Kaspersky ANTI-VIRUS 5.0 User Manual

KASPERSKY LAB

Kaspersky Anti-Virus 5.0 for Windows Workstations

Administrator’s Guide

KASPERSKY ANTI-VIRUS® 5.0

FOR WINDOWS WORKSTATIONS

Administrator’s Guide

http://www.kaspersky.com

Revision date: July, 2006

Contents

CHAPTER 1. KASPERSKY ANTI-VIRUS FOR WINDOWS WORKSTATIONS......... 7

1.1. What's new in version 5.0? ................................................................................... 9

1.2. Hardware and software system requirements ................................................... 11

1.3. Distribution kit ...................................................................................................... 11

1.3.1. License Agreement....................................................................................... 12

1.4. Services for registered users .............................................................................. 12

1.5. Conventions......................................................................................................... 13

CHAPTER 2. INSTALLATION AND REMOVAL OF THE APPLICATION ................. 14

2.1. Installing the application ......................................................................................14

2.2. Silent mode installation of the application........................................................... 19

2.3. Removing the application.................................................................................... 22

2.4. Updating from version 4.x to 5.0......................................................................... 22

CHAPTER 3. APPLICATION MANAGEMENT CONCEPTS...................................... 23

3.1. Basic concepts of the administration concept .................................................... 24

3.2. Local interface ..................................................................................................... 25

3.2.1. System tray icon ........................................................................................... 25

3.2.2. Right-click menu ...........................................................................................26

3.2.3. Main application window: general structure................................................. 27

3.2.3.1. The Protection tab.................................................................................. 28

3.2.3.2. The Settings tab..................................................................................... 29

3.2.3.3. The Support tab ..................................................................................... 31

3.2.4. Scanning process window............................................................................ 32

3.2.5. Help system .................................................................................................. 33

CHAPTER 4. COMPUTER PROTECTION USING THE DEFAULT SETTINGS ...... 34

4.1. Default settings.................................................................................................... 34

4.2. Anti-Virus protection levels.................................................................................. 36

CHAPTER 5. APPLICATION MANAGEMENT USING THE LOCAL INTERFACE... 39

5.1. Updating the anti-virus database and application modules ............................... 39

5.1.1. When to download updates.......................................................................... 40

4 Kaspersky Anti-Virus 5.0 for Windows Workstations

5.1.2. Performing manual update. Downloading updates..................................... 40

5.1.3. Configuring updates ..................................................................................... 42

5.1.3.1. Updating the application modules ......................................................... 44

5.1.3.2. Copying updates to the local folder....................................................... 45

5.1.3.3. Selecting the updates source ................................................................ 46

5.1.3.4. Proxy server settings configuration ....................................................... 48

5.1.3.5. Selecting anti-virus database type ........................................................ 49

5.2. Real-time protection mode.................................................................................. 51

5.2.1. File system scan ........................................................................................... 53

5.2.1.1. Selecting the anti-virus protection level................................................. 55

5.2.1.2. Actions to be performed with a detected object.................................... 57

5.2.2. Scanning mail ............................................................................................... 59

5.2.2.1. Selecting the anti-virus protection level................................................. 60

5.2.2.2. Actions to be performed with a detected object.................................... 62

5.2.3. Scanning Microsoft Office Outlook mail....................................................... 63

5.2.4. Macros monitoring ........................................................................................ 64

5.2.5. Scripts monitoring ......................................................................................... 66

5.2.6. Protection against network attacks ..............................................................67

5.3. The on-demand scan mode................................................................................ 70

5.3.1. Full computer scan ....................................................................................... 70

5.3.2. Scanning selected objects............................................................................ 72

5.3.3. Configuring on-demand scan....................................................................... 74

5.3.3.1. Selecting the scan level ......................................................................... 77

5.3.3.2. Actions to be performed with a detected object.................................... 80

5.3.4. Scanning archives ........................................................................................ 82

5.3.5. Scanning removable drives.......................................................................... 84

5.4. Processing malicious objects detected............................................................... 85

5.5. Software processing monitoring.......................................................................... 89

5.6. User’s tasks ......................................................................................................... 91

5.7. Creating list of exclusions.................................................................................... 92

5.8. Configuring schedule........................................................................................... 96

5.9. Launching a task under a selected user's account ............................................ 99

5.10. Additional features........................................................................................... 100

5.10.1. Quarantine and Backup storage .............................................................. 101

5.10.1.1. Storage setup..................................................................................... 101

5.10.1.2. Work with Quarantine storage........................................................... 103

Contents 5

5.10.1.3. Working with Backup storage............................................................ 105

5.10.2. Working with reports................................................................................. 106

5.10.3. Managing Kaspersky Anti-Virus configuration......................................... 111

5.10.4. Additional settings..................................................................................... 112

5.10.5. Configuring prompts for confirmation....................................................... 116

5.10.6. Restricting efficiency of Kaspersky Anti-Virus .........................................117

5.10.7. Working in the administrator’s and the user’s mode ............................... 118

CHAPTER 6. MANAGING THE APPLICATION USING KASPERSKY

ADMINISTRATION KIT............................................................................................ 120

6.1. Managing installation packages........................................................................ 120

6.1.1. Creating an installation package ................................................................ 120

6.1.2. Viewing and editing the installation package settings ............................... 123

6.2. Managing policies.............................................................................................. 124

6.2.1. Creating a policy ......................................................................................... 124

6.2.2. Viewing and editing policy settings ............................................................ 128

6.2.2.1. Viewing information about policy......................................................... 128

6.2.2.2. On-demand scanning .......................................................................... 130

6.2.2.3. Real-time protection of file system objects.......................................... 132

6.2.2.4. Threats and Exclusions .......................................................................135

6.2.2.5. Software processes monitoring........................................................... 135

6.2.2.6. Scanning e-mail messages .................................................................136

6.2.2.7. Scripts monitoring ................................................................................139

6.2.2.8. Macros monitoring ...............................................................................140

6.2.2.9. Protection against network attacks...................................................... 143

6.2.2.10. Updating anti-virus databases and application modules.................. 144

6.2.2.11. Working with system tasks................................................................ 146

6.2.2.12. Setting up Quarantine and Backup storage...................................... 146

6.2.2.13. Producing report on the operation of application.............................. 148

6.2.2.14. Additional parameters........................................................................ 151

6.2.2.15. Viewing results of policy application.................................................. 155

6.3. Managing tasks ................................................................................................. 156

6.3.1. Creating a task............................................................................................ 156

6.3.1.1. Creating a local task ............................................................................ 157

6.3.1.2. Creating a group task .......................................................................... 163

6.3.1.3. Creating a global task .......................................................................... 163

6.3.2. Viewing and editing task settings and monitoring task performance........ 164

6 Kaspersky Anti-Virus 5.0 for Windows Workstations

6.3.3. Launching and stopping tasks.................................................................... 165

6.4. Configuring application settings ........................................................................ 165

6.4.1. Viewing information about the application ................................................. 167

6.4.2. Additional application settings .................................................................... 168

6.4.3. Working with the quarantine and backup storage areas........................... 169

6.4.4. Viewing information on license keys.......................................................... 171

6.4.5. Setting up report generation parameters................................................... 171

CHAPTER 7. TESTING OPERATION OF KASPERSKY ANTI-VIRUS ................... 172

7.1. Test “virus” EICAR and its modifications .......................................................... 172

7.2. Testing correct operation of Kaspersky Anti-Virus ........................................... 174

CHAPTER 8. MANAGING LICENSE KEYS ..............................................................176

8.1. Managing keys using local interface................................................................. 177

8.2. Working with license keys using the Kaspersky Administration Kit interface.. 180

CHAPTER 9. MANAGING APPLICATION FROM THE COMMAND LINE.............. 181

9.1. Scanning selected objects ................................................................................ 182

9.2. Full scan............................................................................................................. 184

9.3. Launching updates ............................................................................................ 185

9.4. Last update rollback .......................................................................................... 186

9.5. Real-time protection mode................................................................................ 187

9.6. Starting the application...................................................................................... 187

9.7. Stopping the application .................................................................................... 188

9.8. Managing tasks ................................................................................................. 188

9.9. Import/export of settings.................................................................................... 190

9.10. Adding a license key ....................................................................................... 191

CHAPTER 10. FREQUENTLY ASKED QUESTIONS............................................... 192

APPENDIX A. CONTACTING TECHNICAL SUPPORT SERVICE.......................... 199

APPENDIX B. GLOSSARY......................................................................................... 202

APPENDIX C. KASPERSKY LAB............................................................................... 209

C.1. Other Kaspersky Lab Products ........................................................................ 210

C.2. Contact Us ........................................................................................................ 218

APPENDIX D. LICENSE AGREEMENT .................................................................... 219

CHAPTER 1. KASPERSKY ANTI-

VIRUS FOR WINDOWS WORKSTATIONS

Kaspersky Anti-Virus® for Windows Workstations (hereinafter referred to as the Kaspersky Anti-Virus) is designed to protect workstations against computer viruses and malware.

The following features have been implemented in the application:

• Protection against computer viruses and malware – detection and elimination of malware in your computer. Two main application operating modes, that can be used either separately or jointly, can be distinguished:

• Real-time computer protection – scanning for viruses all objects that are run, opened or saved on your computer.

• On-demand computer protection – scanning the entire computer or its individual drives, files or folders. You can launch such scan manually or configure a schedule to launch the scan automatically at a certain time interval.

• Recovering after a virus attack. Full scan and disinfection that use settings recommended by the Kaspersky Lab’s experts allows detecting all viruses that infected your data during virus attacks.

• Scanning and disinfection of incoming/outdoing mail – anti-virus analysis and disinfection of all incoming and outgoing mail in the real-time

mode

. Additionally, the application allows manual scanning and

disinfection of mail databases of mail clients

• Computer protection against network attacks – analysis of all data received from the network (LAN and internet) by the user’s computer to detect network attacks. Once a network attack is detected, required

The application scans all mail sent and received by Microsoft Office Outlook irrespective of the mail protocols used as well as any mail sent or received by any mail program using SMTP and POP3 protocols.

Kaspersky Anti-Virus scans mail databases for any mail client program, but disinfects databases of Microsoft Office Outlook and Microsoft Outlook Express only.

8 Kaspersky Anti-Virus 5.0 for Windows Workstations

defense will be provided and the attacking computer will be blocked. Additionally, the application will use the invisible mode that allows receiving data only from computers that are engaged in the data exchange initiated by the user.

• Updating of the anti-virus database, network attacks database and

application modules – updating of the anti-virus database and network

attacks database with information about new viruses and attacks, methods to be used for disinfection of objects infected with these viruses and malware and updating of the application modules (if this feature is not disabled). Updates are downloaded from the Kaspersky Lab’s updates server specified by the user or from a network/local updates folder.

• Recommendations on the application setup and operation – various tips and recommendation of Kaspersky Lab’s experts on configuring the application to ensure the optimal anti-virus protection will be displayed when you use Kaspersky Anti-Virus.

Once dangerous objects are detected, if the anti-virus database has not been updated or the full computer scan has not been performed for a very long time, recommendations to perform certain actions with explanation will be displayed in the main window of Kaspersky Anti-Virus.

Based on the extensive practical experience in the anti-virus industry and on the analysis of the feedback provided by our users to the Technical Support Service, Kaspersky Lab’s specialists did their best to configure the application to ensure the optimal performance. Anti-virus settings recommended by our experts apply immediately after your have installed and launched the application.

• The use of various application configuration profiles – creating and using of special configuration files – profiles that store the application settings. By specifying application settings and saving them in the profiles you can easily alter Kaspersky Anti-Virus configuration. Thus, for example, you can configure the application to use the real-time protection mode or to perform the on-demand scan task only and to use such configurations only when required. You can also return to the recommended application settings at any time when using Kaspersky Anti-Virus.

• Using two application operation modes – you can use the application in the user’s or the administrator’s mode. In the user’s mode only basic functionality of Kaspersky Anti-Virus is available, but you can not alter the application settings or disable the anti-virus protection. In the administrator’s mode you have access to all features to manage the application.

• Placing objects into quarantine – moving objects that are possibly infected with viruses and their modifications into a special safe storage

Kaspersky Anti-Virus for Windows Workstations 9

where you can disinfect, delete them, restore them to the original folder or send them to the Kaspersky Lab’s experts for analysis. Quarantined files are stored in a special format and do not impose any threat.

• Creating backup copies of objects – creating special backup copies of objects in a special storage before attempting to disinfect or delete these objects. Such copies are created for the cases when you need to restore the original object if it contains valuable information or to restore the situation when the infection took place. Copies are stored in a special format and do not impose any threat.

• Creating reports – registering all results of Kaspersky Anti-Virus operation in the reports. A detailed report about the results of the scan includes the general statistical information about objects scanned, stores information about the settings used to perform tasks and about the order of scan and processing of each particular object. Reports are also created for the results of the updates and of the operation in the real-time protection mode.

• Centralized remote management of the application – controlling the application using the Kaspersky Administration Kit 5.0 centralized administration system.

Some functions of Kaspersky Anti-Virus are available from the command line (details see Chapter 9 on page 181).

1.1. What's new in version 5.0?

Version 5.0 of Kaspersky Anti-Virus for Windows Workstations differs from the previous 4.x version as follows:

• The use of the anti-virus scan acceleration technologies: iChecker™ and iStreams™: Now Kaspersky Anti-Virus does not re-scan objects that have

been analyzed during a previous scan and have not been altered since then not only in the real-time protection mode, but also during an ondemand scan. This feature ensures a considerable acceleration of the application’s operation.

• Scan and disinfection of mail sent or received by any mail client application using SMTP and POP3 protocols. Previous versions ensured anti-virus mail protection only for Microsoft Office Outlook.

• Disinfection of infected archives. Kaspersky Anti-Virus allows disinfecting infected files contained in zip, arj, cab, rar, lha and ice archives. Previous versions of the application provided only for detection of infected files in

10 Kaspersky Anti-Virus 5.0 for Windows Workstations

the archives and for disinfection of infected objects contained in zip archives.

Kaspersky Anti-Virus scans multi-volume archives of the above format and self-extracting archives, but does not disinfect them.

• The anti-virus database updating process speed has been increased

through determining the Kaspersky Lab’s updates server closest to the user’s geographical location. An ability to receive the remaining part of the updates in case of a disconnection has been implemented.

• Protection against network attacks. This version of Kaspersky Anti-Virus ensures protection of your computer against most common network and hackers’ attacks.

• Intuitive interface. The application is now implemented as a single program while previous versions consisted of a set of programs that performed individual anti-virus protection functions. This new approach made it possible to ensure intuitive and simple management of most critical functions of Kaspersky Anti-Virus.

• Kaspersky Anti-Virus compatibility with other anti-virus products has been improved. During the installation of the application you can disable the

function of file system, mail or network protection or the function of realtime script monitoring if such protection is provided by other applications installed on your computer.

• Recommended settings and expert tips. Settings recommended by the Kaspersky Lab’s experts are used as the default settings in this version to simplify the use of the program. In most cases there is no need to configure the application before use. In situations when the anti-virus protection is set to the low level, the application displays a corresponding message and suggests various ways to increase the degree of protection.

• Managing application operation profiles. Ability to save the application setting in special files for further use. If you are not satisfied with the Kaspersky Anti-Virus settings, configure it as you wish and save this configuration in the profile.

• Renewing the application license. Kaspersky Anti-Virus 5.0 allows to install the license key to renew the application license.

• Sending objects to Kaspersky Lab for analysis. Now you can send to Kaspersky Lab for analysis possibly infected objects detected by Kaspersky Anti-Virus and files that you suspect to have been infected.

• Infected mail databases cannot be deleted. Now Kaspersky Anti-Virus does not delete infected mail databases. However you still can delete such object manually.

Kaspersky Anti-Virus for Windows Workstations 11

• Ability to create the list of trusted processes. Kaspersky Anti-Virus does not monitor the activities of the trusted processes in the real-time protection mode.

• Password-protected access to the Kaspersky Anti-Virus settings management feature. You can set up a password to be prompted for

when switching between the user’s and the administrator’s mode. The user’s mode does not allow access for changing the application settings, disabling the real-time protection and closing Kaspersky Anti-Virus.

1.2. Hardware and software system requirements

In order to ensure normal operation of Kaspersky Anti-Virus for Windows Workstations, your workstation must comply with the requirements listed below:

General requirements:

• 50 MB of free disk space;

• CD-ROM drive (for installation of Kaspersky Anti-Virus from a CD);

• Microsoft Internet Explorer 5.5 or above (in order to update the anti-virus

database and the application modules from the internet).

Microsoft Windows 98, Microsoft Windows Me, Microsoft Windows NT Workstation 4.0 (Service Pack 6a):

• processor Intel Pentium 300 MHz or higher;

• 64 MB RAM.

Microsoft Windows 2000 Professional (Service Pack 2 or above), Microsoft Windows XP Home Edition, Microsoft Windows XP Professional (Service Pack 1 or above):

• processor Intel Pentium 300 MHz or higher;

• 128 MB RAM.

1.3. Distribution kit

You can purchase the software from our distributors (retail box) or from one of our internet store (for example, www.kaspersky.com, E-Store section).

12 Kaspersky Anti-Virus 5.0 for Windows Workstations

The retail box package includes:

• a sealed envelope with an installation CD containing the application files;;

• a user's manual;

• a license key included in the distribution package or recorded on a special

floppy disk;

• registration card with the indication of the product’s serial number;

• a license agreement.

Please read the license agreement carefully before opening the CD envelope .

If you purchase our product from an internet store, you will download it from the Kaspersky Lab site and the distribution package will also contain this guide. Your license key will be either included into the installation package or sent to you by e-mail upon the receipt of your payment.

1.3.1. License Agreement

The license agreement constitutes a legal agreement between you and Kaspersky Lab and contains terms and conditions subject to which you may use the purchased software.

Please read the license agreement carefully!

If you do not agree with the terms of the license agreement, you may return the box with Kaspersky Anti-Virus to the distributor, you have purchased it from; you will received the full refund of the amount you have paid for subscription, provided that the envelope with the installation CD remained sealed.

By opening the sealed envelope with the installation CD or by installing the product to the computer you agree to all the terms and conditions of the license agreement.

1.4. Services for registered users

Kaspersky Lab offers its legal users a wide range of services that help to maximize the efficiency of Kaspersky Anti-Virus.

By purchasing a subscription, you become a registered software user, entitled to the following services throughout the period of subscription:

• software upgrades;

Kaspersky Anti-Virus for Windows Workstations 13

• consultation regarding issues pertaining to installation, setup and use of the software products available by phone or e-mail;

• notifications about availability of new Kaspersky Lab software products and about new viruses worldwide (this service is provided to users who have subscribed to the Kaspersky Lab e-mail newsletter).

No consultations are offered for issues pertaining to operating system functionality or to the use of various technologies.

1.5. Conventions

Various formatting features and icons are used throughout this document depending on the purpose and the meaning of the text. The table below lists the conventions used in the text.

Format feature Purpose

Bold font

1. Step 1.

2. …

Note.

Attention!

In order to perform action

Task, example

Titles of menus, menu items, windows, dialog boxes and their elements, etc.

Additional information, notes

Information that requires attention

Description of the successive user's steps and possible actions

Statement of a problem, example of the application's capabilities

CHAPTER 2. INSTALLATION AND

REMOVAL OF THE APPLICATION

There are two options for installing Kaspersky Anti-Virus 5.0 for Windows Workstations: local and remote installation (through the Kaspersky

Administration Kit centralized administration system). This guide describes local installation of Kaspersky Anti-Virus to a workstation. For details regarding remote installation of the application, please consult the Kaspersky Administration Kit 5.0 Reference Guide.

2.1. Installing the application

We recommend that you close all applications running on your computer before you install Kaspersky Anti-Virus.

In order to install the application, run the executable file included in the distribution package

The process of installation from the installation package received via internet is completely analogous to the installation from the installation CD.

The installer works in the interactive mode. Each window contains a set of buttons for controlling the installation process. The purpose of these buttons is briefly explained below:

• Next > – confirm the action and switch to the next step of the installation process.

• < Back – return to the previous step of the installation process.

• Cancel – abort the installation process.

• Finish – complete the product installation process.

Following below is a detailed discussion of each step of the application installation.

Installation and removal of the application 15

Step 1. Verifying the version of the installed operating sys-

tem

Before the application installation is started, a check will be performed to determine whether the operating systems and the Service Packs installed on your computer meet the software requirements for the installation of Kaspersky Anti-Virus.

If any of the requirements has not been satisfied, a corresponding notification will be displayed on the screen. We recommend that you install required software and service packs using the Windows Update service (or other appropriate services) before the installation of Kaspersky Anti-Virus.

Step 2. Starting window of the installer

After you have launched the executable file, the starting window will be displayed on the screen to inform you that Kaspersky Anti-Virus installation process has been started.

In order to proceed with the installation process, press Next >. In order to cancel the installation, press the Cancel button.

Step 3. Reading the License agreement

The License Agreement dialog box contains the text of the license agreement. Read it and then click I Agree if you agree with the terms and conditions of the agreement. In order to exit the installer press the Cancel button.

Step 4. Entering user's information

Enter the required user information in the User Information dialog box. Enter your name in the User Name field, and the organization in the Company Name field. By default the dialog box will contain information obtained from the Microsoft Windows register.

Step 5. Reading important information about the application

During this stage you will be offered to familiarize yourself with important information about the application. This window contains the major functions of Kaspersky Anti-Virus, peculiarities of its operation, etc.

In order to proceed to the next step of the installation process press Next >.

Step 6. Using the Kaspersky Lab's technologies

During this step of the Kaspersky Anti-Virus installation process you will have to make a decision whether you want the application to use the following technologies:

Real-time file system protection – anti-virus scan of all files that are run, opened

and saved on your computer and on the network drives. By default the file

16 Kaspersky Anti-Virus 5.0 for Windows Workstations

protection is enabled. If you do not want Kaspersky Anti-Virus to scan files when you access them, uncheck the

Use real-time file system

protection box.

Real-time mail protection – anti-virus scan of all messages received by your

computer, messages you send and your mail databases. By default mail protection is enabled. If you do not want Kaspersky Anti-Virus to scan mail

messages for viruses, uncheck the

Use real-time mail protection box.

Real-time script monitoring - anti-virus analysis of all VBScripts and JavaScripts

before their execution. By default script monitoring function is enabled. If you do not wish to use Kaspersky Anti-Virus for script monitoring, uncheck the

Use script monitoring box.

Macros monitoring – scanning all VBA macros run on your computer for the

presence of malicious code. By default this protection is enabled. In order to disable macros monitoring, uncheck the

Use macros monitoring box.

Real-time protection against network attacks – a technology used to protect

your computer against hackers’ attacks. This technology protects your computer against network attacks and prevents corruption, theft of or unauthorized access to your data. By default the real-time protection against network attacks is disabled. In order to enable real-time

protection, check the

Use real-time protection against network

attacks box.

iStreamsTM technology – an anti-virus scan acceleration technology (a

detailed description of this technology see Appendix B on page 202). In order to disable the use of this technology, uncheck Use iStreams

™

technology box.

This technology is only used on partitions with the NTFS file systems.

If you disable the use of the above technologies during the installation, you will have to run the installer again and select technologies that you would like to use.

If, while working with Kaspersky Anti-Virus, you decide to disable one of the real-time protection types or to disable Streams™ technology you will have to run the installer again and uncheck the corresponding box.

In order to proceed with the installation process, press Next >.

Step 7. Searching for other anti-virus software

During this step a search will be performed for any other anti-virus software installed on your computer, including Kaspersky Lab’s software that can cause conflicts, if used jointly with Kaspersky Anti-Virus.

Installation and removal of the application 17

If an earlier version of Kaspersky Anti-Virus (for example, version 4.5) is detected on your computer, the application will be automatically updated from version 4.x to version 5.0 (details see section 2.4 on page 22).

If a license key for Kaspersky Anti-Virus for Windows Workstations version 4.x is detected on your computer, then the Install the license key dialog box displayed during the installation (see Step 8 page 17) will contain information about such key. You can use this license key with your application or select another key.

If other vendors' anti-virus software is detected installed on your computer installer will display a dialog box with a list of applications recommended to be removed before installing Kaspersky Anti-Virus.

We recommend that you uninstall such software. In order to do it, press the No button in order abort the installation process. Then uninstall the applications as required and run the executable file again.

Kaspersky Lab does not recommend installation of several anti-virus products on one computer as this may cause conflicts during their use.

If a copy of Kaspersky Anti-Virus 5.0 for Windows Workstations has been detected installed on your computer, the version installed earlier will be updated by this application copy.

If you updated of version 5.0, the Install the license key dialog box (see Step 8 page 17) will not contain information about the key, but the key installed earlier will be used with the updated application.

, the

Step 8. Installing the license key

You have to select the license key that will be used by Kaspersky Anti-Virus to verify your License agreement and determine its validity; the license key is selected using the License Key dialog box.

The license key is your personal "key" that contains all service information required for the full-featured functionality of the application, namely:

• support information (who is providing support and how you can get help);

• the license name, number and expiration date.

In order to install a new license key,

1. Press the Browse button and switch to the folder containing the license key:

18 Kaspersky Anti-Virus 5.0 for Windows Workstations

• If you purchased Kaspersky Anti-Virus in a box (retail box), your license key will be written on a floppy disk. You will have to enter the disk in the drive and select this drive to access the disk.

• If you purchased your license online, save the license key file that you received by e-mail into any folder on the hard drive of your computer. Then switch to this folder.

The selected folder will display the list of available license keys.

2. Select the required license key (file with extension .key) and press the Open button.

After you do this, the installation wizard will display general information about the license and the path to the license key.

In order to proceed with the application installation, press the Next > button.

If, at the time of the installation, you still do not have the license key (for example you ordered it from Kaspersky Lab via internet but have not received it yet), you can install this key later when you run the application or using a special license key installation utility (see Chapter 8 on page 176). Note that you cannot start using Kaspersky Anti-Virus without the license key.

Step 9. Selecting the installation folder

The folder into which Kaspersky Anti-Virus will be installed can be selected in the Select installation folder dialog box. When selecting the folder use the Browse button.

You can restore the path to the default installation folder using the Restore button; the default path is: <Drive>\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\.

The window that opens by the Drive button contains information about the available and required for the installation space on the logical drives of the workstation.

In order to proceed with the installation process, press the Install button. This will start the process of copying Kaspersky Anti-Virus files onto your computer.

Step 10. Completing the setup

The Completing the setup window displays information about completing of Kaspersky Anti-Virus installation on your computer.

In order to complete the application setup, registration of some services with the system is required, therefore you will be asked to restart your computer. Restarting your system is ABSOLUTELY REQUIRED in order to ensure proper completion of the installation. Press Yes in the window that will open to reboot your computer now or No to reboot later.

Kaspersky Anti-Virus will start automatically the system reboot.

Installation and removal of the application 19

As the result of Kaspersky Anti-Virus installation:

• The

• Application shortcuts will be added to the main Windows menu (Start Æ

Programs Æ Kaspersky Anti-Virus 5.0 for Windows Workstations).

application icon will appear in the system tray.

2.2. Silent mode installation of the application

Kaspersky Anti-Virus 5.0 for Windows Workstations can be installed from the command line. In order to install Kaspersky Anti-Virus, switch to the folder where the distribution file is located and use command:

setup [/s] [/l<report_file>] [/p<property>="<value>"…]

Modifier Purpose

/l<report_file>

/p<property>

Use the silent installation mode

Output of events into the specified report_file.

You can enter absolute or relative path to the file. If the path contains a space, it must be specified in double quotes.

Application installation settings.

The following settings can be used:

• INSTALLDIR – full path to the application installa- tion folder;

• USERNAME – user name;

• COMPANYNAME – user's company;

• KLKEY – full path to the key file;

• KLUSEIDS – network attacks protection settings; In

order to enable this technology, use “1”, in order to disable it – use “”. By default this technology is

Entries in square bracket are optional modifiers.

20 Kaspersky Anti-Virus 5.0 for Windows Workstations

Modifier Purpose

disabled;

• KLUSEISTREAMS – iStreams™ technology set- tings. In order to enable this technology, use “1”, in order to disable it – use “”. By default this technology is enabled;

• KLUNINSTPASSWD – password that will be asked for when you attempt to uninstall the application;

• KLADMPASSWD – password for switching be- tween the user's and the administrator's mode;

• KLDELAYREBOOT – specify whether you wish to restart the computer after the installation is completed. In order to enable this function, use “1”, in order to disable it – use “”. By default the restart function is disabled.

• KLUSERTPFILE – real-time file protection settings. In order to enable this technology, use “1”, in order to disable it – use “”. By default this technology is enabled;

• KLUSERTPMAIL – real-time mail protection set- tings. In order to enable this technology, use “1”, in order to disable it – use “”. By default this technology is enabled;

• KLUSERTPSCRIPT – script monitoring settings. In order to enable this technology, use “1”, in order to disable it – use “”. By default this technology is enabled;

• KLUSERTPMACRO – macros monitoring settings. In order to enable this technology, use “1”, in order to disable it – use “”. By default this technology is enabled.

Example:

setup /s /l"C:/Kaspersky Lab/Report" /pINSTALLDIR="C:/Kaspersky Lab" /pKLADMPASSWD=password

The silent mode installation settings can also be specified in the ini file in section [Setup].

Installation and removal of the application 21

The filename of the file containing the settings must always be setup.ini.

The following settings can be used:

• InstallDir – full path to the application installation folder;

• User – user name;

• Company – user's company;

• Key – full path to the license key file;

• IDS – enabling/disabling the network attacks protection technology (val-

ues: enable – enabled, disable – disabled);

• IStreams – enabling/disabling the iStreams™ technology (values: enable – enabled, disable – disabled);

• UninstallPassword – password that will be asked for when you attempt to uninstall the application;

• AdminPassword – password for switching between the user's and the administrator's mode;

• Reboot – restarting the computer after the application is installed (values: yes – enabled, no – disabled);

• RTPFile – enabling/disabling the real-time file protection technology (val- ues: enable – enabled, disable – disabled);

• RTPMail – enabling/disabling the real-time mail protection technology (values: enable – enabled, disable – disabled);

• RTPScript – enabling/disabling the real-time script monitoring technology (values: enable – enabled, disable – disabled);

• RTPMacro – enabling/disabling the real-time macros monitoring technol- ogy (values: enable – enabled, disable – disabled);

Example:

[Setup] InstallDir=C:/Kaspersky Lab Key=A:/License/00000001.key User=Ivanov IStreams=enable

22 Kaspersky Anti-Virus 5.0 for Windows Workstations

2.3. Removing the application

If for some reason you need to uninstall Kaspersky Anti-Virus, run

Start Æ Programs Æ Kaspersky Anti-Virus 5.0 for Windows Workstations Æ Kaspersky Anti-Virus Uninstall or use standard Microsoft

Windows Add or Remove Programs control panel tool.

If the application is controlled via Kaspersky Administration Kit, and password protection has been enabled to prevent its unauthorized uninstallation (see section 6.2.2.14 on page 151), you will be prompted for the password prior to the removal procedure.

You then will be prompted to confirm the removal. Click OK in order to start the removal process. This will open a window where you can choose whether quarantined and backup objects should be removed or preserved, as well as report and license key files.

That will start the process of removing the application files from the computer hard drive.

If during the process of removal the uninstaller detects files that can be used by other applications, you will see a dialog box that asks if you would like to delete this file. Click the Yes button in order to remove the file.

When removal of the application is completed, you’ll be prompted to restart your workstation. Select the preferred variant and click the Finish button.

2.4. Updating from version 4.x to 5.0

Before you start updating your copy of Kaspersky Anti-Virus it is recommended that you process objects stored in the quarantine and in the backup storage.

In order to update version 4.x of Kaspersky Anti-Virus for Windows Workstations to version 5.0, run the executable file. The existing earlier version of Kaspersky Anti-Virus will be removed during the installation process.

After the installation is complete your operating system will have to be restarted.

Note that during the updating, the settings of Kaspersky Anti-Virus 4.x will not be saved. You can use the default recommended settings or configure your application again.

If you perform a remote installation of the application using Kaspersky Administration Kit (details see the Reference Guide for Kaspersky Administration Kit 5.0), version 4.x will be updated to version 5.0 automatically: the existing version of Kaspersky Anti-Virus will be deleted and the remote computer will be restarted.

CHAPTER 3. APPLICATION

MANAGEMENT CONCEPTS

Kaspersky Anti-Virus is installed on a workstation and can be controlled locally or remotely through Kaspersky Administration Kit (if the computer is included into the centralized administration system).

There are several categories of users working with Kaspersky Anti-Virus:

• Workstation user is the computer user for the workstation on which Kaspersky Anti-Virus is installed.

• Anti-virus security administrator (hereinafter referred to as administrator) performs local management of Kaspersky Anti-Virus.

• Logical network administrator controls Kaspersky Anti-Virus operation via the centralized remote administration system Kaspersky Administration Kit.

Each user category is assigned its own interface providing access to all the software features which that category can use in accordance with their respective privileges.

The user interface is optimized for efficiency and simplicity and allows performance of the following tasks:

• review of status information pertaining to anti-virus protection;

• run file system objects scan tasks;

• update the anti-virus database and application modules (if such feature

has been enabled by the administrator);

• review the results of tasks performance and the events log;

• review the content of Quarantine and Backup storage and send

quarantined files to Kaspersky Lab for analysis.

In addition to the user’s tasks, the extended administrator’s interface provides for easy and flexible configuration of Kaspersky Anti-Virus operation and performance of the following tasks:

• modify settings of the real-time anti-virus protection tasks;

• create, manage and schedule tasks for scanning file system objects and

update tasks;

24 Kaspersky Anti-Virus 5.0 for Windows Workstations

If centralized administration via Kaspersky Administration Kit is used, the application is controlled remotely from a computer on which the Administration console installed.

The administration console is a standard interface integrated into MMC that allows the logical network administrator to perform the following functions:

• remote installation of Kaspersky Anti-Virus on client computers;

• updating the anti-virus database and application modules;

• managing policies and tasks on client computers;

• installing license keys to client computers;

• viewing reports about application operation on the client computers.

If you would like to control the application via Kaspersky Administration Kit, you will have to install the Network Agent on the client computer; the Network Agent ensures the interaction of the workstation with the Administration Server (details see Kaspersky Administration Kit 5.0 Reference Guide).

Please see details of the centralized administration concept in the Kaspersky Administration Kit 5.0 Administrator's Guide.

3.1. Basic concepts of the administration concept

When administrated locally, protection provided by Kaspersky Anti-Virus is configured by the administrator through modification of the application's settings and tasks.

A task is a specified action performed by the application. Based on their purpose, tasks are divided into types (full scan task, the task for updating antivirus databases and software modules, etc.). Each task has a set of parameters (task settings) applied to its execution, i.e.

Application settings – a set of additional parameters defined for the operation of the application that includes parameters of the quarantine, backup storage, reports generation service, etc.

When using the centralized administration using Kaspersky Administration Kit, the administrator defines settings and tasks for the application installed on a remote computer of the network.

A distinctive feature of centralized administration is arranging of computers into groups and modifying their settings by creating and defining group policies.

Application management concepts 25

A Policy is a set of application settings pertaining to its operation in a logical network group and a set of restrictions for redefining these parameters when configuring the application or a task.

A policy includes parameters required for complete configuration of the application’s functionality, and includes both application settings and settings for all types of tasks, except for parameters that must be defined each time a specific task is started.

3.2. Local interface

Kaspersky Anti-Virus has an intuitive and easy-to-use interface. This section contains a detailed description of its main elements: the system tray icon, rightclick menu, main window, and some service windows.

3.2.1. System tray icon

After the application is launched, the application icon appears in the system tray; the icon appearance depends on the status of anti-virus protection, indicating whether the real-time protection is enabled or on-demand scan has been started.

If the icon is enabled being monitored by Kaspersky Anti-Virus. If the icon is disabled

this means that the real-time protection is disabled (for example, if you suspended the real-time protection, disabled the real-time file protection feature or disabled the technology during the installation).

If a full computer scan, a scan of an individual file, drive or a real-time mode

analysis of an object is in progress, the system tray icon

scan is indicated by icon . During downloading of the anti-virus database or

of the application modules updates, the icon changes to

If animation of the system tray icon is disabled in the additional settings of Kaspersky Anti-Virus (see section 5.10.4 on page 112), the icon will be either enabled or disabled.

If an important anti-virus event occurs, an informational message box appears for some time above the icon and displays a recommendation from the experts of Kaspersky Lab (this feature is not available in Microsoft Windows98/NT).

(red color), this means that all files in your computer are

(gray color),

is blinking. Mail

26 Kaspersky Anti-Virus 5.0 for Windows Workstations

3.2.2. Right-click menu

If you right-click the application icon in the system tray, you will see a right-click menu (see Figure 1) consisting of the following items:

• Open Kaspersky Anti-Virus opens the Protection tab of the main application window. You can achieve the same result by a double left-

click on the program icon

• Switch to user mode/Switch to administrator mode – switch between the safety modes.

• Running tasks – a list of tasks launched according to the schedule. This item appears in the right-click menu when a certain task is being performed.

• Scan My Computer for viruses – launches a full anti-virus computer scan based on the defined level of protection.

• Update Anti-Virus Database – launches the anti-virus database update process.

• Resume Real-Time Protection / Stop Real-Time Protection – enable or disable real-time protection of your computer for a certain time. This item is displayed in the application shortcut menu only if you did not disable the real-time file protection during the installation of Kaspersky Anti-Virus for Windows Workstations. The icon will change depending on the realtime protection status (whether it is enabled or disabled). This menu item is available only for administrators of Kaspersky AntiVirus. User’s who are not administrators cannot enable/disable real-time protection of the computer.

in the system tray.

We do not recommend stopping the real-time protection as this considerably increases the risk of an infection of your computer by viruses.

• About… – displays a help window with information about Kaspersky Anti- Virus 5.0 for Windows Workstations.

• Exit – close Kaspersky Anti-Virus. This item is accessible only by Kaspersky Anti-Virus administrator.

Application management concepts 27

Figure 1. Shortcut menu

3.2.3. Main application window: general structure

The main window of Kaspersky Anti-Virus is designed for implementation of all application features, which helps achieve complete anti-virus protection of your computer. Here you can:

• start and stop full computer scan and scan of individual drives, folders and files for viruses and other types of malware;

• create user-defined objects scan tasks;

• download updates of anti-virus database, network attacks database and

application modules.

• configure anti-virus protection settings;

• manage with quarantined objects;

• manage copies of objects created in the backup storage before they are

disinfected or deleted;

• manage reports;

• control the application’s configuration, etc.

All anti-virus protection settings, necessary information, and tasks are grouped in the following tabs of the main window:

• Protection – anti-virus protection status and tasks (scanning objects and updating the anti-virus database). From this tab you can access the functions that you can use to work with quarantine, backup storage and reports. This tab is the main tab to be used for managing the application (see section 3.2.3.1 on page 28).

• Settings – the status and tasks for defining the main settings of the anti- virus protection (see section 3.2.3.2 on page 29).

28 Kaspersky Anti-Virus 5.0 for Windows Workstations

• Support – a tab where you can view the information about the license key, renew the application license, access reference help and send your inquiries to the Technical Support Service (see section 3.2.3.3 on page

31).

Each tab is divided into two parts:

• The left part of the tab contains links that you can use to access tasks required when using Kaspersky Anti-Virus. The task list depends on the purpose of the tab. The Protection tab, for example, contains tasks for complete scanning for viruses, the Settings tab provides access to the anti-virus protection support tasks.

• The right part of the tab contains information about the current status of anti-virus protection (real-time protection, full system scan and the antivirus database). Thus the Protection tab indicates the status of the antivirus protection, the Settings tab shows the status of its settings and the Support tab displays the license status (license key information), links to support contact information, information about the application and your system.

3.2.3.1. The

The Protection tab (see Figure 2) is designed for running tasks that ensure full system scan as well as scan of individual drives, folders or files. Here you can:

• launch the updating of the anti-virus database, application modules and network attacks database;

• switch to managing reports about the execution of all task you launch (view, delete, export to file);

• switch to managing quarantined objects that are possibly infected with viruses or their modifications;

• switch to managing backup copies of disinfected or deleted objects.

You can launch tasks using the corresponding links.

The right part of the tab displays the current state of the real-time protection, full computer scan and anti-virus database. For example, on Figure 2 you can see that the real-time protection is stopped and a full computer scan is currently in progress. This tab also contains comments on the status of each anti-virus protection task.

Protection

tab

Application management concepts 29

Figure 2. The Protection tab

Critical status and any status that is different from the recommended protection level are always supplemented with the Kaspersky Lab’s experts’ recommendations. In order to increase the level of the anti-virus protection you may be offered to modify the current settings, return to the settings recommended by the experts, run a task, etc. All recommendations are displayed as links that you can follow in order to perform the corresponding action.

If any infected or suspicious objects have been detected during the scan, the corresponding information will be displayed in the right part of the tab. Later you can switch to processing detected objects at any time by following the process

these objects link (details see section 5.4 on page 85).

3.2.3.2. The

The Settings tab (see Figure 3) contains information that you can use to evaluate the application’s settings and to modify the settings of both main and additional settings of Kaspersky Anti-Virus.

The right part of the tab displays the current settings of the real-time protection, on-demand full computer scan and automatic updating of the anti-virus database, application modules and known network attacks database with detailed

Settings

tab

30 Kaspersky Anti-Virus 5.0 for Windows Workstations

comments and tips on editing some settings. For example, if in the past you started the anti-virus database updating process manually, the application will suggest that you automate this process by creating a schedule to start this task automatically.

Following the links displayed in the left part of the tab you can switch to editing the real-time protection, on-demand scan and updating settings. You can also create a list of objects to be excluded from the protection scope and specify the type of the anti-virus database to be used.

Figure 3. The Settings tab

Here you can also configure the setting of the quarantine that is used to store objects possibly infected with viruses or their modifications and of the backup storage used to store backup copies of objects. You can switch to configuring additional settings of Kaspersky Anti-Virus by following the Additional settings hyperlink.

Kaspersky Anti-Virus allows creating various configurations to be used in its operation and saving them in special files called profiles. Later you can easily return to the required configuration. In order to do this, you will not need to reconfigure the application as it will be sufficient to simply load the required profile. You can switch to creating and loading profiles by following the Managing

profiles link.

+ 194 hidden pages

Kaspersky ANTI-VIRUS 5.0 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual