

F2 Edit job

Return Properties

FAQ, Tips

Ins Insert new job

Del Delete job

Reports section

Shortcut Description

F3 Display report file

F4 Print report file

Return Display report

Del Delete report(s)

Events section

Shortcut Description

F3 Export event(s)

Return Show event

Del Delete event(s)

8.3 Windows Security Center

- Windows XP Service Pack 2 or higher -

Page 49

Avira AntiVir Premium

8.3.1 General

The Windows Security Center checks the status of a computer for important security aspects.

If a problem is detected with one of these important points (e.g. an outdated anti-virus program), the Security Center issues an alert and gives recommendations on how to protect your computer better.

8.3.2 The Windows Security Center and Avira AntiVir Premium

Virus protection software / Protection against malicious software

You may receive the following information from the Windows Security Center with regard to your virus protection.

Virus protection NOT FOUND

Virus protection OUT OF DATE

Virus protection ON

Virus protection OFF

Virus protection NOT MONITORED

Virus protection NOT FOUND

This information of the Windows Security Center appears when the Windows Security Center has not found any anti-virus software on your computer.

Note Install Avira AntiVir Premium on your computer to protect it against viruses and other unwanted programs!

Virus protection OUT OF DATE

If you have already installed Windows XP Service Pack 2 or Windows Vista and then install Avira AntiVir Premium or you install Windows XP Service Pack 2 or Windows Vista on a system on which Avira AntiVir Premium has already been installed, you receive the following message:

Page 50

FAQ, Tips

Note In order for the Windows Security Center to recognize Avira AntiVir Premium as up to date, an update must be carried out after installation. Update your system by carrying out an Avira AntiVir Premium update.

Virus protection ON

After installation of Avira AntiVir Premium and a subsequent update, you receive the following message:

Avira AntiVir Premium is now up to date and the AntiVir Guard is enabled.

Virus protection OFF

You receive the following message if you disable the AntiVir Guard or stop the Guard service.

Note You can enable or disabled AntiVir Guard in the Overview :: Status section of theAvira AntiVir Premium Control Center . You can also see that the AntiVir Guard is enabled if the red umbrella in your taskbar is open.

Virus protection NOT MONITORED

If you receive the following message from the Windows Security Center, you have decided that you want to monitor your anti-virus software yourself.

Note This function is not supported by Windows Vista.

Note The Windows Security Center is supported by Avira AntiVir Premium. You can enable this option at any time via the button "Recommendations...".

Page 51

Avira AntiVir Premium

Note Even if you have installed Windows XP Service Pack 2 or Windows Vista, you still require a virus protection solution, e.g. Avira AntiVir Premium. Although Windows XP Service Pack 2 monitors your anti-virus software, it does not contain any anti-virus functions itself. Therefore you would not be protected against viruses and other malware without an additional anti-virus solution!

Page 52

9 Viruses and more

9.1 Extended threat categories

Dialers (DIALERS)

Certain services available in the Internet have to be paid for. They are invoiced in Germany via dialers with 0190/0900 numbers (or via 09x0 numbers in Austria and Switzerland; in Germany, the number is set to change to 09x0 in the medium term). Once installed on the computer, these programs guarantee a connection via a suitable premium rate number whose scale of charges can vary widely.

The marketing of online content via your telephone bill is legal and can be of advantage to the user. Genuine dialers leave no room for doubt that they are used deliberately and intentionally by the user. They are only installed on the user’s computer subject to the user’s consent, which must be given via a completely unambiguous and clearly visible labeling or request. The dial-up process of genuine dialers is clearly displayed. Moreover, genuine dialers tell you the incurred costs exactly and unmistakably.

Unfortunately there are also dialers which install themselves on computers unnoticed, by dubious means or even with deceptive intent. For example they replace the Internet user’s default data communication link to the ISP (Internet Service Provider) and dial a cost-incurring and often horrendously expensive 0190/0900 number every time a connection is made. The affected user will probably not notice until his next phone bill that an unwanted 0190/0900 dialer program on his computer has dialed a premium rate number with every connection, resulting in dramatically increased costs.

We recommend that you ask directly your telephone provider to block this number range to be immediately protected against undesired dialers (0190/0900 dialers).

Avira AntiVir Premium can detect the familiar dialers by default.

If the option Dialers is enabled with a check mark in the configuration under Extended threat categories, you receive a corresponding alert if a dialer is detected. You can now simply delete the potentially unwanted 0190/0900 dialer. However, if it is a wanted dialup program, you can declare it an exceptional file and this file is then no longer scanned in future.

Games (GAMES)

There is a place for computer games - but it is not necessarily at work (except perhaps in the lunch hour). Nevertheless, with the wealth of games downloadable from the Internet, a fair bit of mine sweeping and Patience playing goes on among company employees and civil servants. You can download a whole array of games via the Internet. Email games have also become more popular: numerous variants are circulating, ranging from simple chess to "fleet exercises" (including torpedo combats): The corresponding moves are sent to partners via email programs, who answer them.

Page 53

Avira AntiVir Premium

Studies have shown that the number of working hours devoted to computer games has long reached economically significant proportions. It is therefore not surprising that more and more companies are considering ways of banning computer games from workplace computers.

Avira AntiVir Premium detects computer games. If the Games option is enabled with a check mark in the configuration under Extended threat categories, you receive a corresponding alert if Avira AntiVir Premium detects a game. The game is now over in the truest sense of the word, because you can simply delete it.

Jokes (JOKES)

Jokes are merely intended to give someone a fright or provide general amusement without causing harm or reproducing. When a joke program is loaded, the computer will usually start at some point to play a tune or display something unusual on the screen. Examples of jokes are the washing machine in the disk drive (DRAIN.COM) or the screen eater (BUGSRES.COM).

But beware! All symptoms of joke programs may also originate from a virus or Trojan. At the very least users will get quite a shock or be thrown into such a panic that they themselves may cause real damage.

Thanks to the extension of its scanning and identification routines, Avira AntiVir Premium is able to detect joke programs and eliminate them as unwanted programs if required. If the option Jokes is enabled with a check mark in the configuration under Extended threat categories, a corresponding alert is issued if a joke program is detected.

Security Privacy Risk (SPR)

Software that maybe is able to compromise the security of your system, initiate unwanted program activities, damage your privacy or spy out your user behavior and might therefore be unwanted.

Avira AntiVir Premium detects "Security Privacy Risk" software. If the option Security Privacy Risk is enabled with a check mark in the configuration under Extended threat categories, you receive a corresponding alert if Avira AntiVir Premium detects such software.

Backdoor Clients (BDC)

In order to steal data or manipulate computers, a backdoor server program is smuggled in unknown to the user. This program can be controlled by a third party using backdoor control software (client) via the Internet or a network.

Avira AntiVir Premium detects "backdoor control software". If the option Backdoor Clients is enabled with a check mark in the configuration under Extended threat categories, you receive a corresponding alert if Avira AntiVir Premium detects such software.

Adware/Spyware (ADSPY)

"Software that displays advertising or software that sends the user's personal data to a third party, often without their knowledge or consent, and for this reason may be unwanted."

Page 54

Viruses and more

Avira AntiVir Premium detects "Adware/Spyware". If the option Adware/Spyware is enabled with a check mark in the configuration under Extended threat categories, you receive a corresponding alert if Avira AntiVir Premium detects such software.

Unusual Runtime Compression Tools (PCK)

Files that have been compressed with an unusual runtime compression tool and that can therefore be classified as possibly suspicious.

Avira AntiVir Premium detects "Unusual runtime Compression Tools". If the option Unusual runtime Compression Tools is enabled with a check mark in the configuration under Extended threat categories, you receive a corresponding alert if Avira AntiVir Premium detects such packers.

Double Extension Files (HEUR-DBLEXT)

Executable files that hide their real file extension in a suspicious way. This camouflage method is often used by malware.

Avira AntiVir Premium detects "Double Extension Files". If the option Double Extension files (HEUR-DBLEXT) is enabled with a check mark in the configuration under Extended threat categories, you receive a corresponding alert if Avira AntiVir Premium detects such files.

Phishing

Phishing, also known as brand spoofing is a clever form of data theft aimed at customers or potential customers of Internet service providers, banks, online banking services, registration authorities. When submitting your email address on the Internet, filling in online forms, accessing newsgroups or websites, your data can be stolen by "Internet crawling spiders" and then used without your permission to commit fraud or other crimes.

Avira AntiVir Premium detects "Phishing". If the option Phishing is enabled with a check mark in the configuration under Extended threat categories, you receive a corresponding alert if Avira AntiVir Premium detects such behavior.

Application (APPL)

The term APPL refers to an application which may involve a risk when used or is of dubious origin.

Avira AntiVir Premium detects "Application (APPL)". If the option Application (APPL) is enabled with a check mark in the configuration under Extended threat categories , you receive a relevant alert if Avira AntiVir Premium detects such behavior.

9.2 Viruses and other malware

Adware

Page 55

Avira AntiVir Premium

Adware is software that presents banner ads or in pop-up windows through a bar that appears on a computer screen. These advertisements usually cannot be removed and are consequently always visible. The connection data allow many conclusions on the usage behavior and are problematic in terms of data security.

Backdoors

A backdoor can gain access to a computer by circumventing computer access security mechanisms.

A program that is being executed in the background generally enables the attacker almost unlimited rights. User's personal data can be spied with the backdoor's help, but are mainly used to install further computer viruses or worms on the relevant system. The connection data allow many conclusions on the usage behavior and are problematic in terms of data security.

Boot viruses

The boot or master boot sector of hard disks is mainly infected by boot sector viruses. They overwrite important information necessary for the system execution. One of the awkward consequences: the computer system cannot be loaded any more&ldots;

Bot-Net

A bot net is defined as a remote network of PCs (on the Internet), which is composed of bots that communicate with each other. A Bot-Net can comprise a collection of cracked machines running programs (usually referred to as worms, Trojans) under a common command and control infrastructure. Bot-Nets serve various purposes, including Denialof-service attacks etc., partly without the affected PC user's knowledge. The main potential of Bot-Nets is that the networks can achieve dimensions on thousands of computers and its bandwidth sum bursts most conventional Internet accesses.

Exploit

An exploit (security gap) is a computer program or script that takes advantage of a bug, glitch or vulnerability leading to privilege escalation or denial of service on a computer system. A form of an exploit for example are attacks from the Internet with the help of manipulated data packages. Programs can be infiltrated in order to obtain higher access.

Hoaxes

For several years, Internet and other network users have received alerts about viruses that are purportedly spread via email. These alerts are spread per email with the request that they should be sent to the highest possible number of colleagues and to other users, in order to warn everyone against the "danger".

Honeypot

Page 56

Viruses and more

A honeypot is a service (program or server) installed in a network. It has the function to monitor a network and to protocol attacks. This service is unknown to the legitimate user - because of this reason he is never addressed. If an attacker examines a network for the weak points and uses the services which are offered by a Honeypot, it is logged and an alert is triggered.

Macro viruses

Macro viruses are small programs that are written in the macro language of an application (e.g. WordBasic under WinWord 6.0) and that can normally only spread within documents of this application. Because of this, they are also called document viruses. In order to be active, they need that the corresponding applications are activated and that one of the infected macros has been executed. Unlike "normal" viruses, macro viruses do consequently not attack executable files but they do attack the documents of the corresponding host-application.

Pharming

Pharming is a manipulation of the host file of web browsers to divert enquiries to spoofed websites. This is a further development of classic phishing. Pharming fraudsters operate their own large server farms on which fake websites are stored. Pharming has established itself as an umbrella term for various types of DNS attacks. In the case of a manipulation of the host file, a specific manipulation of a system is carried out with the aid of a Trojan or virus. The result is that the system can now only access fake websites, even if the correct web address is entered.

Phishing

Phishing means angling for personal details of the Internet user. Phishers generally send their victims apparently official letters such as emails that are intended to induce them to reveal confidential information to the culprits in good faith, in particular user names and passwords or PINs and TANs of online banking accounts. With the stolen access details, the phishers can assume the identities of the victims and carry out transactions in their name. What is clear is that banks and insurance companies never ask for credit card numbers, PINs, TANs or other access details by email, SMS or telephone.

Polymorph viruses

Polymorph viruses are the real masters of disguise. They change their own programming codes - and are therefore very hard to detect.

Program viruses

A computer virus is a program that is capable to attach itself to other programs after being executed and cause an infection. Viruses multiply themselves unlike logic bombs and Trojans. In contrast to a worm, a virus always requires a program as host, where the virus deposits his virulent code. The program execution of the host itself is not changed as a rule.

Rootkit

Page 57

Avira AntiVir Premium

A rootkit is a collection of software tools that are installed after a computer system has been infiltrated to conceal logins of the infiltrator, hide processes and record data generally speaking: to make themselves invisible. They attempt to update already installed spy programs and reinstall deleted spyware.

Script viruses and worms

Such viruses are extremely easy to program and they can spread - if the required technology is on hand - within a few hours via email round the globe.

Script viruses and worms use one of the script languages, such as Javascript, VBScript etc., to insert themselves in other, new scripts or to spread themselves by calling operating system functions. This frequently happens via email or through the exchange of files (documents).

A worm is a program that multiplies itself but that does not infect the host. Worms can consequently not form part of other program sequences. Worms are often the only possibility to infiltrate any kind of damaging programs on systems with restrictive security measures.

Spyware

Spyware are so-called spy programs that intercept or take partial control of a computer's operation without the user's informed consent. Spyware is designed to exploit infected computers for commercial gain.

Trojan horses (short Trojans)

Trojans are pretty common nowadays. We are talking about programs that pretend to have a particular function, but that show their real image after execution and carry out a different function that, in most cases, is destructive. Trojan horses cannot multiply themselves, which differentiates them from viruses and worms. Most of them have an interesting name (SEX.EXE or STARTME.EXE) with the intention to induce the user to start the Trojan. Immediately after execution they become active and can, for example, format the hard disk. A dropper is a special form of Trojan that 'drops' viruses, i.e. embeds viruses on the computer system.

Zombie

A Zombie-PC is a computer that is infected with malware programs and enables hackers to abuse computers via remote control for criminal purposes. On command, the affected PC starts denial-of-service (DoS) attacks, for example, or sends spam and phishing emails.

Page 58

10 Info and Service

This chapter contains information on how to contact us.

see Chapter Contact address

see Chapter Technical support

see Chapter Suspicious files

see Chapter Report false positives

see Chapter Your feedback for more security

10.1 Contact address

If you have any questions or requests concerning the Avira AntiVir Premium product range, we will be pleased to help you. You will find our contact addresses in the Control Center under Help :: About Avira AntiVir Premium.

10.2 Technical Support

Avira AntiVir Premium support provides reliable assistance in answering your questions or solving a technical problem.

All necessary information on our comprehensive support service can be obtained from our website http://www.avira.com/premium-support.

– License information. This can be found on the program interface under the

menu item Help :: About AntiVir Premium :: License information.

– Version information. This can be found on the program interface under the

menu item Help :: About AntiVir Premium :: Version information.

– Operating system version and any Service Packs installed. – Installed software packages, e.g. anti-virus software of other vendors. – Exact messages of the program or of the report file.

10.3 Suspicious file

Viruses that may not yet be detected or removed by our products or suspect files can be sent to us. We provide you with several ways of doing this.

– Identify the file in the Quarantine Manager of the Control Center and select the

item Send file via the context menu or the corresponding button.

Page 59

Avira AntiVir Premium

– Send the required file packed (WinZIP, PKZip, Arj etc.) in the attachment of an

email to virus-premium@avira.com. As some email gateways work with anti-virus software, you should also provide the file(s) with a password (please remember to tell us the password).

You can also send us the suspect file via our website.

10.4 Reporting false positives

If you believe that Avira AntiVir Premium reports something about a file that is most likely "clean", send the required file packed (WinZIP, PKZip, Arj etc.) in the attachment of an email to virus-premium@avira.com. As some email gateways work with anti-virus software, you should also provide the file(s) with a password (please remember to tell us the password).

10.5 Your feedback for more security

At Avira GmbH, the security of our customers is our top priority. For this reason, we don't just have an in-house expert team who tests the quality and security of every Avira GmbH solution before the product is released. We also attach great importance to the indications regarding security relevant gaps which could develop and we treat those frankly.

If you think you have detected a security gap in one of our products, please send us an email to vulnerabilities-premium@avira.com.

Page 60

11 Reference: Configuration options

The configuration reference documents all configuration options available in Avira AntiVir Premium.

11.1 Scanner

The Scanner section of the Configuration is responsible for the configuration of the ondemand scan.

11.1.1 Scan

Here you define the basic behavior of the scan routine for an on-demand scan. If you select certain directories to be scanned with an on-demand scan, depending on the configuration the Scanner scans:

– with a certain scanning power (priority), – also boot sectors and main memory, – certain or all boot sectors and the main memory, – all or selected files in the directory.

Files

The Scanner can use a filter to scan only those files with a certain extension (type).

All files

If this option is enabled, all files are scanned for viruses or unwanted programs, irrespective of their content and file extension. The filter is not used.

Note If All files is enabled, the button File extensions cannot be selected.

Smart Extensions

If this option is enabled, the selection of the files scanned for viruses or unwanted programs is automatically chosen by Avira AntiVir Premium. This means that Avira AntiVir Premium decides whether the files are scanned or not based on their content. This procedure is somewhat slower than Use file extension list, but more secure, since not only on the basis of the file extension is scanned. This setting is activated by default and is recommended.

Note If Smart Extensions is enabled, the button File extensions cannot be selected.

Use file extension list

If this option is enabled, only files with a specified extension are scanned. All file types that may contain viruses and unwanted programs are preset. The list can be edited manually via the button

File extension.

Page 61

Avira AntiVir Premium

Note If this option is enabled and you have deleted all entries from the list with file extensions, this is indicated with the text "No file extensions" under the button File

extensions.

File extensions

With the aid of this button, a dialog window is opened in which all file extensions are displayed that are scanned in Use file extension list mode. Default entries are set for the extensions, but entries can be added or deleted.

Note Please note that the default list may vary from version to version.

Additional settings

Scan boot sectors of selected drives

If this option is enabled, the Scanner only scans the boot sectors of the drives selected for the on-demand scan. This option is enabled as the default setting.

Scan master boot sectors

If this option is enabled, the Scanner scans the master boot sectors of the hard disk(s) used in the system.

Ignore offline files

If this option is enabled, the direct scan ignores so-called offline files completely during a scan. This means that these files are not scanned for viruses and unwanted programs. Offline files are files that were physically moved by a so-called Hierarchical Storage Management System (HSMS) from the hard disk onto a tape, for example. This option is enabled as the default setting.

Integrity checking of system files

When this option is enabled, the most important Windows system files are subjected to a particularly secure check for changes by malware during every on-demand scan. If an amended file is detected, this is reported as suspect. This function uses a lot of computer capacity. That is why the option is disabled as the default setting.

Important This option is only available with Windows Vista and higher.

Note This option should not be used if you are using third-party tools that modify system files and adapt the boot or start screen to your own requirements. Examples of such tools are skinpacks, TuneUp utilities or Vista Customization.

Optimized scan

When the option is enabled, the processor capacity is optimally utilized during a Scanner scan. For performance reasons, an optimized scan is only logged on standard level.

Note This option is only available on multi-processor systems.

Follow symbolic links

If this option is enabled, Scanner performs a scan that follows all symbolic links in the scan profile or selected directory and scans the linked files for viruses and malware. This option is not supported by Windows 2000 and has been deactivated.

Page 62

Reference: Configuration options

Important The option does not include any shortcuts, but refers exclusively to symbolic links (generated by mklink.exe) or Junction Points (generated by junction.exe) which are transparent in the file system.

Search for Rootkits before scan

If this option is enabled and a scan is started, the scanner scans the Windows system directory for active rootkits in a so-called shortcut. This process does not scan your computer for active rootkits as comprehensively as the scan profile Scan for rootkits, but it is significantly quicker to perform.

Important The rootkit scan is not available for Windows XP 64 bit !

Scan Registry

If this option is enabled, the Registry is scanned for references to malware.

Scan process

Allow stopping the scanner

If this option is enabled, the scan for viruses or unwanted programs can be terminated at any time with the button setting, the

Stop button in the "Luke Filewalker"window has a gray background.

Stop in the "Luke Filewalker"window. If you have disabled this

Premature ending of a scan process is thus not possible! This option is enabled as the default setting.

Scanner priority

With the on-demand scan, the Scanner distinguishes between priority levels. This is only effective if several processes are running simultaneously on the workstation. The selection affects the scanning speed.

Low

The Scanner is only allocated processor time by the operating system if no other process requires computation time, i.e. as long as only the Scanner is running, the speed is maximum. All in all, work with other programs is optimal: The computer responds more quickly if other programs require computation time while the Scanner continues running in the background. This setting is activated by default and is recommended.

Medium

The Scanner is executed with normal priority. All processes are allocated the same amount of processor time by the operating system. Under certain circumstances, work with other applications may be affected.

High

The Scanner has the highest priority. Simultaneous work with other applications is almost impossible. However, the Scanner completes its scan at maximum speed.

11.1.1.1. Action for concerning files

Action for concerning files

You can define the actions to be carried out by Scanner when a virus or unwanted program is detected.

Interactive

Page 63

Avira AntiVir Premium

If this option is enabled, the results of the Scanner scan are displayed in a dialog box. When carrying out a scan with the Scanner, you will receive an alert with a list of the affected files at the end of the scan. You can use the content-sensitive menu to select an action to be executed for the various infected files. You can execute the standard actions for all infected files or cancel the Scanner.

Note The action Move to quarantine is pre-selected by default in the Scanner notification. Further actions can be selected via a context menu.

Click here for more information.

Automatic

If this option is enabled, then no dialog box for selecting an action appears following the detection of a virus or unwanted program. The Scanner reacts according to the settings you define in this section.

Backup to quarantine

If this option is enabled, the Scanner creates a backup copy before carrying out the requested primary or secondary action. The back-up copy is saved in quarantine, where the file can be restored if it is of informative value. You can also send the backup copy to the Avira Malware Research Center for further investigation.

Primary action

Primary action is the action carried out when the Scanner finds a virus or an unwanted program. If the option repair is selected but a repair of the file involved is not possible, the action selected under Secondary action is carried out.

Note The option Secondary action can only be selected if the setting repair was selected under Primary action.

repair

If this option is enabled, the Scanner repairs affected files automatically. If the Scanner cannot repair an affected file, it carries out the action selected under Secondary action.

Note An automatic repair is recommended, but means that the Scanner modifies files on the workstation.

delete

If this option is enabled, the file is deleted. This process is much faster than "overwrite and delete".

overwrite and delete

If this option is enabled, the Scanner overwrites the file with a default pattern and then deletes it. It cannot be restored.

rename

If this option is enabled, the Scanner renames the file. Direct access to these files (e.g. with double-click) is therefore no longer possible. Files can later be repaired and given their original names again.

ignore

If this option is enabled, access to the file is allowed and the file is left as it is.

Warning The affected file remains active on your workstation! It may cause serious damage on your workstation!

Quarantine

Page 64

Reference: Configuration options

If this option is enabled, the Scanner moves the file to the quarantine. These files can later be repaired or - if necessary - sent to the Avira Malware Research Center.

Secondary action

The option Secondary action can only be selected if the setting Repair was selected under Primary action. With this option it can now be decided what is to be done with the affected file if it cannot be repaired.

delete

If this option is enabled, the file is deleted. This process is much faster than "overwrite and delete".

overwrite and delete

If this option is enabled, the Scanner overwrites the file with a default pattern and then deletes (wipes) it. It cannot be restored.

rename

ignore

If this option is enabled, access to the file is allowed and the file is left as it is.

Warning The affected file remains active on your workstation! It may cause serious damage on your workstation!

Quarantine

If this option is enabled, the Scanner moves the file to quarantine. These files can later be repaired or - if necessary - sent to the Avira Malware Research Center.

Note If you have selected Deleteor Overwrite and Delete as the primary or secondary action, you should note the following: In the case of heuristic hits, the affected files are not deleted, but are instead moved to quarantine.

When scanning archives, the Scanner uses a recursive scan: Archives in archives are also unpacked and scanned for viruses and unwanted programs. The files are scanned, decompressed and scanned again.

Scan archives

If this option is enabled, the selected archives in the archive list are scanned. This option is enabled as the default setting.

All archive types

If this option is enabled, all archive types in the archive list are selected and scanned.

Smart Extensions

If this option is enabled, the Scanner detects whether a file is a packed file format (archive), even if the file extension differs from the usual extensions, and scans the archive. However, for this every file must be opened - which reduces the scanning speed. Example: if a *.zip archive has the file extension *.xyz, the Scanner also unpacks this archive and scans it. This option is enabled as the default setting.

Note Only those archive types are supported, which are marked in the archive list.

Page 65

Avira AntiVir Premium

Limit recursion depth

Unpacking and scanning recursive archives can require a great deal of computer time and resources. If this option is enabled, you limit the depth of the scan in multi-packed archives to a certain number of packing levels (maximum recursion depth). This saves time and computer resources.

Note In order to find a virus or an unwanted program in an archive, the Scanner must scan up to the recursion level in which the virus or the unwanted program is located.

Maximum recursion depth

In order to enter the maximum recursion depth, the option Limit recursion depth must be enabled. You can either enter the requested recursion depth directly or by means of the right arrow key on the entry field. The permitted values are 1 to 99. The standard value is 20 which is recommended.

Default values

The button restores the pre-defined values for scanning archives.

11.1.2 Report

The Scanner has a comprehensive reporting function. You thus obtain precise information on the results of an on-demand scan. The report file contains all entries of the system as well as alerts and messages of the on-demand scan.

Note To enable you to establish what actions the Scanner has carried out when viruses or unwanted programs have been detected, a report file should always be created.

Reporting

Off

If this option is enabled, the Scanner does not report the actions and results of the ondemand scan.

Default

When this option is activated, the Scanner logs the names of the files concerned with their path. In addition, the configuration for the current scan, version information and information on the licensee is written in the report file.

Advanced

When this option is activated, the Scanner logs alerts and tips in addition to the default information.

Complete

When this option is activated, the Scanner also logs all scanned files. In addition, all files involved as well as alerts and tips are included in the report file.

11.2 Guard

11.2.1 Scan

Note If you have to send us a report file at any time (for troubleshooting), please create this report file in this mode.

The Guard section of the configuration is responsible for the configuration of the onaccess scan.

You will normally want to monitor your system constantly. To this end, use the Guard (= on-access scanner). You can thus scan all files that are copied or opened on the computer "on the fly", for viruses and unwanted programs.

Page 68

Reference: Configuration options

Scan mode

Here the time for scanning of a file is defined.

Scan when reading

If this option is enabled, the Guard scans the files before they are read or executed by the application or the operating system.

Scan when writing

If this option is enabled, the Guard scans a file when writing. You can only access the file again after this process has been completed.

Scan when reading and writing

If this option is enabled, the Guard scans files before opening, reading and executing and after writing. This option is enabled as the default setting and is recommended.

Files

The Guard can use a filter to scan only those files with a certain extension (type).

All files

If this option is enabled, all files, irrespective of their content and their file extension, are scanned for viruses or unwanted programs, i.e. the filter is not used.

Note If All files is enabled, the button File extensions cannot be selected.

Smart Extensions

Note If Smart Extensions is enabled, the button File extensions cannot be selected.

Use file extension list

If this option is enabled, only files with a specified extension are scanned. All file types that may contain viruses and unwanted programs are preset. The list can be edited manually via the button

File extension. This setting is activated by default and is

recommended.

Note If this option is enabled and you have deleted all entries from the list with file extensions, this is indicated with the text "No file extensions" under the button File

extensions.

File extensions

Note Please note that the file extension list may vary from version to version.

11.2.2 ProActiv

AntiVir ProActive protects you from new and unknown threats for which there are not yet any virus definitions or heuristics available. ProActive technology is integrated into the Guard component and observes and analyzes the program actions carried out. The behavior of the program is checked against typical mailware action patterns: Type of action and action sequences. If a program exhibits behavior typical of malware, this is treated as a virus detection : You have the option of blocking the program or ignoring the notification and continuing to use the program. You can classify the program as trusted and add it to the application filter for permitted programs. You have the option of adding the program to the application filter for blocked programs using the Always block command.

The ProActive component uses rule sets developed by the Avira Malware Research Center to identify behavior typical of malware. The rule sets are supplied by Avira GmbH databases. AntiVir ProActiv sends information on any suspicious programs detected to the Avira database for logging. You have the option of disabling transmission of data to the Avira databases.

Note ProActive technology is not yet available for 64 bit systems! Windows 2000 does not support ProActive components.

General

Enabling AntiVir ProActiv.

If this option is enabled, programs are monitored on your computer system and checked for actions typical of malware. You will receive a message if typical malware behavior is detected. You can block the program or select Ignore to continue to use the program. The monitoring process excludes: Programs classified as trusted, trusted and signed programs included by default in the permitted applications filter, and all programs which you have added to the application filter for permitted programs.

Be part of the Avira ProActive community

Page 76

Reference: Configuration options

If this option is enabled, AntiVir ProActive sends data on the program actions to the Avira databases. After evaluation, these data are added to the ProActive behavioral analysis rule sets. In this way, you become part of the Avira ProActive community and contribute to the continuous improvement and refinement of the ProActive security technology. No data are sent if this option is disabled. This has no effect on ProActive functionality.

11.2.2.1. Application filter: Applications to be blocked

Under Application filter: Applications to be blocked you can enter applications which you classify as harmful and which you want AntiVir ProActive to block by default. The applications added cannot be executed on your computer system. You can also add programs to the application filter for blocking via Guard notifications of suspicious program behavior, by selecting theAlways block this program option.

Applications to be blocked

Applications

The list contains all applications which you have classified as harmful which you have entered via the configuration or by notifying the ProActive component. The applications on the list are blocked by ProActiv and cannot be executed on your computer system. An operating system message appears when a blocked program starts up. The applications to be blocked are identified by ProActive on the basis of the path specified and the file name, and are blocked irrespective of their content.

Input box

Enter the application you want to block in this box. To identify the application, the full path, file name and file extension must be specified. The path must either include the drive on which the application is located or start with an environment variable.

The button opens a window in which you can select the application to be blocked.

Add

With the Add button you can transfer the application specified in the input box to the list of applications to be blocked.

Note Applications required for the proper operation of the operating system cannot be added.

Delete

The Delete button lets you remove a highlighted application from the list of applications to be blocked.

Page 77

Avira AntiVir Premium

11.2.2.2. Application filter: Permitted applications

The section Application filter: Permitted applicationslists the applications excluded from monitoring by the ProActiv component: signed programs classified as trusted and included in list by default, all applications classified as trusted and added to the application filter: You can add permitted applications to the list in Configuration. You also have the option of adding applications to suspicious program behavior via Guard notifications by using the Trusted program option in the Guard notification.

Applications to be skipped

Applications

The list contains applications excluded from monitoring by the ProActiv component. In the default installation settings, the list contains signed applications from trusted producers. You have the option of adding applications that you consider to be trustworthy via the configuration or via Guard notifications. The ProActive component identifies applications using the path, the file name and the content. We recommend checking the content, as malcode can be added to a program through changes such as updated. You can determine whether a contents check should be carried out from the type specified: For the Contents type, the applications specified by path and file name are checked for changes to the file content before they are excluded from monitoring by the ProActiv component. If the file contents have been modified, the application is again monitored by the ProActiv component. For the Path type, no contents check is carried out before the application is excluded from monitoring by the Guard. To change the exclusion type, click on the type displayed.

Warning Only use the Path type in exceptional cases. Malcode can be added to an application through an update. The originally harmless application is now malware.

Note Some trusted applications, including for example all application components of AntiVir Premium, are by default excluded from monitoring by the ProActive component even though they are not included in the list.

Input box

In this box you enter the application to be excluded from monitoring by the ProActiv component. To identify the application, the full path, file name and file extension must be specified. The path must either show the drive on which the application is located or start with an environment variable.

The button opens a window in which you can select the application to be excluded.

Add

With the Add button you can transfer the application specified in the input box to the list of applications to be excluded.

Delete

The Delete button lets you remove a highlighted application from the list of applications to be excluded.

Page 78

11.2.3 Report

Guard includes an extensive logging function to provide the user or administrator with exact notes about the type and manner of a detection.

This group allows for the content of the report file to be determined.

Off

If this option is enabled, then Guard does not create a log. It is recommended that you should turn off the logging function only in exceptional cases, such as if you are executing trials with multiple viruses or unwanted programs.

Default

If this option is enabled, Guard records important information (concerning detections, alerts and errors) in the report file, with less important information ignored for improved clarity. This option is enabled as the default setting.

Advanced

If this option is enabled, Guard logs less important information to the report file as well.

Complete

If this option is enabled, Guard logs all available information in the report file, including file size, file type, date, etc.

Reference: Configuration options

Limit report file

Limit size to n MB

If this option is enabled, the report file can be limited to a certain size; possible values: 1 to 100 MB. If the size of the log file exceeds the indicated size by more than 50 kilobytes, then old entries are deleted until the indicated size minus 50 kilobytes is reached.

Backup report file before shortening

If this option is enabled, the report file is backed up before shortening.

Write configuration in report file

If this option is enabled, the configuration of the on-access scan is recorded in the report file.

11.3 MailGuard

The MailGuard section of the Configuration is responsible for the configuration of the MailGuard.

11.3.1 Scan

Use MailGuard to scan incoming emails for viruses and malware . Outgoing emails can be scanned for viruses and malware by MailGuard.

Page 79

Avira AntiVir Premium

Scan

Scan incoming emails

If this option is enabled, incoming emails are scanned for viruses and malware . MailGuard supports POP3 and IMAP protocols. Enable the inbox account used by your email client to receive emails for monitoring by MailGuard.

Monitor POP3 accounts

If this option is enabled, the POP3 accounts are monitored on the specified ports.

Monitored ports

In this field you should enter the port to be used as the inbox by the POP3 protocol. Multiple ports are separated by commas.

Default

This button resets the specified port to the default POP3 port.

Monitor IMAP accounts

If this option is enabled, the IMAP accounts are monitored on the specified ports.

Monitored ports

In this field you should enter the port to be used as the inbox by the IMAP protocol. Multiple ports are separated by commas.

Default

This button resets the specified port to the default IMAP port.

Scan outgoing emails (SMTP)

If this option is enabled, outgoing emails are scanned for viruses and malware.

Monitored ports

In this field you should enter the port to be used as the outbox by the SMTP protocol. Multiple ports are separated by commas.

Default

This button resets the specified port to the default SMTP port.

Note To verify the protocols and ports used, call up the properties of your email accounts in your email client program. Default ports are mostly used.

11.3.1.1. Action for concerning files

This configuration section contains settings for actions performed when MailGuard finds a virus or unwanted program in an email or in an attachment.

Note These actions are performed both when a virus is detected in incoming emails and when a virus is detected in outgoing emails.

Action for concerning files

Interactive

If this option is enabled, a dialog window appears when a virus or unwanted program is detected in an email or attachment in which you can choose what is to be done with the email or attachment concerned. This option is enabled as the default setting.

Page 80

Reference: Configuration options

Show progress bar

If this option is enabled, the MailGuard shows a progress bar during downloading of emails. This option can only be enabled if the option Interactive has been selected.

Automatic

If this option is enabled, you are no longer notified when a virus or unwanted program is found. MailGuard reacts according to the settings you define in this section.

Primary action

Primary action is the action carried out when the MailGuard finds a virus or an unwanted program in an email. If the option Ignore email is selected, it is also possible to select under Affected attachments what is to be done if a virus or unwanted program is detected in an attachment.

delete email

If this option is enabled, the affected email is automatically deleted if a virus or unwanted program is found. The body of the email is replaced by the default text given below. The same applies to all attachments included; these are also replaced by a default text.

Isolate email

If this option is enabled, the complete email including all attachments is placed in Quarantine if a virus or unwanted program is found. If required, it can later be restored. The affected email itself is deleted. The body of the email is replaced by the default text given below. The same applies to all attachments included; these are also replaced by a default text.

ignore email

If this option is enabled, the affected email is ignored despite detection of a virus or unwanted program. However, you can decide what is to be done with the affected attachment:

Affected attachments

The option Affected attachments can only be selected if the setting Ignore email has been selected under Primary action. With this option it is now possible to decide what is to be done if a virus or unwanted program is found in an attachment.

delete

If this option is enabled, the affected attachment is deleted if a virus or unwanted program is found and replaced by a default text.

isolate

If this option is enabled, the affected attachment is placed in quarantine and then deleted (replaced by a default text). If required, it can later be restored.

ignore

If this option is enabled, the attachment is ignored despite detection of a virus or unwanted program and delivered.

Warning If you select this option, you have no protection against viruses and unwanted programs by the MailGuard. Only select this item if you are certain you know what you are doing. Disable the preview in your email program, never open attachments by double-clicking!

11.3.1.2. Other Actions

This configuration section contains other settings for actions performed when MailGuard finds a virus or unwanted program in an email or in an attachment.

Page 81

Avira AntiVir Premium

Note These actions are performed exclusively when a virus is detected in incoming emails.

Default text for deleted and moved emails

The text in this box is inserted in the email as a message instead of the affected email. You can edit this message. You can enter a maximum of 500 characters.

You can use the following key combination for formatting:

Default

The button inserts a pre-defined default text in the edit box.

Default text for deleted and moved attachments

The text in this box is inserted in the email as a message instead of the affected attachment. You can edit this message. You can enter a maximum of 500 characters.

You can use the following key combination for formatting:

Default

The button inserts a pre-defined default text in the edit box.

11.3.1.3. Heuristic

This configuration section contains the settings for the heuristic of the Avira AntiVir Premium search engine.

inserts a line break.

Macrovirus heuristic

Activate macrovirus heuristics

Advanced Heuristic Analysis and Detection (AHeAD)

enable AHeAD

Page 82

Low detection level

If this option is enabled, Avira AntiVir Premium detects slightly less unknown malware, the risk of false alerts is low in this case.

Medium detection level

This option is enabled as the default setting if you have selected application of this heuristic. This option is enabled as the default setting and is recommended.

High detection level

If this option is enabled, Avira AntiVir Premium detects much more unknown malware, however false positives can also be expected.

11.3.2 General

11.3.2.1. Exceptions

Reference: Configuration options

Email addresses not scanned

This table shows you the list of email addresses excluded from scanning by AntiVir MailGuard (white list).

Note The list of exceptions is used exclusively by MailGuard with regard to incoming emails.

Status

Icon Description

This email address will no longer be scanned for malware.

Email address

Email that is no longer to be scanned.

Malware

When this option is enabled, the email address is no longer scanned for malware.

You can use this button to move a highlighted email address to a higher position. If no entry is highlighted or the highlighted address is at the first position in the list, this button is not enabled.

Down

You can use this button to move a highlighted email address to a lower position. If no entry is highlighted or the highlighted address is at the last position in the list, this button is not enabled.

Input box

Page 83

Avira AntiVir Premium

In this box you enter the email address that you want to add to the list of email addresses not to be scanned. Depending on your settings, the email address will no longer be scanned in future by the MailGuard.

Add

With this button you can add the email address entered in the input box to the list of email addresses not to be scanned.

Delete

This button deletes a highlighted email address from the list.

11.3.2.2. Cache

Cache

The MailGuard cache contains data regarding the scanned emails that is displayed as statistical data in the Control Center under MailGuard.

Maximum number of emails to be stored in the cache

This field is used to set the maximum number of emails that are stored by MailGuard in the cache. Emails are deleted oldest first.

Maximum storage period of an email in days

The maximum storage period of an email in days is entered in this box. After this time, the email is removed from the cache.

Empty Cache

Click on this button to delete the emails stored in the cache.

11.3.2.3. Footer

Under Footer you can configure an email footer which is displayed in the emails you send. This function requires activation of the MailGuard scan of outgoing emails (see option Scan outgoing emails (SMTP) under Configuration::MailGuard::Scan) . You can use the defined AntiVir MailGuard footer to confirm the sent email has been scanned by a virus protection program. You also have the option of inserting text yourself for a userdefined footer. If you use both footer options, the user-defined text is preceded by the AntiVir MailGuard footer.

Footer for emails to be sent

Attach AntiVir MailGuard footer

If this option is enabled, the AntiVir MailGuard footer is displayed beneath the message text of the sent email. The AntiVir MailGuard footer confirms that the sent email has been scanned for viruses and unwanted programs by AntiVir MailGuard. The AntiVir MailGuard footer contains the following text: "Scanned with AntiVir MailGuard [product version] [initials and version number of search engine] [initials and version number of virus definition file]".

Attach this footer

If this option is enabled, the text which you insert into the input box is displayed as a footer in sent emails.

Input box

Page 84

If this option is enabled, the text which you insert into the input box is displayed as a footer in sent emails.

11.3.3 Report

MailGuard includes an extensive logging function to provide the user or administrator with exact notes about the type and manner of a detection.

Reporting

This group allows for the content of the report file to be determined.

Off

If this option is enabled, then MailGuard does not create a log. It is recommended that you should turn off the logging function only in exceptional cases, such as if you are executing trials with multiple viruses or unwanted programs.

Default

If this option is enabled, MailGuard records important information (concerning detections, alerts and errors) in the report file, with less important information ignored for improved clarity. This option is enabled as the default setting.

Advanced

If this option is enabled, MailGuard logs less important information to the report file as well.

Complete

If this option is enabled, MailGuard logs all available information in the report file, including file size, file type, date, etc.

Reference: Configuration options

Limit report file

Limit size to n MB

If this option is enabled, the report file can be limited to a certain size; possible values: Permitted values are between 1 and 100 MB. Around 50 kilobytes of extra space are allowed when limiting the size of the report file to minimize the use of system resources. If the size of the log file exceeds the indicated size by more than 50 kilobytes, then old entries are deleted until the indicated size minus 50 kilobytes is reached.

Backup report file before shortening

If this option is enabled, the report file is backed up before shortening.

Write configuration in report file

If this option is enabled, the MailGuard configuration is recorded in the report file.

11.4 WebGuard

The WebGuard section of the Configuration is responsible for the configuration of the WebGuard.

Page 85

Avira AntiVir Premium

11.4.1 Scan

WebGuard protects you against viruses or malware that reaches your computer from web pages that you load on your web browser from the Internet. The Scan heading can be used to set the behavior of the WebGuard component.

Scan

Enable Webguard

If this option is enabled, the web pages you request using an Internet browser are scanned for viruses and malware. WebGuard monitors the data transferred from the Internet using the HTTP protocol at ports 80, 8080, 3128. If any affected web pages are detected, the loading of the web pages is blocked. If this option is disabled, the WebGuard service is still started, but the scan for viruses and malware is disabled.

Drive-by protection

Drive-by protection allows you to make settings to block I-Frames, also known as inline frames. I-Frames are HTML elements, i.e. elements of Internet pages that delimit an area of a web page. I-Frames can be used to load and display different web content usually other URLs - as independent documents in a subwindow of the browser. IFrames are mostly used for banner advertising. In some cases, I-Frames are used to conceal malware. In these cases the area of the I-Frame is mostly invisible or almost invisible in the browser. The Block Suspect I-Frames option allows you to check and block the loading of I-Frames.

Block suspicious I-frames

If this option is enabled, I-Frames on the web pages you request are scanned according to certain criteria. If there are suspect I-Frames on a requested web page, the I-Frame is blocked. An error message (HTTP status code 403) is displayed in the I-Frame window.

Default

If this option is enabled, I-Frames with suspect content is blocked.

Advanced

If this option is enabled, I-Frames with suspect content and I-Frames used in a suspicious way are blocked. The use of I-Frames is considered suspect if the I-Frame is very small and is therefore invisible or almost invisible in the browser of if the I-Frame is placed in an unusual position on the web page.

11.4.1.1. Action for concerning files

Action for concerning files

You can define the actions to be carried out by WebGuard when a virus or unwanted program is detected.

Interactive

If this option is enabled, a dialog window appears when a virus or unwanted program is detected during an on-demand scan, in which you can choose what is to be done with the affected file. This option is enabled as the default setting.

Page 86

Reference: Configuration options

The website requested from the web server and/or the data and files that were transferred are forwarded on by WebGuard to your web browser.

Click here for more information.

Show progress bar

If this option is enabled, a desktop notification appears with a download progress bar if a download of website content exceeds a 20 second timeout. This desktop notification is designed in particular for downloading websites with larger data volumes: If you are surfing with WebGuard, website contents are not downloaded incrementally in the Internet browser, as they are scanned for viruses and malware before being displayed in the Internet browser. This option is disabled as the default setting.

Automatic

If this option is enabled, then no dialog box for selecting an action appears following the detection of a virus or unwanted program. WebGuard reacts according to the settings you define in this section.

Primary action

The primary action is the action carried out when WebGuard finds a virus or an unwanted program.

Deny access

The website requested from the web server and/or any data or files transferred are not sent to your web browser. An error message to notify you that access has been denied is displayed in the web browser. WebGuard logs the detection to the report file if the report function is activated. WebGuard also appends an entry to the event log if the relevant option is enabled.

isolate

In the event of a virus or malware being detected, the website requested from the web server and/or the transferred data and files are moved into quarantine. The affected file can be recovered from quarantine manager if it has an informative value or - if necessary

- sent to the Avira Malware Research Center.

ignore

The website requested from the web server and/or the data and files that were transferred are forwarded on by WebGuard to your web browser. Access to the file is permitted and the file is ignored.

Warning The affected file remains active on your workstation! It may cause serious damage on your workstation!

11.4.1.2. Locked requests

In Locked requests you can specify the file types and MIME types (content types for the transferred data) to be blocked by WebGuard. The Web filter lets you block known phishing and malware URLs. WebGuard prevents the transfer of data from the Internet to your computer system.

File types / MIME types to be blocked by WebGuard (user-defined)

All file types and MIME types (content types for the transferred data) in the list are blocked by WebGuard.

Input box

Page 87

Avira AntiVir Premium

In this box, enter the names of the MIME types and file types you want WebGuard to block. For file types, enter the file extension, e.g. .htm. For MIME types, indicate the media type and, where applicable, sub-type. The two statements are separated from one another by a single slash, e.g. . video/mpeg or audio/x-wav.

Note Files which are already stored on your computer system as temporary Internet files and blocked by WebGuard can however by downloaded locally from the Internet by your computer's Internet browser. Temporary Internet files are files saved on your computer by the Internet browser so that websites can be accessed more quickly

Note The list of blocked file and MIME types is ignored if they are entered in the list of excluded file and MIME types under WebGuard::Scan::Exceptions.

Note No wildcards (* for any number of characters or ? for a single character) can be used when entering file types and MIME types.

MIME types: Examples for media types:

– text = for text files – image = for graphics files – video = for video files – audio = for sound files – application = for files linked to a particular program

Examples: Excluded file and MIME types

– application/octet-stream = application/octet-stream MIME type files

(executable files *.bin, *.exe, *.com, *dll, *.class) are blocked by WebGuard.

– application/olescript = application/olescript MIME type files (ActiveX

script-files *.axs) are blocked by WebGuard.

– .exe = All files with the extension .exe (executable files) are blocked by

WebGuard.

– .msi = All files with the extension .msi (Windows Installer files) are blocked by

WebGuard.

Add

The button allows you to copy MIME and file types from the input field into the display window.

Delete

The button deletes a selected entry from the list. This button is inactive if no entry is selected.

Web-Filter

The Web filter is based on an internal database, updated daily, that classifies URLs according to content.

Activate web filter

When the option is enabled, all URLs matching the selected categories in the Web filter list are blocked.

Web filter list

Page 88

In the Web filter list you can select the content categories whose URLs are to be blocked by WebGuard.

Note The Web filter is ignored for entries in the list of excluded URLs under WebGuard::Scan::Exceptions.

Note Spam URLs are URLs sent with spam emails. The Fraud and Deception category covers web pages with “Subscription Expires” and other offers of services whose costs are hidden by the provider.

11.4.1.3. Exceptions

These options allow you to set exceptions based on MIME types (content types for the transferred data) and file types for URLs (Internet addresses) for scanning by WebGuard. The MIME types and URLs specified are ignored by WebGuard, i.e. that data is not scanned for viruses and malware when it is transferred to your computer system.

Reference: Configuration options

MIME types skipped by WebGuard

In this field you can select the MIME types (content types for the transferred data) to be ignored by WebGuard during scanning.

File types/MIME types skipped by WebGuard (user-defined)

All MIME types (content types for the transferred data) in the list are ignored by WebGuard during scanning.

Input box

In this box you can input the name of the MIME types and file types to be ignored by WebGuard during scanning. For file types, enter the file extension, e.g. .htm. For MIME types, indicate the media type and, where applicable, sub-type. The two statements are separated from one another by a single slash, e.g. video/mpeg or audio/x-wav.

Note No wildcards (* for any number of characters or ? for a single character) can be used when entering file types and MIME types.

Warning All file types and content types on the exclusion list are downloaded into the Internet browser without further scanning of the blocked access (List of file and MIME types to be blocked in WebGuard::Scan::Blocked access) or by WebGuard: For all entries on the exclusion list, the entries on the list of file and MIME types to be blocked are ignored. No scan for viruses and malware is carried out.

MIME types: Examples for media types:

– text = for text files – image = for graphics files – video = for video files – audio = for sound files – application = for files linked to a particular program

Examples: Excluded file and MIME types

Page 89

Avira AntiVir Premium

– audio/ = All audio media type files are excluded from WebGuard scans – video/quicktime = All Quicktime sub-type video files (*.qt, *.mov) are

– .pdf = All Adobe PDF files are excluded from WebGuard scans.

Add

The button allows you to copy MIME and file types from the input field into the display window.

Delete

The button deletes a selected entry from the list. This button is inactive if no entry is selected.

URLs skipped by WebGuard

All URLs in this list are excluded from WebGuard scans.

Input box

Input box You can specify parts of the URL, using leading or concluding dots to indicate the domain level: .domainname.de for all pages and all subdomains of the domain. Indicate websites with any top-level domain (.com or .net) with a concluding dot: domainname.. If you indicate a string without a leading or concluding dot, the string is interpreted as a top-level domain, e.g. net for all NET-Domains (www.domain.net).

excluded from WebGuard scans

Note You can also use the wildcard * for any number of characters when specifying URLs. You can also use leading or concluding dots in combination with wildcards to indicate the domain level: .domainname.* *.domainname.com .*name*.com (valid but not recommended) Specifications without dots, like *name*, are interpreted as part of a top-level domain and are not advisable.

Warning All websites on the list of excluded URLs are downloaded into the Internet browser without further scanning by the web filter or WebGuard: For all entries in the list of excluded URLs, the entries in the web filter (see WebGuard::Scan::Blocked access) are ignored. No scan for viruses and malware is carried out. Only trusted URLs should therefore be excluded from WebGuard scans.

Add

The button allows you to copy the URL entered in the input field (Internet address) to the viewer window.

Delete

The button deletes a selected entry from the list. This button is inactive if no entry is selected.

Examples: Skipped URLs

– www.avira.com -OR- www.avira.com/*

= All URLs with the domain 'www.avira.com' are excluded from WebGuard scans: www.avira.com/en/pages/index.php, www.avira.com/en/support/index.html, www.avira.com/en/download/index.html,.. URLs with the domain 'www.avira.de' are not excluded from WebGuard scans.

Page 90

Reference: Configuration options

– avira.com -OR- *.avira.com

= All URLs with the second and top-level domain 'avira.com' are excluded from WebGuard scans: The specification implies all existing subdomains for '.avira.com': www.avira.com, forum.avira.com,...

– avira. -OR- *.avira.*

= All URLs with the second-level domain 'avira' are excluded from WebGuard scans: The specification implies all existing top-level domains or subdomains for '.avira': www.avira.com, www.avira.de, forum.avira.com,...

– .*domain*.*

All URLs containing a second-level domain with the string 'domain' are excluded from WebGuard scans: www.domain.com, www.new-domain.de, www.sampledomain1.de, ...

– net -OR- *.net

= All URLs with the top-level domain 'net' are excluded from WebGuard scans: www.name1.net, www.name2.net,...

Warning Enter the URLs you want to exclude from the WebGuard scan as precisely as possible. Avoid specifying an entire top-level domain or parts of a second-level domain because there is a risk that Internet pages that distribute malware and undesirable programs will be excluded from the WebGuard scan through global specifications under exclusions. You are recommended to specify at least the complete second-level domain and the toplevel domain: domainname.com

11.4.1.4. Heuristic

This configuration section contains the settings for the heuristic of the Avira AntiVir Premium search engine.

Macrovirus heuristics

Page 91

Avira AntiVir Premium

Advanced Heuristic Analysis and Detection (AHeAD)

enable AHeAD

Low detection level

If this option is enabled, Avira AntiVir Premium detects slightly less unknown malware, the risk of false alerts is low in this case.

Medium detection level

This setting is activated by default if you have selected the use of this heuristic.

High detection level

If this option is enabled, Avira AntiVir Premium detects much more unknown malware, however false positives can also be expected.

11.4.2 Report

The WebGuard includes an extensive logging function to provide the user or administrator with exact notes about the type and manner of a detection.

Reporting

This group allows for the content of the report file to be determined.

Off

If this option is enabled, then WebGuard does not create a log. It is recommended that you should turn off the logging function only in exceptional cases, such as if you are executing trials with multiple viruses or unwanted programs.

Default

If this option is enabled, WebGuard records important information (concerning detections, alerts and errors) in the report file, with less important information ignored for improved clarity. This option is enabled as the default setting.

Advanced

If this option is enabled, WebGuard logs less important information to the report file as well.

Complete

If this option is enabled, WebGuard logs all available information in the report file, including file size, file type, date, etc.

Limit report file

Limit size to n MB

Page 92

Write configuration in report file

If this option is enabled, the configuration of the on-access scan is recorded in the report file.

11.5 Update

In the Update section you can configure the automatic receiving of updates. You can specify various update intervals and activate or deactivate automatic updating.

Automatic update

Activate

If this option is enabled, automatic updates are performed for the enabled events at the interval specified.

Automatic update every n days / hours / minutes

In this box you can specify the interval at which the automatic update is carried out. To change the update interval, highlight one of the time options in the box and change it using the arrow key to the right of the input box.

Start job while connecting to the Internet (dial-up)

If this option is enabled, in addition to the specified update interval, the update job is carried out every time an Internet connection is established.

Repeat job if the time has already expired

If this option is enabled, past update jobs are carried out that could not be carried out at the time specified, for example because the computer was switched off.

Reference: Configuration options

11.5.1 Product update

Under Product update, configure how product updates or the notification of available product updates are handled.

Product updates

Download and automatically install product updates

If this option is enabled, product updates are downloaded and automatically installed by the Update component as soon as they become available. Updates to the virus definition file and search engine are carried out independently of this setting. The conditions for this option are: complete configuration of the update and an open connection to a download server.

Download product updates. If a restart is necessary, install the update after the system

restart, otherwise install it immediately.

Page 93

Avira AntiVir Premium

If this option is enabled, product updates will be downloaded as soon as they become available. If no restart is necessary, the update is installed automatically after the update file is downloaded. If a product update requires you to restart your computer, it will be executed at the next user-controlled system reboot and not immediately after the download of the update file. This has the advantage that the restart is not carried out while users are working at their computers. Updates to the virus definition file and search engine are carried out independently of this setting. The conditions for this option are: complete configuration of the update and an open connection to a download server.

Notification when new product updates are available

If this option is enabled, you will be notified by email when new product updates become available. Updates to the virus definition file and search engine are carried out independently of this setting. The conditions for this option are: complete configuration of the update and an open connection to a download server. You will receive notifications via a desktop popup window and via an alert from the Updater in the Control Centre under Overview::Events.

Notify again after n day(s)

If the product update was not installed after the initial notification, enter in this box the number of days that are to elapse before you are again notified that product updates are available.

Do not download product updates

If this option is enabled, no automatic product updates or notifications of available product updates by the Updater are carried out. Updates to the virus definition file and search engine are carried out independently of this setting.

Important An update of the virus definition file and of the search engine is carried out during every update process independent of the settings for the product update (see chapter Updates).

11.5.2 Restart settings

When a product update is carried out by AntiVir Premium, you may have to restart your computer system. If you have selected automatic product updates under General::Update::Product update , you can choose between the different restart notification and restart cancellation options under Restart settings.

Note Note that your restart settings allow you to choose between two options for executing a product update requiring a computer restart in the configuration under General::Update::Product update.

Automatic execution of the product update with the required computer restart when update is available: the update and the restart are carried out while users are working on their computers. If you have enabled this option, it may be useful to select restart routines with a cancel option or reminder function.

Execution of the product update where a computer restart is required after the next system reboot: the update and the restart are carried out after users have started up their computers and logged in. Automatic restart routines are recommended for this option..

Page 94

Reference: Configuration options

Restart settings

Restart the computer after n seconds

If this option is enabled, the necessary restart is carried out automatically after a product update has been executed at the interval specified. A countdown message appears with no option for canceling the computer restart..

Reminder message for restart every n seconds

If this option is enabled, the necessary restart is not carried out automatically after a product update has been executed. At the interval specified, you will receive restart notifications without cancel options. These notifications let you confirm the computer restart or select Remind me again .

Query whether computer should be restarted

If this option is enabled, the necessary restart is not carried out automatically after a product update has been executed. You will receive one message in which you can confirm the restart or cancel the restart routine.

Restart computer without query

If this option is enabled, the necessary restart is carried out automatically after a product update has been executed. You will not receive any notification.

11.5.3 Web server

The update can be performed directly via a web server on the Internet.

Web server connection

Use existing connection (network)

This setting is displayed if your connection is used via a network.

Use the following connection:

This setting is displayed if you define your connection individually.

The Updater automatically detects which connection options are available. Connection options which are not available are grayed out and cannot be activated. A dial-up connection can be established manually via a phone book entry in Windows, for example.

– User: Enter the user name of the selected account. – Password: Enter the password for this account. For security, the actual

characters you type in this space are replaced by asterisks (*).

Note If you have forgotten an existing Internet account name or password, contact your Internet Service Provider.

Note The automatic dial-up of the updater through so-called dial-up tools (e.g. SmartSurfer, Oleco, ...) is currently not available in Avira AntiVir Premium.

Terminate a dial-up connection that was set up for the update

If this option is enabled, the RDT connection made for the update is automatically interrupted again as soon as the download has been successfully carried out.

Page 95

Avira AntiVir Premium

Note This option is not available under Vista. Under Vista the dial-up connection opened for the update is always terminated as soon as the download has been carried out.

11.5.3.1. Proxy

Proxy server

Do not use a proxy server

If this option is enabled, your connection to the web server is not carried out via a proxy server.

Use Windows system settings

When the option is enabled, the current Windows system settings are used for the connection to the web server via a proxy server.

Use the following proxy server

If your web server connection is set up via a proxy server, you can enter the relevant information here.

Address

Please enter the URL or the IP address of the proxy server you should use to connect to the web server.

Port

Please enter the port number of the proxy server you should use to connect to the web server.

Enter your login name on the proxy server here.

Enter the relevant password for logging in on the proxy server here. For security, the actual characters you type in this space are replaced by asterisks (*).

Examples:

Address: proyx.domain.com Port: 8080

Address: 192.168.1.100 Port: 3128

11.6 General

11.6.1 Extended threat categories

Selection of extended threat categories

Avira AntiVir Premium protects you against computer viruses.

In addition, you can scan according to the following extended threat categories.

– Backdoor Clients (BDC)

Page 96

Reference: Configuration options

– Dialer (DIALER) – Games (GAMES) – Jokes (JOKES) – Security Privacy Risk (SPR) – Adware/Spyware (ADSPY) – Unusual runtime packers (PCK) – Double Extension Files (HEUR-DBLEXT) – Phishing – Application (APPL)

By clicking on the relevant box, the selected type is enabled (check mark set) or disabled (no check mark).

Select all

If this option is enabled, all types are enabled.

Default values

This button restores the predefined default values.

Note If a type is disabled, files recognized as being of the relevant program type are no longer indicated. No entry is made in the report file.

11.6.2 Password

You can protect Avira AntiVir Premium in different areas with a password. If a password has been issued, you will be asked for this password every time you want to open the protected area.

Password

Enter password

Enter your required password here. For security reasons, the actual characters you type in this space are replaced by asterisks (*). The password can only have a maximum of 20 chars. Once the password has been issued, the program refuses access if an incorrect password is entered. An empty box means "No password".

Confirm password

Confirm the password entered above by entering again here. For security, the actual characters you type in this space are replaced by asterisks (*).

Note The password is case-sensitive!

Areas protected by password

Avira AntiVir Premium can protect individual errors with a password. By clicking on the relevant box, the password request can be disabled or reactivated for individual areas as required.

Passwordprotected

Function

Page 97

Avira AntiVir Premium

area

Control Center

Activate /

deactivate Guard

Activate /

deactivate MailGuard

Activate /

deactivate WebGuard

Add and

modify jobs

Start

product updates

Quarantine

If this option is enabled, a password is required to start the Control Center.

If this option is enabled, the pre-defined password is required to enable or disable AntiVir Guard.

If this option is enabled, the pre-defined password is required to enable/disable MailGuard.

If this option is enabled, the pre-defined password is required to enable/disable WebGuard.

If this option is enabled, a password is required when adding and changing jobs in the Scheduler.

If this option is enabled, a password is required to start the product update in the update menu.

If this option is enabled, all possible areas of the quarantine manager protected by a password are enabled. By clicking on the relevant box, the password enquiry can be disabled or enabled again on request for individual areas.

Restore

affected objects

Repair

affected objects

Affected

object properties

Delete

affected objects

Send email

to Avira

Configuration

Enable

expert mode

If this option is enabled, a password is required to restore an object.

If this option is enabled, a password is required to repair an object.

If this option is enabled, a password is required to display the properties of an object.

If this option is enabled, a password is required to delete an object.

If this option is enabled, a password is required to send an object to the Avira Malware Research Center for examination.

If this option is enabled, configuration of Avira AntiVir Premium is only possible after entering the pre-defined password.

If this option is enabled, a password is required to enable expert mode.

Installation / Uninstallation

If this option is enabled, a password is required for installation or uninstallation of Avira AntiVir Premium.

Page 98

11.6.3 Security

Update

Alert if last update older than n day(s)

In this box you can enter the maximum number of days allowed to have passed since the last update of Avira AntiVir Premium. If this number of days has passed, a red icon is displayed for the update status under Status in the Control Center.

Show notice if the virus definition file is out of date

If this option is enabled, you will obtain an alert message if the virus definition file is not up-to date. With the help of the alert option, you can configure the temporal interval for an alert message if the last update is older than n day(s).

Product protection

Protect processes from unwanted termination

If this option is enabled, all AntiVir Premium processes are protected against unwanted termination by viruses and malware or against 'uncontrolled' termination by a user e.g. via Task-Manager. This option is enabled as the default setting.

Advanced password protection

If this option is enabled, all AntiVir Premium processes are protected with advanced options from unwanted termination. Advanced password protection requires considerably more computer resources than simple password protection . That is why the option is disabled as the default setting. To enable this option, you have to restart your computer.

Reference: Configuration options

Important Password protection is not available for Windows XP 64 Bit !

Warning If process protection is enabled, interaction problems can occur with other software products. Disable process protection in these cases.

Protect files and registry entries from manipulation

If this option is enabled, all registry entries of AntiVir Premium and all program files (binary and configuration files) are protected from manipulation. Protection against manipulation entails preventing write, delete and, in some cases, read access to the registry entries or program files by users or external programs. To enable this option, you have to restart your computer.

Note When this option is activated, changes can only be made to the configuration, including changes to scan or update requests, can only be made by means of the user interface.

Important Protection for files and registration entries is not available for Windows XP 64 Bit !

Page 99

Avira AntiVir Premium

11.6.4 WMI

Support for Windows Management Instrumentation

Windows Management Instrumentation is a basic Windows administration technique that uses script and programming languages to allow read and write access, both local and remote, to settings on Windows systems. AntiVir Premium supports WMI and provides data (status information, statistical data, reports, planned requests, etc.) as well as events at an interface. WMI enables you to download operating data from AntiVir Premium .

Enable WMI support

When this option is enabled, you can download operating data from AntiVir Premium via WMI.

11.6.5 Directories

Temporary path

In this input box, enter the path where Avira AntiVir Premium will store its temporary files.

Use default system settings

If this option is enabled, the settings of the system are used for handling temporary files.

Note You can see where your system saves temporary files - for example with Windows XP under: Start | Settings | Control Panel | System | Tab "Advanced" | Button "Environment Variables". The temporary variables (TEMP, TMP) for the currently registered user and for system variables (TEMP, TMP) are shown here with their relevant values.

Use following directory

If this option is enabled, the path displayed in the input box is used.

The button opens a window in which you can select the required temporary path.

Default

The button restores the pre-defined directory for the temporary path.

11.6.6 Events

Limit size of event database

Limit maximum number of events to n entries

If this option is enabled, the maximum number of events listed in the event database can be limited to a certain size; possible values: 100 to 10 000 entries. If the number of entered entries is exceeded, the oldest entries are deleted.

Page 100

Delete events older than n day(s)

If this option is enabled, events listed in the event database are deleted after a certain period of time; possible values: 1 to 90 days. This option is enabled as the default setting, with a value of 30 days.

Do not limit size of event database (delete events manually)

When this option has been activated, the size of the event database is not limited. However, a maximum of 20,000 entries are displayed in the program interface under Events.

11.6.7 Limit reports

Limit number of reports

Limit the number to n units

When this option is enabled, the maximum number of reports can be limited to a specific amount. Values between 1 and 300 are permissible. If the specified number is exceeded, then the oldest report at that time is deleted.

Delete all reports more than n day(s) old

If this option is enabled, reports are automatically deleted after a specific number of days. Permissible values are: 1 to 90 days. This option is enabled by default with a value of 30 days.

Do not limit number of reports (manually delete reports)

If this option is enabled, the number of reports is not restricted.

Reference: Configuration options

11.6.8 Acoustic alerts

Acoustic alert

When a virus or malware is detected by the Scanner or Guard an acoustic alert is sounded in interactive action mode. You can now choose to activate or deactivate the acoustic alert and select an alternative wave file for the alert.

Note The action mode of the Scanner is set in the configuration under Scanner::Scan::Action for concerning files. The action mode of the Guard is set in the configuration under Guard::Scan::Action for concerning files.

No warning

When this option is activated, there is no acoustic alert when a virus is detected by the Scanner or Guard.

Use PC speakers (only in interactive mode)

If this option is enabled, there is an acoustic alert with the default signal when a virus is detected by the Scanner or Guard. The acoustic alert is sounded on the PC’s internal speaker.

Use the following Wave file (interactive mode only)

If this option is enabled, there is an acoustic alert with the selected Wave file when a virus is detected by the Scanner or Guard. The selected Wave file is played over a connected external speaker.

Wave file

Avira ANTIVIR PREMIUM User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

1 Introduction

2 Icons and emphases

3 Product information

3.1 Delivery scope

3.2 System requirements

3.3 Licensing and Upgrade

4 Installation and uninstallation

4.1 Installation

4.2 Modification installation

4.3 Installation modules

4.4 Uninstallation

5 Overview of AntiVir Premium

5.1 User interface and operation

5.1.1 Control Center

5.1.2 Configuration

5.1.3 Tray icon

5.2 How to...?

5.2.1 Activate product

5.2.2 Avira AntiVir Premium automatic update

5.2.3 Start a manual update

5.2.7 On-demand scan: Automatically scan for viruses and malware

5.2.8 On-demand scan: Targeted scan for active rootkits

5.2.9 Reacting to detected viruses and malware

5.2.10 Quarantine: Handling quarantined files (*.qua)

5.2.11 Quarantine: Restore the files in quarantine

5.2.12 Quarantine: move suspicious files to quarantine

5.2.13 Scan profile: Amend or delete file type in a scan profile

5.2.14 Scan profile: Create desktop shortcut for scan profile

5.2.15 Events: Filter events

5.2.16 MailGuard: Exclude email addresses from scan

6 Scanner::Overview

7 Updates

8 FAQ, Tips

8.1 Troubleshooting

8.2 Shortcuts

8.2.1 In dialog boxes

8.2.2 In the help

8.2.3 In the Control Center

8.3 Windows Security Center

8.3.1 General

8.3.2 The Windows Security Center and Avira AntiVir Premium

9 Viruses and more

9.1 Extended threat categories

9.2 Viruses and other malware

10 Info and Service

10.1 Contact address

10.2 Technical Support

10.3 Suspicious file

10.4 Reporting false positives

10.5 Your feedback for more security

11 Reference: Configuration options

11.1 Scanner

11.1.1 Scan

11.1.2 Report

11.2 Guard

11.2.1 Scan

11.2.2 ProActiv

11.2.3 Report

11.3 MailGuard

11.3.1 Scan

11.3.2 General

11.3.3 Report

11.4 WebGuard

11.4.1 Scan

11.4.2 Report

11.5 Update

11.5.1 Product update

11.5.2 Restart settings

11.5.3 Web server

11.6 General

11.6.1 Extended threat categories

11.6.2 Password

11.6.3 Security

11.6.4 WMI

11.6.5 Directories

11.6.6 Events