KAPERSKY ANTI-VIRUS 4.5 - FOR WORKSTATION User Manual

KASPERSKY LAB LTD.

Kaspersky Anti-Virus 4.5

for Workstation

USER GUIDE

KASPERSKY ANTI-VIRUS 4.5

FOR WORKSTATION

User Guide

 Kaspersky Lab Ltd.

Visit our Web Site: http://www.kaspersky.com

Edition date: September 2003

Contents

CHAPTER 1. KASPERSKY ANTI-VIRUS FOR WORKSTATION ............................ 8

1.1. New features of version 4.5 .................................................................................. 9

1.2. Hardware and software requirements .................................................................. 9

1.3. Distribution kit ...................................................................................................... 10

1.4. Help desk for registered users ............................................................................ 11

1.5. Conventions......................................................................................................... 12

CHAPTER 2. INSTALLING AND UNINSTALLING KASPERSKY ANTI-VIRUS

FOR WORKSTATION ............................................................................................... 13

2.1. Installing ............................................................................................................... 13

2.2. Reinstalling .......................................................................................................... 16

2.3. Uninstalling .......................................................................................................... 17

CHAPTER 3. KASPERSKY ANTI-VIRUS SCANNER................................................. 18

3.1. Starting Kaspersky Anti-Virus Scanner .............................................................. 18

3.2. Program Interface................................................................................................ 21

3.2.1. System menu................................................................................................ 21

3.2.2. Main window ................................................................................................. 22

3.2.3. Menu ............................................................................................................. 22

3.2.4. Tool bar ......................................................................................................... 23

3.2.5. Work area...................................................................................................... 24

3.2.6. Status bar...................................................................................................... 25

3.3. Changing Settings ............................................................................................... 25

3.3.1. Scanning parameters for objects. Objects category ................................... 26

3.3.1.1. Defining objects to be checked. Memory, sectors, and files ................ 28

3.3.1.2. Handling infected and suspicious objects ............................................. 29

3.3.1.3. Advanced scanning modes ................................................................... 31

3.3.2. General settings: Options............................................................................. 33

3.3.2.1. Reporting options................................................................................... 34

3.3.2.2. Renaming, copying, and deleting options............................................. 35

3.3.2.3. Defining priority ...................................................................................... 35

3.3.3. Advanced settings: Customize..................................................................... 35

3.3.4. Saving/loading settings................................................................................. 37

5 Kaspersky Anti-Virus for Workstat ion

3.3.5. Previewing settings before the check .......................................................... 38

3.4. Checking for and deleting viruses....................................................................... 39

3.4.1. Starting and aborting the check ................................................................... 39

3.4.2. Changing priority of the check...................................................................... 40

3.4.3. Monitoring progress...................................................................................... 41

3.4.4. Viewing statistics: Statistics.......................................................................... 41

3.5. Updating Anti-Virus databases ........................................................................... 42

3.6. Generating a list of currently known viruses....................................................... 42

CHAPTER 4. KASPERSKY ANTI-VIRUS MONITOR ................................................. 44

4.1. How to start, disable and enable your AV Monitor............................................. 44

4.2. Program Interface................................................................................................ 45

4.2.1. System menu................................................................................................ 45

4.2.2. Main window ................................................................................................. 46

4.2.3. Menu ............................................................................................................. 47

4.2.4. Toolbar .......................................................................................................... 48

4.2.5. Work area...................................................................................................... 49

4.3. Changing Settings ............................................................................................... 50

4.4. Loading, disabling and enabling Kaspersky AV Monitor.................................... 50

4.5. Viewing performance statistics ........................................................................... 51

4.6. Updating anti-virus databases ............................................................................ 52

CHAPTER 5. KASPERSKY ANTI-VIRUS UPDATER................................................. 53

5.1. How to start the Kaspersky AV Updater............................................................. 53

5.2. Kaspersky AV Updater interface......................................................................... 53

5.2.1. Step 1. The Welcome wizard box ................................................................ 54

5.2.2. Step 2. The Connection wizard box............................................................. 54

5.2.2.1. Updating via the Internet........................................................................ 56

5.2.2.2. Updating from a local folder................................................................... 61

5.2.2.3. Choosing objects to be updated............................................................ 62

5.2.3. Step 3. The Options wizard box................................................................... 62

5.2.4. The Retrieving updates window................................................................... 63

5.2.5. Step 5. The Finishing wizard box................................................................. 64

CHAPTER 6. KASPERSKY ANTI-VIRUS CONTROL CENTRE................................ 65

6.1. Launching Kaspersky AV Control Centre........................................................... 65

6.2. Kaspersky AV Control Centre interface.............................................................. 68

Contents 6

6.2.1. The Tasks tab ............................................................................................... 68

6.2.1.1. The Property window............................................................................. 73

6.2.2. The Components tab.................................................................................... 77

6.2.3. The Settings tab............................................................................................ 78

6.2.3.1. The Security category............................................................................ 80

6.2.3.2. The Alerts category................................................................................ 82

6.2.3.3. The Remote management category ..................................................... 86

6.2.3.4. The Customize category........................................................................ 88

6.2.3.5. The Quarantine category....................................................................... 90

6.2.4. The Quarantine tab....................................................................................... 91

6.3. New Task Wizard ................................................................................................ 95

6.3.1. Tasks window ............................................................................................... 95

6.3.2. The Schedule window for a Kaspersky AV Monitor task ............................ 97

6.3.3. The Schedule window for Kaspersky AV Scanner and Updater ................ 97

6.3.3.1. Launching on event ............................................................................... 98

6.3.3.2. Launching by condition.......................................................................... 99

6.3.3.3. Launching hourly.................................................................................. 101

6.3.3.4. Launching daily .................................................................................... 101

6.3.3.5. Launching weekly ................................................................................ 102

6.3.3.6. Launching monthly............................................................................... 102

6.3.4. The Alerts window ...................................................................................... 104

6.3.5. The User account window.......................................................................... 104

6.3.6. Task settings............................................................................................... 105

6.3.6.1. The Settings window for Kaspersky AV Scanner and Monitor tasks. 106

CHAPTER 7. KASPERSKY REPORT VIEWER........................................................ 107

CHAPTER 8. THE SETTINGS TREE......................................................................... 111

8.1. The Settings Tree.............................................................................................. 111

8.2. Controls.............................................................................................................. 112

8.2.1. Check box ................................................................................................... 112

8.2.2. Option button .............................................................................................. 113

8.2.3. Text field...................................................................................................... 113

8.2.4. Input field defining the path to…................................................................. 114

8.2.5. Input field defining the number of … .......................................................... 114

8.2.6. Drop-down list ............................................................................................. 115

8.3. Checkboxes....................................................................................................... 115

7 Kaspersky Anti-Virus for Workstat ion

CHAPTER 9. KASPERSKY ANTI-VIRUS SCRIPT CHECKER................................ 117

CHAPTER 10. KASPERSKY ANTI-VIRUS RESCUE DISKS................................... 119

10.1. Creating a Fallback-Recovery Set.................................................................. 119

10.2. Using the Fallback-Recovery Disks................................................................ 123

CHAPTER 11. KASPERSKY ANTI-VIRUS MAIL CHECKER................................... 127

11.1. Configuring Kaspersky AV Mail Checker ....................................................... 127

11.2. Running Kaspersky Mail Checker .................................................................. 129

11.2.1. Incoming messages .................................................................................129

11.2.2. Outgoing messages .................................................................................129

11.2.3. Messages in the mailbox.......................................................................... 130

APPENDIX A. ADVANCED CHECKING TOOLS...................................................... 131

A.1. The Heuristic Checking Tool (Code Analyzer)................................................. 131

A.2. The Redundant Scanning Tool......................................................................... 132

APPENDIX B. GLOSSARY......................................................................................... 134

APPENDIX C. KASPERSKY LABS LTD.................................................................... 138

C.1. Other Anti-Virus products ................................................................................. 139

C.2. Contact Information........................................................................................... 141

APPENDIX D. LICENSE AGREEMENT .................................................................... 142

CHAPTER 1. KASPERSKY ANTI-

VIRUS FOR WORKSTATION

Attention! New viruses appear every day, therefore it is
important to keep this product upgraded by updating virus
databases every day (see detailed information below). Please
do not forget to update the anti-virus database upon product
installation!

The Kaspersky Anti-Virus

TM

for Workstation software package is designed to

protect a computer running the Windows operating system against viruses.

The following software products are included in the package:

• Kaspersky Anti-Virus Scanner is an anti-virus program that checks for

viruses and deletes them on demand. The program searches for and
removes viruses from files, boot sectors and RAM. It is able to detect (but
cannot delete!) viruses in archived files and local mailboxes of the most
commonly used mail systems.

• Kaspersky Anti-Virus Monitor is a resident virus-detection monitor

that checks files that are started and opened.

Note that Kaspersky Anti-Virus Monitor is able to remove
viruses from ZIP archives!

• Kaspersky Anti-Virus Updater is a virus-definition database-updating

utility. When searching for viruses, Kaspersky AV Scanner and Kaspersky
AV Monitor use this anti-virus (or virus-definition) database to identify
viruses detected. Kaspersky Labs updates these databases on a daily
basis by adding new virus details to them; database updates are placed
on Kaspersky Labs web sites and later retrieved by the updating utility.

• Kaspersky Anti-Virus Mail Checker is a program that provides anti-virus

security to the Microsoft Outlook 98/2000/XP users.

• Kaspersky Anti-Virus Script Checker is a program that protects

computers from script viruses and worms that are executed directly within
computer memory. When you run the Kaspersky Anti-Virus for
Workstation setup utility, the program is automatically added in your
operating system and later you will not have to start it manually.

9 Kaspersky Anti-Virus for Workstat ion

• Kaspersky Anti-Virus Rescue Disk is a program that allows a user to

create a set of rescue disks to restore the system in the aftermath of a
virus-attack

• Kaspersky Anti-Virus Control Centre is a shell program for the software

package components. The Kaspersky AV Control Centre allows a user to
manage installation and updating of the package components, schedule
required operations, launch anti-virus applications and review their
performance statistics.

• Kaspersky Anti-Virus Report Viewer is a program allowing a user to

display reports generated by the package components.

The Kaspersky Anti-Virus for Workstation software package allows checking for
viruses on local as well as on network drives. This check can be performed using
Kaspersky Anti-Virus Scanner and/or Kaspersky Anti-Virus Monitor.

By using Kaspersky Administration Kit, the remote administration program, a
network administrator can remotely manage components of the Kaspersky Anti­Virus software package.

1.1. New features of version 4.5

The Kaspersky Anti-VirusTM for Workstation version described in this book has
the following new features:

• Enhanced speed of program operation;

• Cleaning ZIP-archives.

• An algorithm for checking attachments in both incoming and outgoing

messages has been empowered with the Kaspersky Anti-Virus Mail
Checker utility to minimize computer resources used to check your mail
for viruses.

1.2. Hardware and software

requirements

In order to run Kaspersky Anti-Virus for Workstation you need a system that
meets the following requirements:

Windows 95/98/Me

• Intel Pentium processor (or compatible) of 150 MHz or higher.

• At least 32 Mb of RAM (64 Mb recommended).

Kaspersky Anti-Virus for Workstation 10

Windows NT Workstation 4.0 (SP6а or higher):

• Intel Pentium processor (or compatible) of 150 MHz or higher.

• At least 48 Mb of RAM (64 Mb recommended).

Windows 2000 Professional

:

• Intel Pentium processor (or compatible) of 150 MHz or higher.

• At least 64 Mb of RAM (96 Mb recommended).

Windows XP Home Edition/Professional

:

• Intel Pentium processor (or compatible) of 300 MHz or higher.

• At least 128 Mb of RAM.

When running Kaspersky Anti-Virus under the Windows XP Home
Edition or the Windows XP Professional operating system with the Fast
User Switching option selected some features of the anti-virus
program become unavailable: the user cannot change settings of
Kaspersky Anti-Virus and cannot expect the program to interactively
respond to events (for example when Kaspersky Anti-Virus will detect a
virus, it will not display the appropriate dialog box asking a user how to
handle the infected object).

General requirements for all operating systems

:

• At least 72 Mb space available on the hard disk to install, and 23 Mb to

run.

• Microsoft Internet Explorer of version 5.5 or higher with SP2.

• No other anti-virus programs installed on your computer, including

Kaspersky Lab products.

If you have any anti-virus programs installed on your
computer, we recommend that you uninstall them before
installing Kaspersky Anti-Virus for Workstation.

• The monitor resolution should be set to at least 800 x 600, the small font
should be selected, and the system date should be set correctly.

1.3. Distribution kit

You can purchase Kaspersky Anti-Virus for Workstation either from our
distributors (retail box) or online at one of our Internet shops (for example,

www.kaspersky.com

- select the Buy online link).

11 Kaspersky Anti-Virus for Workstat ion

The retail box includes:

• a sealed envelope with an installation CD containing files for the software
product;

• User Guide;

• a license key written on the installation CD;

• license agreement.

Before you unseal the envelope containing the CD, be sure to
thoroughly review the license agreement.

If you buy Kaspersky Anti-Virus for Workstation online, you download the
installation file of the product from the Kaspersky Lab website. This installation
file includes this User Guide and the license key. The license key can also be
sent to you by e-mail after receiving your payment.

The License Agreement (LA) is a legal agreement between you and the
manufacturer (Kaspersky Labs Ltd.) describing the terms on which you may
employ the anti-virus product which you have purchased.

Make sure you read the License Agreement!

If you do not agree to the terms of this LA, you can return the unused product to
your Kaspersky Anti-Virus dealer for a full refund, making sure the envelope with
the CD is sealed.

If you unsealed the envelope or installed the program, you have agreed to all the
terms of the LA.

1.4. Help desk for registered users

Kaspersky Labs offers a large service package enabling its legal customers to
enjoy all available features of Kaspersky Anti-Virus.

If you register and purchase a subscription you will be provided with the following
services for the period of your subscription:

• new versions of this anti-virus software product provided free of charge;

• phone or e-mail advising on matters related to the installation,

configuration, and operation of this anti-virus product;

• information about new Kaspersky Labs products and about new computer
viruses (for those who subscribe to the Kaspersky Labs newsletter).

Kaspersky Anti-Virus for Workstation 12

Kaspersky Labs does not provide information related to operation and
use of your operating system or various other technologies.

1.5. Conventions

In this book we use various conventions to emphasize different meaningful parts
of the documentation. The Table below lists the conventions used in this User
Guide.

Convention Meaning

Bold font

Menu titles, commands, window titles,
dialog elements, etc.

Note.

Additional information, notes

Attention!

Critical information

To do this,

1. Step 1.

2. …

Actions that must be taken

Task or example

Formulation of the problem or an example
of how to use the product.

Solution

A solution of the problem formulated

[key] – Function of the key.

Command line keys

Text of information
messages and the

command line

Text of configuration files, information
messages, and the command line.

CHAPTER 2. INSTALLING AND

UNINSTALLING KASPERSKY
ANTI-VIRUS FOR
WORKSTATION

Before installing Kaspersky Anti-Virus for Workstation make sure to quit
all programs running on your computer.

Launch the setup.exe program on the CD to start the package installation. The

setup wizard operates in dialog mode. Each dialog box contains a certain set of
buttons allowing management of the setup. The main buttons are:

• OK – accept actions

• Cancel – cancel actions

• Next – move one step forward

• Back – move one step backward

There are two possible variations on how to install the product: installing it for the
first time and reinstalling. Below, both variants are described in detail.

2.1. Installing

Step 1. Read the license agreement

The License Agreement dialog box contains the agreement text. Read it
carefully and press Yes if you agree to the license agreement terms. Otherwise,
press No to abort the setup.

Step 2. Input user information

Enter user information in the Customer Information dialog box. Enter the
appropriate data in the User Name field and the Company Name field. By
default the information for these fields is taken from the Windows registry.

Installing and uninstalling Kaspersky Anti-Virus for Workstation 14

Step 3. Select the folder the program will be installed to

In the Choose Destination Location dialog box, select the installation folders
where the Kaspersky Anti-Virus for Workstation program components will be
installed. Destination Folder indicates the folder for the components, and
Common Files Folder indicates the path for files shared by all the components.
To select folders, press Browse and indicate the folder path in the

Choose Folder standard dialog box.

Step 4. Input the program group name in the Start\Programs

menu

Define the folder name in the Select Program Folder dialog box for the
Kaspersky Anti-Virus for Workstation icon to appear in the standard Program
menu. Press Next.

Step 5. Choose setup type

Choose one of the three setup types in the Setup Type dialog box:

Custom

You will be asked to select the required components from a
list.

Easy

Only the most essential components of the package will be
installed, namely: Kaspersky Anti-Virus Scanner, Kaspersky
Anti-Virus Monitor, anti-virus databases and the updating
program.

Typical

All the Kaspersky Anti-Virus software package components
will be installed.

Step 6. Choose the Kaspersky Anti-Virus components to be

installed

If you selected the Custom setup, you will have to choose the required
components in the Select Components dialog box.

To choose the components to be installed check the appropriate boxes at the left
of component names.

15 Kaspersky Anti-Virus for Workstat ion

Step 7. Copying files to the hard disk

Read the setup information in the Start Copying Files dialog box. Press Next to
continue the installation. The program will start copying files to the hard disk; the
process is indicated by the progress bar in the Setup Status dialog box.

Step 8. Choose the report storage

In the Report Viewer Settings dialog box, you must define the folder for the
reports generated by Kaspersky Anti-Virus for Workstation components to be
saved to.

Step 9. Define the account under which the Kaspersky Anti-

Virus Monitor service will be started

In the Kaspersky Anti-Virus Monitor Service Properties dialog box, enter
details of the account under which the Kaspersky Anti-Virus Monitor service will
be started.

You can use the following accounts:

• Local System account– the Windows account;

• This account – the user account which details are specified in the fields

at the right.

Step 10. Enter the administration password

In the Administration password dialog box, define the password to be used
to remotely access and manage components of the Kaspersky Anti-Virus for
Workstation software package using the Kaspersky Administration Kit
program.

Step 11. Define paths to the key files

In the Key File dialog box, you must define the key file name and path.

If the file is located in the setup folder, its name will be displayed in the List of
key files to install list.

If the key file is located in a different folder, press Add and define the key file
name and path in the Select Key File standard dialog box. If required, the
program may simultaneously use several key files.

The key file is your personal key that contains all the housekeeping data
essential for Kaspersky Anti-Virus to apply all its features:

Installing and uninstalling Kaspersky Anti-Virus for Workstation 16

• Vendor information for this version (company name, addresses,
telephone numbers)

• Support information (who and where support is provided)

• Product release date

• Name and number of the license

• Functionality table for various components

• Period of validity for this license

Step 12. To complete setup

Upon completion of the Kaspersky Anti-Virus for Workstation package installation
the Completing Setup Wizard dialog box appears on the screen. Choose one of
the following options:

Yes, I want to restart my computer now

No, I will restart my computer later

In this case, to correctly complete the setup of the Kaspersky Anti­Virus for Workstation package and start working, it is ESSENTIAL to
restart your computer.

Press Finish.

The startup of your operating system may be delayed because the
program is completing installation of Kaspersky Anti-Virus for
Workstation on your computer. Don’t worry! At this moment Kaspersky
Anti-Virus for Workstation is being registered with your system.

2.2. Reinstalling

If you start to reinstall the program, the Program Maintenance dialog box will
appear on your screen. In this dialog box, you must choose one of the following
options:

• Modify – adds new components to the existing installation

• Repair – reinstall all program components (damaged) installed by the

previous setup.

• Remove – completely removes the Kaspersky Anti-Virus for Workstation
package from your computer (see subchapter 2.3).

Select one of the options and press Next.

17 Kaspersky Anti-Virus for Workstat ion

If you selected the Modify option and pressed Next, the Select Components

dialog box will appear on your screen. Select the required package
components by checking the appropriate boxes in the dialog box and press
Next. The Setup Status and the Completing Setup Wizard dialog boxes
will consequently appear on your screen.

If you selected the Repair option and pressed Next, the Setup Status and the

Completing Setup Wizard dialog boxes will appear on your screen. This
mode can be used if, for example, one of the files included in the Kaspersky
Anti-Virus for Workstation package has been unintentionally deleted.

If Kaspersky AV Control Centre (this or a previous version) has already been
installed on your computer (it could have been installed as a component of
another Kaspersky Lab package), the setup wizard will display the Component:
Kaspersky Anti-Virus Control Centre wizard box. Use this dialog box to define
installation settings of the standard settings file.

In this box, you can select one of the following options:

• Merge – appends a standard settings file to settings detected in the
existing file;

• Overwrite – installs a standard settings file instead of the settings file
detected on your hard drive;

• Skip – keeps the detected settings file unchanged.

If Kaspersky AV Updater has been already installed on your computer, a wizard
box similar to the described above will appear on your screen. However, in this
wizard box the Merge option will not be available. You can use this wizard box to
overwrite or skip the detected settings file of Kaspersky AV Updater.

2.3. Uninstalling

Should you for any reason wish to uninstall the Kaspersky Anti-Virus for
Workstation program, select Remove in the Program Maintenance dialog box
and press Next.

The removal confirmation dialog box will appear on your screen. Press OK to
start the removal procedure. The program files will be removed from the
computer; the process is indicated by the progress bar in the Setup Status
dialog box.

Should the removal program detect files that may be used by other
programs, the file removal confirmation dialog box will appear on your
screen. Press Yes to remove the files.

CHAPTER 3. KASPERSKY ANTI-

VIRUS SCANNER

Kaspersky Anti-Virus Scanner (Kaspersky AV Scanner) is an anti-virus program
that checks for viruses and deletes them on demand.

The program performs the following functions:

• Detects and deletes viruses of all types in files located on user-predefined
disks, in boot sectors and RAM

• Detects and deletes viruses from files that have been packed using
PKLITE, LZEXE, DIET, COM2EXE and other compression utilities

• Detects viruses (but doesn’t delete) in archived files that have been
archived using one of the commonly used archivers, including ZIP, ARJ,
LHA, RAR, etc.

• Detects viruses (but doesn’t delete) in local mailboxes of the most
commonly used mail systems: Microsoft Outlook, Microsoft Exchange,
Microsoft Internet Mail, Eudora Pro & Lite, Pegasus Mail, Netscape
Navigator Mail, JSMail SMTP/POP3 server.

• Detects and deletes viruses from the MS Outlook Express v. 5.0 (and
later) mail databases.

• Utilizes an improved heuristic detection tool that is able to search for
unknown viruses (up to 92% effective).

3.1. Starting Kaspersky Anti-Virus

Scanner

You can start Kaspersky Anti-Virus Scanner from:

Option 1

: The Windows main menu. To do this, press the Start button, point to

Programs, point to Kaspersky Anti-Virus and point and click Kaspersky
Anti-Virus Scanner. The program main window will appear on your screen

(see subchapter 3.2.2), and you will see the scanner icon

in the system
tray. Right-click this icon to display the scanner system menu (see
subchapter 3.2.1).

19 Kaspersky Anti-Virus for Workstat ion

Option 2: Kaspersky AV Control Centre. To do this, you must first create the

appropriate task. This task can be started manually or scheduled to start
automatically.

Option 3

: The command line. To do this, you must press the Start button in the
Windows taskbar, point and click Run, define the full path to the file
avp32.exe in the Run dialog box and press the OK button. For example,

С:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
for Workstation\Avp32.exe.

If you decide to start your anti-virus scanner from the command line, you can use
one of the following available switches:

[/?] or [/H] – displays the complete list of available command line switches;

[/P=filename] – starts Kaspersky AV Scanner with settings from the defined file;

[/S] – sets Kaspersky AV Scanner to check for viruses right after the program is

started;

[/W] – sets Kaspersky AV Scanner to create a report file;

[/N] – minimizes the Kaspersky AV Scanner main window once the program is

started;

[/Q] – sets Kaspersky AV Scanner to close the main window once the scanning

operation is complete;

[/D] – does not launch Kaspersky AV Scanner from being started, if the data

volumes have already been successfully checked that day (that is, if
Kaspersky AV Scanner has already scanned the drives and the operation
was not aborted and no viruses were detected);

[/@[!]=filename] – sets Kaspersky AV Scanner to scan for viruses in those files

and/or folders listed in the defined file. The file defined by this switch must
be in common text format (ASCII) and must contain a list of files and/or
folders intended for scanning. Every line of the list should contain only one
file or folder name (with a complete path indicated). If there is the character
"!" in the switch (i.e. /@!=filename), the defined file will be deleted once the
scanning operation is complete. If the character "!" is not used (i.e.
/@=filename), this file won’t be deleted;

[/redundant] – enables the redundant scan tool (for details refer to subchapter

A.2). Redundant scanning is recommended if no virus was detected during
an ordinary scan but the system is still behaving strangely (for example,
there are frequent instances where the computer restarts by itself,
unnaturally slow performance of applications, and so on). Otherwise, we do
not recommend enabling the redundant scan tool as it noticeably slows
down the scanning rate;

Kaspersky Anti-Virus Scanner 20

[/virlist=filename] – creates a file with the defined name that will contain the list

of viruses currently detectable by Kaspersky AV Scanner.

[filename and foldername] – sets Kaspersky AV Scanner to scan for viruses in

those files or folders. If a file name or a folder name have spaces, they must
be enclosed in quotation marks. The * or ? symbols cannot be used in file
names, i. e., the *.exe or av?32.exe names cannot be written.

If a folder or a file name with a list of files (/@=file_list.lst) is indicated
in a command line, scanning starts automatically without the /S key.

[/EL] excludes from the check the objects indicated in the file_name file of the

[/@[!]=filename] parameter.

[/EF] – sets Kaspersky AV Scanner to ignore those files defined in the command

line. The switch /EF can be also used in a file defined by the switch
/@=filename (see above). In this case the object (file or folder) listed
together with the switch /EF will be ignored by Kaspersky AV Scanner. If the
name of the listed file contains spaces, the switch /EF must precede the
filename (the switch can follow the filename, but in this case the filename
must be enclosed with quotation marks). If the name of the listed file doesn’t
contain spaces, the switch /EF can be positioned anywhere in the line.

By using combinations of the switches /EF, /EL, /@ and the list of files
and folders in the command line you can define various locations to be
checked.

Let's consider some examples of switch applications:

Example 1. Starting the program preset to check for viruses in files
within the My documents folder.

С:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
for Workstation\Avp32.exe" /S "C:\My documents"

Example 2. Starting the program preset to create a list of detectable

viruses in the file E:\virlist.txt and to close the main window once the

scanning operation is complete.

С:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
for Workstation\Avp32.exe" /virlist=E:\virlist.txt /q

Example 3. Starting the program preset to check for viruses right after it
is started, if Kaspersky AV Scanner has not scanned for viruses that
day or if it has but the scanning operation was aborted or viruses were
detected. The program is also set to close the main window once the
scanning operation is complete.

С:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
for Workstation\Avp32.exe" /s/d/q

21 Kaspersky Anti-Virus for Workstat ion

Example 4. Starting the program preset to check for viruses in files in
the My documents folder and to ignore the files listed in the file

exclude.txt.

"С:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
for Workstation\Avp32.exe" "C:\My documents" /EL
/@=C:\exclude.txt

3.2. Program Interface

3.2.1. System menu

When you start the program the main window (see subchapter 3.2.2) appears on

the screen, and the icon is displayed in the system tray; by clicking with your
right mouse button on it you can display the system menu (Figure 1). The system
menu contains the following commands:

• Kaspersky Anti-Virus Scanner Settings – displays the program main

window.

Figure 1. System menu

• Scan now / Stop scan – initiates/aborts scanning

• Pause Scan / Resume Scan – pauses/resumes scanning

• Change Scan Process Priority – allows you to change the check priority

(this command is available during the check).

• Show Report – displays the report window with the program performance

results.

Kaspersky Anti-Virus Scanner 22

• Update Now – launches Kaspersky AV Updater, the program for

updating anti-virus databases.

• About Kaspersky Anti-Virus Scanner – displays information about the

program.

• Unload Kaspersky Anti-Virus Scanner – unloads the program from

memory.

3.2.2. Main window

In the Kaspersky AV Scanner main window, you can change scanning settings,
start/stop scanning and review the program performance results. You can exit
the main window without unloading the program from memory.

The following items are located in the Kaspersky AV Scanner main window:
menu bar, tool bar, work area, and status bar. Below, these items are described
in detail.

3.2.3. Menu

The menu bar is located at the top of the main window. Some menu commands

can be also activated using appropriate key combinations or buttons in the tool
bar (see subchapter 3.2.4). The appropriate key combinations are displayed at
the left of the menu commands. For details of the matching functions of key
combinations, tool bar buttons and menu commands, see subchapter 3.2.4.

Menu !commands Function (The command allows you to…)

File ! Open Profile load settings from the current profile (see

subchapter 3.3.4).

File ! Save Profile save current settings to the current profile

(see subchapter 3.3.4).

File ! Save Profile As save current settings to an alternative profile

(see subchapter 3.3.4).

File ! Save Profile as Default set the current settings as the default (see

subchapter 3.3.4).

File ! Recent Profiles select the profile from a list of files recently

used.

23 Kaspersky Anti-Virus for Workstat ion

Menu !commands Function (The command allows you to…)

File ! Unload Kaspersky
Anti-Virus Scanner

unload the Kaspersky AV Scanner program
from memory.

File ! Close window exit the program main window.

Scan ! Start Now / Stop scan start / stop scanning for viruses (see

subchapter 3.4.1).

Scan ! Pause Scan /
Resume Scan

suspend / resume scanning for viruses (see
subchapter 3.4.1).

Scan ! Change Scan
Process Priority

change the active scanning process priority
(this item is available only during the
scanning process – see subchapter 3.4.2).

Scan ! View Scan Options display the program settings in plain text

form (see subchapter 3.3.5).

Tools ! Update Now update anti-virus databases (see

subchapter 3.5).

Tools ! Show Report display the report window (see

subchapter 3.4.3).

Tools ! Make Virus List generate a list of currently known viruses

(see subchapter 3.6).

Help ! Contents display the Help topics window.

Help ! Kaspersky Anti-Virus
on the Web

start your web browser and go to the
Kaspersky Labs site.

Help ! About Kaspersky Anti-
Virus Scanner

display information about the program.

3.2.4. Tool bar

Buttons are located in the tool bar. By pressing them you can initiate various

commands.

Kaspersky Anti-Virus Scanner 24

Button Menu ! Command Function (The button allows you

to…)

File ! Open Profile load settings from the required

profile.

File ! Save Profile save current settings to a profile.

File !
Save Profile as Default

save current settings to a file and
set this file as the default profile.

Scan ! Start Now start scanning for viruses.

Scan ! Pause Scan /
Resume Scan

suspend/resume scanning.

Scan ! Stop scan stop scanning for viruses.

Scan ! View Scan
Options

display settings in plain text form.

Tools ! Show Report display the report window

Tools ! Update Now update Anti-Virus bases.

File ! Unload Kaspersky
Anti-Virus Scanner

unload the Kaspersky AV Scanner
program from memory.

3.2.5. Work area

The main window work area is divided into two frames. The left frame contains
icons with the following names: Objects, Options, Customize and Statistics.
The right frame displays the settings corresponding to the left-frame icon that is
currently pressed.

The Objects frame allows you to define a location to be checked (the list of
drives and folders), objects to be checked (e.g. sectors, files, mail databases),
and rules to be followed while handling infected objects (see subchapter 3.3.1).

All these settings are arranged into a special control element, the objects settings
hierarchy.

25 Kaspersky Anti-Virus for Workstat ion

The Options frame allows you to define certain general settings, and you may

use a settings tree in the Customize frame to define advanced settings of your

Kaspersky AV Scanner (see subchapters 3.3.2, 3.3.3).

The Statistic frame displays a table with the scanner performance statistics (see
subchapter 3.4.4).

Each item of the settings tree has a right-click menu with commands applicable
to the item.

To display the right-click menu of an item in the settings tree,

1. Place your mouse cursor on the required item.

2. Click your right mouse button. The appropriate right-click menu will
appear on your screen (Figure 2).

Figure 2. An example of the right-click menu

3.2.6. Status bar

At the bottom of the Kaspersky AV Scanner main window you can find a status
bar. The status bar displays the following information:

• context-sensitive prompts / name of the examined object;

• indicator of the scanning progress.

3.3. Changing Settings

In this subchapter we describe how to customize all scanning parameters used
by Kaspersky AV Scanner.

Kaspersky Anti-Virus Scanner 26

3.3.1. Scanning parameters for objects.

Objects

category

The Objects frame (Figure 3) in the work area allows you to choose locations
and objects to be checked for viruses. You may do this by selecting appropriate
options in the frame hierarchies. These options may be viewed in the following
two modes: Standard and Expert. To switch between these modes use the
corresponding buttons in the left frame of the window work area.

Figure 3. The Objects frame

With the Standard mode enabled the Objects frame is divided into two sub­frames: in the left sub-frame you may see the list of computer disks, and the right
sub-frame displays settings for the item selected in the left sub-frame list
(Figure 4).

Figure 4. The Standard view mode

27 Kaspersky Anti-Virus for Workstat ion

With the Expert mode enabled, the Objects frame is divided into three sub­frames: in the upper left sub-frame you can find the file system hierarchy, the
upper right sub-frame displays settings for the item selected in the upper left sub­frame hierarchy, and the lower sub-frame displays the list of files located in the
root of the object selected in the upper left sub-frame (Figure 5).

Figure 5. The Expert view mode

Use the upper left sub-frame to define the location that must be checked for
viruses. Check a box

to define the corresponding object to be checked. If you

uncheck the box

, the corresponding object will be skipped during the check.

To scan a certain location within the file system, check the corresponding box to
the left of the location name.

To scan a group of disks, check the My Computer box in the upper left sub­frame and the required boxes in the upper right hierarchy:

Scan local removable disk drives – scans all removable disks. This check

box is available only if you checked the My Computer box in the upper left
sub-frame. If this box is checked, the program will scan all removable drives.

Scan local hard disk drives – scans all local hard disks. This check box is

available only if you checked the My Computer box in the upper left sub­frame. If this box is checked, the program will scan all local hard disks.

Scan network drives – scans all available network disks. This check box is

available only if you checked the My Computer box in the (upper) left sub­frame. For the same results you may check boxes of all available network
disks in the (upper) left sub-frame.

Kaspersky Anti-Virus Scanner 28

If you select the option to scan a certain location within your file system,
Kaspersky AV Scanner will automatically scan all the locations within the
selected one. However, when in the Expert view mode you can mark the
required sub-locations to be excluded from the check.

For example, you defined the disks
C: and D: to be checked for
viruses, but you do want the
D:\public\archives directory to be
excluded from the location defined
to be checked. In this case you
must check the C: and D: boxes,
and then, in the hierarchy for the D:
disk, uncheck the archives box.

If you excluded a folder from the location to be checked, a triangle will appear in
the checked boxes of all the parent locations:

instead of . If you excluded a
certain location from the larger location that is defined to be checked for viruses,
the scanner will not check it at all or will not check it using the rules defined for
the parent location. You may eliminate (disable) this difference inside the larger
location, or keep it for a certain period of time. For details refer to subchapter 8.3.

For every defined location within your file system you can specify separate
scanning settings. For every defined location to be checked you can also specify
the objects to be checked by using the settings tree in the right hand pane.

3.3.1.1. Defining objects to be checked. Memory,

sectors, and files

For locations that correspond to different levels of the file-system hierarchy the
upper right frame displays different groups of settings. The maximum quantity of
settings is displayed for the My Computer location. Here you can set your
scanner to check your computer memory, boot sectors, groups of disks and MS
Outlook Express (v. 5.0 and later) databases. When defining settings for a disk
you can enable the check of boot sectors and file systems located on this disk.
For a folder you cannot disable the check of file system. You can, however,
define how the scanner must process infected and suspicious objects, in what
type of files it must check for viruses and enable/disable the advanced scanning
modes for all the locations in the upper left frame.

29 Kaspersky Anti-Virus for Workstat ion

Scan files of following types – scans files in the corresponding locations

(including System, Hidden and Read Only files). This check box is available
if you checked the My Computer or a disk box in the upper left sub-frame.
You cannot uncheck it for a folder or file. If you check this box you must
define file types to be checked for viruses:

All infectable – scans all files that are able to carry a virus.

All – scans every file of every type.

By mask – scans the file types defined by user in the text fields below.

You can specify an unlimited quantity of file types, but make sure that
one text field contains only one file type.

Exclude by mask – excludes from the check the file types defined by

user in the text fields below. You can specify an unlimited quantity of file
types, but make sure that one text field contains only one file type.

Scan sectors – scans boot sectors (master boot record and boot sectors).

This check box is available only if you checked the My Computer or a disk
box in the upper left sub-frame.

Scan memory – scans RAM. This check box is available only if you

checked the My Computer box in the upper left sub-frame.

Scan MS Outlook Express databases – scans MS Outlook Express (v. 5.0

and later) databases. This check box is available only if you checked the My
Computer box in the upper left sub-frame. For details of scanning in mail
databases of the other formats see subchapter 3.3.1.3.3.

Kaspersky Anti-Virus Scanner checks only in those *.dbx files that are
stored within the MS Outlook Express working directory and,
respectively, started every time you start MS Outlook Express. The
*.dbx files in other directories are considered by the program as
standard mail databases. The program is able to detect viruses in those
databases but cannot delete them.

Scan start-up objects – scans objects started at the operating system start.

This check box is available only if you checked the My Computer box in the
upper left sub-frame.

3.3.1.2. Handling infected and suspicious objects

Actions in case of virus detection – if an infected or suspicious object is

detected, the program will perform one of the following actions:

Ask user– Kaspersky AV Scanner will open up the dialog box

(Figure 6). This dialog box contains the name of the infected file, the
name of the detected virus and a list of possible actions to be performed
with the infected object (that is, a list of all possible actions except for

Ask user). In addition, the dialog box contains the Apply to all

Kaspersky Anti-Virus Scanner 30

infected objects check box; by checking this box, you can apply the
selected action to all infected objects detected later, and which you
previously predefined to be handled by opening the dialogue box. Upon
detection of the next infected object, the dialog box will not appear
again. The following three buttons are located at the bottom of this
dialog box: OK (accepts the selected action), Cancel (closes the dialog
box and proceeds with scanning) and Stop (stops scanning for viruses).

Report only – the program will only report the infected and suspicious

objects. The report can be viewed by starting the report viewer,
Kaspersky Report Viewer (see Chapter 7).

Disinfect – the program will try to cure all infected objects without

asking first. As a result, the detected viruses will be removed, and the
object will be restored as an operable one.

Make backup file before disinfection – to create a copy of the

infected object before starting a cure. A directory where the copy
will be created is specified in the settings tree of the Options
category (see subchapter 3.3.2.2). The copy will not be deleted
upon completion of treatment.

If disinfection is impossible – not all infected objects can be

cured, because some viruses damage computer data irreversibly.
In this case, Kaspersky AV Scanner can operate using one of the
following three methods:

Report only – informs you about

unsuccessful attempts at treatment,

Rename object – renames

the unrecoverable file,

Delete object – deletes the damaged file.

Rename object – the program will rename all infected objects. The

renaming rules are specified in the settings tree of the Options
category (see subchapter 3.3.2.2).

• Delete object – the program will delete all infected objects without

warning.

The Delete object and the Rename object options are applied to
compound infected files only if you checked the Enable delete or rename
non-disinfected compound files box on the Options page. If the box is
not checked the program will not delete or rename compound files.

31 Kaspersky Anti-Virus for Workstat ion

Figure 6. The Ask user dialog box

3.3.1.3. Advanced scanning modes

3.3.1.3.1. Scanning compound objects

You can enable advanced scanning modes to check for viruses in archives,
packed files, mail databases and plain mail formats (for details see Appendix А).

Scan compound files of the following types – check this box to process

compound objects as folders containing a set of objects.

Sometimes the program is able to detect a virus in a compound file (archive, mail
database, plain mail file) but cannot remove it from the file. Therefore when you
run the program with the Delete objects or Rename object option button
selected its advisable that you check the

Scan compound files of the

following types box and uncheck the

Enable delete or rename non-

disinfected compound files box on the Options page. In this case, if there was
detected an infected compound file, the program will log this event but the file will
not be deleted or renamed. Later on you will be able to extract the object, check
it with your anti-virus program and delete the virus from extracted files.

If you check the

Enable delete or rename non-disinfected

compound files check box, you can lose important data.

3.3.1.3.2. Scanning archives and self-extracting files

Scanning archives for viruses is an extremely important task because a virus can
be stored in an archived file for several months or even years, causing no harm
to your computer. However, if activated, this virus can cause serious problems.

Kaspersky Anti-Virus Scanner 32

Archives – check this box to search for viruses in files archived using

ZIP, ARJ, LHA, RAR, CAB and some other archiving utilities.

Kaspersky Anti-Virus is able only to detect viruses from archives. In
addition, Kaspersky Anti-Virus does not extract password-protected
archives.

Archives with self-extractors – check this box to search for viruses in

self-extracting archives, i.e. executable files that can be started to
extract the archived files. Some self-extracting archives also
immediately start one of the extracted files.

The extracting tool is able to correctly extract files that have been compressed
multiple times. It can also deal with some versions of immunizers, programs
protecting executable files from viruses by attaching checking code blocks
(CPAV and F-XLOCK) and enciphering programs (CryptCOM) to them.

3.3.1.3.3. Scanning mail databases and plain mail

files

The program is able to search for viruses in mail databases and plain mail files.

Mail databases – check this box to search for viruses in mail databases

of the following formats:

• Microsoft Outlook, Microsoft Exchange (the .pst and the .pab
extension files, the MS Mail archive type);

• Microsoft Internet Mail (the .mbx extension files, the MS
Internet Mail archive type).

• Eudora Pro & Lite;

• Pegasus Mail;

• Netscape Navigator Mail;

• JSMail SMTP/POP3 server (user database).

If the mail database scan mode is enabled, the program checks every
entry in mail databases and scans attached files. The following formats
are supported: UUEncode; XXEncode; btoa (up to 5.0); btoa 5.*;
BinHex 4.0; ship; NETRUN 3.10; NETSEND 1.0 (not packed);
NETSEND 1.0C (packed); MIME base 64.

Plain mail – check this box to search for viruses in plain mail files of the

formats Eudora Pro & Lite, Pegasus Mail, Netscape Navigator Mail,
JSMail, and user databases on SMTP/POP3 servers.

33 Kaspersky Anti-Virus for Workstat ion

If the plain mail check mode is enabled, Kaspersky Anti-Virus checks
every file for a message header. If a message header is detected, the
program searches for attached data (UUEncode, XXEncode and etc.)
and checks it for viruses.

The mail database and plain mail modes noticeably slow down the Kaspersky AV
Scanner scanning rate. For that reason we do not recommend their use in
regular virus checks.

Kaspersky AV Scanner is not able to delete viruses from mail
databases and plain mail files, it is able only to detect them. However, if
you check the

Scan MS Outlook Express databases box, the

program will be enabled to detect and delete viruses from MS Outlook
Express (5.0 and later) databases.

3.3.1.3.4. Scanning embedded objects

The program allows you to check for viruses not only in files, but also in the
objects embedded in these files using the OLE technology. Check the
Embedded objects box to search for viruses in OLE objects embedded in the
examined files.

3.3.1.3.5. Heuristic detecting module

You can enable the built-in heuristic detection module to scan for viruses that are
unknown to the program (not described in current anti-virus databases). Check
the

Enable Code Analyzer box to scan for viruses using the heuristic

detecting module.

3.3.2. General settings:

Options

The Options frame (Figure 7) contains options allowing you to choose how the
scanner should report performance statistics and rename the infected files it
detected. Here you can also set the scanning priority.

Kaspersky Anti-Virus Scanner 34

Figure 7. The Options frame

3.3.2.1. Reporting options

Save report file – check this box to save the report to a file. If you check

this box, you will be able to monitor the performance of Kaspersky AV
Scanner using Kaspersky Report Viewer (see Chapter 7). When displaying
the performance results, this program will use settings defined in the
Save report file branch.

Report file name – use this field to define the report file name

By default the report file is created in the directory that you specified
during program installation. If the program operates independently of
Kaspersky AV Control Centre, you can re-define this directory by
specifying the full path to your report file. If the program is controlled by
Kaspersky AV Control Centre, you cannot re-define this directory.

Show pack info in the report– check this box to receive reports about

packed and archived objects. These messages have the following
format in the Kaspersky Report Viewer table: the Object column shows
the object name, the Result column shows the Packed or Archive
strings and the Description column shows the name of the
corresponding compressing or archiving utility.

Show clean object info in the report – check this box receive reports

about virus free objects. These messages have the following format in
the Kaspersky Report Viewer table: the Object column shows the
object name, the Result column shows the OK string.

35 Kaspersky Anti-Virus for Workstat ion

Append – check this box to append new reports to the existing report

file. This is useful if you want to keep reports on several or all the
previous checks. If the box is not checked, every time Kaspersky AV
Scanner is started it will create a new report file.

Limit size to (Kb) – check this box to limit the size of the report file to

the value specified in the field below. The default value is 2048 Kb.

3.3.2.2. Renaming, copying, and deleting options

For renaming or copying of infected objects use – these option buttons

allow you to choose between moving infected objects to a special folder and
renaming them. The program will apply this setting to those objects, for
which you selected the Rename object option in the Objects settings tree
(see subchapter 3.3.1).

Special folder – this option button moves infected objects to a special

directory defined in the text field below. In this case, infected objects are
moved to the folder with their names and extensions unchanged.

The object folder – this option button renames infected objects, i.e.

changes their extensions to the one defined in the Extension of
infected file field.

Enable delete or rename non-disinfected compound files – check this

box to allow the program to delete or rename infected archives. This check
box is used only for those compound objects for which you selected the
Delete object or the Rename object options (respectively) in the Objects
settings tree. It is not advisable to check this box, since you may lose the
data that cannot be recovered without some type of recovery software.

3.3.2.3. Defining priority

Assign the scan process priority to – allows you to define the priority of

the check. You can select one of the following three values: High – the

operating system will transfer CPU control to your Kaspersky AV Scanner

more frequently and for longer periods than to other applications; Normal –

the CPU will pass control to your Kaspersky AV Scanner as frequently as to

other applications; Low – the CPU control is transferred to your Kaspersky

AV Scanner less frequently and for shorter runs than to other applications.

3.3.3. Advanced settings:

Customize

The Customize frame (Figure 8) contains option allowing you to define
advanced settings of the program.

Kaspersky Anti-Virus Scanner 36

Use sound effects for the following events – check this box to play

sounds when checking for and deleting viruses.

Infected object found– allows you to set the sound file that is played

each time an infected object is detected. While selecting files in the
corresponding window you can use the Test button to listen to them.

Scan process finished– allows you to set the sound file that is played

when the check is finished. While selecting files in the corresponding
window you can use the Test button to listen to them.

Pop-up Scanner window after scan finishes – check this box to display

the program main window with the Kaspersky AV Scanner performance
statistics right after the check is finished. If your Kaspersky AV Scanner
main window is closed and you started scanning for viruses from the system
menu, the main window will appear on your screen right after the check is
finished.

Switch to "Statistic" tab after scan starts – check this box to switch to the

Statistic frame right after Kaspersky AV Scanner starts checking for viruses.

Switch to "Statistic" tab after scan finishes – check this box to switch to

the Statistic frame right after Kaspersky AV Scanner finishes checking for
viruses.

Figure 8. The Customize frame

Prompt next disk insertion for removable drives – check this box to set

the program to prompt for the next removable disk. In this case Kaspersky
AV Scanner will scan for viruses on the removable drive you offered and,

37 Kaspersky Anti-Virus for Workstat ion

when finished, will ask for the next removable drive. This setting is used if
you preset Kaspersky AV Scanner to scan data only on the removable drive.

Display attention messages – check this box to display other warning

messages.

Check new updates – check this box to automatically start the anti­virus database-updating program on a regular basis. In the Check interval
(days) dialog box, set the required interval between two automatic starts
(the dialog box is displayed right after you check this box).

If you are working with program settings from Kaspersky AV Control
Centre you will not find some of the Customize settings listed above.
These settings make no sense if you are using Kaspersky AV Control
Centre.

3.3.4. Saving/loading settings

If you frequently set your Kaspersky AV Scanner a certain way, you may save
these settings to a file. These settings will be stored there and if you need to set
the Kaspersky AV Scanner the same way later, you can simply load them from
this file. Files with Kaspersky AV Scanner settings are called scanner profiles.
For example, you may want create a profile with settings allowing you to check
for viruses in several diskettes one after another, or you may wish to create a
separate profile with settings allowing you to thoroughly check for viruses in all
the files on your computer, etc.

You can also set one profile to be loaded by default. Each time you start your
Kaspersky AV Scanner it will load settings from this profile.

Main Menu Toolbar Key

combination

To load settings
from a profile

File ! Open Profile

<C

TRL>+<O>

To save settings
to a file

File ! Save Profile, File
! Save Profile As

<C

TRL>+<S>

To define the
profile to be
loaded by default

File ! Save Profile as
Default

By default, Kaspersky AV Scanner profiles have the .klr extension.
If no profile is set to be loaded by default, Kaspersky AV Scanner will
use the default settings defined in the program code.

Kaspersky Anti-Virus Scanner 38

3.3.5. Previewing settings before the check

You can review your scanner settings in text form. The text describes rules
specified for all the objects of your file system: from My Computer to separate
files. For example, if the rules that your Kaspersky AV Scanner uses to check
and process the autoexec.bat file differ from those used for the parent object ­System disk (C:), a list of these rules will be displayed separately.

To review the text describing your Kaspersky AV Scanner settings, select the

View Scan Options command from the File menu or click the toolbar button

.

The Scan Options windows containing values of the Objects and Options
settings will appear on your screen (Figure 9). You can view and copy the setting
values. When you finished working with this window click OK.

Scanner settings in text form are also written at the beginning of your
report file.

Figure 9. The Customize frame

39 Kaspersky Anti-Virus for Workstat ion

3.4. Checking for and deleting

viruses

3.4.1. Starting and aborting the check

Scanning for viruses can be initiated/terminated automatically via Kaspersky AV
Control Centre, or on demand from both Kaspersky AV Control Centre, and the
Kaspersky AV Scanner main window.

When Kaspersky AV Scanner starts checking for viruses, you can
suspend/resume the scanning process, change the process priority or stop
scanning.

Main menu System menu Toolbar

Starting Scan ! Start Now Start Now

Aborting Scan ! Stop scan Stop Scan

Pausing Scan ! Pause Scan Pause Scan

Resuming Scan ! Resume Scan Resume Scan

Let's review the operations performed by Kaspersky Anti-Virus Scanner right
after it is started. First, the program loads anti-virus databases and checks itself
for viruses. If the program is successfully loaded, the following string appears at
the bottom of the program main window:

Antiviral bases were loaded. Known viruses: XXXX

where XXXX is the number of viruses described in the anti-virus bases. If the
program is infected, it will try to disinfect itself. If the virus was successfully
deleted the program will be restarted and you will see a message that all the
viruses have been deleted. If the program fails to disinfect itself, it will not be
started and the corresponding information window will appear on your screen. If
you have the virus-free distribution copy of Kaspersky Anti-Virus, delete the
infected program and reinstall Kaspersky Anti-Virus on your computer.

When finished checking for viruses, Kaspersky AV Scanner generates
appropriate exit codes that can be used to create batch files. The
program can return one of the following values:

Kaspersky Anti-Virus Scanner 40

• 0 – no viruses detected;

• 1 – scanning was interrupted;

• 2 – detected objects contain a modified or damaged virus;

• 3 —objects suspected of being viruses were detected;

• 4 – one or more viruses were detected;

• 5 – all infected objects are disinfected;

• 7 – Kaspersky AV Scanner is corrupted;

• 10 —Kaspersky AV Scanner internal error.

3.4.2. Changing priority of the check

You may change the priority of the check without aborting i t. To do this,
follow these steps:

1. Select the Change Scan Process Priority command from the

Scan menu.

2. Select the required value (for more detail, see

subchapter 3.3.2.3) from the drop-down list in the dialog box
that appears on your screen (Figure 10).

Figure 10. The scan priority dialog box

When the check is in progress you cannot change other settings! If you
want to change other settings, first you must abort the check, then
change settings and restart the check again.

41 Kaspersky Anti-Virus for Workstat ion

3.4.3. Monitoring progress

If you enabled Kaspersky AV Scanner to report on its performance (see
subchapter 3.3.2.1), you can use the Kaspersky Report Viewer program to
monitor the performance in progress. To start the program, select the Show

report command from the Tools menu, or click the toolbar button

. The
Kaspersky Report Viewer main window allowing you to monitor your Kaspersky
AV Scanner progress will appear on your screen (see Chapter 7).

3.4.4. Viewing statistics:

Statistics

If you enabled Kaspersky AV Scanner to report on its performance you can view
the performance statistics in progress in the Statistics frame (Figure 11).

Figure 11. The Statistics frame

The frame table is divided into the following two sections: Scanned and Found.
The Scanned section displays numbers of checked sectors, files, folders,
archives and compressed files. The Found section displays the numbers of:

• viruses detected;

• virus bodies (that is, the number of files infected by a known virus);

Kaspersky Anti-Virus Scanner 42

• disinfected objects (that is, the number of objects from which viruses were
correctly deleted);

• deleted objects;

• renamed objects;

• warnings, i.e. messages about objects containing codes similar to known

virus modifications;

• suspicious objects (that is, Code Analyzer notifications);

• corrupted objects;

• I/O errors.

At the bottom of the frame you can see the scan speed (Кb per second) and the
time that your scanner spent checking for viruses in all the objects.

3.5. Updating Anti-Virus databases

You can start the anti-virus database-updating program from your Kaspersky AV
Scanner main window. To do so, select the Update now command from the

Tools menu or click the toolbar button

.

3.6. Generating a list of currently

known viruses

You can generate and review the list of currently known computer
viruses. To do this, follow these steps:

1. Select the Make Virus List command from the Tools menu. This
command starts Kaspersky Virus List Generator.

2. In the Kaspersky Virus List Generator dialog box (Figure 12) on
your screen, define the file name for the list to be saved to. To do
this, use the Browse button.

3. Press the Generate button.

43 Kaspersky Anti-Virus for Workstat ion

Figure 12. The Kaspersky Virus List Generator dialog box

To display the list, press the Show list button. This button starts Report Viewer,
which can be used to review the generated list of viruses.

To exit the Kaspersky Virus List Generator dialog box press the Exit button.

You can start Kaspersky Virus List Generator directly from the Windows main
menu. To do this, press the Start button in the left bottom corner of your
Windows screen, point to Programs, point to Kaspersky Anti-Virus and click
the Kaspersky Virus List Generator command.

CHAPTER 4. KASPERSKY ANTI-

VIRUS MONITOR

Kaspersky Anti-Virus Monitor (Kaspersky AV Monitor) is a memory-resident
program that monitors files when they are accessed. Whenever somebody refers
to an object, the monitor checks the object to make sure that it is free of viruses.
If the object is found to be infected, the program will attempt to disinfect the
object, delete it, move it to a quarantine folder or allow it to be accessed,
depending on the options that were selected. In this way the anti-virus monitor
allows you to detect and delete viruses before the system is actually infected.

Here we must note that there is more than one term describing programs similar
to the Kaspersky Labs Anti-Virus Monitor. For example, they are sometimes
called resident scanners, anti-virus filters, on-access scanners, etc.

4.1. How to start, disable and enable

your AV Monitor

There are several ways to start your anti-virus monitor. Your Kaspersky AV
monitor can be started:

Option 1: From the Windows Start menu. To do this, click the Start button on

your Windows desktop, point to Programs, point to Kaspersky Anti-Virus,

then click the Kaspersky AV Monitor command. The monitor icon

will
appear in the system tray. Click this icon with your right mouse button to
display the monitor system menu (see subchapter 4.2.1).

Option 2:

Automatically. The Kaspersky AV Monitor can be loaded automatically

when you start your computer if you add the program to the Startup folder of
the Windows Start menu.

Option 3:

From Kaspersky AV Control Centre. If you install Kaspersky AV Control
Centre and set your anti-virus monitor to start automatically, the program will
be started right after you start Kaspersky AV Control Centre. However, in
this case the monitor icon will not appear on the taskbar.

Option 4:

By entering the appropriate command in the command line. To do this,

go to the Kaspersky Anti-Virus directory and execute the avpm.exe file.

If your anti-virus monitor is enabled, you can see the icon in the
system tray:

45 Kaspersky Anti-Virus for Workstat ion

when you place your mouse cursor on the icon

, the following prompt will pop

up: Kaspersky Anti-Virus Monitor is enabled;

the monitor system menu contains the following command: Disable Monitoring.

If your anti-virus monitor is disabled, you can see the icon in the
system tray:

when you place your mouse cursor on the icon the following prompt will pop
up: Kaspersky Anti-Virus Monitor is disabled;

the monitor system menu contains the following command: Enable Monitoring.

We do not recommend that you run two anti-virus monitors from

different manufacturers on the same computer. This may result in

conflicts and false alarms.

If you start your anti-virus monitor from Control Centre, its options

become unavailable. In this case you must use Control Centre to

change your monitor settings.

4.2. Program Interface

This section describes the Kaspersky AV Monitor interface, i.e., the system
menu, main window, work area, etc.

When enabled, Kaspersky Anti-Virus Monitor can send you messages

upon certain events, for example, detection of an infected object.

Sometimes you have to respond to these messages. If you want to

complete the current working session on your computer, close all the

messages before logging off.

4.2.1. System menu

When you start your monitor the program main window will appear on your

screen (see subchapter 3.2.2), and you will see the monitor icon in the
system tray. Click this icon with your right mouse button to display the monitor
system menu (Figure 13). The system menu contains the following commands:

• Kaspersky Anti-Virus Monitor Settings – displays the program main

window.

• Disable monitoring / Enable monitoring – disables/enables the

program to monitor for viruses in files.

Kaspersky Anti-Virus Monitor 46

• Show Report – displays a window containing the program performance

report.

• Update Now – starts the anti-virus database-updating program,

Kaspersky AV Updater.

• About Kaspersky Anti-Virus Monitor – displays a box containing

information about the program.

• Unload Kaspersky Anti-Virus Monitor – unloads the program from your

computer memory.

Figure 13. System menu

4.2.2. Main window

The Kaspersky AV Monitor main window allows you to change the monitor
settings, to disable/enable the monitor and to view the performance statistics
(Figure 14). You may close the window without unloading the program from your
computer memory.

The Kaspersky AV Monitor main window contains the following items:

• menu;

• toolbar;

• work area;

• the OK, Cancel, Apply and Help buttons.

47 Kaspersky Anti-Virus for Workstat ion

Figure 14. The Kaspersky AV Monitor main window

4.2.3. Menu

At the top of the Kaspersky AV Monitor main window you can see a menu bar
with drop-down menus. Some commands in these menus may be substituted by

appropriate key combinations or toolbar buttons. The key combination that may
be used instead of a command is defined to the right of this command in the
appropriate drop-down menu. For the list of key combinations and toolbar
buttons that might be used instead of some menu commands refer to the table in
subchapter 4.2.4.

Menu ! command Function (The menu command allows

you to…)

File ! Unload Kaspersky Anti­Virus Monitor

unload Kaspersky AV Monitor from the
computer memory.

File ! Close window close the Kaspersky AV Monitor main

window.

Kaspersky Anti-Virus Monitor 48

Menu ! command Function (The menu command allows

you to…)

Monitor ! Enable monitoring /
Disable monitoring

enable/disable the program to monitor
for viruses (see subchapter 4.4).

Monitor ! View monitoring
options

display your monitor settings in text form
(similar to subchapter 3.3.5).

Tools ! Update Now update your anti-virus bases (see

subchapter 3.5).

Tools ! Show Report display the report window (see

subchapter 3.4.3).

Tools ! Make Virus List generate a list of currently known viruses

(see subchapter 3.6).

Help ! Contents display the Help topics window.

Help ! Kaspersky Anti-Virus on
the Web

start your web browser and go to the
Kaspersky Labs site.

Help ! About Kaspersky Anti-
Virus Monitor

display information about the program.

4.2.4. Toolbar

The Kaspersky AV Monitor main window toolbar contains the following buttons:

Button Menu ! command Function (The button and the

menu command allow you
to…)

Monitor ! Enable monitoring /
Disable monitoring

enable/disable the program to
monitor for viruses.

Scan ! Preview Monitoring display your monitor settings in

text form.

49 Kaspersky Anti-Virus for Workstat ion

Button Menu ! command Function (The button and the

menu command allow you
to…)

Tools ! Update Now start the anti-virus database-

updating program

Tools ! Show Report display the report window

File ! Unload Kaspersky Anti­Virus Monitor

unload Kaspersky AV Monitor
from computer memory.

4.2.5. Work area

The work area of the main window is divided into two frames. The left frame
contains icons with the following names: Objects, Options, Customize and
Statistic. The right frame displays settings that correspond to the left frame icon
that is currently pressed.

The Objects frame allows you to define the locations and the objects that must
be checked for viruses, and to specify how the monitor must process objects that
have been defined as infected. All these settings are arranged in a special

control element, the objects settings hierarchy.

The Options frame allows you to define certain general settings, and you can

use the settings tree in the Customize frame to define advanced settings of your

Kaspersky AV Monitor (see subchapters 3.3.2 and 3.3.3).

The Statistic frame displays a table with the monitor performance statistics (see
subchapter 3.4.4).

Each item of the settings tree has a right-click menu with commands applicable
to the item.

To display the right-click menu of an item in the settings tree:

1. Place your mouse cursor on the required item.

2. Click your right mouse button. The appropriate right-click menu will
appear on your screen.

Kaspersky Anti-Virus Monitor 50

4.3. Changing Settings

The options of your monitor are similar to the settings of your anti-virus scanner
(see subchapter 3.3).

They differ in the following ways: in the Objects frame you will not find the Scan
MS Outlook Express databases or the Scan start-up objects check boxes
and therefore you cannot monitor the objects defined by these settings. This
means that while monitoring you will not be able to disinfect mail databases.
However, your Kaspersky AV Monitor will be able to detect a virus in these
objects if you check the Mail databases and the Plain mail check boxes.

In the Options frame you will not find the Scan process priority option, since
Kaspersky AV Monitor utilizes an operating principle that is different from that of
Kaspersky AV Scanner. The Limit size compound files to (Kb) check box is
added to the frame. This allows accelerated monitoring of large archives, etc.
The numerical value for the required maximum size of a compound file to be
checked must defined in the appropriate input field near the Limit size
compound files to (Kb) box.

Note that in this version of Kaspersky Anti-Virus for Workstation,
Kaspersky AV Monitor scans for viruses and disinfects ZIP archives.

In the Customize frame you will not find the Pop up Scanner window after

scan finishes, Switch to "Statistic" tab after scan starts, Switch to
"Statistic" tab after scan finishes and Prompt next disk insertion for
removable drives check boxes.

If you check the Scan sectors and Scan memory boxes sectors and
memory will be checked only once, when monitoring is started. In
addition, if you check the Scan memory check box the program will
monitor for viruses in the memory of launched programs. Kaspersky AV
Monitor performs this check, right after it is loaded, and also every time
you update your anti-virus databases. If the infected memory of a
program cannot be disinfected, the program is forced to abort.

4.4. Loading, disabling and enabling

Kaspersky AV Monitor

You can manually load your anti-virus monitor from Kaspersky AV Control Centre
or from the Kaspersky AV Monitor main window. You can also use Kaspersky AV
Control Centre to schedule your anti-virus monitor to start automatically.

51 Kaspersky Anti-Virus for Workstat ion

After the program has begun monitoring for viruses you can disable it, and then
resume the process.

Main menu !

command

System menu Toolbar

Disabling Monitor ! Disable

monitoring

Disable monitoring

Enabling Monitor ! Enable

monitoring

Enable monitoring

4.5. Viewing performance statistics

If you enabled the monitor to report on its performance you can view the
statistics in progress in the Statistics frame (Figure 15).

Figure 15. The Statistic frame

The frame table is divided into two sections: Scanned and Found. The Scanned
section displays the numbers of checked sectors, files, folders, archives and
compressed files. The Found section displays the numbers of:

Kaspersky Anti-Virus Monitor 52

• viruses detected;

• virus bodies (the number of files infected by a known virus);

• disinfected objects (the number of objects from which viruses were

correctly deleted);

• deleted objects;

• renamed objects;

• warnings (the number of objects containing codes similar to known virus

modifications);

• suspicious objects (Code Analyzer notifications);

• corrupted objects;

• I/O errors.

4.6. Updating anti-virus databases

You may start the anti-virus database-updating program from your Kaspersky AV
Monitor main window. To do this, select the Update Now command from the

Tools menu or click the toolbar button

.

CHAPTER 5. KASPERSKY ANTI-

VIRUS UPDATER

The Kaspersky Anti-Virus Updater (Kaspersky AV Updater) is used for
automated updating of anti-virus databases with virus descriptions, methods of
repairing infected files, and package components.

The Kaspersky AV Updater can copy anti-virus databases and executable
modules from the Internet (using a network or remote connection), a Local
Folder, or an anti-virus server administered by Kaspersky Administration Kit.

5.1. How to start the Kaspersky AV

Updater

There are several ways to start the Kaspersky AV Updater. You can start it:

Option 1:

From the Windows Main menu. To do this, go to the Start menu, then
to Programs submenu, and click on the Kaspersky Anti-Virus Updater
option in the Kaspersky Anti-Virus group.

Option 2: From the Control Centre (automated). With Kaspersky AV Control

Centre installed you can create a task to automatically start the Kaspersky
AV Updater (see Control Centre chapter for detail).

Option 3:

From the command line. Go to KAV Shared Files common folder and

click on the avpupd.exe file. The common folder can be located at the
following path: C:\Program Files\Common Files\KAV Shared Files.

5.2. Kaspersky AV Updater interface

The design of the Kaspersky AV Updater interface is similar to a Windows
Wizard and consists of a sequence of boxes (steps), which can be navigated
with Back and Forward buttons. To finish updating, click on Finish; to close the
program at any stage, click on Cancel.

The Tree Chart element is located in the middle of each box (see Chapter 8 for
usage instructions). The control element configuration settings are grouped in a
hierarchical tree.

Kaspersky Anti-Virus Updater 54

5.2.1. Step 1. The Welcome wizard box

After the updating program has been started the Wizard will open the first wizard
box – Welcome (Figure 16) . Checking the Change settings box allows you to
set up the update mode, objects for updating and report options. Otherwise, the
steps described below will be omitted.

Figure 16. The Welcome wizard box.

5.2.2. Step 2. The

Connection

wizard box

If you decide to change the default settings, you can do this in the Connection
wizard box (Figure 17).

55 Kaspersky Anti-Virus for Workstat ion

Figure 17. The Connection wizard box

The Connection wizard box allows you to define the updating mode and the
object to be updated. Below we describe functions of the first-level options in the
settings tree (Figure 18):

Figure 18. The first level of the configuration tree

Update Kaspersky Anti-Virus from Internet – select this option to update

via the Internet;

Update Kaspersky Anti-Virus from Local Folder – select this option to

update from a user-defined local folder;

Update Antivirus Bases – check this box to update anti-virus databases;

Update Executable Modules – check this box to update executable

modules of the Kaspersky Anti-Virus package.

Kaspersky Anti-Virus Updater 56

Restart computer if needed – check this box to restart the computer if

required after the package executable modules are updated.

When you have defined settings in this box press the Next button to proceed.

5.2.2.1. Updating via the Internet

If you chose to update via the Internet, expand the Update Kaspersky Anti-
Virus from Internet branch and define the required settings (Figure 19). Below
we describe functions of the branch options.

Figure 19. Options located on the Update Kaspersky Anti-Virus from Internet branch

URL – use this button to define the source of updates (protocol, server

name, etc.).

User name – use this field to define the user name allowing access to the

updating server.

Password – use this field to define the password allowing access to the

updating server.

Connections – use this branch to define the remote server connection

settings.

If Microsoft Internet Explorer works in the Work Offline mode, the

program cannot be updated via the Internet even if the connection

settings have been manually adjusted.

5.2.2.1.1. Defining URL

You can download updates from one of the updating servers defined in the URL
list. To view the list expand the URL branch of the settings tree (see Figure 20).

57 Kaspersky Anti-Virus for Workstat ion

Figure 20. Defining the updating server address

When beginning to update, the program by default uses the first URL in the list.
Other servers will be used one-by-one if the updater fails to download updates
from the first URL. An error connecting to the server message will appear on
your screen if the updater fails to download updates from any of the URLs in the
list. If you check the

Use random URL in list as starting point box, the

program will randomly choose a URL from the list and will try to connect to this
server first.

The list of URLs may be edited. To do this, press the button URL; the Edit
URL list dialog box will appear on your screen (see Figure 21).

Figure 21. The Edit URL list dialog box

To edit the list you must use the following buttons in the dialog box (or the
corresponding commands of the right– click menu):

– allows you to add a URL to the list;

– allows you to edit the URL highlighted in the list;

– deletes the URL highlighted in the list;

Kaspersky Anti-Virus Updater 58

– moves the URL highlighted in the list one line up;

– moves the URL highlighted in the list one line down;

5.2.2.1.2. Defining the IP connection

Depending on the method you choose to connect to the updating server, you
must define the following IP connection settings (Figure 22):

Figure 22. Defining the IP connection

Dial-up settings – use this branch to define the dial-up connection to your

IP;

LAN settings – use this branch to define the connection to your IP via the

local network.

Use passive mode FTP transfers – use passive mode when working with

an FTP server (this is especially useful for those connecting to an IP via a
proxy-server or a firewall).

Figure 23. The dial-up options

When configuring a dial-up connection you can check the following boxes
(Figure 23):

Automatically connect on start – dial up automatically to your IP

immediately after starting the updating process;

Automatically disconnect on exit – disconnect automatically

(switch off the modem) after the updating process is completed.

59 Kaspersky Anti-Virus for Workstat ion

Figure 24. The Connect To box

If you have chosen the
automated connection feature
to set up a remote access to
your IP, the program will
enable the standard remote
access utility (unless you
have installed another one)
after you start the updating
process.

To connect to your IP fill in the Connect To box (Figure 24) and click on
Connect. A remote server will be dialed and connected to. During the dial up
the Connecting to Internet box with the Dialing message in the Status line
will be displayed. (Figure 25).

Figure 25. The Connecting to Internet box.

Dial-up

While dialing, the program
displays the Connecting to
Internet box with the Dialing
message. When you have
dialed in successfully, your
username and password will
be verified.

Figure 26 .The Connected to Internet box.

Username and password verification

In the Status line the
message Verifying user
name and password… will
appear (Figure 26).

Kaspersky Anti-Virus Updater 60

Figure 27. The User Logon box

If the user cannot be
identified by his settings the
User Logon box (Figure 27)
will appear with spaces for
the following connection
settings to be filled in: User

name, Password, Logon
domain.

Figure 28. The Connected to Internet box.

Connection settings

When you have connected to
the Internet, a special symbol
will appear on the taskbar.

To view the connection settings double-click on the relevant icon on the
taskbar (Figure 28).

Figure 29. LAN settings

If you use a local network for
your IP connection you can
choose the settings from the
Control Panel, or configure
the connection manually
(Figure 29), i.e.:

Use Internet settings from Control Panel – select the connection

settings defined in the Control Panel;

Setup Internet settings manually – define the connection manually.

61 Kaspersky Anti-Virus for Workstat ion

Figure 30. The settings to be defined manually

If you have chosen to define
the connection manually,
you must define the
following settings (Figure

30):

Use a proxy-server (Firewall) – check this box to use a proxy-server or a

firewall to connect to the IP;

Address – use this field to define the required proxy-server (or

firewall) address. You can define the address using the decimal

notation (e.g., 125.5.29.1), or the full domain notation (e.g.,
test.russia.ru), or the short notation (e.g., test);

Port – use this numerical field to define the proxy-server (or firewall)

connection port;

Authorization – check this box to define the user’s individual settings;

User name – use this field to define the user name allowing access

to the proxy (or the firewall);

Password – use this field to define the password allowing access to

the proxy (or the firewall);

HTTP proxy with FTP support – check this box to access the FTP

server via the HTTP-proxy-server (CERN-proxy);

Contact your network administrator for more details about the above settings.

5.2.2.2. Updating from a local folder

If you have chosen the Local Folder as a source for updating you must give the
full pathname of the folder.

Figure 31. Update from the local folder

When you click on the button
(which is outlined in Figure 31), a
box will open, where you should
choose the updating folder.

Kaspersky Anti-Virus Updater 62

5.2.2.3. Choosing objects to be updated

There are the following two check boxes at the bottom of the settings tree (Figure

32):

Figure 32. Choosing objects to be updated

Update Antivirus Bases– check this box to update anti-virus databases;

Update Executable Modules – check this box to update executable

modules of the Kaspersky Anti-Virus package.

Restart computer if needed – check this box to restart the computer if

required after the package executable modules are updated.

5.2.3. Step 3. The

Options

wizard box

In the Options box you can configure advanced features of the updating
program (Figure 33).

Figure 33. The Options dialog box

Use Report– check this box for the program to generate a report about the

updating process.

Report file – use this branch to define the report file name and the

location.

63 Kaspersky Anti-Virus for Workstat ion

Append – check this box to append new data to the existing report file.

If you uncheck this box the program will overwrite the existing report
with a new one each time the updating operation is performed.

Limit size of report file (in Kb) – check this box to define the

maximum file size in the numerical field below. The file will be
overwritten when the limit is exceeded.

Advanced – use this branch to configure the user interface;

Show progress window – check this box to display the updating

operation progress window (see below).

Press the Next button to proceed with the updating operation.

5.2.4. The

Retrieving updates

window

This window (Figure 34) will appear only if you have checked the Show
progress window box in the Advanced branch of the Options box.

Figure 34. The Retrieving updates window

The window consists of four parts, showing stages of anti-virus database
updating in progress:

• Connecting to server – connection to the source server for files to

download;

Kaspersky Anti-Virus Updater 64

• Downloading files – files copied from the server to the computer (the

name of the copied file is displayed at the top, the percentage
downloaded is displayed below);

• Installing files… – files are installed onto the computer (the name of

the installed file is displayed on top, the scale of the updating process
completion is shown below);

• Disconnecting… – connection session is over.

The level of completion is shown by the icon located to the left of the above
messages (the icon is displayed only when the corresponding part is being

updated). The

icon indicates a successful completion of this part of the

updating process, while shows that the updating program is executing this
part at the moment.

5.2.5. Step 5. The

Finishing

wizard box

This is the last box (Figure 35) where you can view the updating report (click on
the Report button) and check or uncheck the Visit the Kaspersky Labs Web
Home Page box for the latest news about KAV products box.

Click the Finish button to finish a work session with the program. If you have
checked the corresponding box Internet Explorer will automatically open the
Kaspersky Labs web site.

Figure 35. The Finish box

CHAPTER 6. KASPERSKY ANTI-

VIRUS CONTROL CENTRE

The Kaspersky AV Control Centre is a component of the Kaspersky Anti-Virus
package. It performs the functions of a management shell. You can use it to
install and update package components, define and schedule tasks to be started
at the appropriate time, and to review the task performance results.

The program allows you to keep track of what Kaspersky Anti-Virus components
are installed on your computer, which makes it easy for you to communicate with
the Kaspersky Labs technical support service, and to update your anti-virus
databases and components in a timely fashion.

Using the Kaspersky AV Control Centre, you can schedule the launch of the anti­virus programs included in the package. In this way you can improve you
productivity and at the same time keep your system safe from viruses.

The automated launch of the external programs allows you to use the Kaspersky
AV Control Centre as a conventional task scheduler. Most commonly there is no
need to use other tools of automated launch, which leads to more effective use
of your computer resources. Additionally, the exact mutual synchronization of
your processors is insured, provided that the processors are connected to the
system’s anti-virus safety system and other tasks, thus excluding the possibility
of conflicts.

6.1. Launching Kaspersky AV

Control Centre

There are several ways to launch your Kaspersky AV Control Centre:

Option 1

: From the Windows Main menu: click the Start button, then go to the

Programs submenu and click Kaspersky Anti-Virus Control Centre in the
Kaspersky Anti-Virus folder.

Option 2: Automated launch at Windows start-up before the logon procedure

(only if Kaspersky Anti-Virus Control Centre is installed).

Kaspersky Anti-Virus Control Centre 66

Figure 36. The Kaspersky AV Control

Centre menu in the taskbar

When Kaspersky AV Control is
successfully launched, in the taskbar
notification area you will see the icon

. Place you mouse cursor on it,
right-click, and you will see the user
menu (Figure 36), which includes the
following commands:

• Kaspersky AV Control Centre…– displays the program main window;

• Import settings… – allows you to import program settings from a user-

defined file (see below);

• Export settings… – allows you to save the current program settings to a

file with the .dat extension. Later you will be able to import settings from
this file (see above);

• Help – displays the Help topics window;

• About … – displays information about the product version, the license

name, the license expiration date and more (see Figure 37);

• Exit – exits the program.

The Export settings and Import settings commands allow you to copy
Kaspersky AV Control Centre settings from one computer to another, i.e.
you can set the program on a computer, then save the program settings
to a file in a shared folder on the server, and later download these
settings onto another computer.

At the top of the user menu above the line, you can find a list of tasks that
can be started manually. To start these tasks you do not have to display
the Kaspersky AV Control Centre main window; you may simply select
the required command from the menu.

67 Kaspersky Anti-Virus for Workstat ion

Figure 37. The About Kaspersky AV Control Centre box

Here we must mention some special features of the program. Kaspersky
AV Control Centre is divided into the following two sub-programs: a
service sub-program that is started as a system service even before the
logon procedure, and an interface sub-program that provides the
program’s graphic interface and supports communication between a user
and the program. If you unload only the interface subprogram, the tasks
defined in the Kaspersky AV Control Centre settings will still be
performed, but the user will not be able to edit settings and create new
tasks. If you unload the service sub-program as well, Kaspersky AV
Control Centre will abort the defined tasks.

Option 3

: From the command line. To launch Kaspersky AV Control Centre from

the command line, go to the KAV Shared Files folder and run avpcc.exe.

The common folder can be located on the following path: C:\Program
Files\Common Files\KAV Shared Files.

Kaspersky Anti-Virus Control Centre 68

6.2. Kaspersky AV Control Centre

interface

The program main window contains the following four tabs: Tasks,

Components, Settings and Quarantine (for details see below).

To perform various actions you can use the right-click menu or the control panel.

In the bottom of the window you can see the following buttons: OK, Cancel,

Apply and

. If you press the OK button, the changes you made to the

program settings will be saved; if you press the Cancel button, the changes you
made will be cancelled. In both the cases the main window will be closed. If you
press the Apply button, the changes you made will be applied and the main
window will remain on your screen; in this case you can continue to change
settings. For the resident tasks performed at this moment the applied settings will
be immediately loaded into the executable module. To display the Help topics
window press the Help button.

6.2.1. The

Tasks

tab

The Tasks tab (Figure 38) allows you to manage the tasks. The task is
understood as a program with predefined settings that is scheduled to start at
some certain time, or upon some event, or as required by the user.

The page contains three frames:

• In the left upper frame you can see each task listed with its corresponding
status;

• In the right upper frame you can see the current task performance
statistics

1

;

• In the lower frame you can see the list of events that have occurred
(errors, warnings, notifications).

Let’s have a look at each frame. The task list is divided into two columns: Name
and Status. In the Name column you will see the list of tasks, and in the Status
column – the respective task execution status. There are several status variants:

• Running – the task is being executed;

1

Program performance statistics – a short form of the report on the program

performance.

69 Kaspersky Anti-Virus for Workstat ion

• Finished – the task has been successfully executed;

• Fail – a failure occurred during execution of the task;

• Interrupted by user – the task was interrupted by the user;

• Pause – the task is suspended;

• Start – the task is launched;

• Stop – the task is stopped;

• Start fail – task launch error;

• Restart – the task is restarted.

Figure 38. The Tasks tab

In the right part of the window you will see the statistics bar. The contents of the
statistics bar depend on the task type.

Thus, for example, the automated update task has the following lines in the
statistics bar: Date, Time, Action, Result and Object, which respectively display
the date and time of the task launch, the undertaken actions and their results,
and the object to which the action was applied.

At the bottom of the main window you will see a list of events with a date and a
time when they occurred, and the component that generated the corresponding
alert. Event alerts are delivered to Kaspersky AV Control Centre from all the

Kaspersky Anti-Virus Control Centre 70

running components of the package. You may sort the list lines by any column,
alphabetically or numerically, in ascending or descending order. When you select
an event from the list the task that generated the corresponding alert will be
highlighted.

Figure 39. Context menu in the event

list

The list has a context menu (Figure 39).
The context menu items are used for the
following actions:

• Delete – deletes the selected event (with confirmation);

• Delete all – deletes all events from the list (with confirmation).

To carry out task management (such as creation, configuration, removal, launch,
and termination) use the right-click menu, and the Tool Panel buttons (Figure

40).

Figure 40. Right-click menu for the tasks list and the Control Panel on the Tasks tab

71 Kaspersky Anti-Virus for Workstat ion

To open the right-click menu, click with your right mouse button in the left part of
the window, where the tasks list and the status bar are located.

The right-click menu commands allows you to…

• Start – launch the selected task;

• Stop – terminate and unload the selected task that is running;

• Pause – pause the selected task. In this case the task is retained in

memory but its performance is suspended;

• Reload databases – reload the anti-virus databases. This command is
used when you wish to load the updated anti-virus bases into memory­resident tasks without restarting them;

• Reset statistics – clear the selected task performance statistics (only for
memory-resident tasks);

• New task – create a new task. If you select this command, the New Task
Wizard will be launched (see subchapter 6.3);

• Report – display the selected task performance report in the Kaspersky
Report Viewer window

(see Chapter 7) ;

• Enable – enable/disable the selected task to be started as scheduled. If
you disable the task, it will still be listed, but the task planner will not
launch it.

• Properties – display the selected task settings.

• Edit – change the selected task settings. By pointing to this command

you drop down a sub-menu with the following commands:

• Cut – cut the selected task from the list and place it into the

internal clipboard of Kaspersky AV Control Centre; the task
name, settings, and the appropriate schedule will be saved;

• Copy – copy the selected task into the internal clipboard;

• Paste – paste a task from the clipboard into the program task

list;

• Delete – delete the selected task from the list;

• Rename – rename the selected task;

• Up – move the selected task one line up;

• Down – move the selected task one line down;

Kaspersky Anti-Virus Control Centre 72

• Export – save the selected task to a file. If you select this

command, a window asking you to save the task settings in a
file with the .tsk extension will appear on your screen;

• Import – download a task from a file.

The Export and Import commands allow you to copy the required task settings
from one computer to another, i.e. you can create a task on a computer, then
save these task settings to a file in a shared folder on the server, and later
download this settings file onto another computer.

Some commands may be unavailable for some task types. The tasks are
launched in the order in which they are listed. Task management, as we have
mentioned above, can also be accomplished using tool bar buttons. The
following buttons correspond to the right-click menu commands:

Button Right-click menu command

Start

Stop

Pause

Reload databases

Reset statistics

Report

New task

Properties

Delete

When you place your mouse cursor on a button, a tip describing the button
function will pop up near this button.

You can use the following methods to manipulate tasks:

• Pressing a letter key – you can switch between the list items by pressing

the key corresponding to the first letter of the target item name.

• Using other hot keys:

73 Kaspersky Anti-Virus for Workstat ion

• <INSERT> – create a new task. If you press this key, the New task window
will appear on your screen (for details refer to subchapter 6.3).

• <D

ELETE> – remove the task from the list (with confirmation).

• <S

PACE> – show the selected task properties. If you press this key, the

Properties window will appear on your screen (For details refer to

subchapter 6.2.1.1).

For example, if there is a task called Automated update in the list, and you

press the

key on the keyboard, the list pointer will move to this task.

6.2.1.1. The

Property

window

This window appears when you press the button or select Properties in the
context menu. The window appearance depends on the task type, which it
describes.

In this product version there are the following window variants:

• The Kaspersky Anti-Virus Scanner task property window;

• The Kaspersky Anti-Virus Monitor task property window;

• The Kaspersky Anti-Virus Updater window;

6.2.1.1.1. The Kaspersky Anti-Virus Scanner task

property window

The Kaspersky AV Scanner task property window (Figure 41) contains
categories with a list of settings.

Kaspersky Anti-Virus Control Centre 74

Figure 41. The Kaspersky Anti-Virus Scanner task property window

The window contains the following categories:

Category Reference

Objects See subchapter 3.3.1

Options See subchapter 3.3.2

Customize See subchapter 3.3.3

User account See subchapter 6.3.5

Schedule See subchapter 6.3.3

Alerts See subchapter 6.3.4

75 Kaspersky Anti-Virus for Workstat ion

6.2.1.1.2. The Kaspersky Anti-Virus Monitor task

property window

The Kaspersky Anti-Virus Monitor task property window consists of categories
that contain the task settings (Figure 42). Some of the categories match those
located in the corresponding component main window; other categories are
specific only to Kaspersky AV Control Centre.

Figure 42. The Kaspersky Anti-Virus Monitor task window

Let’s explain the tab’s purposes.

Category Reference

Objects, Options,
Customize

See subchapters 3.3.1, 3.3.2, 3.3.3.

Schedule See subchapter 6.3.2.

Alerts See subchapter 6.3.4.

Kaspersky Anti-Virus Control Centre 76

6.2.1.1.3. The Kaspersky Anti-Virus Updater task

property window

The Kaspersky Anti-Virus Updater task property window contains tabs with the
task settings (Figure 43).

Figure 43. The Kaspersky Anti-Virus Updater task property window

Tab Reference

Connection See subchapter 5.2.2

Options See subchapter 5.2.3

User account See subchapter 6.3.5

Schedule See subchapter 6.3.3

Alerts See subchapter 6.3.4

The Connection page in the property window contains an additional
option that allows updating of your anti-virus databases and
executable modules in the folder of the Kaspersky AV Server. This is
the Update Kaspersky Anti-Virus from Kaspersky AV Server
option button.

77 Kaspersky Anti-Virus for Workstat ion

6.2.2. The

Components

tab

The Components tab (Figure 44) contains a list of Kaspersky Anti-Virus package
components

2

.

Figure 44. The Components tab

The tool bar is located in the right part of the tab; when you right click on it, the
context menu appears (Figure 45).

Figure 45. Context menu and the tool bar on the Components tab

2

Component – a program, utility, library or database, included in the Kaspersky Anti-

Virus package, which is responsible for a strictly limited number of tasks.

Kaspersky Anti-Virus Control Centre 78

The tool bar buttons are strictly correspondent to the items of the context menu
(see below).

Button Context

menu item

Description

Create task Creates a new task based on the selected

component. If you click on this button or select this
menu entry, the New task window will open (see
subchapter 6.3)

Run Launches a task based on the selected component

Open
component's
folder

Shows the component's folder in a standard
window.

Component
help

Launches the help system for the selected
component

About Displays the information about the product version,

date of the last anti-virus bases update, and more.
If you click on this button or select this menu entry,
the About window will open.

6.2.3. The

Settings

tab

The Settings tab (Figure 46) allows a user to define Kaspersky AV Control
Centre settings. The settings are divided into four categories. Every category
groups settings with well-defined functionality.

The list of categories (icons) is located in the left pane of the window. When you
select a category, the appropriate settings tree appears in the left panel (see
Chapter 8 for information about the settings tree).

If the window’s size is not sufficient to display all the categories, the

and buttons, allowing you to scroll the category list, appear at

the top and the bottom of the list.

79 Kaspersky Anti-Virus for Workstat ion

Figure 46. The Settings tab

Category Function

Security

This category contains parameters
responsible for the system’s safety and
limiting access to Kaspersky AV Control
Centre components;

Alerts

This category contains parameters
responsible for processing alerts about
critical events in the Kaspersky AV Control
Centre task performance;

Quarantine

This category contains settings for the
location of quarantined files on this
computer or server (makes sense only if
Kaspersky Administration Kit is enabled)
(see below for information about
Quarantine).

Kaspersky Anti-Virus Control Centre 80

Category Function

Remote management

This category contains options for remote
administration via Kaspersky Network
Control Centre
(these options are only for those who use a
Kaspersky Administration Kit software
package that includes the remote
administration program);

Customize

This category contains user interface
customization settings for Kaspersky AV
Control Centre.

6.2.3.1. The

Security

category

Figure 47. The Settings tab. The Security

category

This category (Figure 47) is used
for setup of system safety features.
It is responsible for password setup
and access and denial to some
task types.

The Kaspersky AV Control Centre allows you to protect some running actions by
a password. In that way user access to the specified commands is limited.

Figure 48. Password protection section

These features, as mentioned
above, are regulated in the tree
section for Password protection
(Figure 48).

This section contains the following options:

Password – enter an administrating password for Kaspersky Anti-Virus

using Kaspersky Anti-Virus Control Centre. This password will prohibit users
from accessing some program functions (the list of corresponding functions

81 Kaspersky Anti-Virus for Workstat ion

is located below in the settings tree). If you press the button, the
Change password dialog box will appear on your screen.

Figure 49. The Change password dialog box

This box (see Figure

49) allows you to
define and change
the password. Enter
your password in the
New password text
field and confirm it in
the Confirm
password text field.

Protect resident task stopping – If you check this box, the program will

prompt for the password when somebody tries to stop resident tasks (for
example, Kaspersky AV Monitor) running on the computer.

Protect non-resident tasks stopping – If you check this box, the program

will prompt for the password when somebody tries to stop non-resident tasks
(such as Anti-Virus Scanner or Kaspersky AV Updater) running on the
computer.

Protect Kaspersky AV Control Centre settings modification – If you

check this box, the program will prompt for the password when somebody
tries to display the window and to change settings of Kaspersky AV Control
Centre.

Protect Kaspersky AV Control Centre exiting – If you check this box, the

program will prompt for the password when somebody tries to unload
Kaspersky AV Control Centre from the memory.

When selecting a password-protected action, make sure to enter your
password in the Password text field!

In addition, this tab allows you to disable some task types that can be dangerous,
if somebody tries to remotely administer the package without any authorization
(system crack).

Figure 50. The Disabled tasks branch

This feature can be enabled on the
Disabled tasks branch (see Figure 50).

This product version has only one option available:

Kaspersky Anti-Virus Control Centre 82

Run user program – If you check this box, user programs will be prohibited

from starting as Kaspersky AV Control Centre tasks.

6.2.3.2. The

Alerts

category

The Alerts category (see Figure 51) allows you to process remotely alerts
generated by the running tasks.

Figure 51 The Settings tab. The Alerts category

The settings tree contains the following options:

Skip all alerts – Disable the sending of alerts

Process alerts via Kaspersky AV Server – Send alerts using the

Kaspersky AV Server, the server component of the Kaspersky Anti-Virus
remote management system

Process alerts by Kaspersky AV Control Centre – Send alerts using the

Kaspersky AV Control Centre;

To limit the number of alerts to be generated by a single task, check the box
Maximum alerts for single task and define the maximum value in the
corresponding field.

83 Kaspersky Anti-Virus for Workstat ion

For example, Figure 52 illustrates a situation when the maximum
number of alerts is limited to 10. This means that when Kaspersky AV
Control Centre receives the eleventh alert from a task, the received
alert list will be automatically cleared.

If the Process Alerts by Kaspersky AV Control Centre option is selected, you
should customize the settings for sending alerts. To enable the program to send
alerts via e-mail check the Send E-mail messages box. Then define the
following settings:

Figure 52. The Process alerts by Kaspersky AV Control Centre branch

To:

Type the recipient’s e-mail address in this line;

From: Type in the name or address to be displayed in the From line

of an e-mail message. Any string can be the value of this line.
This setting is required for work with some SMTP servers and
is used for user authentication;

Subject:

e-mail message subject;

Message:

The message text to be sent with the e-mail;

Mail settings

Specify the e-mail system settings for alert sending methods.
There are two methods of sending:

• using MAPI;

• using SMTP.

Kaspersky Anti-Virus Control Centre 84

Contact your network system administrator for more information about
SMTP and MAPI.

6.2.3.2.1. Send mail using SMTP

Figure 53. SMTP settings

To send alerts using SMTP, select the Send
mail using SMTP option (Figure 53), then
select the following parameters:

SMTP Server address

Contains the SMTP server address, which can
be typed in as a decimal notation (e.g.

125.5.29.1), or as a full domain notation (e.g.
test.mail.ru), or a short notation (e.g. test);

SMTP server port

Contains the SMTP server port address. The
default value is 25.

Let’s study an example of tab Alerts settings usage. Let’s say we need to set up
SMS-messages sending about critical network events to the mobile phone of a
system administrator via e-mail gate.

Input data:

• administrator’s mobile phone number – 1234567 (direct number);

• telephone connection operator – Beeline GSM (i.e. the access code to

direct phone numbers – 7 901);

• SMTP server address – mysmtp.home.ru;

• SMTP server port – 25;

Make sure that:

• The message has been sent from the Control Centre,

• The message had the Alert subject,

• The message body contained the following text: Warning! There was a

critical event!

85 Kaspersky Anti-Virus for Workstat ion

Figure 54. Settings for sending critical event SMS

messages

To do this, define the
following settings (See
Figure 54).

The e-mail gate address, as well as the access code to the operator’s
cellular phone, can vary depending on the region.

6.2.3.2.2. Send mail using MAPI

If you have the Windows 95 OSR2/98 operating system running on your
computer, the Kaspersky AV Control Centre application allows you to set up
message sending through MAPI.

Figure 55. MAPI settings

To set up MAPI parameters select the
Send mail using MAPI option (Figure

55), then enable the following settings:

Profile

Profile name (configuration file) of the
MAPI client;

Password

Profile access password;

MAPI client

MAPI client name, which will be used
for sending alerts.

Some MAPI clients do not use profiles. In that case leave the
Configuration and Profile password lines empty.

Kaspersky Anti-Virus Control Centre 86

6.2.3.3. The

Remote management

category

This category is used for remote administration setup using the Kaspersky
Network Control Centre (Figure 56).

Figure 56 The Settings tab. The Remote management category.

To disable the remote management feature, select the Disable remote

management option; to enable the network functioning of the Kaspersky Anti­Virus using Kaspersky Network Control Centre, set the selector to the Use
Kaspersky Network Control Centre position.

Figure 57 Use Kaspersky Network Conrol Center option

After doing so, set up the program security parameters to networking, as well as
the used ports.

Security

Network security setup with the Kaspersky Anti­Virus remote management option enabled

Used TCP/IP Ports

Setup of ports (TCP and UDP) used for
package components management

87 Kaspersky Anti-Virus for Workstat ion

6.2.3.3.1. Remote management security setting

Figure 58 Remote management security setting

The remote management
security setting (Figure 58)
allows you to limit the number
of computers, which can
remotely manage the
Kaspersky Anti-Virus
components.

There are two options for the system safety setup: enable the Control Center
administration for all network computers or set the IP addresses of the computers with
permitted remote management.

The Security tree branch contains the following items:

Allow all addresses

Gives permission to all network computers to
remotely manage the Kaspersky Anti-Virus
components installed on your computer

Allow addresses from
followed list :

Gives remote management permission only to
computers with numerical IP addresses listed
below.

It is recommended to give remote management permission only to
your system administrator’s computer. To do so, enable the allow
addresses from the list option, then add the system administrator’s
computer IP address to the list.

6.2.3.3.2. Remote management ports setup

Figure 59 Remote management ports setup.

The TCP and UDP ports are
used for the remote
management of the Kaspersky
AV Server and the Control
Center. The default settings are
as follows:

Kaspersky AV Control Center communication TCP
port

8086

Kaspersky AV Control Center communication UDP
port

8087

Kaspersky Anti-Virus Control Centre 88

Kaspersky AV Server communication TCP port

8084

Kaspersky AV Server communication UDP port

8084

To enter new settings, go to the TCP/IP ports section (Figure 59), then enter the
new values.

6.2.3.4. The

Customize

category

Figure 60. The Settings tab. The Customize category

The Customize category
(Figure 60) contains the
program interface
settings. In this category
you can set up the audio
accompaniment of certain
actions execution, as well
as the colour mode of a
program setting.

The Customize category includes two sections: Play sound on event and
Appearance. Here is their short description:

• Play sound on event – setting sound effect following the execution (or
completion) of specified operations (see subchapter 6.2.3.4.1 for further
detail);

• Appearance – set up the color mode of your program (see subchapter

6.2.3.4.2 for more detail).

6.2.3.4.1. Sound setup

The Kaspersky AV Control Centre application allows you to assign sound effects
to specified events. This gives your program some additional service features.

The sound setup, as mentioned above, is carried out on the Sound branch
(Figure 61).

To enable the sound, check the appropriate box and click on the corresponding

button to display the window, in which you want to select the audio file. This

file should be written in the WAV format. Let’s explain each sound’s purpose:

89 Kaspersky Anti-Virus for Workstat ion

• Task start – Play the sound immediately after the task launch (not
regarding its type).

• Task finished successfully – Play the sound at successful task
completion, i.e. in case the task hasn’t been canceled by the user and
hasn’t terminated with errors.

• Task canceled by user – Play the sound if the task was canceled by the
user.

• Task failed – Play the sound at the emergency task close-down.

Figure 61. Sound setup

6.2.3.4.2. Color setup

The Kaspersky AV Control Centre program allows you to change the interface
color setting.

Figure 62. The Colors section

Change the colors of the
interface elements, as mentioned
above, is carried out in the
Colors section (Figure 62).

To make it easy for a user to set up the colors, the application provides a
selection of standard color schemes. To choose a color scheme, go to the
Schemes list. Each scheme is characterized by the following settings:

• Main window background – the application main window background
color;

• Task list window background – the background color of the task list
window of the Tasks tab;

• Component window background – the Components tab background
color;

Kaspersky Anti-Virus Control Centre 90

• Event list window background – the Tasks tab background color.

In Figure 63 below, the example of the Lilac color scheme is shown
and its settings are given.

Figure 63. The Liliac color scheme

6.2.3.5. The

Quarantine

category

You can use the Quarantine settings tree to define the anti-virus quarantine
settings. Quarantine is a special storage where suspicious and infected files
detected by Kaspersky Anti-Virus Scanner and Kaspersky Anti-Virus Monitor are
placed (see Figure 64).

For your Kaspersky Anti-Virus Scanner and Kaspersky Anti-Virus Monitor to save
files to this storage, you must check the Use quarantine box on the Options
page in the properties dialog window. When running in this mode the program
quarantines the infected files, but does not delete them from their original
location. The infected files are automatically deleted from the computer only if the
Delete option in the Kaspersky Anti-Virus Scanner and the Kaspersky Anti-Virus
Monitor settings is selected.

91 Kaspersky Anti-Virus for Workstat ion

Figure 64. The Quarantine category

Files in quarantine are stored in encoded form. This:

• reduces the risk of infection from this virus (the executable code cannot
be started without preliminary decryption);

• saves time for your anti-virus programs (files in the quarantined form are
not detected as infected).

In the future you can study the quarantined files, restore them from the
quarantine or delete them.

To quarantine the files locally, i.e. on your computer (loc al quara ntine), select the

Quarantine files locally option button in the settings tree. For details of how to
handle quarantined files refer to the next chapter.

6.2.4. The

Quarantine

tab

On the Quarantine page (see Figure 65), you can see contents of the local
quarantine (for details of the local quarantine see subchapter 6.2.3.5).

Kaspersky Anti-Virus Control Centre 92

Figure 65. The Quarantine page

On this page you can change the display of quarantined files and handle these
files as required. To do this, use the page’s right-click menu (see Figure 66).

Figure 66. The Quarantine page right-click menu

All the commands on the menu, except for View, can also be activated using the
appropriate tool bar buttons located at the right side of the page.

By using commands from the View sub-menu you can define the display of the
icons and the list (in table form or just file names).

To review the file properties, follow these steps:

1. Select the required file name from the list and press the button

or select the Properties command from the file right-click menu.

2. The file properties box will appear on your screen (information in
this box is similar to the file information displayed in the table, the
difference is that it is arranged in a more friendly way, Figure 67).

93 Kaspersky Anti-Virus for Workstat ion

Figure 67. The file properties box

To update the list of quarantined files, select the Refresh command from the

right-click menu or press the

button.

To restore a file from the quarantine, follow these steps:

1. Select the file from the list of quarantined files and press the

button at the right side of the frame or select the Extract command
from the file right-click menu.

2. In the file restoration wizard box on your screen (Figure 68) press

the

button to define the target folder where the restored file will

be placed.

3. Check the Decrypt box.

4. Press the Next button.

5. The restoration progress box will appear on your screen. When the

file is restored press the Finish button.

Kaspersky Anti-Virus Control Centre 94

Figure 68. The file restoration wizard box

To delete a file from the quarantine, follow these steps:

1. Select it from the list of quarantined files and press the button
or select the Delete command from the file right-click menu.

2. The deletion confirmation box will appear on your screen. Press
the Yes button to confirm the operation.

The program will only delete the file from the quarantine but not
from its original location. The file may be automatically deleted from
its original location only if you preset the anti-virus programs on the
computer to delete infected files (selected the Delete option).

To add a file to the quarantine, follow these steps:

1. Press the button

or select the Add command from the right-

click menu. The file quarantine wizard box will appear on your
screen (Figure 69).

2. Define the file to be quarantined by pressing the

button and

selecting the required file in the MS Windows standard dialog box.

3. If required, edit the text in the Reason field and press the Next
button.

4. The quarantining progress box will appear on your screen. When
the file is quarantined press the Finish button.

95 Kaspersky Anti-Virus for Workstat ion

Figure 69. The file quarantine wizard box

6.3. New Task Wizard

The scheduled execution of a specified application with predefined settings can
be defined as a named task of the task planner.

The New Task Wizard is activated when you select New Task in the context

menu or click on the

button on the taskbar, the Tasks or Components tabs.

New task creation in the Kaspersky AV Control Centre is designed as a Windows
Wizard with a sequence of windows (steps), each of which is used for execution
of a specified action.

To change windows, click the Next (one step forward) and Back (one step
backward) buttons. To terminate the process, click the Finish button. To cancel
the new task creation, click Cancel. To get operation help on each step, click
Help.

6.3.1.

Tasks

window

In accordance with the task type, running applications or settings features, tasks
can be divided into two groups:

• tasks which launch Kaspersky Anti-Virus applications during running;

• other tasks.

Type the task name and type in the Task window (Figure 70).

Kaspersky Anti-Virus Control Centre 96

Figure 70. Task window

There are the following task types:

• memory and disks scanning – launches Kaspersky AV Scanner with

the individual settings feature for different scan parameters for each task.
Task launch can be scheduled to activate automatically, at a certain event
occurrence, or on direct command of a user;

• real-time scanning – launches the Kaspersky Anti-Virus Monitor and/or

makes temporal modifications of its settings without reboot. The start-up
period for each setting can be strictly specified in accordance with a
schedule, determined by the occurrence of some system event, or be
specified by the user during the switch to a different activity (for example,
during new software installation, importing programs and document
copying, e-mail reception and so on);

• anti-virus database update – automated database update for new

information on new viruses. You can update from the Internet, as well as
from a LAN – which reduces connection expenditures, speeds up the
update process and makes it easy to administer your package;

• run user program – any application, which can be launched from the

Kaspersky AV Control Centre;

• new product installation – Windows Application Setup Wizard start-up.

97 Kaspersky Anti-Virus for Workstat ion

6.3.2. The

Schedule

window for a

Kaspersky AV Monitor task

Figure 71. Schedule window for the

Kaspersky Anti-Virus Monitor task

When creating a Kaspersky Anti­Virus Monitor task in the Schedule
window (Figure 71) you should set
the launch and pause intervals. To
launch a task at the Kaspersky AV
Control Centre start, select Always.
To set a work interval, select Interval,
then set up the launch and halt
schedule. To set up the application
launch, click on the Start button. You
will see an activated window similar
to the Schedule window for the
Kaspersky Anti-Virus Scanner task
(read further for a description of this
window).

Clicking on the Pause button will pause the task setup.

6.3.3. The

Schedule

window for Kaspersky

AV Scanner and Updater

When creating a Kaspersky Anti-Virus Scanner task in the Schedule window, you
should set the conditions and frequency of the launch (Figure 72).

There are the following launch options:

• On event – the task launches on the occurrence of an event or by user

command (See subchapter 6.3.3.1).

• By condition – the task launches at the occurrence of a certain task type

close-down condition (See subchapter 6.3.3.2).

• Hourly – the task launches at a scheduled time with an hourly interval

(See subchapter 6.3.3.3).

• Daily – the task launches every day at a scheduled time (See subchapter

6.3.3.4).

• Weekly – the task launches every week at a scheduled day and time

(See subchapter 6.3.3.5).

Kaspersky Anti-Virus Control Centre 98

• Monthly – the task launches on scheduled days and times (See

subchapter 6.3.3.6).

Select the required start option in the left part of the window then set up the
schedule according to details described in the subchapters below.

Figure 72. The Schedule window for Kaspersky AV Scanner and Kaspersky AV Updater

6.3.3.1. Launching on event

The Kaspersky AV Control Centre allows you to set the task launch on
occurrence of a certain system event, or by user command.

To select this launch option, point to On event, then in the right part of the
Schedule window you will see the condition list (Figure 73).

Select a launch condition from the list. There are several options available:

Manually

The task is launched manually from the Kaspersky
AV Control Centre by user command;

At Control Center start

The task is launched at the Kaspersky AV Control
Centre start, i.e., in fact at the user log in;

99 Kaspersky Anti-Virus for Workstat ion

At Control Center
system service start

The task is launched at the Kaspersky AV Control
Centre System Service start-up, i.e., in fact, at
system boot.

Figure 73. Start on event setup

You can schedule any of your task types to be launched once a day or on each
occurrence of the event.

6.3.3.2. Launching by condition

The Kaspersky AV Control Centre allows you to set the task launch on the
occurrence of specified conditions related to the results of the work of some
package components.

In this product version this is realized in the following way: the user can create a
task which will be launched provided that Kaspersky Anti-Virus closes down with
a certain return code.

Kaspersky Anti-Virus Control Centre 100

Figure 74. Start by condition setup

To select this
option, position the
selector in the left
part of the
Schedule screen to
By condition
(Figure 74).

After doing so, in the If task window select the task status in respect to which the
condition will be formulated, and in the finished with exit code list select the task
closedown value.

Let’s name the task status in respect to which the condition is formulated the

main task, and the main task closedown value the main task result.

There are the following types of main task:

• Start Kaspersky AV Monitor;

• Update anti-virus databases;

• Start Kaspersky AV Scanner.

The program processes the following main task results:

• Any– the created task will run immediately after the main task execution

without regard to its result;

• Done – the created task will run only if the main task has been

successfully accomplished;

• Failed – the created task will run only in case of the main task failure;

• Canceled – the created task will run only if the user canceled the main

task.

Sometimes viruses can affect the Kaspersky Anti-Virus Monitor. In this case you
should delete the viruses by other means.

By using this tab you can create, for example, a task that will automatically start
your Kaspersky AV Scanner if your Kaspersky AV Monitor has generated a start
error.

101 Kaspersky Anti-Virus for Workstat ion

6.3.3.3. Launching hourly

Figure 75. Start the task every hour

To launch a created task on an
hourly schedule, select the
Hourly option in the left part of
the Schedule window (Figure

75), then specify the launch time
in the right part of the window.

Figure 75 illustrates the setup of
the task launch on an hourly
basis within a 25 minutes period.
For example, if it’s 12 a.m., the
task will be launched at 12:25,
13:25, 14:25 and so on.

6.3.3.4. Launching daily

Figure 76. Start the task every day

To start the task on a daily
basis at a scheduled time,
select the Daily option in the
Schedule window (Figure

76), then set up the launch
time.

The launch time setup is
done in the Time list. Use
the Kaspersky AV Control
Centre and the context
menu for this purpose. You
can use these as follows:

Toolbar
button

Context menu
option

Purpose

Create… Creates a new launch time record. When you

select this option and the Time window is
activated, you must type in the task launch time.
You can display this window by double clicking
with your mouse in any white place within the