Avira ANTIVIR NETWORK BUNDLE, ANTIVIR SERVER WINDOWS, ANTIVIR SERVER FOR WINDOWS, ANTIVIR SERVER, ANTIVIR SERVER 10 User Manual
Avira AntiVir
Server
User Manual
|
Windows
Trademarks and Copyright
Trademarks
AntiVir is a registered trademark of Avira GmbH.
Windows is a registered trademark of the Microsoft Corporation in the United States and other countries.
All other brand and product names are trademarks or registered trademarks of their respective owners.
Protected trademarks are not marked as such in this manual. This does not mean, however that they may be used freely.
Copyright information
A code provided by a third party has been used for Avira AntiVir Server. We thank the copyright owners for making the
code available to us. For detailed information on copyright, please refer to in the help of Avira AntiVir Server under the
Third Party Licenses.
Table of Contents
1 Introduction .......................................................................................................... 1
2 Icons and emphases ................................................................................................ 2
3 Product information............................................................................................... 3
3.1 Functionality..........................................................................................................................3
3.2 Delivery scope ........................................................................................................................4
3.3 System requirements.............................................................................................................5
3.4 Licensing ................................................................................................................................6
3.4.1 License models .........................................................................................................6
4 Installation and uninstallation ............................................................................... 7
4.1 Installation.............................................................................................................................7
4.2 Uninstallation........................................................................................................................ 9
4.3 Installation and uninstallation on the network................................................................... 9
4.3.1 Installation on the network.....................................................................................9
4.3.2 Uninstallation on the network..............................................................................10
4.3.3 Command line parameter for the setup program ................................................10
4.3.4 Parameter of the file setup.inf ..............................................................................10
5 User interface and operation ................................................................................ 13
5.1 User interface: AntiVir Server console ...............................................................................13
5.2 User interface: Tray icon .....................................................................................................15
5.3 Quickstart ............................................................................................................................15
6 Scanner................................................................................................................ 17
6.1 Scanner.................................................................................................................................17
7 Updates................................................................................................................ 18
8 Viruses and more.................................................................................................. 19
8.1 Viruses and other malware .................................................................................................19
8.2 Extended threat categories .................................................................................................22
9 Info and Service ................................................................................................... 25
9.1 Technical Support................................................................................................................25
9.2 Suspicious file ......................................................................................................................25
9.3 Reporting false positives .....................................................................................................26
9.4 Your feedback for more security .........................................................................................26
10 Reference: Configuration options ......................................................................... 27
10.1 Scanner.................................................................................................................................27
10.1.1 Action for concerning files ....................................................................................29
10.1.2 Further actions.......................................................................................................31
10.1.3 Archives ..................................................................................................................31
10.1.4 Archives ..................................................................................................................31
10.1.5 Exceptions ..............................................................................................................32
10.1.6 Heuristic .................................................................................................................33
10.1.7 Report .....................................................................................................................34
10.2 Guard....................................................................................................................................34
10.2.1 Action for concerning files ....................................................................................37
10.2.2 Further actions.......................................................................................................39
ii
Table of Contents
10.2.3
Exceptions ..............................................................................................................40
10.2.4 Products..................................................................................................................43
10.2.5 Heuristic .................................................................................................................43
10.2.6 Report .....................................................................................................................44
10.3 General .................................................................................................................................44
10.3.1 Extended threat categories....................................................................................44
10.3.2 Password.................................................................................................................45
10.3.3 Security...................................................................................................................46
10.3.4 WMI........................................................................................................................46
10.3.5 Events .....................................................................................................................46
10.3.6 Reports ...................................................................................................................47
10.3.7 Directories..............................................................................................................47
10.4 Update..................................................................................................................................48
10.4.1 Update ....................................................................................................................48
10.4.2 File server ...............................................................................................................50
10.4.3 Proxy.......................................................................................................................50
10.5 Warnings..............................................................................................................................51
10.5.1 Guard ......................................................................................................................52
10.5.2 Scanner ...................................................................................................................52
10.5.3 Acoustic alerts ........................................................................................................53
10.6 Email.....................................................................................................................................54
10.6.1 Email.......................................................................................................................54
10.6.2 Guard ......................................................................................................................55
10.6.3 Scanner ...................................................................................................................56
10.6.4 Updater...................................................................................................................56
10.6.5 Email template .......................................................................................................58
iii
1 Introduction
Avira AntiVir Server from Avira GmbH protects you computer against viruses, malware,
adware and spyware, unwanted programs and other dangers. This manual deals with
viruses and software in brief.
The manual describes the program installation and operation.
Please go to our website http://www.avira.com where you can download the Avira
AntiVir Server manual in PDF from, update Avira AntiVir Server or renew your license.
You can also find information on our website such as telephone numbers for technical
support and information on how to subscribe to our newsletter.
Your Avira GmbH team
1
2 Icons and emphases
The following icons are used:
Icon /
Designation
Explanation
Placed before a condition which must be fulfilled prior to
implementation.
Warning
Note
Placed before an action step that you implement.
Placed before an event that follows the previous action.
Placed before a warning of the danger of critical data loss.
Placed before a link to particularly important information or
a tip which makes Avira AntiVir Server easier to use.
The following emphases are used:
Emphasis Explanation
Cursive
File name or path data.
Displayed software interface elements (e.g. window heading,
window field or options box).
Bold
Clicked software interface elements (e.g. menu item, section or
button)
2
3 Product information
3.1 Functionality
The protection package Avira AntiVir Server includes the Avira AntiVir Server service
and the AntiVir Server Console. The Avira AntiVir Server service protects your Windows
Server from viruses and malware. The AntiVir Server Console is used for administration,
control and monitoring of the servers to be protected or of the AntiVir services on the
servers to be protected. You can access any number of servers via the AntiVir Server
Console.
The Avira AntiVir Server service
... protects your servers against viruses and malware. You install the service on all
Windows servers to be protected on the network.
The AntiVir Server service provides comprehensive functions to protect your system in
one package with several program components and other help programs. Overview of
the main components:
– The Scanner scans your computer system for viruses and unwanted programs
(on-demand scan). Affected files are deleted, repaired or moved to quarantine
depending on the configuration. Scanner scans are carried out automatically. The
interval and scope of scans can be configured.
– The Guard runs in the background. It monitors and repairs files, if necessary,
during operations such as opening, writing and copying in real time.
3
Avira AntiVir Server
– The Sc
via the Internet or Intranet.
– The Updater always keeps your program up to date via an Internet or intranet
connection.
– The quarantine manager conveniently manages and monitors the files placed
in quarantine.
AntiVir Server console
... provides a desktop for AntiVir Server services with which you can control, configure
and monitor AntiVir Server services. You install the AntiVir Server Console on at least
one computer with a network connection to the servers to be protected. AntiVir Server
Console can also be installed on the servers to be protected.
The AntiVir Server Console can be connected to any number of servers to be protected
and provides access to components, reports, events and to the Configuration of the
connected AntiVir Server service.
heduler supports you in planning regular tasks such as scans and updates
3.2 Delivery scope
Main features:
– Console for monitoring, administration and control of the whole program
– Simple, keyword-based configuration: support of configuration through
integrated wizard and context-sensitive help
– Configuration and operation from separate computer possible: User interface
(AntiVir Server Console) can be installed separately from the AntiVir server
service
– Network administration via the Avira Security Management Center (SMC)
– Scanner (on-demand scan) with profile-controlled and configurable scan for all
known types of viruses and malware
– Resident virus guard (real-time scan or on-access scan) for constant monitoring
of all file accesses
– Extremely high virus and malware detection via innovative scanning technology
(scan engine) including heuristic scanning method
– Innovative AHeAD (Advanced Heuristic Analysis and Detection) technology for
detection of unknown or fast changing attackers for proactive security
– Detection of all conventional archive types including detection of nested archives
and smart extension detection
– Comprehensive filter functions and file caching to increase scanning speed
– "Multi-threading capability;: simultaneous scanning of many files at high speed
– Configurable reactions to a detection: repair, deletion, moving to a quarantine
directory, blocking, renaming and isolation of programs or files; automatic
removal of viruses and malware
– Quarantine manager: infected files can be deleted in the quarantine directory or
restored at their place of origin
– Integrated scheduler for planning one-off or recurring jobs such as updates or
scans
4
Product information
– Automatable
system interruption)
– Comprehensive logging, warning and messaging functions for the administrator;
sending of warnings in Windows networks and by email (SMTP), SMTPauthentication possible
– Protection against modifications of the program files via intensive self-test
– Extended terminal server support
– Rootkit protection (not under Windows XP 64 bit, Windows 2003 64 bit,
Windows Server 2003 64 bit)
– Support for Windows Management Instrumentation
updating via the Internet or network-wide distribution (without
3.3 System requirements
Avira AntiVir Server has the following requirements for successful use of the Avira
AntiVir Server service and the AntiVir Server Console:
– Computer as from Pentium, at least 266 MHz
– Operating system
– Windows 2000, SP4 and update rollup 1 or
– Windows XP, SP2 (32 or 64 Bit) or
– Windows Vista (32 or 64 Bit, SP 1 recommended) or
– Windows 7 (32 or 64 Bit) or
– Windows 2000 Server, SP4 and update rollup 1 or
– Windows Server 2003, SP1 (32 or 64 Bit) or
– Windows Server 2008 (32 or 64 Bit) or
– Windows Server 2008 R2 (64 Bit only)
– At least 150 MB of free hard disk memory space (more if using Quarantine for
temporary storage)
– At least 256 MB RAM under Windows 2000 Server/XP
– At least 512 MB RAM under Windows Server 2003
– At least 1024 MB RAM under Windows Vista, Windows 7, Windows Server 2008
and Windows Server 2008 R2
– For the installation of Avira AntiVir Server: Administrator rights
Internet access
For regular updates it is necessary for a server of your network to have Internet access.
Alternatively, the updates can also be downloaded from a file or HTTP server in the
Intranet. More information is available under Update.
5
Avira AntiVir Server
3.4 Licensing
You require a license to use Avira AntiVir Server. Activate your license for Avira AntiVir
Server with the license file hbedv.key. You can obtain the license file by email from Avira
GmbH. The license file contains the license for all products that you have ordered in one
order process. You hereby accept the license terms.
3.4.1 License models
You can use the many functions of Avira AntiVir Server with the following license
models:
– Evaluation version: Complete range of functions, 30-day license.
– Full version
Licensing comprises a license for all platforms and depends on the number of users in
the network who are to be protected by Avira AntiVir Server. For further information on
the licensing versions and the optional support offers, please refer to our website
http://www.avira.com.
The delivery scope of a full version comprises:
– provision of AntiVir version to download from the Internet
– four weeks installation support from date of purchase
– newsletter service (by email)
– update service via Internet
6
4 Installation and uninstallation
4.1 Installation
Before installing Avira AntiVir Server, certain conditions must be met:
– Please ensure that the system requirements are met (see System requirements),
and that the Windows Server used is running.
– Ensure that you are logged in on the server as an administrator or as a user with
administrator rights.
– Ensure that an Internet connection or network connection to a download server
exists for updating AntiVir Server. If you use a fileserver, you may require a user
name and a password for server login.
– When installing the full version: ensure that a valid license file hbedv.key exists
and is stored in a local directory on the server.
– When installing the service Avira AntiVir Server: If you want to connect remotely
to the protected server with the AntiVir Server Console, ensure that the following
ports are opened:
139 (NetBIOS SSN)
137 (NetBIOS NS)
138 (NetBIOS DGM)
Types of use
Detailed information on types of use can be found under Licensing concept.
Installation types
During installation you can select a setup type in the installation wizard:
Express
– AntiVir Server is installed together with the Avira AntiVir Server service, the
AntiVir Server console and all recommended program components.
– No destination folder can be selected for the program files to be installed.
User-defined
– You can select whether you want to install the Avira AntiVir Server service and/or
the AntiVir Server Console.
– You have the option to select and install additional functions for the Avira
AntiVir Server service:
AntiVir Rootkit Protection: This function contains the rootkit scan profile, which
you can use to look for hidden malware.
VMware Offline Scanner: This function contains the VMware-Image scan profile,
which you can use to perform an offline scan of VMware images for viruses and
unwanted programs.
Shell Extension This function generates an entry in the context menu of Windows
Explorer that can be used to scan directories for viruses and unwanted programs.
7
Avira AntiVir Server
Performing installation
How to install AntiVir Server:
Note
Avira AntiVir Server uses runtime libraries of the Microsoft Visual C++ 2008 Redistributable Kit. To use AntiVir Server, Microsoft Visual C++ 2008 - Redistributable
Kit must therefore be installed.
AntiV
ir Systray tool: This function generates a tray icon for AntiVir Server in the
notification area of the protected server. This enables you to monitor the status of
AntiVir Server and gives you access to other AntiVir Server functions. The function
is part of the express installation and can be deselected if you are performing a
custom install.
– A target folder can be selected for the program files to be installed.
– Start the setup by double-clicking on the installation file that you have
downloaded from the Internet or insert the program-CD.
The installation wizard opens.
– Follow the instructions of the installation wizard. Complete the following
installation steps:
– Where appropriate, install Microsoft Visual C++ 2008 - Redistributable Kit, if the
kit has not already been installed.
– Confirmation of license agreements
– Selection of the type of setup (express installation or custom installation)
– Licensing of AntiVir Server: Load the license file or select a 30-day test license
– Installation of Avira AntiVir Server service and/or AntiVir Server Console
If you have installed the Avira AntiVir Server service, a configuration wizard opens after
the installation has been completed. You have the option of configuring the most
important settings of the installed Avira AntiVir Server service.
– Defining AHeAD (Advanced Heuristic Analysis and Detection) technology
settings. The settings are defined for Scanner and Guard.
– Selection of extended threat categories: By selecting other extended threat
categories to be detected and reported by AntiVir Server, you can adapt the
protective function of AntiVir Server to meet your needs.
– Selection of product exceptions (Guard): You can select software products to
be exempt from monitoring by the Guard (on-access scanner). In this way you
can avoid any loss of performance that the Guard may cause.
– Select email settings: You can define the server settings for sending email.
AntiVir Server uses SMPT to send emails send email alerts to the AntiVir Server
administrator.
Note
After installation, your own system is automatically added by the AntiVir Server Console
(Local Host/ 127.0.0.1) as a server to be protected, even if no AntiVir Server service is
installed.
8
Note
If you want to add or remove program components of the current AntiVir Server
installation, use the setup of AntiVir Server.
Installation and uninstallation
4.2 Uninstallation
Carry out uninstallation via the control panel of the operating system or via the setup of
AntiVir Server.
During uninstallation, the AntiVir services are stopped, all report files and infected files
(in quarantine) are deleted.
During uninstallation you can specify that the directories with the report files and the
quarantine are not deleted.
4.3 Installation and uninstallation on the network
To simplify installation of Avira AntiVir Server on a network of multiple client
computers for the system administrator, Avira AntiVir Server has a special procedure for
the initial installation and the modification installation.
For automatic installation of Avira AntiVir Server, the setup program works with the
control file setup.inf. The setup program (presetup.exe) is contained in the Avira AntiVir
Server installation package. Installation is started with a script or batch file and all
necessary information is obtained from the control file. The script commands therefore
replace the usual manual inputs during installation.
Note
Please note that a license file is obligatory for initial installation on the network.
Note
Please note that a Avira AntiVir Server installation package is required for installation
via a network. An installation file for internet-based installation cannot be used.
Avira AntiVir Server can be easily shared on the network with a server login script or via
SMS.
For information on installation and uninstallation on the network:
– see Chapter: Command line parameter for the setup program
– see Chapter: Parameter of the file setup.inf
– see Chapter: Installation on the network
– see Chapter: Uninstallation on the network
4.3.1 Installation on the network
The installation can be script-controlled in batch mode.
The setup is suitable for the following installations
– Initial installation via the network (unattended setup)
Modification installation and update
Note
We recommend that you test automatic installation before the installation routine is
implemented on the network.
To install Avira AntiVir Server on the network automatically:
9
Avira AntiVir Server
You must have administrator rights (also required in batch mode)
Configure the parameter of the file setup.inf and save the file.
Begin installation of Avira AntiVir Server with the parameter /inf or integrate the
parameter into the login script of the server.
– Examples: presetup.exe /inf="c:\temp\setup.inf"
4.3.2 Uninstallation on the network
To uninstall Avira AntiVir Server on the network automatically:
You must have administrator rights (also required in batch mode)
Start the uninstallation of Avira AntiVir Server with the parameters /inf and
/AVUNINSTALL or integrate the parameters into the login script of the server.
4.3.3 Command line parameter for the setup program
Use the following parameters for installation and uninstallation:
– /INF=<Script name with path>
The setup program starts with the script mentioned and retrieves all parameters
required.
Installation: PRESETUP.EXE /INF=e:\disks\setup.inf
Uninstallation: PRESETUP.EXE /INF=e:\disks\setup.inf
/AVUNINSTALL
– /SILENT
The setup script runs down completely without user interaction.
4.3.4 Parameter of the file setup.inf
In the control file setup.inf, you can set the following parameters in the [DATA] field for
the automatic installation of Avira AntiVir Server. The sequence of the parameters is
unimportant. If a parameter setting is missing or wrong, the setup routine is aborted
and an error message is displayed.
– InstallPath
10
Installation and uninstallation
Destination
the script. The environment variable cannot be used.
Example: InstallPath="%PROGRAMFILES%\Avira\AntiVir Server\"
– LicenseFile=<Path and file name of the license file>
AntiVir Server will be installed with the license. If you enter the file name only, the
license file will be searched in the source folder of the setup only.
Example: LicenseFile="A:\hbedv.key"
– RestartWindows= 0 | 1
If a restart of the system is required after the installation, this can be carried out
automatically (standard) or a message box is displayed.
0: Disabled (restart with Message Box)
1: Enabled (automatic restart)
– DeleteFolderOnUninstall=1
Deletes the configuration during uninstallation
path, in which Avira AntiVir Server is installed. It has to be included to
– Guard= 0 | 1
Installs the AntiVir Guard (on-access scanner).
1: Install AntiVir Guard (default)
0: Do not install AntiVir Guard
– RootKit= 0 | 1
Installs the AntiVir rootkit protection module. The module detects malware hidden
in the system.
1: Install AntiVir Rootkit Protection
0: Do not install AntiVir rootkit protection (default)
– VMWare= 0 | 1
Installs the VMWare offline scanner. The module performs an offline scan of
VMWare images for viruses and malware.
1: Install VMWare offline scanner
0: Do not install VMWare offline scanner (default)
– ShellExtension= 0 | 1
Installs the Shell extension. Directories can be scanned directly for viruses and
unwanted programs using an entry in the Windows Explorer context menu.
1: Install Shell extension (default)
11
Avira AntiVir Server
0: Do not install Shell extension
– Systray= 0 | 1
Installs the Systray tool. A AntiVir Server tray icon is visible in the notification area
of the protected server. The tray icon enables you to monitor the status of AntiVir
Server and gives you access to other AntiVir Server functions.
1: Install Systray tool (default)
0: Do not install Systray tool
– GUI= 0 | 1
Installs the AntiVir server console user interface, which allows you to remotely
administer and configure the AntiVir server services running on protected servers.
1: Installs the AntiVir server console (default)
0: Does not install the AntiVir server console
In the [FEEDBACK] section the setup enters error codes and error test which are
reported by the setup:
Example: ErrCode=0
ErrMsg=Product was installed successfully
12
5 User interface and operation
5.1 User interface: AntiVir Server console
The Avira AntiVir Server service that is installed on the servers to be protected is
administered via theAntiVir Server Console. The AntiVir Server Console is a snap-in of
the Microsoft Management Console (MMC). You can create any number of servers to be
protected on the AntiVir Server Console in order to configure and monitor them on the
AntiVir Server Console.
Note
Please note that only the proprietary elements of the AntiVir Server Console are
documented in this help. For information on the MMC and on manual integration of a
snap-in, please refer to the user manual or the online help of the operating system.
Starting and closing the AntiVir ISA Server Console
Start the AntiVir Server Console via the Avira AntiVir Server user interface link in
the Windows Start menu or under All programs. You can also load the AntiVir Server
Console directly in the MMC. You will find the pre-configured AntiVir Server Console in
the installation directory of the AntiVir Server Console. To close the AntiVir Server
Console, you must close MMC.
Operation
13
Avira AntiVir Server
– Navigate
via the console structure in the left-hand window of the MMC.
Navigation elements are also displayed as objects in the right-hand detail window
of the MMC. Open these objects in the detail window by double-clicking. The
Configuration is located under the Settings node. You can select various
configuration sections in the detail window: the window Settings is opened in
which you can configure the selected section.
– Commands and actions are available via icons in the detail window and via
context menus of the individual console nodes or of objects in the detail window.
– When configuring a server, you must confirm information in the window
Settings with the button OK or Accept in order to accept the new settings. Your
settings are cancelled with the button Cancel.
AntiVir Server Console overview
Avira AntiVir Server
– Display of the created servers with connection status
– Actions: Add server
Note
The local AntiVir server and all AntiVir severs added by the registered user are displayed
on the AntiVir Server Console.
Server
– Display of server status
– Actions: Start product update, update license file, reload configuration, display
report file, rename server, disconnect server, connect server, delete server
Overview
Overview of ...
– the system status (last system test, last update, license)
– the statistical data of the on-access scan of the Guard and the on-demand scan of
the Scanner
– the version of AntiVir Server
– Contact and support addresses
Profiles
– Display of the default profiles and of the profiles created for the on-demand scan
– Actions: create new profiles, rename profiles, delete profiles
Quarantine
– Display of the objects in quarantine
– Actions: Display object properties, restore object, add file to quarantine, send
object to Avira Malware Research Center, delete object
Scheduler
– Display of all created scanning and update jobs
– Actions: insert new jobs, display job properties, edit job, delete job
Reports
– Display reports of scans of on-demand scan and updates
– Display report, display report file, print report, delete report
Events
14
User interface and operation
– Display all
– Actions: display events, export events, delete events
Settings
– Configuration of the Avira AntiVir Server service on the server to be protected
Configuration sections:
– Scanner: Configuration of on-demand scan
– Guard: Configuration of on-access scan
– General: Extended risk categories for on-demand and on-access scans, password
protection for the server on the AntiVir Server Console, security alerts for
outdated AntiVir Server, directories used, restriction of reports and of event log
– Update: Download via Webserver or fileserver, product updates, configuration of
connection to the download server
– Alerts: Configuration of network alerts of the Guard and Scanner
– Email: Configuration of email alerts via SMTP from the Guard, Scanner, Updater
modules
events of the Avira AntiVir Server service on the server to be protected
5.2 User interface: Tray icon
After installation of the Avira AntiVir Server service, the Avira AntiVir Server tray icon is
displayed on the protected server in the notification area. The tray icon displays the
status of the AntiVir Guard service:
Icon Description
You can access AntiVir Server functions via the tray icon context menu. To open the
context menu, click on the tray icon with the right-hand mouse button.
– Start AntiVir: Opens the AntiVir Server Console for the administration of the
connected AntiVir Server. This option is only available if an AntiVir Server
Console has been installed locally on the computer and if you are logged on to the
computer with administrator rights.
– Check 'My Documents': Starts the scanner scan profile "My Documents": The
standard "My files" location of the logged-in user is scanned for viruses and
unwanted programs.
– Help: Opens online help for AntiVir Server.
– Avira on the Internet: Opens the web portal of AntiVir Server.
Note
The AntiVir Server console can also be opened by double-clicking the Tray icon.
AntiVir Guard is enabled.
AntiVir Guard is disabled
5.3 Quickstart
Carry out these steps if you are using Avira AntiVir Server for the first time:
15
Avira AntiVir Server
1. Installation
Install the Avira AntiVir Server service on the servers that you want to protect against
viruses and unwanted programs. Install the AntiVir Server Console on at least one
computer on your network.
see ch. Installation
2. Administration on the AntiVir Server Console
Add server
Add all servers on the AntiVir Server Console that you want to administer on the AntiVir
Server Console.
see Chapter AntiVir ISA Server Console
Carry out the following steps for every server added:
Configuration
Configure the Avira AntiVir Server service on the server to be protected. Assign a
password for the server on the AntiVir Server Console.
see ch. Settings and Settings::General::Password
Carry out update and system scan
First carry out one update of AntiVir Server. For this, create an update job in the
Scheduler. Select "Immediately" as the start time. Carry out a complete system scan. For
this, create a scan job in the Scheduler. For the scan job, select "Local hard disks" as the
profile and "Immediately" as the start time.
see Chapter Scheduler
Define scans and update jobs
Define scans and update jobs. To configure Scanner scans, first create, where
appropriate, user-defined profiles under Scheduler In the next step you can create the
scans and update jobs under Scheduler.
see Chapter Scan andScheduler
16
Loading...