Page 1
KASPERSKY LAB
Kaspersky Anti-Virus® 5.6
for Microsoft ISA Server 2000
Enterprise Edition
Administrator’s Guide
Page 2
KASPERSKY ANTI-VIRUS® 5.6
FOR MICROSOFT ISA SERVER 2000
ENTERPRISE EDITION
Administrator’s Guide
© Kaspersky Lab
http://www.kaspersky.com
Edition date: August 2005
Page 3
Contents
CHAPTER 1. KASPERSKY ANTI-VIRUS® FOR MICROSOFT ISA SERVER
2000 ENTERPRISE EDITION..................................................................................... 4
1.1. What’s new in Kaspersky Anti-Virus® 5.6 for Microsoft ISA Server 2000
Enterprise Edition................................................................................................. 5
1.2. Hardware and software requirements .................................................................. 6
1.3. Distribution kit ........................................................................................................ 6
1.4. Help Desk for registered users.............................................................................. 7
1.5. Conventions........................................................................................................... 8
CHAPTER 2. TYPICAL DEPLOYMENT SCENARIOS ................................................. 9
CHAPTER 3. INSTALLING THE APPLICATION......................................................... 12
3.1. Configuring ISA Server settings before installing the application ......................12
3.2. Installing Kaspersky Anti-Virus®.......................................................................... 13
3.2.1. First installation ............................................................................................. 14
3.2.2. Reinstalling.................................................................................................... 18
CHAPTER 4. USING KASPERSKY ANTI-VIRUS® FOR ISA SERVER..................... 19
4.1. Default scan settings ........................................................................................... 19
4.2. Managing scans .................................................................................................. 22
4.2.1. Configuring general settings of anti-virus scans.......................................... 23
4.2.1.1. General settings..................................................................................... 24
4.2.1.2. Settings for HTTP scanning................................................................... 27
4.2.1.3. Settings for FTP scanning ..................................................................... 29
4.2.2. Editing application settings for a single server............................................. 30
4.2.3. Managing client groups ................................................................................ 34
4.2.4. Specifying policies for anti-virus scanning ................................................... 39
4.2.4.1. Managing a list of trusted servers.......................................................... 45
4.2.4.2. Creating a list of objects excluded from scans...................................... 46
4.3. Updating the anti-virus database ........................................................................ 47
4.3.1. Scheduled updating of the anti-virus database ........................................... 50
4.3.2. On-demand updating.................................................................................... 51
4.3.3. Configuring database updating on a single server...................................... 51
Page 4
3 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
4.4. Configuring notifications ...................................................................................... 52
4.5. Testing Kaspersky Anti-Virus® operation............................................................ 53
4.6. Application statistics and diagnostics.................................................................. 53
4.6.1. Recording and viewing statistics .................................................................. 54
4.6.2. Notifying the administrator using ISA Server Alerts..................................... 56
4.6.3. Configuring diagnostics options for the application ..................................... 57
4.7. Managing license keys........................................................................................ 59
4.7.1. Installing a new license key.......................................................................... 60
4.7.2. Renewing your license .................................................................................61
4.7.3. Removing a license key ............................................................................... 63
4.8. Managing the application via Kaspersky Administration Kit .............................. 63
4.8.1. Managing tasks............................................................................................. 64
4.8.1.1. Creating a task....................................................................................... 64
4.8.1.2. Viewing and changing task settings...................................................... 69
4.8.1.3. Starting and stopping tasks ................................................................... 72
4.8.2. Managing application settings...................................................................... 73
CHAPTER 5. FREQUENTLY ASKED QUESTIONS................................................... 83
APPENDIX A. HOW TO CONTACT TECHNICAL SUPPORT ................................... 89
APPENDIX B. GLOSSARY........................................................................................... 91
APPENDIX C. KASPERSKY LAB................................................................................. 92
C.1. Other Kaspersky Lab Products .......................................................................... 93
C.2. Contact Us .......................................................................................................... 97
APPENDIX D. LICENSE AGREEMENT ...................................................................... 98
Page 5
CHAPTER 1. KASPERSKY ANTI-
VIRUS® FOR MICROSOFT
ISA SERVER 2000
ENTERPRISE EDITION
Kaspersky Anti-Virus® for Microsoft ISA Server 2000 Enterprise Edition
(hereafter, also Kaspersky Anti-Virus
virus protection of files transferred using the HTTP and FTP protocols via the
Microsoft Internet Security and Acceleration Server. It ensures reliable protection
of corporate networks from penetration of malicious software.
Kaspersky Anti-Virus
packets transferred via the HTTP and FTP protocols, isolates controlled objects
from this data, analyzes them for the presence of viruses, and prevents infected
files and Web documents from penetrating a corporate network.
The program includes data stream filters and the anti-virus kernel.
The filters are integrated into Microsoft ISA Server as plug-ins, and the anti-virus
kernel is installed into the system as a service.
The anti-virus protection is managed through a special interface built into the ISA
administration snap-in for Microsoft Management Console (MMC) as an
extension.
The interface for managing Kaspersky Anti-Virus for Microsoft ISA
Server is an extension of MMC that must be integrated with Microsoft
ISA Server. This extension cannot be installed on a separate administrator desktop as an MMC extension.
The application performs the following functions:
• Anti-virus protection and processing of data streams received from the
Internet.
• Generation of data streams from disinfected files and the delivery of
these streams to the client upon request.
• Scheduled and manual updating of the anti-virus database via the
Internet, a local folder, or a shared folder.
• Logging of statistics about program performance and displaying the
results using standard Windows tools.
®
for Microsoft ISA Server acts as a filter that intercepts
®
for ISA Servers) is a system of anti-
Page 6
5 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
• Management of license keys.
In addition, Kaspersky Anti-Virus® for Microsoft ISA Server allows the
administrator to:
• Set parameters for anti-virus protection and for notifications about
dangerous events.
• Create groups of users in accordance with the adopted network policy.
For example, you can use the existing administration division to define
anti-virus policy settings for each of the groups created. This can
significantly speed up the scanning process.
• Create a list of trusted servers for one or several groups of users; the
traffic from these servers will be excluded from scanning for viruses.
• Create a list of types of object excluded from anti-virus protection.
The application can be managed from a remote location using Kaspersky
Administration Kit, a system for centralized management of the anti-virus
protection system (see section 4.8 on page 63).
Kaspersky Anti-Virus
• HTTP 1.0 and 1.1 (RFC 2616);
• FTP (RFC 959, 2389, Extensions to FTP);
• FTP over HTTP.
The application does not protect data transferred by other transfer protocols and VPN connections.
®
supports the following data transfer protocols:
1.1. What’s new in Kaspersky AntiVirus® 5.6 for Microsoft ISA
Server 2000 Enterprise Edition
This application is designed to protect Microsoft ISA Servers installed as
enterprise array members. The application allows centralized management of
anti-virus protection settings for all servers protected by Kaspersky Anti-Virus and
centralized updating of the anti-virus database.
Though this version can be installed on a standalone Microsoft ISA
Server, it is advised to use Kaspersky Anti-Virus 5.1 for Microsoft ISA
Server on such servers.
Page 7
Kaspersky Anti-Virus® for Microsoft ISA Server 2000 Enterprise Edition 6
1.2. Hardware and software
requirements
Kaspersky Anti-Virus® for Microsoft ISA Server operates in integration with
Microsoft® Internet Security and Acceleration Server 2000 Enterprise Edition with
Service Pack 2 or higher installed under the following operating systems:
• Microsoft® Windows 2003 Server.
• Microsoft® Windows 2000 Server (Service Pack 4 or higher).
• Microsoft® Windows 2000 Advanced Server (Service Pack 4 or higher).
To use Kaspersky Anti-Virus
the following minimum requirements:
• Pentium II processor of 300 MHz or higher.
• At least 256 MB free RAM.
• At least 50 MB hard disk space for installation of the program.
• At least 200 Mb hard disk space for temporary storage of data copied
from the Internet before scanning for viruses.
The amount of free disk space required to temporarily store
data downloaded from the Internet before an anti-virus scan
starts depends on the density of traffic processed by Microsoft ISA Server. As a rule, 500 MB is enough but if traffic is
heavy and files downloaded are too large, more space can be
required.
®
for Microsoft ISA Server, your computer must meet
1.3. Distribution kit
You can purchase Kaspersky Anti-Virus® for Microsoft ISA Server either from our
distributors (retail box) or online at one of our Internet shops (for example,
www.kaspersky.com
The retail box includes:
• a sealed envelope with an installation CD containing files for the software
product;
• administrator's guide;
• a license key written on the floppy disk;
• license agreement.
– select the E store link).
Page 8
7 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Before you unseal the envelope containing the CD, be sure to thoroughly review the license agreement.
®
If you buy Kaspersky Anti-Virus
the installation file of the product from the Kaspersky Lab website. This
installation file includes this Administrator’s Guide and the license key. The
license key can also be sent to you by e-mail after receiving your payment.
The License Agreement is a legal agreement between you and the manufacturer
(Kaspersky Lab) describing the terms on which you may employ the anti-virus
product which you have purchased.
Make sure you read the License Agreement!
If you do not agree to the terms of this LA, you can return the unused product to
your Kaspersky Anti-Virus® dealer for a full refund, making sure the envelope
containing the CD is sealed.
If you unseal the envelope or install the program, you are considered to have
agreed to all the terms of the LA.
for Microsoft ISA Server online, you download
1.4. Help Desk for registered users
Kaspersky Lab offers a large service package enabling its registered customers
to enjoy all the available features of Kaspersky Anti-Virus
If you register and purchase a subscription you will be provided with the following
services for the period of your subscription:
• new versions of this anti-virus software product provided free of charge;
• phone or e-mail advice on matters related to the installation,
configuration, and operation of this anti-virus product;
• information about new Kaspersky Lab products and about new computer
viruses (for those who subscribe to the Kaspersky Lab newsletter).
®
.
Page 9
Kaspersky Anti-Virus® for Microsoft ISA Server 2000 Enterprise Edition 8
Kaspersky Lab does not provide information related to the operation and
use of your operating system or various other technologies.
1.5. Conventions
In this book we use various conventions to emphasize different meaningful parts
of the documentation. The Table below lists the conventions used in this User
Guide.
Convention Meaning
Bold font
Note.
Text of information messages and the command line
Attention!
To do this,
1. Step 1.
2. …
Menu titles, commands, window titles,
dialog elements, etc.
Additional information, notes
Critical information
Actions that must be taken
Text of configuration files, information
messages, and the command line.
Page 10
CHAPTER 2. TYPICAL
DEPLOYMENT SCENARIOS
A typical scenario for deploying ISA Server and most of its services is as follows:
the administrator installs the application on the ISA Server computer, and the ISA
administration tool on a remote computer (as a rule, an administrator’s
workstation).
In this deployment scenario, the Kaspersky Anti-Virus
installed on the ISA Server computer, and the Kaspersky Anti-Virus
administration console, on the administrator’s workstation. The computer that
runs the Kaspersky Anti-Virus
®
for ISA Server administration console must only
have the ISA Server administration tools installed.
®
application must be
®
You can install separate components of Kaspersky Anti-Virus
manually installing the application (see Chapter 3 on page 12).
®
by
During the installation procedure, the program will automatically detect the ISA
Server mode. Below, we consider possible ISA Server modes and any special
features of Kaspersky Anti-Virus
®
operation for each of these modes.
The documentation for ISA Server describes three possible modes:
• Firewall.
• Proxy (Cache).
• Integrated.
In Firewall mode, ISA Server protects internal network communications from
various types of Internet-borne threats by using various tools, such as IP packet
filters, Web filters, and application filters. In this mode, caching of transmitted
information is disabled.
In Proxy mode, ISA Server acts as a cache server that routes requests and plans
data loading for efficient processing of subsequent clients’ requests. In this mode,
ISA Server does not protect the internal network.
In Integrated mode, all the features of the firewall and cache server are available.
In addition, in this mode, ISA Server operates as both Proxy and Firewall.
During Kaspersky Anti-Virus
®
installation, the mode in which ISA Server operates
is determined automatically. Depending on the mode, various sets of data stream
filters are installed.
Page 11
Typical deployment scenarios 10
The following Kaspersky Anti-Virus® filters can optionally be added to the system:
• Kaspersky Anti-Virus FTP Application Filter.
• Kaspersky Anti-Virus Web Filter.
• Kaspersky Anti-Virus HTTP Application Filter.
Table 1 shows filter options for the three ISA Server modes.
Table 1
Filter Proxy Firewall Integrated
Kaspersky Anti-Virus FTP Application
No Yes Yes
Filter
Kaspersky Anti-Virus Web Filter Yes Yes1 Yes
Kaspersky Anti-Virus HTTP Application
No Yes No
Filter
After Kaspersky Anti-Virus® is installed, you will be able to manage the above
filters through the ISA Server Administration interface.
When the ISA Server is running in the Firewall mode, Kaspersky Anti-Virus Web
Filter is installed in disabled state, since it is presupposed that all the clients use
the ISA Server as a firewall without accessing the proxy server directly. If the
clients do access the proxy server directly (e.g. their browsers are set to work via
the proxy), please enable Kaspersky Anti-Virus Web Filter after the application is
installed to make sure the traffic passing via the proxy server is scanned for
viruses.
If you reinstall ISA Server to change the installed mode, you must also
reinstall Kaspersky Anti-Virus
compatible with the selected mode.
®
and select only those filters that are
Fig. 1 shows a scheme of processing the initial data streams that are common for
all possible Kaspersky Anti-Virus® deployment scenarios.
1
The filter is disabled by default
Page 12
11 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Figure 1. Processing of data streams by Kaspersky Anti-Virus for Microsoft ISA Server
Page 13
CHAPTER 3. INSTALLING THE
APPLICATION
To correctly install the Kaspersky Anti-Virus® application, you should first properly
configure several standard filters of ISA Server.
3.1. Configuring ISA Server settings
before installing the application
Microsoft ISA Server provides a number of standard filters for controlling data
packets received via the HTTP and FTP protocols: HTTP Redirector Filter и FTP
Access Filter (the latter is not used in Proxy mode). The settings and statuses of
these filters affect the performance of Kaspersky Anti-Virus for Microsoft ISA
Server.
To avoid disabling anti-virus protection of servers, make sure that:
• FTP Access Filter is activated;
• HTTP Redirector Filter is configured to forward HTTP traffic to
the anti-virus filter.
Data stream filters are controlled from the standard console tree of ISA
Management.
To configure HTTP Redirector Filter and FTP Access Filter:
In the console tree of the ISA Management main window, select the Extensions node and click the Application Filters folder.
If one of these filters is disabled, you will see the icon in the list of filters.
To enable a filter:
1. Select the required filter in the list and open the Properties dialog
box.
Page 14
13 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
2. For FTP Access Filter, click Enable this filter in the FTP Access
Filter Properties dialog box.
3. For HTTP Redirector Filter, click Enable this filter on the General
tab of the HTTP Redirector Filter Properties dialog box. Then, on
the Options tab, select Send to requested Web server, if Microsoft
ISA Server is operating in Firewall mode. This will allow the data
streams flowing through the HTTP protocol to enter the
corresponding Kaspersky Anti-Virus® filters.
If you have selected Send to local Web Proxy server when
the ISA Server is running in the Firewall mode and have enabled Kaspersky Anti-Virus Web Filter, it is recommended
that you disable Kaspersky Anti-Virus HTTP Application
Filter in order to avoid duplication checking of the traffic:
when passing through the HTTP Redirector Filter and the
local proxy server.
Sometimes, third-party filters are used in conjunction with the standard Microsoft
ISA Server filters. However, these additional filters can affect the performance of
the anti-virus application if their settings prevent the initial data from entering the
Kaspersky Anti-Virus
ISA Server might be completely disabled because of these filters.
®
filters. Moreover, in some cases, Kaspersky Anti-Virus® for
3.2. Installing Kaspersky Anti-Virus®
The installation procedure for Kaspersky Anti-Virus® for ISA Server is standard
for most Windows applications. The installation application can be run locally on
ISA Server or on a remote terminal. You can select complete installation or
custom installation and restore an Anti-Virus configuration in the case of an
incorrect installation.
To install Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise
Edition, the user must have domain administrator rights
During installation of Kaspersky Anti-Virus, several errors might occur. Each of
these errors causes termination of Kaspersky Anti-Virus installation. To avoid
errors, before installation make sure that your server meets all hardware and
software requirements (see section 1.2 on page 6).
If errors occur during installation, please contact the Technical Support
service (see Appendix A). Please, attach the log file c:\kav4isa.log to
the message.
Page 15
Installing the application 14
3.2.1. First installation
Step 1. Welcome and License Agreement dialog boxes
The Kaspersky Anti-Virus® setup wizard starts with the Welcome and License
Agreement dialog boxes. The License Agreement dialog box contains the text
of the License Agreement. To proceed with the installation, read the agreement
thoroughly and accept its terms.
Step 2. User data and selecting installation options
At this stage, the program automatically detects user information by using data
from the operating system registry, and offers two installation options: complete
installation or custom installation (Fig. 2). If you are installing the entire
Kaspersky Anti-Virus
an Microsoft ISA Server computer, select complete installation.
If you want to install a separate component of Kaspersky Anti-Virus
custom installation. For example, if you want to remotely manage Kaspersky
Anti-Virus
®
, install only the administration console on the administrator’s
workstation.
If you want to install Kaspersky Anti-Virus
console on a computer, make sure that Microsoft Windows 2000 (with
Service Pack 4 and higher) and ISA administration tools are installed on
this computer!
®
application (anti-virus kernel, administration tools, etc.) on
®
, select
®
for ISA Server administration
Figure 2. Setup Type
Page 16
15 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Step 3. Selecting the application components to be installed
In this stage, you select the Kaspersky Anti-Virus® components to be installed on
your computer (see Fig. 3).
®
As a rule, these are administration tools for managing Kaspersky Anti-Virus
come together with the Microsoft Management Console.
You can also change the location of the administration console.
Figure 3. Custom Setup. Installing the administration console
that
Step 4. Anti-virus protection settings
In this installation step, you must define the anti-virus protection settings that will
be used as default values (Fig. 4). The following settings can be adjusted:
• File system folder for storing the scan queue. This directory should meet
the requirements for free disk space for temporarily storing data copied
from the Internet before anti-virus scanning (see section 1.2 on page 6).
• Number of queued objects.
• Folder for storing the anti-virus database that is used to detect and
disinfect viruses.
• Folder for storing temporary files created by the program during its
operation.
• Number of anti-virus kernels running simultaneously.
Page 17
Installing the application 16
To speed up anti-virus scanning and handling objects, we recommend that you install four anti-virus kernels on one physical
processor. Thus, for example, the recommended number of
anti-virus kernels running on two physical processors is eight.
Each of the above parameters has a default value. To change the default values,
click the corresponding buttons or enter data into the corresponding fields.
Figure 4. Default settings for the program
Immediately after this stage is completed, the program will start copying files to
your computer.
Step 5. Completing the setup
The last step of Kaspersky Anti-Virus® installation is restarting Microsoft ISA
Server. The server must be restarted in order to load the anti-virus filters included
in the package. You can restart the server from either the Microsoft ISA Server
console or the setup wizard window if you check the corresponding checkbox
(Fig. 6).
Note that anti-virus protection of your ISA server will be activated only
after you restart Microsoft ISA Server services.
Page 18
17 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Figure 5. Complete the setup
In this stage, you can run automatic installation of application license keys by
selecting the corresponding box. If this check box is selected, after the
installation completes, a dialog box opens (see Figure 6) in which you can
add/install a license key file.
Figure 6. Selecting the license key
Page 19
Installing the application 18
It is possible to install license keys after the application is installed (see
section 4.7 on page 59).
Without an installed license key, Kaspersky Anti-Virus will not scan traffic and the anti-virus database will not be updated.
3.2.2. Reinstalling
Kaspersky Anti-Virus for ISA Server must be reinstalled if the first installation of
the application was incorrect or if you want to install a component of Kaspersky
Anti-Virus®.
To correctly install the anti-virus application, select Repair in the dialog
box that appears on your screen (Fig. 7).
In this case, the setup wizard will repeat the previous installation procedure.
Thus, if the previous installation was a custom type, after you select Repair, the
reinstallation procedure will also be performed in custom mode.
Figure 7. Selecting the reinstallation mode
To install an individual component of the anti-virus application on your
computer, select Modify.
After this, the custom installation dialog box will appear (Fig. 3). To continue with setup, follow the steps described for the first installation.
Page 20
CHAPTER 4. USING KASPERSKY
ANTI-VIRUS® FOR ISA
SERVER
The installation package installs Kaspersky Anti-Virus® according to the current
mode of your ISA Server. After the application is installed and the Microsoft ISA
Server services are restarted, Kaspersky Anti-Virus is ready to start scanning
data streams because all the parameters necessary for the scan have been
already set by default. Kaspersky Anti-Virus can be managed:
• Locally, if the server part (anti-virus kernel, anti-virus database and filters
for Microsoft ISA Server) and administration tools (Administration
Console) for the application are installed on the same computer;
• Remotely, if the server part and administration tools are installed on
different computers.
In addition, if the computer is included into the centralized management system
using Kaspersky Administration Kit, you can remotely manage Kaspersky AntiVirus through the Kaspersky Administration Kit Administration Console
section 4.8 on page 63).
The installed application automatically creates the user default, the
group default, and the policy default because Kaspersky Anti-Virus
work only when at least one group and one policy have been created.
Remember that you cannot delete the default user, group, or policy!
2
(see
®
can
4.1. Default scan settings
You can configure scan settings on the tabs of the Properties of Kaspersky
Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition dialog box. The
following are the default scan settings:
2
Hereafter, the Administration Console of Kaspersky Anti-Virus for Microsoft ISA Server
is referred to as the Administration Console. The Administration Console of Kaspersky
Administration Kit is referred to by its full name.
Page 21
Using Kaspersky Anti-Virus® for ISA Server 20
• The HTTP tab displays settings that regulate the application performance
(see section 4.2.1.2 on page 26 for more detail) and messages sent to the
client (see section 4.4 on page 51):
• Cure HTTP traffic – enabled
• Maximum scan time for the first chunk of data, sec – 30 sec-
onds.
• Maximum time span between chunks of data sent to the client,
sec – 10 seconds.
• Data not sent to the client before scan completes, % – 10 %.
• Enable partial content download – enabled.
• Error messages sent to the client.
<html>
<head>
<title>Kaspersky Anti-Virus for Microsoft ISA
Server</title>
</head>
<body>
<h1>Kaspersky Anti-Virus for Microsoft ISA
Server</h1>
<p>Internal Scanner Error "%ERR_TEXT%"
(%ERR%)</p>
</body>
</html>
• Message sent to the client about detection of a malicious object:
<html>
<head>
<title>Kaspersky Anti-Virus for Microsoft ISA
Server</title>
</head>
<body>
<h1>Kaspersky Anti-Virus for Microsoft ISA
Server</h1>
<p>The requested URL "%URL%" is infected with
%VIRUSNAME% virus</p>
</body>
</html>
• The FTP tab (see section 4.2.1.3 on page 29 for more detail) contains
information about data received by the server before the first chunk of
data is sent to the client, KB – 128 KB.
Page 22
21 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
• The Anti-Virus tab (see section 4.2.1.1 on page 24) displays scan
settings:
• Disinfect objects if possible
• Scan archives
• Scan compressed executable files
• The Licensing tab (see section 4.7 on page 59) displays the number of
days the administrator will be notified about the license expiry. The
number of days is set in the Notify about license expiration field and it is
seven days by default. The administrator is notified by messages
displayed in the system log on the computer running Kaspersky AntiVirus® for ISA Server.
• The Updating tab (see section 4.3 on page 47) contains settings for
updating the anti-virus database and the frequency of its updating. By
default, updating is performed every three hours. The update server is
randomly selected from the list.
For each server, the Anti-Virus tab (see section 4.2.2 on page 30) in the server
properties dialog box lists a set of folders for Kaspersky Anti-Virus
®
for ISA
Server working data:
• Folder for storing anti-virus databases:
…/Program Files/Kaspersky Lab/Kaspersky Anti-Virus for ISA
Server/bases
• Folder for scan queue:
…/Program Files/Kaspersky Lab/Kaspersky Anti-Virus for ISA
Server/TaskQueue
• Folder for temporary files:
…/Program Files/Kaspersky Lab/Kaspersky Anti-Virus for ISA
Server/Temp
• Number of queued objects cashed in memory – 128 objects.
• Buffer size for a cashed object – 128 KB.
• Number of anti-virus kernels run simultaneously – 4 kernels.
• Number of anti-virus kernel instances reserved for scanning
"fast" objects – 0 objects.
• Scan queue size – 1024 objects.
• Maximum scan time – 1800 seconds.
Page 23
Using Kaspersky Anti-Virus® for ISA Server 22
4.2. Managing scans
During installation, the Kaspersky Anti-Virus® administration console is built into
ISA Management in the Extensions section.
The scanning process is managed using the Kaspersky Anti-Virus
Servers main window shown in Fig. 8.
The tree consists of three branches: Servers, Groups and Policies.
The view of branches on the right side of the main window can be customized.
By default, all application branches and possible manipulations with them are
displayed as Taskpad view. You can change the view to Advanced by selecting
the corresponding item from the shortcut menu. To open the shortcut menu,
right-click the Kaspersky Anti-Virus
To configure scanning settings, use the following capabilities of Kaspersky Anti-
®
for ISA Server. With these you can:
Virus
3
tree branch (Fig. 9).
• Edit the general parameters for the entire array of servers affecting
Kaspersky Anti-Virus® performance, including all anti-virus scanning
policies (see section 4.2.1 on page 23).
• Change anti-virus protection settings for individual servers on which the
Kaspersky Anti-Virus is installed (see section 4.2.2 on page 30);
• Create and manage groups of clients and apply group policies to them
(see section 4.2.3 on page 34);
• Set up new rules for anti-virus protection that differ from the default rules.
The new rules are added by creating new policies (see section 4.2.4 on
page 39). In the new policy, you can redefine the settings for traffic
filtering and then assign a group of users to the policy created.
®
for ISA
As Active Directory is used to store application settings, changes will
take effect after a while. As a rule, they take effect 2-3 minutes after the
new settings are saved in the Administration Console.
3
Below, the description of the main window elements refers to their Taskpad view.
Page 24
23 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Figure 8. The Kaspersky Anti-Virus for Microsoft ISA Server main window
Figure 9. Shortcut menu
4.2.1. Configuring general settings of antivirus scans
The administrator may need to change general settings of anti-virus protection.
To edit general settings of anti-virus scanning:
Page 25
Using Kaspersky Anti-Virus® for ISA Server 24
In the Kaspersky Anti-Virus® main window, select Edit Kaspersky AntiVirus settings to open the Properties of Kaspersky Anti-Virus for
Microsoft ISA Server 2000 Enterprise Edition dialog box.
The general settings of anti-virus scanning are available on the Anti-Virus,
HTTP, and FTP tabs.
4.2.1.1. General settings
The General tab (see Figure 10) displays general information about Kaspersky
Anti-Virus: Administration Console version and brief information about the license
(license owner, license expiration date, and the license key status).
The license key status displayed on the General tab (see Figure 10)
can differ from its real status if this license key is blocked by Kaspersky
Lab. The real status of the license key is displayed in the server properties dialog box. On each server, the license key status can be different,
depending on the database version installed on this server.
Figure 10. The General tab
Page 26
25 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
On the Anti-Virus tab (see Figure 11), you can make Kaspersky Anti-Virus®
changes common for the entire array of servers.
Figure 11. The Anti-Virus tab
In the upper part of the tab, you can see the following scan settings (Fig. 11):
• If you want your Kaspersky Anti-Virus® to disinfect an infected file upon
detection, check the Disinfect objects if possible box.
Only files transferred via the HTTP protocol can be disinfected. An infected file sent by the FTP protocol will not be disinfected; the program
will block access to the infected object.
• If you want to enable extracting and scanning of archives, check the
Scan archives box.
If the tool for extracting archives is disabled, the archives will be
scanned as normal files. In this case, the program will detect only those
viruses that have penetrated the archived file.
Page 27
Using Kaspersky Anti-Virus® for ISA Server 26
When scanning multi-volume archives, Kaspersky Anti-Virus iscans
each of the volumes as a separate object. In this case, the application
can detect malicious code only if one of the volumes contains the entire
piece of code. If a virus is divided into separate parts, during partial data
loading, the anti-virus application will be unable to detect it. In this case,
there is a possibility that malicious code can propagate after the object
restores its integrity.
Multi-volume archives can be scanned after they are saved on the hard
disk by, for example, other Kaspersky Lab applications are installed on
the computer.
Kaspersky Anti-virus does not scan password protected archives!
• If you want to scan compressed executable files, check the Scan
compressed executable files box.
As for archives, if this option is disabled, executable files will be
scanned as uncompressed. The program will detect only those viruses
that have penetrated the compressed file.
Since all these modes increase the load on your computer resources during antivirus scans, this can delay sending files to the client.
In the lower part of the tab, you can select the anti-virus database that will be
used to detect viruses:
• Standard databases (viruses only) – the application will use the database
containing descriptions of all currently known viruses and methods of their
detection and eradication. This is a default option.
• Extended databases (viruses + RiskWare) – in addition to virus
signatures, the database contains descriptions of the so-called riskware,
i.e. the applications that known to be potentially vulnerable to hacker
attacks, nonauthorized access, etc.
• Redundant database (viruses + RiskWare, SpyWare, AdWare) – the
application will use the most extended version of the database. In addition
to the above-described database, this version contains descriptions of spy
applications (SpyWare) and applications used to broadcast unsolicited
advertisements (AdWare).
Spy application allow unauthorized users to get access to personal information, such as web browser history, passwords, bank accounts, etc., and
send it to interested parties.
The so-called AdWare installed together with other software displays advertisements in new browser windows, thereby impelling the user to visit
the website of the advertiser. This software may irritate users and lead to
increasing the company’s total traffic.
Page 28
27 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
The use of the extended and redundant databases may cause false
alarms, i.e. when the anti-virus application warns the user about the
software installed to protect the PC. These can be remote administration programs that have no installer.
®
The default option for Kaspersky Anti-Virus
is to use the standard anti-virus
database. The extended and redundant databases are used to provide the
highest-level protection for data. The use of these databases increases the load
on your server resources.
4.2.1.2. Settings for HTTP scanning
On the HTTP tab (Fig. 12), you can modify settings for scanning HTTP traffic and
set restrictions for processing data transferred via the HTTP protocol. Here you
can also edit messages sent to the clients.
Figure 12. The HTTP tab
In the upper three fields, specify the settings for HTTP scanning:
• Select the Cure HTTP traffic check box if you want Kaspersky Anti-Virus
to cure an infected file upon its detection;
Page 29
Using Kaspersky Anti-Virus® for ISA Server 28
Kaspersky Anti-Virus can disinfect only the files transferred
via HTTP protocol. When an infected file is detected transferred via the FTP protocol, Kaspersky Anti-Virus blocks access to the infected object without attempts to disinfect it.
• Enter the maximum delay time for a chunk of data scanned by the
application in the Maximum scan time for the first chunk of data, sec
field. This field specifies the time limit for scanning data. After the limit is
reached, scanning is converted into a stream and sent to the client upon
request. This parameter affects the way infected files are treated after
they are detected:
• If an infected file has been detected and disinfected before the
first chunk of data containing a part of this file was sent to the
client, the client receives the disinfected file.
• If an infected file was detected after the first chunk of data containing a part of this infected file had been sent to the client, the
program terminates the connection. Upon the second request
for this file, the client will be immediately notified that the requested file is infected.
Upon the second request for this file, the client will be notified that the
requested file is infected only if the time span between the first and the
second requests does not exceed 100 sec. This value cannot be
changed in this version of the program.
• Specify the time span for sending the next chunk of data to the client
upon request in the Maximum time span between chunks of data sent
to the client, sec field.
The value of this field cannot exceed the value of the Maximum scan
time for the first chunk of data, sec field.
• Set the percentage of data accumulated by Kaspersky Anti-Virus® for
subsequent analysis and scanning in the Data not sent to the client
before scan completes, % field.
The Enable partial content download checkbox enables/disables partial
downloading of data in cases, for example, of an Internet connection failure when
downloading a file.
However, note that Kaspersky Anti-Virus
if the entire code is present in any part of the downloaded file. If the viral code is
divided into separate parts, Kaspersky Anti-Virus
®
is able to detect a malicious code only
®
might fail to detect it. In such a
case, after the integrity of the downloaded object is restored, the virus might
penetrate your system.
Page 30
29 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
For more information about the fields for editing messages sent to the client, see
section. 4.4 on page 52.
At any time during editing the current settings, you can return to default settings
by clicking the Set default values button.
4.2.1.3. Settings for FTP scanning
On the FTP tab (Fig. 13), you can modify settings for scanning ISA Server data
transmitted via the FTP and FTP over HTTP protocols.
In addition to the anti-virus protection mode, you can specify the amount of data
transmitted via the FTP protocol and collected by the server for subsequent
analysis. After the server receives the specified amount of data, the data is sent
to the client. The maximum value of this field is 1024 Kb.
At any time during editing the current settings, you can return to default settings
by clicking the Set default values button.
Figure 13. The FTP tab
Page 31
Using Kaspersky Anti-Virus® for ISA Server 30
4.2.2. Editing application settings for a
single server
Click the Servers node in the tree to view the names of servers on which
Kaspersky Anti-Virus® is installed (see Fig. 14). The name and version of
Kaspersky Anti-Virus
®
is displayed for each server.
Figure 14. The Kaspersky Anti-Virus® Server management
dialog box
To switch to the scan parameters for a single server:
Select the required server in the right part of the Kaspersky Anti-Virus
window and click Edit server properties.
On the General tab of the server properties dialog box (Figure 15) contains the
following information about the server:
• server name
• installed application version
• state of anti-virus kernels
• license expiration date
• license key status
®
Page 32
31 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
• application operation mode
• number of anti-virus database records
• date of the last database update
Figure 15. The General tab
On the Anti-Virus tab (see Fig. 16), you can change the parameters of
Kaspersky Anti-Virus for a single server.
In the three fields located in the upper part of the tab, you can edit the default
paths to the Kaspersky Anti-Virus
®
working folders. These folders are used to
store:
• The anti-virus database that is used during anti-virus scanning.
• Temporary files. When protection of archives and compressed
executable files is enabled, Kaspersky Anti-Virus® places the extracted
files in the temporary folder. After scanning, the temporary files are
deleted.
• The scan queue. Here the program places objects that are to be
scanned, being scanned, or those that have been scanned and are ready
for delivery to the client.
Page 33
Using Kaspersky Anti-Virus® for ISA Server 32
Figure 16. The Anti-Virus tab
For the changes in the path to the scan queue folder to take effect, you
should stop these services in the following order:
• Microsoft ISA Server Control service and all related services
• Kaspersky Anti-Virus for Microsoft ISA Server service
After this, you can start again these services (in the arbitrary order).
Kaspersky Anti-Virus® for Microsoft ISA Server can run simultaneously
with other anti-virus programs in order to protect the file system of your
computer (for example, Kaspersky Anti-Virus
In this case, the correct operation of Kaspersky Anti-Virus
ISA Server requires that the folders for the scan queue and temporary
®
for Microsoft NT Server).
®
for Microsoft
files be excluded from scans by these additional programs.
In the lower part of the tab, you can specify the following settings affecting the
Kaspersky Anti-Virus performance:
• Number of queued objects cashed in memory
• Buffer size for cashed object, KB
Page 34
33 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
For the changes in the number of queued objects cashed in
memory and the buffer size for cashed object to take effect,
you should stop these services in the following order:
• Microsoft ISA Server Control service and all related
services
• Kaspersky Anti-Virus for Microsoft ISA Server service
After this, you can start again these services (in the arbitrary
order).
• The number of anti-virus kernel instances run simultaneously
To enhance the efficiency in processing large amounts of data, Kaspersky
Anti-Virus® can simultaneously run several anti-virus kernels. By default,
four anti-virus kernels are formed and run simultaneously during application startup.
You can select up to 32 anti-virus kernels to be run simultaneously. It is recommended that you run four anti-virus kernels on one physical processor.
• The number of anti-virus kernel instances reserved for scanning
"fast" objects.
In this field, you can specify the number of anti-virus kernel instances reserved for scanning some categories of HTTP traffic (the so-called “fast”
traffic). This allows the you to decrease the time spent by Kaspersky AntiVirus to scan large objects.
The following types of objects can be classified as HTTP traffic “fast” objects:
• Text files of size less than 2 MB
• Graphic files of size less than 2 MB
• Other objects (excluding executable files) of size below 256 KB.
• Scan queue size. In this field, specify the maximum number of objects
that can be placed to a working directory for objects queued for anti-virus
scanning.
The number of queued objects can range from 1 to 16383.
The default value is 1024.
If the queue is full, a new object will not be scanned. It will be
flagged as clean and sent to the client.
Page 35
Using Kaspersky Anti-Virus® for ISA Server 34
In case of multiple simultaneous connections (more than
1000) with an FTP server, the time for scanning some of the
queued objects might exceed the server timeout. In this case,
the FTP connections will be terminated, and all objects will
not be delivered to the clients.
• Maximum scan time, sec. In this field, specify the maximum time
allowed for scanning a single object.
You can set a value ranging from 0 to 86400 seconds, inclusive. The default value is 1800.
If an object is not scanned during the specified time, it will be
flagged as clean and sent to the client.
You can always restore the default settings by clicking the Restore default
button.
On the Diagnostics tab, you can specify the diagnostic detail level displayed in
logs (see section 4.6.3 on page 57).
4.2.3. Managing client groups
Each group includes local network clients; each client can be a member of one or
several groups. The same policy can be applied to different groups.
All ISA Server clients that do not belong to any group are assigned to
the default group.
If a client is a member of several groups, it is scanned for viruses using settings
for the group with the mildest rules of anti-virus protection.
An example is a client belonging both to the Accountant Department group for
which these chunks of data are scanned, and to the Administrators group for
which these chunks of data are excluded from scanning. In this case, an antivirus scan of this client will be performed with the settings for the Administrators
group.
®
In the present version of Kaspersky Anti-Virus
address or a group of IP addresses. Clients with a specified IP address can be
computers with pre-set network services and static IP addresses, for example,
mail servers. For network clients that do not have static IP addresses, you can
create one client and specify the subnet address and subnet mask.
To switch to the list of groups, Select Manage groups in the Kaspersky Anti-
®
main window. The Manage groups of Kaspersky Anti-Virus clients
Virus
dialog box will appear on your screen (Fig. 17).
, clients are defined by their IP
Page 36
35 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
You can also open the Manage groups of Kaspersky Anti-Virus clients dialog
box by selecting the Groups node in the tree.
The administrator can rename existing groups, change their descriptions, create
new groups, and delete old groups.
Figure 17. The Manage groups of Kaspersky Anti-Virus dialog box
To create a new group:
1. Select the Create a group option.
2. In the Create a Group dialog box (Fig. 18), enter the name and
description of the new group.
Page 37
Using Kaspersky Anti-Virus® for ISA Server 36
Figure 18. Creating a new group
3. In the next dialog box (Fig. 19), click Add clients …
Figure 19. Adding clients to a new group
Page 38
37 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
4. In the Clients dialog box (Fig. 20), either select a client from the list
of existing clients or create a new client by clicking New…
Figure 20. The Clients dialog box
5. If you select New…, you will see the Client Properties dialog box
(Fig. 21). In this dialog box, fill in the Client name field and select
one of the following options:
• One IP address to add a client with a static IP address.
• Subnet to add a client specified by a subnet mask.
• Range of IP addresses to specify a range of IP addresses for
a client.
Page 39
Using Kaspersky Anti-Virus® for ISA Server 38
Figure 21. Adding a new client to a group
6. After the new clients are included in a group, click Finish to finish
creating a group.
The newly created group is assigned to the default policy.
To change the description and contents of the clients in a group:
Select the required group in the Manage groups of Kaspersky AntiVirus clients (Fig. 17) and click Edit group properties.
This will open the Group properties dialog box. On the General tab of this
dialog box (Fig. 22), change the name and description of the group. On the
Clients tab (Fig. 23), you can add a client or delete an existing client from the
group.
If you delete an existing client, information about this client is deleted
only from the group you are currently editing.
Page 40
39 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Figure 22. The General tab
To delete a group:
Select the required group in the Manage groups of Kaspersky AntiVirus clients dialog box (Fig. 17) and click Delete a group.
Figure 23. The Clients tab
4.2.4. Specifying policies for anti-virus
scanning
A specific policy can be assigned to each group of clients. The anti-virus policies
define additional settings of filtering incoming traffic for different groups of clients,
thus increasing the speed of anti-virus scanning.
Only one policy can be assigned to each group. For example, the Ad-
ministrators policy is assigned to the Administrators group; no other
policy can be assigned to this group.
To switch to the list of policies:
Page 41
Using Kaspersky Anti-Virus® for ISA Server 40
Select Manage policies in the Kaspersky Anti-Virus® main window. You
will see the Manage Kaspersky Anti-Virus policies dialog box
(Fig. 24).
You can also switch to the Manage Kaspersky Anti-Virus policies dialog box
by clicking Policies in the tree.
Figure 24. The Manage Kaspersky Anti-Virus policies dialog box
To create a new policy:
1. Select Create a policy.
2. In the Create a Policy dialog box (Fig. 25), enter the name and a
description of the policy.
Page 42
41 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Figure 25. Creating a new policy
3. In the next dialog box (Fig. 26), click Add and select a group of
clients to be assigned to the new policy.
Figure 26. Adding a group of clients
Page 43
Using Kaspersky Anti-Virus® for ISA Server 42
4. In the Add Trusted Servers to a Policy dialog box (Fig. 27), click
Add to exclude incoming traffic from these servers from anti-virus
scanning. In the Trusted Server dialog box (Fig. 33), enter the
description of the server and its properties (see section 4.2.4.1 on
page 45 about trusted servers). After the list of trusted servers is
complete, click Next.
Figure 27. Adding trusted servers
5. The Add Trusted Object Types to a Policy dialog box (Fig. 28) will
appear on your screen. In this dialog box, click Add an object type
to add a type of object to be excluded from anti-virus scanning (see
section 4.2.4.2 on page 46 for more details).
Page 44
43 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Figure 28. Adding a mime type
6. After the list of trusted objects is complete, click Finish.
To edit policy settings:
In the Manage Kaspersky Anti-Virus policies dialog box (Fig. 24), select the policy and click Edit policy settings.
On the General tab of the new dialog box (Fig. 29), you can rename the policy
and change its description.
On the Groups tab (Fig. 30), you can change the list of groups assigned to this
policy, add a new group to the list of groups, or delete a group from the list.
Page 45
Using Kaspersky Anti-Virus® for ISA Server 44
Figure 29. The General tab
Figure 30. The Groups tab
On the Servers tab (Fig. 31) and the Object Types (Fig. 32) tab, you can edit
the list of trusted servers and objects excluded from scans for this anti-virus
policy.
Figure 31. The Servers tab
Figure 32. The Object Types tab
Page 46
45 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
To delete a policy:
In the Manage Kaspersky Anti-Virus policies dialog box (Fig. 24), select a policy and click Delete a policy.
After a policy is deleted, all groups of clients assigned to this policy are
automatically assigned to the default policy.
4.2.4.1. Managing a list of trusted servers
For each policy, the administrator can specify trusted servers. The incoming
traffic from these servers is excluded from anti-virus protection. This list only
contains names of servers from which traffic cannot contain any malicious
objects. The larger the list of trusted servers, the less Kaspersky Anti-Virus
intrudes into the data streams requested by the clients of the groups assigned to
this policy.
The list of trusted servers can be managed from the Servers tab (Fig. 31) of the
Policy properties dialog box.
When a new trusted server is added to the list, the program opens the Trusted
server dialog box (Fig. 33). Here you can configure settings for this trusted
server by specifying one of the following items:
• Server domain name.
• Server IP address.
• Subnet.
• Range of IP addresses.
®
Page 47
Using Kaspersky Anti-Virus® for ISA Server 46
Figure 33. Adding a trusted server
To delete a trusted server from the list, click the corresponding button
on the Servers tab (see Figure 31).
4.2.4.2. Creating a list of objects excluded from
scans
Reducing the types of object excluded from anti-virus scans, as well as the list of
trusted servers, in turn reduces the load on the resources of the ISA Server
computer.
The list of object types is managed from the Object Types tab (Fig. 32) of the
Policy properties dialog box. When a new type is added, the Object Type
dialog box appears (Fig. 34).
Figure 34. Adding types of objects
Page 48
47 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
4.3. Updating the anti-virus database
Updates to your anti-virus database can be downloaded on demand or
automatically (scheduled). The updated anti-virus database can be downloaded
from:
• the Internet via the FTP or HTTP protocol from Kaspersky Lab update
servers;
• from a local or shared folder.
New updates are available on Kaspersky Lab updating servers every
hour!
Updating of the anti-virus database is managed from the Updating tab of the
Properties of Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise
Edition (see Figure 35). By default, daily updating from Kaspersky Lab servers is
disabled. The database updates are downloaded once for all servers and then
they are deployed through the shared network folder.
To set up centralized updating, on the Updating tab specify the main server that
will download updates from the Internet and the name of the network resource
from which the updates will be deployed.
The master server should have read and write rights for the shared
network resource used to distribute updates to other servers. All other
servers must have read rights for this folder.
The updating application starts under the LocalSystem account. To
grant write permissions on a directory for the master server, you
should assign these rights on the domain of the account of the computer on which Kaspersky Anti-Virus is installed.
Page 49
Using Kaspersky Anti-Virus® for ISA Server 48
Figure 35. Configuring update settings
To configure updating settings for downloading updates from the Internet:
1. Click the Configure server button.
2. In the Anti-Virus Database Updating dialog box, select the Update
from Internet radio button.
3. Click Settings for updating from Internet to specify the updating
server.
Page 50
49 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Figure 36. Configuring the database updating server
4. In the new dialog box (Fig. 37):
• Choose Select update server automatically if you want to re-
trieve updates from a random server.
• Choose From the specified server only if you want to retrieve
updates from a user-defined server. Enter the server address in
the corresponding field.
5. In the Use HTTP proxy part, enter the HTTP proxy parameters if
such a proxy is used in your system:
• Select Use local proxy of the ISA server to use a local proxy
of the Miscrosoft ISA server to update the anti-virus database
via the Internet.
• Select Use other proxy server, and in the Proxy name and
port fields enter the proxy name and port that differ from the lo-
cal proxy of the ISA server.
6. In the FTP settings part, check the corresponding box to use
passive FTP for retrieving updates through FTP.
Page 51
Using Kaspersky Anti-Virus® for ISA Server 50
Figure 37. Configuring updating settings for downloading updates from the Internet
To update your anti-virus database from a local folder:
In the Anti-Virus Database Updating dialog box, select Update from a
local or shared folder and enter the full path to the desired folder (see
Figure 36).
4.3.1. Scheduled updating of the anti-virus
database
To enable automatic updating of your anti-virus database, check the
Automatically update anti-virus databases box (see Figure 36).
The anti-virus database is updated as often as set by the ISA Server
administrator. By default, the database is updated every three hours.
In the corresponding three fields (see Figure 36), you can change the frequency
and time of updating the anti-virus database.
Page 52
51 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
4.3.2. On-demand updating
On the Updating tab (see Figure 35), click Update now to start downloading the
updated anti-virus database according to the current settings.
You can update the anti-virus database on demand regardless of
whether scheduled updating of the anti-virus database is enabled or
disabled.
The Status field displays the current updating status.
4.3.3. Configuring database updating on a
single server
If centralized updating is disabled in the Properties of Kaspersky Anti-Virus
dialog box (see Figure 35), you can configure updating settings for updating the
database on individual servers. In this case, in the server properties dialog box,
you can see the Updating tab (see Figure 38\). All parameters on this tab are
identical to those described in this chapter.
Figure 38. Setting up updating the database on individual servers
Page 53
Using Kaspersky Anti-Virus® for ISA Server 52
4.4. Configuring notifications
If Kaspersky Anti-Virus® detects an infected file that cannot be disinfected in a
data stream, the connection terminates and the client that requested these data
receives an HTML message about detection of a virus.
Messages are formed only if the malicious object was detected by
Kaspersky Anti-Virus Web Filter or Kaspersky Anti-Virus HTTP Application Filter.
The following is the default message created in the Message sent to the client
about detection of a malicious object field (Fig. 12):
<html>
<head>
<title>Kaspersky Anti-Virus for Microsoft ISA Server</title>
</head>
<body>
<h1>Kaspersky Anti-Virus for Microsoft ISA Server</h1>
<p>The requested URL "%URL%" is infected with %VIRUSNAME%
virus</p>
</body>
</html>
The following extensible variables are used in the message text:
• %URL% – the URL of the Internet resource requested by the client.
• %VIRUSNAME% – the name of the virus that infected a data stream.
If an internal system error occurs after the request is sent, the client that
requested the data receives the following HTML message formed in the Error
message sent to the client field on the HTTP tab of the Properties of
Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition
dialog box (Fig. 12):
<html>
<head>
<title>Kaspersky Anti-Virus for Microsoft ISA Server</title>
</head>
<body>
<h1>Kaspersky Anti-Virus for Microsoft ISA Server</h1>
<p>Internal Scanner Error "%ERR_TEXT%" (%ERR%)</p>
</body>
</html>
The following extensible variables are used in the message text:
• %ERR_TEXT% – error description
Page 54
53 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
• %ERR% – error code
On the HTTP tab of the Properties of Kaspersky Anti-Virus for Microsoft ISA
Server 2000 Enterprise Edition dialog box, you can edit messages sent to the
client (Fig. 12). The maximum message length is 10240 bytes and the code page
is win1251.
4.5. Testing Kaspersky Anti-Virus®
operation
After installing and adjusting Kaspersky Anti-Virus®, we recommend that you test
its settings and operation of the program using a test “virus” or its modifications.
The test virus was specially designed by the
European Institute for Computer Antivirus Research) for testing anti-virus
products.
The test “virus” IS NOT ACTUALLY A VIRUS because it does not contain code
that can really harm your computer. However, most anti-virus products identify
this file as a virus.
Never use real viruses to test the operation of an anti-virus product!
You can download the test “virus” from the official website of the EICAR
organization at http://www.eicar.org/anti_virus_test_file.htm
When the file is being downloaded from the EICAR website, the anti-virus
program will detect it, label it as infected, fail to disinfect it, and apply the action
defined by the administrator for handling such objects. Thus, under default
settings (see section 4.1 on page 19), the Internet connection will be terminated
and you will see a warning about downloading an object infected with the eicar
virus.
organization (The
.
4.6. Application statistics and
diagnostics
You can view Kaspersky Anti-Virus® performance statistics using standard
Windows counters and modify options for notifying the administrator upon critical
events. You can also have Kaspersky Anti-Virus® log statistics to diagnose
problems that might occur when the program is filtering data streams.
Page 55
Using Kaspersky Anti-Virus® for ISA Server 54
This section discusses these features in more detail.
4.6.1. Recording and viewing statistics
The Kaspersky-Anti-Virus performance statistics can be managed and viewed
using standard Windows performance counters that are available from the
Performance console (Start -> Settings -> Control Panel
-> Administration Tools -> Performance).
To select the parameters to be logged:
1. Switch to the Add Counters dialog box (Fig. 39) and select Use
local computer counters if ISA Server is managed from an ISA
Server computer, or Select counters from computer if ISA Server
is managed from a remote administrator’s workstation.
2. From the Performance Object drop-down list, select the KAV for
ISA object. A list of parameters currently logged appears in the
lower left field:
• Select All counters if you want to view statistics of all the pa-
rameters of Kaspersky Anti-Virus
• Choose Select counters from list if you want to view informa-
tion only on specified parameters of the application performance. Then, select a necessary counter from the list and click
Add.
®
performance, and click Add.
Page 56
55 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Figure 39. Customizing statistics settings
The following settings are required to view counters from a remote computer!
3. To view statistics from a remote computer, you must be granted the
following permissions on the computer where Kaspersky Anti-Virus
for Microsoft ISA Server is installed:
• Read access to the following files:
%windir%\System32\PERFCxxx.DAT
%windir%\system32\PERFHxxx.DAT
• Read access to the following registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT
\CurrentVersion\Perflib
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Con
trol\SecurePipeServers\Winreg
• Read and write access to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Ser
vices\Anti-Virus KL for Microsoft ISA
• System privileges (assigned from Control Panel -> Adminis-
trative tools -> Local Security Policy -> Security settings ->
Local Policies -> User permissions):
o Profile System Performance.
®
Page 57
Using Kaspersky Anti-Virus® for ISA Server 56
o Profile Single Process.
The above list of permissions is described in Microsoft Knowledge
Base Article Q158438 at
http://support.microsoft.com/default.aspx?kbid=158438
By default, these permissions are granted to users from the Ad-
ministrators group on the computer where Kaspersky Anti-Virus
®
for Microsoft ISA Server is installed.
4. To view statistics on a server with Kaspersky Anti-Virus
®
for
Microsoft ISA Server from a remote computer, the following services
must be enabled:
o Remote Registry Administration.
o NetBIOS access (check the File and Printer Sharing for
Microsoft Networks checkbox in My Network Places ->
Properties -> LAN -> Properties).
4.6.2. Notifying the administrator using ISA
Server Alerts
Using ISA Server Alerts system tools, you can notify administrator upon critical
events that might occur during performance of applications installed on ISA
Server. The administrator can be informed by various means, such as logging
events to system log, sending notifications by e-mail, etc.
The administrator must immediately response to some critical events related to
Kaspersky Anti-Virus
is about to expire (see Figure 40). Kaspersky Anti-Virus critical events are added
to the existing list of critical events after the application is installed on the server.
You can customize how you will be notified upon such events.
®
performance. For example, a critical event is Your license
Page 58
57 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Figure 40. Customizing notifications upon critical events.
4.6.3. Configuring diagnostics options for
the application
Kaspersky Anti-Virus® allows you to monitor the application performance on each
Microsoft ISA Server and record results in the following log files:
kavisaDATE.log – Kaspersky Anti-Virus
amount of information about application performance during the designated time period. In the file name, DATE is the date of creation of this
file in the format YearMonthDate, for example, kavisa20040410.log.
If the program is trying to add report to the file while you are currently
editing the file, Kaspersky Anti-Virus
modified name, for example, kavisa20040410_1.log.
virusDATE.log – Kaspersky Anti-Virus
malicious objects detected during scans.
You can custom the report detail level on the Diagnostics tab of the Server
Properties dialog box (see Figure 41).
®
log that stores the customizable
®
will create a new file with a slightly
®
log file that stores information about
Page 59
Using Kaspersky Anti-Virus® for ISA Server 58
The time of events, written to the above-listed event logs, is displayed in
Universal Coordinated Time (UTC) format
Figure 41. Diagnostics options for Kaspersky Anti-Virus®
All critical events related to Kaspersky Anti-Virus® performance are also saved to
the Windows system log.
In the left pane of the tab, you can select tasks, such as Updating anti-virus
database, Licensing, etc. The right pane shows types of messages generated by
Kaspersky Anti-Virus
®
for the selected task and their detail level.
For any type of messages, you can select one of the following detail levels:
• None – Do not log any information.
• Minimum – Record only main events, for example, application startup
and shutdown, etc.
• Medium – In addition to main event, log additional events describing
Kaspersky Anti-Virus® performance in more detail (for example, errors
when connecting to update servers).
• Maximum – Log all possible information on application performance,
except for debugging messages.
Page 60
59 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
• Debug – Log all information, including debugging messages. This
diagnostics mode dispays a substantial number of messages, which may
decrease system performance and lead to quickly consumption of disk
space. We recommend using this mode only when you debug the
application.
By default, the minimum detail level is set for all log records.
On this tab, you can also set the frequency of refreshing the log files and their
number.
You can always restore the default settings by clicking the Restore default
values button.
4.7. Managing license keys
The license keys are managed on the Licensing tab of the Properties of
Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition
dialog box (Fig. 43).
A valid license key allows you to take advantage of all available features of
Kaspersky Anti-Virus
If you have not yet decided to purchase a full version of Kaspersky Anti-Virus
we can provide you with a trial key valid for two weeks or a month. After the trial
period expires, the key will be blocked and will not be able to scan data streams
for viruses.
®
.
®
,
You cannot use a trial key more than once!
®
If you have no license key for Kaspersky Anti-Virus
license key does not match the application, Kaspersky Anti-Virus
After the license expires, Kaspersky Anti-Virus
®
for Microsoft ISA Server retains
for ISA Server or your
®
will not work.
its functionality except for the update service. You will be able to scan data
streams for viruses using the out-of-date database. In this case, we do not
guarantee 100% protection from new viruses that appear after your Anti-Virus
license expires.
Even if you download the anti-virus database manually from Kaspersky Lab
websites and copy the updates to the corresponding folder on your server, the
program will not use this database.
If you fail to find the license key in the distribution kit, contact the distributor who
sold you this copy of the product.
Page 61
Using Kaspersky Anti-Virus® for ISA Server 60
4.7.1. Installing a new license key
For normal operation of Kaspersky Anti-Virus, you must install a license key.
To install a license key:
On the Licensing tab (see Figure 42), in the Current license key field
click Add/Replace and select the current license key file (*.key) in the
dialog box that appears on your screen.
Figure 42. Managing license keys
After the license key is added, the following information will be displayed:
• license key status;
• license key type;
• license owner;
• license expiry date;
Page 62
61 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
• license key serial number;
• number of protected computers
If you want the program to send you reminders about the expiry of the
license:
On the Licensing tab (see Figure 42), enter the corresponding number of
days in the special field. Starting from the specified day prior to the expiry of the license, the program will display daily reminders in the system
log of the computer on which Kaspersky Anti-Virus
®
is installed. This
message will show the number of days left before the license expiry.
You can see the license expiry date on the General tab of the Kaspersky Anti-Virus
®
for Microsoft ISA Server main window.
You can also install a reserve key, which will take effect immediately after the
previous key expires. Thus, you will be able to keep your server constantly
protected from viruses.
To install a reserve key, click Add in the Reserve license key field (see Figure
42) and select the reserve key file (*.key) in the file selection dialog box that
appears on your screen.
After the reserve license key is installed, the following information about the
license key will be displayed:
• license expiration date;
• license key serial number;
• number of protected computers.
If you have installed a reserve key beforehand, it will be immediately put into
operation after your current license key expires. In this case, the program
removes the out-of-date license key. Thus, your license key can be automatically
renewed.
You cannot install more than two license keys!
4.7.2. Renewing your license
If your license has expired, you need to renew it to restore the functionality of the
program, i. e., you must purchase a new license key. Kaspersky Anti-Virus
®
will
Page 63
Using Kaspersky Anti-Virus® for ISA Server 62
not update the anti-virus database until your license is renewed, and, hence we
do not guarantee 100% protection from viruses.
To renew your license, you need to:
Contact the seller of your copy of the product and purchase a new
Kaspersky Anti-Virus
®
license key,
or
Purchase a license key at Kaspersky Lab. Write a letter of request directly to the Sales Department of our company (sales@kaspersky.com
or fill in the corresponding form on our website
(http://www.kaspersky.com
), in the E-Store section. After your payment
is received, we will send you a license key at the e-mail address indicated in the corresponding field of your order. The license key received
must be installed on the application (see section 4.7.1 on page 60).
)
Figure 43. Managing license keys
Page 64
63 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
4.7.3. Removing a license key
During installation of a new license key, you can manually remove the expired
key by clicking the corresponding button on the Licensing tab (Fig. 43).
If you have installed two keys – current and reserve – and want to remove the
current key before it expires, you will remove the reserve key together with the
current one.
4.8. Managing the application via
Kaspersky Administration Kit
If Kaspersky Administration Kit is used on your network to manage anti-virus
protection, Kaspersky Anti-Virus can be managed from a remote location. To
enable centralized administration, you should install the Network Agent from the
Kaspersky Administration Kit suite on the computer where Kaspersky Anti-Virus
is installed. After this, the computer is automatically connected to the centralized
management system and you can manage the application from any computer on
which the Administration Console of Kaspersky Administration Kit is installed.
Kaspersky Administration Kit Administration Console is a standard interface
integrated into MMC, which allows the logical network administrator to perform
the following functions:
• update the anti-virus database
• manage tasks on clients
• install license keys on client computers
• view reports on application performance on client computers
For more information on the centralized management concept, see the
Kaspersky Administration Kit 5.0 Administrator’s Guide.
You can configure task settings both through the Kaspersky Administration Kit Administration Console and through the Administration Console
of Kaspersky Anti-Virus. The later task settings will have a higher priority.
You cannot install and uninstall Kaspersky Anti-Virus from a remote
location using Kaspersky Administration Kit.
Page 65
Using Kaspersky Anti-Virus® for ISA Server 64
4.8.1. Managing tasks
This section provides information on how to create and configure tasks for
Kaspersky Anti-Virus 5.6 for Microsoft ISA Server 2000 Enterprise Edition. For
more information on the task management concept, refer to the Kaspersky
Administration Kit 5.0 Administrator’s Guide.
4.8.1.1. Creating a task
When managing Kaspersky Anti-Virus through Kaspersky Administration Kit, you
can create the following tasks:
• local tasks created for each client;
• group tasks defined for a group of clients;
• global tasks created for multiple clients from different groups of the
logical network.
You can change task settings, monitor task performance, copy, move, and delete
tasks by using the standard Copy/Paste, Cut/Paste or Delete commands on the
shortcut menu and on the Action menu.
The tasks executed on every client computer have the settings that depend on
the group policy, task settings, and the settings of this application on the client.
The tasks are scheduled to start at a certain time. You can temporary remove
some tasks from the list of scheduled tasks. In this case, the tasks are neither
deleted nor launched.
You can run a task, cancel it, and pause or resume it manually by using either
the Start/Stop/Pause/Resume commands on the shortcut menu or on the
Action menu.
To create a local task:
1. In the console tree of Kaspersky Administration Kit, in the Group
folder, select a folder with the name of the group to which your client belongs.
2. In the results pane, select a computer for which you want to create
a local task and click the Properties item on the shortcut menu or
on the Action menu. As the result, you will see a window where
you can view the properties of the client computer: Properties:
computer_name (see Figure 44).
Page 66
65 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
3. Open the Tasks tab (see Figure 44) that displays a full list of tasks
created for each client computer.
To create a local task, click Add. To configure a local task, click
Properties. Use the Delete button to delete a selected task from
the list. Click Results to view task performance results.
Figure 44. Creating a local task.
When you click Add, a New Task Wizard opens. The New Task Wizard has the
interface similar to a standard Windows Wizard. Use the Back and Next buttons
to switch between steps each displayed in a separate wizard’s dialog box. To
complete the wizard, click Finish. Click OK to finish working with the wizard.
The Tasks tab
Step 1. Specifying general information about the task
In the first wizard’s dialog box, specify the task name in the Name field.
Step 2. Selecting the application and task type
From the Application name drop-down box, select Антивирус Касперского
для Microsoft ISA Server 2000 Enterprise Edition. The task type is selected in
Page 67
Using Kaspersky Anti-Virus® for ISA Server 66
the Task type drop-down box. For Kaspersky Anti-Virus 5.6 for Microsoft ISA
Server 2000 Enterprise Edition, you can create the Install license key task.
The Download updates task is preinstalled and cannot be deleted. You
can only configure the task settings (see section 4.8.1.2 on page 69).
Step 3. Configuring task settings
For the Install license key task, in this dialog box you should specify the path to
the license key file using the Browse button (Figure 45). In the fields below, you
will see general information about the license key to be installed.
Figure 45. Creating a local task.
Specifying license key installation settings
To install this license key as a reserve on, select the Install as a reserve key
check box. The reserve key will be in use after the current license key expires.
Step 4. Specifying an account under which to start the task
At this step (see Figure 46), you can configure the task to start under a user
account that have appropriate rights to install a license key.
Select one of the following options:
Page 68
67 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
• Default account – To start the task under the Kaspersky Administration
Kit account.
• Specified account – Specify the account credentials (user name and
password) that have enough tights to execute this task.
This allows the administrator to avoid errors when executing tasks in case the
user who has run the task does not have appropriate access rights.
Figure 46. Specifying an account under which to start the task
Step 5. Setting a schedule for the task
After you specify the task type, in the next dialog box Configure schedule (see
Figure 47) schedule the task to run at a specified time.
Page 69
Using Kaspersky Anti-Virus® for ISA Server 68
Figure 47. Specifying an account under which to start the task
In the Schedule for drop-down list, set the task to start:
• manually;
• immediately;
• once.
Depending on the selected schedule, the schedule options available for each
type of schedule will differ.
Refer to the Kaspersky Administration Kit 5.0 Administrator’s Guide for a full
description of this dialog box.
Step 6. Completing task creation
In the last dialog box, the wizard informs you that the task has been successfully
created.
To create a new group task for Kaspersky Anti-Virus:
1. In the console tree, choose the group for which you want to create
the task.
2. In this group, select the Tasks folder in this Group. On the shortcut
menu or the Action menu, click New/Task to start a new task wiz-
Page 70
69 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
ard that is the same as the wizard for creating a local task (see
above). Follow the wizard’s instructions.
After you finish with the wizard, the task you created will be added to the Tasks
folder of the corresponding group and all nested groups and displayed in the
details panel. This task will be assigned for the specified group and for all nested
groups.
To create a global task for Kaspersky Anti-Virus:
1. In the console tree of Kaspersky Administration Kit, select the
Tasks node and click the New/Task command on the shortcut
menu or on the Action menu to start a new task wizard.
2. This wizard is similar to the wizard for creating local tasks (see de-
tailed description above). It has one additional stage when you
should select clients from the logical network for which you want to
create a task.
3. Select logical network clients for which you want to create the task.
You can select either computers from different folders or all computers in the current folder (for detail, see the Kaspersky Administration Kit 5.0 Administrator’s Guide).
Global tasks will be executed only on the specified clients. The
application deployment task assigned to a group will not be executed on new clients added to this group after the task has been
created. You should create a new task or make appropriate
changes to the current task settings.
After you finish with the wizard, the global task you created will be added to the
Tasks node in the console tree of the Kaspersky Administration Kit
Administration Console and displayed in the details panel.
4.8.1.2. Viewing and changing task settings
To view and/or change task settings:
• For a local task, in the Administration Console of Kaspersky
Administration Kit, in the Groups folder, select a folder named as the
group into which this client computer is included. In the results pane,
select the required computer and click Properties on the shortcut menu.
In the new dialog box Properties: computer_name open the Tasks tab
(see Figure 44). Click the Properties button to open a dialog box where
you can view and configure the settings of the selected task.
Page 71
Using Kaspersky Anti-Virus® for ISA Server 70
The Tasks tab lists a full list of tasks created for this client
computer, including global and group tasks. Global and
group tasks are indicated with the “folder” icon. Although
you can view the settings of all tasks, you can change settings of only local tasks.
• If you want to create/modify a group task, choose a target group in the
Administration Console tree of Kaspersky Administration Kit and select the
Tasks folder in this group. In the details panel, you will see all tasks
assigned to this group. Select the required task, open the shortcut menu
and choose the Properties item from the shortcut menu (or from the
Action menu).
• If you want to change global task settings, choose the Tasks node in the
console tree, select a target task in the details panel. Click the Properties
item on the shortcut menu or on the Action menu.
You will see the <Task name> Properties dialog box with the following tabs:
General, Settings, Account, Schedule, and Notification. The global task
property dialog box also has the Target computers tab displaying all computers
on which this task will be applied. All tabs (except for Settings and Schedule)
are standard tabs for Kaspersky Administration Kit 5.0. See their full description
in the Kaspersky Administration Kit Administrator’s Guide.
The Settings tab and Schedule tab contain specific parameters of Kaspersky
Anti-Virus 5.6 for Microsoft ISA Server 2000 Enterprise Edition.
VIEWING AND EDITING SETTINGS OF THE INSTALL LICENSE KEY TASK
For the Install license key task, the contents of the Settings and Schedule tab
are the same as that of the corresponding wizard’s dialog boxes (see Step 3.
Step 5. ).
VIEWING AND EDITING SETTINGS OF THE UPDATE TASK
The update task is a system task that cannot be deleted. However, you can
modify its settings.
On the Settings tab (Figure 48), you can edit the following settings:
• If you want to use centralized updating, select the corresponding check
box. In this case, in the fields below you should specify the main server
that will download updates from the Internet and the network shared
source from where the updates will be distributed to other servers.
• In the Server settings group, specify the source for updating the
database:
• Update from Internet. In this case, click the Settings button
and in the new dialog box that is the same as the Settings for
Page 72
71 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
updating from Internet (see Figure 37), specify the necessary
settings.
• Update from a local or shared folder. In this case, specify the
full path to the update folder in the corresponding field below.
Figure 48. Configuring settings of the database update task.
The Settings tab
On the Schedule tab (see Figure 49), you can select the following options:
• manually;
• every Nth day (once or twice if the corresponding check box is selected);
• Every Nth hour / day.
Page 73
Using Kaspersky Anti-Virus® for ISA Server 72
Figure 49. Configuring settings of the database update task.
The Schedule tab
Full information about configuring database updating settings is given in
section 4.3 on page 47.
4.8.1.3. Starting and stopping tasks
Tasks are launched on a client only if the corresponding application is
running. When the application is disabled, all running tasks are cancelled.
Tasks are started and stopped automatically (on schedule) or manually by using
shortcut menu commands.
To manually start/stop/pause/resume a task:
Choose the target task, open the shortcut menu and click
Start / Stop /Pause / Resume on the shortcut menu or on the Action
menu.
Page 74
73 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
4.8.2. Managing application settings
You can manage settings of applications installed on specific computers in the
group.
To configure application settings:
1. Select a group in the Groups folder that includes the required client
computer.
2. In the details panel, select the computer on which the target appli-
cation is installed. Click the Properties command on the shortcut
menu or on the Action menu.
3. The <Computer name> Properties dialog box containing four tabs
opens. Switch to the Applications tab (Figure 50). This tab lists all
Kaspersky Lab applications installed on this client computer.
Figure 50. Viewing computer properties dialog box.
The Applications tab
Page 75
Using Kaspersky Anti-Virus® for ISA Server 74
4. Select Kaspersky Anti-Virus 5.6 for Microsoft ISA Server 2000
Enterprise Edition. Below the list, you can see the buttons Events,
Statistics, Properties. Using these buttons, you can:
• View a list of application-related events that occurred on the client and were logged on the Administration Server (refer to
Kaspersky Administration Kit 5.0 Administrator’s Guide for more
information on how to work with reports and logs).
• View current statistics on the application performance.
• Configure the application settings. When you click the Proper-
ties button, a dialog box containing the following tabs opens:
General, Anti-Virus server, Groups, Policies, HTTP, FTP,
Anti-Virus, Licenses, Event processing. Below is a detailed
description of these tabs.
On the General tab (Figure 51), you can view general information about
Kaspersky Anti-Virus 5.6 для Microsoft ISA Server 2000 Enterprise Edition and
the management plug-in.
The upper part of the dialog box displays the name of the application, its version,
installation date, its current status on this client, and information on the database
state. Click the Plug-in info… button to view the properties of the management
plug-in installed on the administrator workstation.
Page 76
75 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Figure 51. Configuring application settings.
The General tab
Page 77
Using Kaspersky Anti-Virus® for ISA Server 76
Figure 52. Viewing plug-in properties dialog box.
On the Anti-virus server tab (Figure 53), you can change the Kaspersky AntiVirus settings affecting the performance of every server. The options on this tab
are the same as those on the Anti-Virus tab (see Figure 16). At the lower part of
the tab, you can set the number of days prior to which the administrator will be
notified that the license installed on this server expires.
Page 78
77 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Figure 53. Configuring application settings dialog box
The Anti-virus server tab.
On the Groups tab (see Figure 54), you can modify a list of group of clients on
the local network to which the same policies can be applied. You can add a new
group to the list, remove a group from the list, and edit group settings. See
detailed information on group management in section 4.2.3 on page 34.
Page 79
Using Kaspersky Anti-Virus® for ISA Server 78
Figure 54. Configuring application settings dialog box
The Groups tab
On the Policies tab (see Figure 55), you can manage policies applicable to the
groups of clients (see section 4.2.4 on page 39).
Page 80
79 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Figure 55. Configuring application settings dialog box
The Policies tab
On the HTTP tab, you can specify settings for scanning HTTP traffic and set
limitations on handling the HTTP data by the application. On this tab you can also
edit the text of notification messages sent to the clients. See section 4.2.1.2 on
page 27 for a description of this tab.
On the FTP tab, you can regulate the ISA Server data received by the FTP and
FTP over HTTP protocols. See section 4.2.1.3 on page 29 for a description of
this tab.
On the Anti-Virus tab, you can modify Kaspersky Anti-Virus settings common for
all servers in the array. This tab is similar to that in the application properties
dialog box (see Figure 11).
The Licenses tab (see Figure 56) is only informational. It displays detailed
information about the current and reserve license keys installed on this client
computer.
Page 81
Using Kaspersky Anti-Virus® for ISA Server 80
Figure 56. Configuring application settings dialog box
The Licenses tab
The Event processing tab (Figure 57) displays events that occurred during
application operation and were logged by Kaspersky Administration Kit.
Page 82
81 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Figure 57. The Event processing tab
During operation, Kaspersky Anti-Virus 5.6 for Microsoft ISA Server 2000
Enterprise Edition generates a list of events (see Table 2). Each event can be of
one of the following severity levels:
• Critical
• Error
• Warning
• Info
The events of the same type can be of different severity level, depending on the
situation when this event occurred.
From the drop-down list, select the severity level: Critical, Error, Warning, or
Info. The informational field below the list shows the types of events for the
selected level.
Page 83
Using Kaspersky Anti-Virus® for ISA Server 82
Table 2. Application events
Event Severity level
Virus is detected
License initialization error
Illegal database updating
Corrupted database
Database updating error
- anti-virus database has not been restored
from the backup
- anti-virus database has been restored from
the backup
Object is disinfected
License has expired
Web filter is running
Web filter is stopped
FTP filter is running
FTP filter is stopped
HTTP filter is running
HTTP filter is stopped
Critical
Error
Error
Error
Error
Warning
Warning
Warning
Info
Info
Info
Info
Info
Info
For each event, you can specify whether it must be saved on the Administration
Server and /or on the client, as well as in the event log on the server and on the
client computer. You can also configure the application to notify the administrator
and /or other users upon specific events.
For detailed information on other options on the Event processing tab, refer to
the Kaspersky Administration Kit 5.0 Administrator’s Guide.
Page 84
CHAPTER 5. FREQUENTLY
ASKED QUESTIONS
Question:
software supplied by other manufacturers?
In order to avoid conflicts we recommend that you uninstall ant-virus
software of other manufacturers prior to installation of Kaspersky AntiVirus.
Why does Kaspersky Anti-Virus
performance, noticeably loading the CPU?
Virus detection is a computationally intensive mathematical problem requiring structural analysis, checksum calculation and mathematical data
conversions. Processor time is therefore the main resource consumed by
the anti-virus software, and each new virus added to the anti-virus database increases the overall scanning time. This is a necessary sacrifice for
the security and safety of your data.
Other anti-virus products speed up scanning by excluding both viruses
which are less easily detectable or less frequent in the geographic location
of the anti-virus vendor, and file formats that require complicated analysis
(e.g. PDF) from their databases.
In contrast, Kaspersky Lab believes that the purpose of its anti-virus applications is to establish real and complete anti-virus security for its users.
We believe that "partial protection" is even worse than no protection at all,
because it forces users to take personal precautions.
Kaspersky Anti-Virus gives its users maximum protection. Experienced
users can, of course, accelerate anti-virus scanning to the detriment of
overall security by disabling scanning of various file types, but we do not
recommend doing so for users who want the best protection.
For maximum user protection, Kaspersky Anti-Virus recognizes more
than 700 formats of archived and compressed files. This is essential for
anti-virus security, because harmful executable code may be hidden inside files of any recognized format. However, despite the daily growth in
the number of viruses detected by Kaspersky Anti-Virus (approximately
30 new viruses appear daily) as well as the ever increasing number of
Is this possible to use Kaspersky Anti-Virus with anti-virus
®
cause a certain decrease of server
Page 85
Using Kaspersky Anti-Virus® for ISA Server 84
recognized file formats, each subsequent version of our product functions faster than the previous one.
Question: Why do I need the license key ? Will my Kaspersky Anti-
®
Virus
work without it?
No, Kaspersky Anti-Virus
If you are still deciding whether or not to purchase Kaspersky Anti-
®
Virus
, we can provide you with a temporary key file (trial key), which
®
does not work without a license key.
will only work for two weeks or a month. When this period expires, the
key will be blocked.
Question: What happens when the product license expires?
After expiration of the license Kaspersky Anti-Virus® will continue
operating, but anti-virus database updating will be disabled. Kaspersky
Anti-Virus
®
will continue cleaning infected objects but only using the old
anti-virus database.
If this situation occurs, inform your system administrator or contact the
distributor who sold you the product or directly Kaspersky Lab Ltd.
Question
downloaded from the network. Why?
: Anti-virus scanning is not performed. Infected files are
If this issue occurs, veirfy that:
1. Kaspersky Anti-Virus uses a valid license key.
You can view the current application operation mode in the server
properties dialog box on the General tab (see Figure 15). Anti-virus
scanning is performed in the full functionality and without
updates mode.
If the mode differs from the recommended one, you should install a
new license key or renew your license (see section 4.7 on
page 59).
2. Your browser is configured such that all requests are handled by
the anti-virus filter of Kaspersky Anti-Virus.
3. The ISA Server services have been at least once restarted after
Kaspersky Anti-Virus installation because the ISA Server activates
new filters only when services are started.
Page 86
85 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
To solve this issue, make sure that all necessary filters are
activated in the Administration Console and restart services from
the Microsoft ISA Server console.
4. Kaspersky Anti-Virus filters have been initialized after ISA Server
services were restarted.
In this case, the Web / FTP / HTTP filter have been initialized
record appears in the application log and system log.
If this record has not appeared, please contact Kaspersky Lab
Technical Support.
5. The product works correctly using a test virus (see section 4.5 on
page 53).
If the test virus is not recognized as an infected object, it is
probably loaded from the local cache of your browser. In this case,
run a browser command that forcedly loads files from the server
bypassing browser cache.
If the issue is not solved after you performed the steps above, please
contact Kaspersky Lab Technical Support (see Appendix A).
Question: What are the daily updates for?
A few years ago viruses were transmitted on floppy disks, and adequate
computer protection could be achieved by installation of an anti-virus
program followed by rare updates to its anti-virus database. However,
recent virus epidemics spread around the world in several hours, and
anti-virus protection with old database may be helpless against a new
threat. In order to resist new viruses, you should update the anti-virus
database on a daily basis.
Each year Kaspersky Lab increases the frequency of its issued updates
to the anti-virus database. Currently it is updated every hour. 142
Kaspersky Anti-Virus® 5.0 for Windows Workstations
Updating of the Anti-Virus application modules is an additional feature
that allows both correction of discovered vulnerabilities and addition of
new functions.
Question
5.0?
: What are the changes to the updating service of version
The Kaspersky Lab 5.0 product suite features a new updating service
which has been developed in accordance with the requests of our users.
It automates the whole updating procedure, from the preparation of up-
Page 87
Using Kaspersky Anti-Virus® for ISA Server 86
dates in Kaspersky Lab to the moment that relevant files are updated
on clients' computers.
Advantages of the new updating service include:
• Ability to resume downloading of files after disconnection. Upon
reconnection only files which have not been downloaded are retrieved.
• Accelerated downloading from the Internet. Kaspersky AntiVirus picks up a Kaspersky Lab's updates server located in your
region. Furthermore, servers are allocated according to their
performance, so you will not be sent to an overloaded server
while there is another idle server available.
• Use of key «black lists». Unlicensed and illegal users are now
prevented from using the updating service. Licensed users
therefore do not suffer from inability to contact overloaded updates servers.
• Corporate enterprises can now create a local updates' server.
This feature is designed for organizations where a single LAN
unites computers protected by Kaspersky Lab products. Any
computer on the LAN can be turned into an updates. server
that retrieves updates from the Internet and shares them with
the other networked computers.
Question:
The anti-virus database is not updated. Why?
To find out the reason why the database is not updating, first enable the
Debug diagnostics mode for all categories of the System management
and Database updating subsystems on the Diagnostics tab (see
Figure 41). Then, manually start updating and, after updating completes,
analyze the application log (see section 4.6.1 on page 54).
If the application is configured to download updates from the Internet
(see Figure 37), the reason might be that connection to the update
server cannot be established. In this case, the application log contains
records on unsuccessful attempts to connect to the server or on connection time-outs. Check updating settings and ISA Server settings in the
following order:
1. Define the method for downloading Kaspersky Anti-Virus updates:
a. local proxy of ISA Server
b. another proxy server (or retrieving updates without a proxy
server)
Page 88
87 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
This information is displayed in the Settings for updating from
Internet dialog box (Figure 37).
2. If a local proxy of the ISA Server is used:
c. Make sure that your server can connect to the Kaspersky Lab
update servers. For example, configure the Internet options of
Internet Explorer on the same computer where Kaspersky AntiVirus is installed and open any web page.
d. Check the authentication mode on the proxy server and, if nec-
essary, specify the user name / password in the Kaspersky
Anti-Virus updater settings (see Figure 37).
Kaspersky Anti-Virus starts updating under the Lo-
calSystem account that has limited default rights on
the local network (see section 4.3 on page 47).
3. If updating is performed through another proxy server or without using a proxy, make sure that the ISA Server Firewall filter (only in In-
tegrated and Firewall modes) allows the updating application to access the Internet.
If the application is configured to retrieve updates from either a local or
shared folder (Figure 36), the following issues might occur:
• There are no access rights to the specified folder;
• Database files are placed in incorrect order in the storage.
For correct updating, it is required that the anti-virus
database be located in the specified folder in the
same order as they are downloaded from the
Kaspersky Lab update servers.
In addition to the problems described above, during centralized updating
the main server must possess read and write access rights on the
shared folder used as an update storage. All servers must have read
access rights.
If the issue is not solved after you performed the steps above, please
contact Kaspersky Lab Technical Support (see Appendix A).
Page 89
Using Kaspersky Anti-Virus® for ISA Server 88
Question:
base?
Is it possible for an intruder to replace the anti-virus data-
Every anti-virus database has a one-of-a-kind signature checked by
Kaspersky Anti-Virus when accessing the database. If the signature is
wrong or the date of the database is later than that of the license expiration, Kaspersky Anti-Virus will not use it.
Question: Does Kaspersky Anti-Virus 5.6 for Microsoft ISA Server 2000
Enterprise Edition works with Microsoft ISA Server 2000 Standart Edition?
Yes, it works. In this case, the Kaspersky Anti-Virus functionality that
supports Microsoft ISA Server 2000 Enterprise Edition will not be used.
Page 90
Appendix A. How to contact
Technical Support
If your Anti-Virus does not work, try to find a solution on your own, for
example, in this documentation, in FAQ, or at our official site.
We also recommend that you apply for support to the distributor from
whom you purchased Kaspersky Anti-Virus
support service (support@kaspersky.com
the license key information.
To make sure your request is answered as soon as possible, follow
these suggestions:
1. In the message header, specify your server’s operating system, the
name of the component you are experiencing problems with, and
briefly describe the problem. For example:
Microsoft Windows 2003 Server, Kaspersky Anti-Virus for Microsoft
ISA Server 2000 Enterprise Edition, updating does not work
2. Compose your messages in plain text format.
3. At the beginning of the message, specify the following:
• exact versions of the operating system and the upgrade package installed
• Kaspersky Anti-Virus distribution package number and the license key number.
• brief description of the hardware installed:
o type and number of processors
o RAM size
o type (SCSI / IDE) and number of hard drives
• detailed information about the Microsoft ISA Server instance:
o exact version of Microsoft ISA Server;
o installation mode (Integrated / Firewall / Cache);
o whether the ISA Server is an array member;
o exact versions of installed upgrades
o list of additional filters, their order and priority.
®
, write to our Technical
) or at the address specified in
.
Page 91
Using Kaspersky Anti-Virus® for ISA Server 90
4. Clearly describe the problem in brief. Keep in mind that, when
reading your mail, the support service officers do not yet know
about your problem. They can only help after fully understanding
and reproducing it.
5. Send the following data to the Technical support service (pack them
in one archive before sending):
• All anti-virus log files stored in the folder specified on the
Diagnostics tab.
Before sending logs to the Technical Support, set
the Debug diagnostics level for all messages and
reproduce the problematic situation.
• License key.
Page 92
Appendix B. Glossary
This documentation uses some terms specific to anti-virus protection. The
glossary is a list of definitions of these terms. The glossary entries are arranged
in alphabetical order for ease of use.
А
Administration Agent - a special application which provides for interaction
between an Administration Server and Kaspersky Lab applications installed on a network node (workstation or server). This component is the
same for all applications from the Kaspersky Business Optimal and
Kaspersky Corporate Suite software bundles.
Administrator Console – an application providing a user interface for ad-
ministrating Kaspersky Anti-Virus
Anti-virus database – the database created by Kaspersky Lab experts that
contains definitions of all currently known viruses and methods of their
detection and disinfection. At Kaspersky Lab, the database is updated
immediately after new viruses appear. Therefore, system administrators
must regularly update the anti-virus database.
C
Client – is a user of a corporate network who uses Microsoft ISA Server to
access the Internet.
Controlled object – any file transmitted via the HTTP and FTP protocols
through a firewall.
I
Infected object – an object containing malicious code. It is recommended
that you do not work with these objects because they can infect your
computer.
Initial data stream – is a stream of data transmitted via the HTTP and FTP
protocols.
K
Kaspersky Administration Kit 5.0 - an application included in Kaspersky
Business Optimal and Kaspersky Corporate Suite and designed for
centralized administration of an anti-virus protection system in a corporate network built on the basis of Kaspersky Lab applications.
U
Updating the anti-virus database – installation of the new anti-virus data-
base retrieved from Kaspersky Lab update servers.
®
for Microsoft ISA Servers.
Page 93
Appendix C. Kaspersky Lab
Founded in 1997, Kaspersky Lab has become a recognized leader in information
security technologies. It produces a wide range of data security software and
delivers high-performance, comprehensive solutions to protect computers and
networks against all types of malicious programs, unsolicited and unwanted email messages, and hacker attacks.
Kaspersky Lab is an international company. Headquartered in the Russian
Federation, the company has representative offices in the United Kingdom,
France, Germany, Japan, USA (CA), the Benelux countries, China and Poland. A
new company department, the European Anti-Virus Research Centre, has
recently been established in France. Kaspersky Lab's partner network
incorporates more than 500 companies worldwide.
Today, Kaspersky Lab employs more than 250 specialists, each of whom is
proficient in anti-virus technologies, with 9 of them holding M.B.A. degrees, 15
holding Ph.Ds, and two experts holding membership in the Computer Anti-Virus
Researchers Organization (CARO).
Kaspersky Lab offers best-of-breed security solutions, based on its unique
experience and knowledge, gained over more than 14 years of fighting computer
viruses. A thorough analysis of computer virus activities enables the company to
deliver comprehensive protection from current and even future threats.
Resistance to future attacks is the basic policy implemented in all Kaspersky
Lab's products. At all times, the company’s products remain at least one step
ahead of many other vendors in delivering extensive anti-virus coverage for
home users and corporate customers alike.
Years of hard work have made the company one of the top security software
manufacturers. Kaspersky Lab was one of the first businesses of its kind to
develop the highest standards for anti-virus defense. The company’s flagship
product, Kaspersky Anti-Virus, provides full-scale protection for all tiers of a
network, including workstations, file servers, mail systems, firewalls and Internetgateways, hand-held computers. Its convenient and easy-to-use management
tools ensure advanced automation for rapid virus protection across an enterprise.
Many well-known manufacturers use the Kaspersky Anti-Virus kernel, including
Nokia ICG (USA), F-Secure (Finland), Aladdin (Israel), Sybari (USA), G Data
(Germany), Deerfield (USA), Alt-N (USA), Microworld (India), BorderWare
(Canada), etc.
Kaspersky Lab's customers benefit from a wide range of additional services that
ensure not only stable operation of the company's products but also compliance
with any specific business requirements. Kaspersky Lab's anti-virus database is
updated in real-time every 3 hours. The company provides its customers with a
24-hour technical support service, which is available in several languages to
accommodate its international clientele.
Page 94
93 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
C.1. Other Kaspersky Lab Products
Kaspersky Anti-Virus® Personal
Kaspersky Anti-Virus Personal protects home computers running Windows
98/ME/2000/NT/XP from all types of known viruses, including Riskware. The
application constantly monitors all possible sources of virus penetration, such as
e-mail, Internet, floppy disks, CDs, etc. Unknown viruses are efficiently detected
and processed by a unique heuristic data analysis system. The two distinct
modes of the application's operation (that can be used either separately or
jointly) are:
• Real-Time Protection – anti-virus scan of all files being run, opened or
saved on the protected computer.
• On-Demand Scan – scanning and disinfection of the entire computer or
individual disks, files or folders. You can launch a scan manually using
the graphical interface or set up a regular scheduled scan.
Kaspersky Anti-Virus Personal does not scan objects already analyzed during
previous scans that have not been modified since then. This rule now applies not
only to the real-time protection but also to the on-demand scan. This feature
greatly improves the speed and performance of the application.
Kaspersky Anti-Virus Personal provides reliable protection against viruses that
attempt to penetrate computers via e-mail messages. The application provides
automatic scanning and disinfection of all incoming (POP3) and outgoing (SMTP)
e-mail messages and efficiently detects viruses in e-mail databases.
Kaspersky Anti-Virus Personal supports over 700 formats of archived and
compressed files and ensures automatic anti-virus scanning of their content and
removal of malicious code from files within ZIP, CAB, RAR and ARJ archives.
The application's settings can easily be adjusted to one of the three pre-defined
levels: Maximum Protection, Recommended Protection and Maximum
Speed.
The anti-virus database is updated every three hours. Database delivery is
guaranteed even if the internet connection is interrupted or switched during the
download process.
Kaspersky Anti-Virus
This package has been designed to deliver comprehensive anti-virus protection
to home computers running Windows 98/ME, Windows /2000/NT, Windows XP
as well as Microsoft Office applications. Kaspersky Anti-Virus
includes an application for automatic retrieval of daily updates to the anti-virus
database and the application modules. A second-generation heuristic analyzer
efficiently detects unknown viruses. Simple and user friendly interface of the
®
Personal Pro
®
Personal Pro
Page 95
Appendix C 94
program allows easy settings modifications providing maximum comfort for the
program's user.
®
Kaspersky Anti-Virus
Personal Pro features:
• on-demand scans of local disks initiated by the user;
• automatic real-time protection that involves the scan of all running
files;
• mail filter that automatically scans and disinfects all incoming (POP3)
and outgoing (SMTP) messages and provides reliable and efficient virus
detection in e-mail databases;
• behavior blocker that guarantees 100% protection against Microsoft
Office applications macro viruses.
• anti-virus scan of over 900 versions of archived and compressed files
formats, anti-virus scan of files contained in such objects and removal of
malicious code from ZIP, CAB, RAR and ARJ files.
®
Kaspersky
Anti-Hacker
Kaspersky Anti-Hacker is a personal firewall that is designed to safeguard a
computer running any Windows operating system. It protects your computer
against unauthorized access and external hacker attacks from either the Internet
or the local network.
Kaspersky Anti-Hacker monitors the TCP/IP network activity of all applications
running on your machine. When it detects a suspicious action, the application
blocks the suspicious application from accessing the network. This helps deliver
enhanced privacy and 100% security of confidential data stored on your
computer.
The product’s SmartStealth™ technology prevents hackers from detecting your
computer from the outside. In this stealthy mode, the application works
seamlessly to keep your computer protected while you are on the Web. The
application provides conventional transparency and accessibility of information.
• Kaspersky Anti-Hacker also blocks most common network hacker
attacks and monitors for attempts to scan computer ports.
• Configuration of the application is simply a matter of choosing one of five
security levels. By default, the application starts in self-learning mode,
which will automatically configure your security system depending on your
responses to various events. This makes your personal guard adjustable
to your specific preferences and your particular needs.
Page 96
95 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Kaspersky® Security for PDA
Kaspersky Security for PDA provides reliable anti-virus protection of data stored
on PDAs running Palm OS or Windows CE. It also offers anti-virus protection
from any corrupted files transferred from a PC or an extension card, from ROM
files, and from databases. This software package includes an optimal
combination of the following anti-virus tools:
• anti-virus scanner to scan the data stored on both the PDA and
extension card on demand;
• anti-virus monitor to intercept viruses in files that are either copied from
other handhelds or are transferred using HotSync™ technology.
Kaspersky Security for PDA protects your
intrusion by
.
cards
encrypting both access to the device and data stored on memory
handheld (PDA) from unauthorized
Kaspersky Anti-Virus® Business Optimal
This package provides a configurable security solution for small- and mediumsized corporate networks.
4
Kaspersky Anti-Virus Business Optimal includes full-scale anti-virus protection
for:
• Workstations running Windows 98/ME, Windows NT/2000/XP
Workstation, and Linux;
• File and application servers running Windows NT 4.0 Server, Windows
2000, 2003 Server/Advanced Server, Windows 2003 Server, Novell
Netware, FreeBSD and OpenBSD, and Linux;
• E-mail clients, namely Microsoft Exchange 5.5/2000/2003, Lotus
Notes/Domino, Postfix, Exim, Sendmail, and Qmail;
• Internet-gateways: CheckPoint Firewall –1; Microsoft ISA Server.
The Kaspersky Anti-Virus Business Optimal distribution kit includes Kaspersky
Administration Kit, a unique tool for automated deployment and administration.
You are free to choose from any of these anti-virus applications, according to the
operating systems and applications you use.
®
Kaspersky
Corporate Suite
This package provides corporate networks of any size and complexity with
comprehensive, scalable anti-virus protection. The package components have
4
Depending on the type of distribution kit.
Page 97
Appendix C 96
been developed to protect every tier of a corporate network, even in mixed
computer environments. Kaspersky Corporate Suite supports the majority of
operating systems and applications installed across an enterprise. All package
components are managed from one console and have a unified user interface.
Kaspersky Corporate Suite delivers a reliable, high-performance protection
system that is fully compatible with the specific needs of your network
configuration.
Kaspersky Corporate Suite provides comprehensive anti-virus protection for:
• Workstations running Windows 98/ME, Windows NT/2000/XP, and
Linux;
• File and application servers running Windows NT 4.0 Server, Windows
2000, 2003 Server/Advanced Server, Novell Netware, FreeBSD,
OpenBSD and Linux;
• E-mail clients, including Microsoft Exchange Server 5.5/2000/2003,
Lotus Notes/Domino, Sendmail, Postfix, Exim and Qmail;
• Internet-gateways: CheckPoint Firewall –1; Microsoft ISA Server;
• Hand-held computers (PDAs), running Windows CE and Palm OS.
The Kaspersky Corporate Suite distribution kit includes Kaspersky Administration
Kit, a unique tool for automated deployment and administration.
You are free to choose from any of these anti-virus applications, according to the
operating systems and applications you use.
®
Kaspersky
Anti-Spam
Kaspersky Anti-Spam is a cutting-edge software suite that is designed to help
organizations with small- and medium-sized networks wage war against the
onslaught of undesired e-mail (spam). The product combines the revolutionary
technology of linguistic analysis with modern methods of e-mail filtration,
including RBL lists and formal letter features. Its unique combination of services
allows users to identify and wipe out up to 95% of unwanted traffic.
Installed at the entrance to a network, where it monitors incoming e-mail traffic
streams for spam, Kaspersky Anti-Spam acts as a barrier to unsolicited e-mail.
The product is compatible with any mail system and can be installed on either an
existing mail server or a dedicated one.
Kaspersky Anti-Spam’s high performance is ensured by daily updates to the
content filtration database by samples provided by the Company’s linguistic
laboratory specialists.
Page 98
97 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Kaspersky® Anti-Spam Personal
Kaspersky Anti-Spam Personal is designed to protect users of mail client
programs Microsoft Outlook and Microsoft Outlook Express against unwanted email messages (spam).
Kaspersky Anti-Spam Personal software package is a powerful tool that ensures
detection of spam in the flow of e-mail messages incoming via POP3 and IMAP4
protocol (only for Microsoft Outlook).
The filtering process involves the analysis of all attributes of the message
(sender's and recipient's addresses and headers), content filtration (analysis of
the content of the letter, including the Subject and attached files), as well as
unique linguistic and heuristic algorithms.
The application's high performance is enhanced by daily updates to the content
filtration database by samples provided by the Company’s linguistic laboratory
specialists.
C.2. Contact Us
If you have any questions, comments, or suggestions, please refer them to one
of our distributors or directly to Kaspersky Lab. We will be glad to assist you in
any matters related to our product by phone or via e-mail. Rest assured that all of
your recommendations and suggestions will be thoroughly reviewed and
considered.
Technical
support
General
information
Please find the technical support information at
http://www.kaspersky.com/supportinter.html
WWW: http://www.kaspersky.com
http://www.viruslist.com
E-mail: sales@kaspersky.com
Page 99
Appendix D. License agreement
End User License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT ("AGREEMENT") FOR THE LICENSE OF SPECIFIED SOFTWARE ("SOFTWARE") PRODUCED BY KASPERSKY LAB
("KASPERSKY LAB").
IF YOU HAVE PURCHASED THIS SOFTWARE VIA THE INTERNET BY
CLICKING THE ACCEPT BUTTON, YOU (EITHER AN INDIVIDUAL OR
A SINGLE LEGAL ENTITY) CONSENT TO BE BOUND BY AND BECOME PARTY TO THIS AGREEMENT. IF YOU DO NOT AGREE TO
ALL OF THE TERMS OF THIS AGREEMENT, CLICK THE BUTTON
THAT INDICATES THAT YOU DO NOT ACCEPT THE TERMS OF THIS
AGREEMENT, AND DO NOT INSTALL THE SOFTWARE.
IF YOU HAVE PURCHASED THIS SOFTWARE ON A PHYSICAL MEDIUM, HAVING BROKEN THE CD'S SLEEVE YOU (EITHER AN INDIVIDUAL OR A SINGLE ENTITY) ARE CONSENTING TO BE BOUND BY
THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS
OF THIS AGREEMENT DO NOT BREAK THE CD's SLEEVE,
DOWNLOAD, INSTALL OR USE THIS SOFTWARE.
IN ACCORDANCE WITH THE LEGISLATION, REGARDING KASPERSKY SOFTWARE INTENDED FOR INDIVIDUAL CONSUMERS
(KASPERSKY ANTI-VIRUS PERSONAL, KASPERSKY ANTI-VIRUS
PERSONAL PRO, KASPERSKY ANTI-HACKER, KASPERSKY SECURITY FOR PDA) PURCHASED ON LINE FROM THE KASPERSKY LAB
INTERNET WEB SITE, CUSTOMER SHALL HAVE A PERIOD OF 7
WORKING DAYS AS FROM THE DELIVERY OF PRODUCT TO MAKE
RETURN OF IT TO THE MERCHANT FOR EXCHANGE OR REFUND,
PROVIDED THE SOFTWARE IS NOT UNSEALED.
REGARDING THE KASPERSKY SOFTWARE INTENDED FOR INDIVIDUAL CONSUMERS (KASPERSKY ANTI-VIRUS PERSONAL,
KASPERSKY ANTI-VIRUS PERSONAL PRO, KASPERSKY ANTIHACKER, KASPERSKY SECURITY FOR PDA) NOT PURCHASED
ONLINE VIA INTERNET, THIS SOFTWARE NEITHER WILL BE RETURNED NOR EXCHANGED EXCEPT FOR CONTRARY PROVISIONS
FROM THE PARTNER WHO SELLS THE PRODUCT. IN THIS CASE,
KASPERSKY LAB WILL NOT BE HELD BY THE PARTNER'S
CLAUSES.
THE RIGHT TO RETURN AND REFUND EXTENDS ONLY TO THE
ORIGINAL PURCHASER.
All references to "Software" herein shall be deemed to include the software
activation key ("Key Identification File") with which you will be provided by
Kaspersky Lab as part of the Software.
Page 100
99 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
1. License Grant. Subject to the payment of the applicable license fees, and
subject to the terms and conditions of this Agreement, Kaspersky Lab hereby
grants you the non-exclusive, non-transferable right to use one copy of the
specified version of the Software and the accompanying documentation (the
"Documentation") for the term of this Agreement solely for your own internal
business purposes. You may install one copy of the Software on one computer,
workstation, personal digital assistant, or other electronic device for which the
Software was designed (each a "Client Device"). If the Software is licensed as a
suite or bundle with more than one specified Software product, this license
applies to all such specified Software products, subject to any restrictions or
usage terms specified on the applicable price list or product packaging that apply
to any such Software products individually.
1.1 Use. The Software is licensed as a single product; it may not be used on
more than one Client Device or by more than one user at a time, except as set
forth in this Section.
1.1.1 The Software is "in use" on a Client Device when it is loaded into the
temporary memory (i.e., random-access memory or RAM) or installed into the
permanent memory (e.g., hard disk, CD-ROM, or other storage device) of that
Client Device. This license authorizes you to make only as many back-up copies
of the Software as are necessary for its lawful use and solely for back-up
purposes, provided that all such copies contain all of the Software's proprietary
notices. You shall maintain records of the number and location of all copies of
the Software and Documentation and will take all reasonable precautions to
protect the Software from unauthorized copying or use.
1.1.2 If you sell the Client Device on which the Software is installed, you will
ensure that all copies of the Software have been previously deleted.
1.1.3 You shall not decompile, reverse engineer, disassemble or otherwise
reduce any part of this Software to a humanly readable form nor permit any third
party to do so. The interface information necessary to achieve interoperability of
the Software with independently created computer programs will be provided by
Kaspersky Lab by request on payment of its reasonable costs and expenses for
procuring and supplying such information. In the event that Kaspersky Lab
notifies you that it does not intend to make such information available for any
reason, including (without limitation) costs, you shall be permitted to take such
steps to achieve interoperability, provided that you only reverse engineer or
decompile the Software to the extent permitted by law.
1.1.4 You shall not make error corrections to, or otherwise modify, adapt, or
translate the Software, nor create derivative works of the Software, nor permit
any third party to copy the Software (other than as expressly permitted herein).
1.1.5 You shall not rent, lease or lend the Software to any other person, nor
transfer or sub-license your license rights to any other person.
1.1.6 You shall not use this Software in automatic, semi-automatic or manual
tools designed to create virus signatures, virus detection routines, any other data
or code for detecting malicious code or data.
Loading...