Kaspersky ANTI-VIRUS 6.0 User Manual

KASPERSKY LAB

Kaspersky® Anti-Virus 6.0 SOS

USER GUIDE

KASPERSKY ANTI-VIRUS 6.0 SOS

User Guide

© Kaspersky Lab

http://www.kaspersky.com

Revision date: July 2007

Table of Contents

CHAPTER 1. THREATS TO COMPUTER SECURITY................................................. 8

1.1. Sources of Threats ................................................................................................ 8

1.2. How threats spread ............................................................................................... 9

1.3. Types of Threats.................................................................................................. 10

1.4. Signs of Infection ................................................................................................. 13

1.5. What to do if you suspect infection ..................................................................... 14

1.6. Preventing Infection............................................................................................. 15

CHAPTER 2. KASPERSKY ANTI-VIRUS 6.0 SOS..................................................... 17

2.1. What’s new in Kaspersky Anti-Virus 6.0 SOS.................................................... 17

2.2. Components of Kaspersky Anti-Virus 6.0 SOS.................................................. 18

2.2.1. Virus scan tasks............................................................................................ 19

2.2.2. Program tools................................................................................................ 19

2.3. Hardware and software system requirements ................................................... 20

2.4. Software packages.............................................................................................. 21

2.5. Support for registered users................................................................................ 22

CHAPTER 3. INSTALLING KASPERSKY ANTI-VIRUS 6.0 SOS.............................. 24

3.1. Installation procedure using the Installation Wizard........................................... 25

3.2. Setup Wizard ....................................................................................................... 28

3.2.1. Activating the program.................................................................................. 28

3.2.1.1. Selecting a program activation method................................................. 29

3.2.1.2. Entering the activation code .................................................................. 29

3.2.1.3. Obtaining a key file................................................................................. 30

3.2.1.4. Selecting a license key file..................................................................... 30

3.2.1.5. Completing program activation.............................................................. 30

3.2.2. Configuring update settings.......................................................................... 31

3.2.3. Configuring a virus scan schedule ............................................................... 31

3.2.4. Restricting program access.......................................................................... 32

3.2.5. Finishing the Setup Wizard .......................................................................... 32

3.3. Installing the program from the command prompt .............................................33

3.4. Procedure for installing the Group Policy Object................................................ 33

4 Kaspersky Anti-Virus 6.0 SOS

3.4.1. Installing the program ................................................................................... 33

3.4.2. Upgrading the program ................................................................................ 34

3.4.3. Uninstalling the program............................................................................... 35

3.5. Upgrading from 5.0 to 6.0 ................................................................................... 35

CHAPTER 4. PROGRAM INTERFACE ....................................................................... 36

4.1. System tray icon .................................................................................................. 36

4.2. The context menu................................................................................................ 37

4.3. Main program window......................................................................................... 38

4.4. Program settings window.................................................................................... 40

CHAPTER 5. GETTING STARTED.............................................................................. 41

5.1. How to scan your computer for viruses .............................................................. 41

5.2. How to scan critical areas of the computer......................................................... 42

5.3. How to scan a file, folder or disk for viruses ....................................................... 42

5.4. How to update the program ................................................................................ 43

CHAPTER 6. APPLICATION MANAGEMENT ............................................................ 45

6.1. Disabling/ Enabling Application........................................................................... 45

6.2. Types of malicious programs to be monitored ................................................... 45

6.3. Creating a trusted zone ....................................................................................... 46

6.4. Starting tasks under another profile.................................................................... 51

6.5. Configuring Scheduled Tasks and Notifications................................................. 53

6.6. Power options...................................................................................................... 54

CHAPTER 7. SCANNING FOR VIRUSES ON THE COMPUTER............................. 56

7.1. Managing virus scan tasks.................................................................................. 57

7.2. Creating a list of objects to scan ......................................................................... 57

7.3. Creating virus scan tasks .................................................................................... 59

7.4. Configuring virus scan tasks ............................................................................... 60

7.4.1. Selecting a security level .............................................................................. 60

7.4.2. Specifying the types of objects to scan........................................................ 61

7.4.3. Restoring default scan settings .................................................................... 64

7.4.4. Selecting actions for objects......................................................................... 64

7.4.5. Additional virus scan settings ....................................................................... 67

7.4.6. Setting up global scan settings for all tasks................................................. 68

CHAPTER 8. TESTING KASPERSKY ANTI-VIRUS 6.0 SOS FEATURES .............. 70

Table of Contents 5

8.1. The EICAR test virus and its variations .............................................................. 70

8.2. Testing Virus scan tasks ..................................................................................... 72

CHAPTER 9. PROGRAM UPDATES........................................................................... 74

9.1. Starting the Updater ............................................................................................ 75

9.2. Rolling back to the previous update.................................................................... 76

9.3. Creating update tasks ......................................................................................... 76

9.4. Configuring update settings ................................................................................ 77

9.4.1. Selecting an update source.......................................................................... 78

9.4.2. Selecting an update method and what to update........................................ 80

9.4.3. Configuring connection settings ................................................................... 82

9.4.4. Update distribution........................................................................................ 83

9.4.5. Actions after updating the program.............................................................. 85

CHAPTER 10. ADVANCED OPTIONS ........................................................................ 86

10.1. Quarantine for potentially infected objects........................................................ 87

10.1.1. Actions with quarantined objects................................................................ 88

10.1.2. Setting up Quarantine................................................................................. 90

10.2. Backup copies of dangerous objects................................................................ 91

10.2.1. Actions with backup copies ........................................................................ 91

10.2.2. Configuring Backup settings ...................................................................... 93

10.3. Reports .............................................................................................................. 93

10.3.1. Configuring report settings ......................................................................... 95

10.3.2. The Detected tab ........................................................................................ 96

10.3.3. The Events tab............................................................................................ 97

10.3.4. The Statistics tab ........................................................................................ 98

10.3.5. The Settings tab.......................................................................................... 98

10.4. General information about the program ........................................................... 99

10.5. Managing licenses........................................................................................... 100

10.6. Technical Support ........................................................................................... 102

10.7. Configuring the Kaspersky Anti-Virus 6.0 SOS interface............................... 103

10.8. Notification of Kaspersky Anti-Virus 6.0 SOS Events .................................... 105

10.8.1.1. Types of events and notification delivery methods........................... 106

10.8.1.2. Configuring email notification ............................................................ 108

10.8.1.3. Configuring event log settings ........................................................... 109

10.8.2. Restricting Application Access ................................................................. 110

10.9. Importing and exporting Kaspersky Anti-Virus 6.0 SOS settings ..................111

6 Kaspersky Anti-Virus 6.0 SOS

10.10. Resetting to default settings.......................................................................... 112

CHAPTER 11. WORKING WITH THE PROGRAM FROM THE COMMAND

PROMPT .................................................................................................................. 113

11.1. Activating the application................................................................................. 114

11.2. Managing Tasks.............................................................................................. 115

11.3. Anti-virus scans ...............................................................................................117

11.4. Program updates............................................................................................. 120

11.5. Rollback settings ............................................................................................. 121

11.6. Exporting settings............................................................................................ 122

11.7. Importing settings ............................................................................................ 123

11.8. Starting the program........................................................................................ 123

11.9. Stopping the program...................................................................................... 123

11.10. Obtaining a Trace File................................................................................... 124

11.11. Viewing Help.................................................................................................. 124

11.12. Return codes from the command line interface ........................................... 125

CHAPTER 12. MODIFYING, REPAIRING, AND REMOVING THE PROGRAM .... 126

12.1. Modifying, repairing, and removing the program using Installation Wizard... 126

12.2. Uninstalling the program from the command prompt..................................... 128

CHAPTER 13. ADMINISTERING THE PROGRAM WITH KASPERSKY

ADMINISTRATION KIT............................................................................................ 129

13.1. Administering the application .......................................................................... 132

13.1.1. Starting/stopping the application .............................................................. 133

13.1.2. Configuring application settings ............................................................... 134

13.1.3. Configuring specific settings..................................................................... 136

13.2. Managing tasks ...............................................................................................137

13.2.1. Starting and stopping tasks...................................................................... 138

13.2.2. Creating tasks........................................................................................... 139

13.2.2.1. Creating local tasks............................................................................ 139

13.2.2.2. Creating group tasks.......................................................................... 141

13.2.2.3. Creating global tasks .........................................................................141

13.2.3. Configuring specific task settings............................................................. 142

13.3. Managing policies............................................................................................ 143

13.3.1. Creating policies .......................................................................................143

13.3.2. Viewing and editing policy settings .......................................................... 145

Table of Contents 7

CHAPTER 14. FREQUENTLY ASKED QUESTIONS............................................... 147

APPENDIX A. REFERENCE INFORMATION........................................................... 149

A.1. List of files scanned by extension..................................................................... 149

A.2. Valid file exclusion masks................................................................................. 151

A.3. Valid threat exclusion masks ............................................................................ 152

A.4. Overview of settings in setup.ini....................................................................... 153

APPENDIX B. KASPERSKY LAB............................................................................... 154

B.1. Other Kaspersky Lab Products ........................................................................ 155

B.2. Contact Us......................................................................................................... 165

APPENDIX C. LICENSE AGREEMENT .................................................................... 166

CHAPTER 1. THREATS TO

COMPUTER SECURITY

As information technology has rapidly developed and penetrated many aspects
of human existence, so the number and range of crimes aimed at breaching
information security has grown.

Cyber criminals have shown great interest in the activities of both state structures
and commercial enterprises. They attempt to steal or disclose confidential
information, which damages business reputations, disrupts business continuity,
and may impair an organization's information resources. These acts can do
extensive damage to assets, both tangible and intangible.

It is not only big companies who are at risk; individual users can also be
attacked. Criminals can gain access to personal data (for instance, bank account
and credit card numbers and passwords), or cause a computer to malfunction.
Some types of attacks can give hackers complete access to a computer, which
can then be used as part of a “zombie network” of infected computers to attack
servers, send out spam, harvest confidential information, and spread new viruses
and Trojans.

In today’s world, it is widely acknowledged that information is a valuable asset
that should be protected. At the same time, information must be accessible to
those who legitimately require it (for instance, employees, clients and partners of
a business). Hence, the need to create a comprehensive information security
system, which must take account of all possible sources of threats, whether
human, man-made, or natural disasters, and use a complete array of defensive
measures, at the physical, administrative and software levels.

1.1. Sources of Threats

A person, a group of people, or phenomena unrelated to human activity can
threaten information security. Following from this, all threat sources can be put
into one of three groups:

• The human factor. This group of threats concerns the actions of people

with authorized or unauthorized access to information. Threats in this
group can be divided into:

• External, including cyber criminals, hackers, internet scams,
unprincipled partners, and criminal organisations.

Threats to Computer Security 9

• Internal, including the actions of company staff and users of
home PCs. Actions taken by this group could be deliberate or
accidental.

• The technological factor. This threat group is connected with technical

problems – use of obsolete or poor-quality software and hardware to
process information. This can lead to equipment failure and often to data
loss.

• The natural-disaster factor. This threat group includes the whole range

of events caused by nature and independent of human activity.

All three threat sources must be accounted for when developing a data security
protection system. This User Guide focuses on the area that is directly tied to
Kaspersky Lab’s expertise – external threats involving human activity.

1.2. How threats spread

As modern computer technology and communications tools develop, hackers
have more opportunities for spreading threats. Let’s take a closer look at them:

The Internet

The Internet is unique, since it is no one’s property and has no
geographical borders. In many ways, this has promoted the development
of web resources and the exchange of information. Today, anyone can
access data on the Internet or create their own webpage.

However, these very features of the worldwide web give hackers the
ability to commit crimes on the Internet, and make the hackers difficult to
detect and punish.

Hackers place viruses and other malicious programs on Internet sites and
disguise them as useful freeware. Furthermore, scripts that run
automatically when you open certain webpages can execute dangerous
actions on your computer, including modifying the system registry,
stealing personal data, and installing malicious software.

By using network technologies, hackers can attack remote PCs and
company servers. These attacks can cause parts of your system to
malfunction, or could provide hackers with complete access to your
system and thereby to the information stored on it. They can also use it
as part of a zombie network.

Lastly, since it became possible to use credit cards and e-money through
the Internet in online stores, auctions, and bank homepages, online
scams have become increasingly common.

Intranet

10 Kaspersky Anti-Virus 6.0 SOS

Your intranet is your internal network, specially designed for handling
information within a company or a home network. An intranet is a unified
space for storing, exchanging, and accessing information for all the
computers on the network. This means that if one computer on the
network is infected, the others are at great risk of infection. To avoid such
situations, both the network perimeter and each individual computer must
be protected.

Email

Since the overwhelming majority of computers have email client programs
installed, and since malicious programs exploit the contents of electronic
address books, conditions are usually right for spreading malicious
programs. The user of an infected computer might unknowingly send
infected emails to friends or coworkers who in turn send more infected
emails. For example, it is common for infected file documents to go
undetected when distributed with business information via a company’s
internal email system. When this occurs, more than a handful of people
are infected. It might be hundreds or thousands of company workers,
together with potentially tens of thousands of subscribers.

Beyond the threat of malicious programs lies the problem of electronic
junk email, or spam. Although not a direct threat to a computer, spam
increases the load on email servers, eats up bandwidth, clogs up the
user’s mailbox, and wastes working hours, thereby incurring financial
harm.

In addition, hackers have begun using mass mailing programs and social
engineering methods to convince users to open emails, or click on a link
to certain websites. It follows that spam filtration capabilities are valuable
for several purposes: to stop junk email; to counteract new types of online
scans, such as phishing; to stop the spread of malicious programs.

Removable storage media

Removable media (floppies, CD-ROMs, and USB flash drives) are widely
used for storing and transmitting information.

Opening a file that contains malicious code and is stored on a removable
storage device can damage data stored on the local computer and spread
the virus to the computer’s other drives or other computers on the
network.

1.3. Types of Threats

There are a vast number of threats to computer security today. This section will
review the threats that are blocked by Kaspersky Anti-Virus 6.0 SOS.

Threats to Computer Security 11

Worms

This category of malicious programs spreads itself largely by exploiting
vulnerabilities in computer operating systems. The class was named for
the way that worms crawl from computer to computer, using networks and
email. This feature allows worms to spread themselves very rapidly.

When a worm penetrates a computer, it scans for the network addresses
of other computers that are locally accessible, and sends a burst of self­made copies to these addresses. In addition, worms often utilize data
from email client address books. Some of these malicious programs
occasionally create working files on system disks, but they can run
without any system resources except RAM.

Viruses

Viruses are programs that infect other files, adding their own code to them
to gain control of the infected files when they are opened. This simple
definition explains the fundamental action performed by a virus –
infection.

Trojans

Trojans are programs that carry out unauthorized actions on computers,
such as deleting information on drives, making the system hang, stealing
confidential information, and so on. This class of malicious program is not
a virus in the traditional sense of the word, because it does not infect
other computers or data. Trojans cannot break into computers on their
own. They are spread by hackers, who disguise them as regular software.
The damage that they inflict can greatly exceed that done by traditional
virus attacks.

Recently, worms have been the commonest type of malicious program damaging
computer data, followed by viruses and Trojans. Some malicious programs
combine features of two or even three of these classes.

Adware

Adware comprises programs that are included in software, unknown to
the user, which is designed to display advertisements. Adware is usually
built into software that is distributed free. The advertisement is situated in
the program interface. These programs also frequently collect personal
data on the user and send it back to their developer, change browser
settings (start page and search pages, security levels, etc.) and create
traffic that the user cannot control. This can lead to a security breach and
to direct financial losses.

Spyware

12 Kaspersky Anti-Virus 6.0 SOS

This software collects information about a particular user or organization
without their knowledge. Spyware often escapes detection entirely. In
general, the goal of spyware is to:

• Trace user actions on a computer;

• Gather information on the contents of your hard drive; in such

cases, this usually involves scanning several directories and the
system registry to compile a list of software installed on the
computer;

• Gather information on the quality of the connection, bandwidth,
modem speed, etc.

Riskware

Riskware includes software that has not malicious features but could form
part of the development environment for malicious programs or could be
used by hackers as auxiliary components for malicious programs. This
program category includes programs with backdoors and vulnerabilities,
as well as some remote administration utilities, keyboard layout togglers,
IRC clients, FTP servers, and all-purpose utilities for stopping processes
or hiding their operation.

Another type of malicious program that is similar to adware, spyware, and
riskware are programs that plug into your web browser and redirect traffic. The
web browser will open different web sites than those intended.

Jokes

Joke software does not do any direct damage, but displays messages
stating that damage has already been done or will be under certain
conditions. These programs often warn the user of non-existent dangers,
such as messages that warn of formatting the hard drive (although no
formatting actually takes place) or detecting viruses in uninfected files.

Rootkits

These are utilities that are used to conceal malicious activity. They mask
malicious programs to keep anti-virus programs from detecting them.
Rootkits modify basic functions of the computer’s operating system to
hide both their own existence and actions that the hacker undertakes on
the infected computer.

Other dangerous programs

These are programs created to, for instance, set up denial of service
(DoS) attacks on remote servers, hack into other computers, and
programs that are part of the development environment for malicious
programs. These programs include hack tools, virus builders, vulnerability

Threats to Computer Security 13

scanners, password-cracking programs, and other types of programs for
cracking network resources or penetrating a system.

Kaspersky Anti-Virus 6.0 SOS detects and blocks these threat types reactively, i.
e. malicious objects are detected using a threat signature database that is
regularly updated. At least one virus infection is necessary to implement this
method – in order to add threat signature to the database and distribute
database update.

Warning:

From this point forward, we will use the term "virus" to refer to malicious and
dangerous programs. The type of malicious programs will only be emphasized
where necessary.

1.4. Signs of Infection

There are a number of signs that a computer is infected. The following events
are good indicators that a computer is infected with a virus:

• Unexpected messages or images appear on the screen, or unusual
sounds are played;

• The CD/DVD-ROM tray opens and closes unexpectedly;

• The computer arbitrarily launches a program without your assistance;

• Warnings pop up on the screen about a program attempting to access the

Internet, even though you initiated no such action;

There are also several typical traits of a virus infection through email:

• Friends or acquaintances tell you about messages from you that you
never sent;

• Your inbox houses a large number of messages without return addresses
or headers.

It must be noted that these signs can arise from causes other than viruses. For
example, in the case of email, infected messages can be sent with your return
address but not from your computer.

There are also indirect indications that your computer is infected:

• Your computer freezes or crashes frequently;

• Your computer loads programs slowly;

• You cannot boot up the operating system;

• Files and folders disappear or their contents are distorted;

14 Kaspersky Anti-Virus 6.0 SOS

• The hard drive is frequently accessed (the light blinks);

• The web browser program (e.g., Microsoft Internet Explorer) freezes or

behaves unexpectedly (for example, you cannot close the program
window).

In 90% of cases, these indirect systems are caused by malfunctions in hardware
or software. Despite the fact that such symptoms rarely indicate infection, we
recommend that, upon detecting them, you are recommended to run a complete
scan of your computer (see 5.1 on pg. 41).

1.5. What to do if you suspect
infection

If you notice that your computer is behaving suspiciously…

Don’t panic! This is the golden rule: it could save you from losing important data.

Disconnect your computer from the Internet or local network, if it is on one.

If the computer will not boot from the hard drive (the computer displays an error
message when you turn it on), try booting in safe mode or with the emergency
operating system boot disk that you created when you installed the operating
system.

Before doing anything else, back up your work on removable storage media
(floppy, CD/DVD, flash drive, etc.).

Install Kaspersky Anti-Virus 6.0 SOS, if you have not done so already.

Update the program’s threat signatures and application modules (see 5.4 on pg.

43). If possible, download the updates off the Internet from a different, uninfected

,computer, for instance at a friend’s, an Internet café, or work. It is better to use a
different computer since, when you connect an infected computer to the Internet,
there is a chance that the virus will send important information to hackers or
spread the virus to the addresses in your address book. That is why if you
suspect that your computer has a virus, you should immediately disconnect from
the Internet. You can also get threat signature updates on floppy disk from
Kaspersky Lab or its distributors and update your signatures using the disk.

Select the security level recommended by the experts at Kaspersky Lab.

Start a full computer scan (see 5.1 on pg. 41).

Threats to Computer Security 15

1.6. Preventing Infection

Not even the most reliable and deliberate measures can provide 100% protection
against computer viruses and Trojans, but following such a set of rules
significantly lowers the likelihood of virus attacks and the level of potential
damage.

One of the basic methods of battling viruses is, as in medicine, well-timed
prevention. Computer prophylactics involve a rather small number of rules that, if
complied with, can significantly lower the likelihood of being infected with a virus
and losing data.

Basic safety rules are given below. If these are followed, the likelihood of virus
attacks will be reduced significantly. However, it must be kept in mind that
Kaspersky Anti-Virus 6.0 SOS does not provide continuous computer security.

Rule No. 1: Use anti-virus software and Internet security programs. To do so:

• Install Kaspersky Anti-Virus 6.0 SOS as soon as possible.

• Regularly update the program’s threat signatures (see 5.4 on pg. 43). You

should update the signatures several times per day during virus
outbreaks. In such situations, the threat signatures on Kaspersky Lab’s
update servers are updated immediately.

• Select the settings for a complete scan recommended by Kaspersky Lab,
and schedule scans for at least once per week.

Rule No. 2: Use caution when copying new data to your computer:

• Scan all removable storage drives, for example floppies, CDs/DVDs, and
flash drives, for viruses before using them (see 5.3 on pg. 42).

• Treat emails with caution. Do not open any files attached to emails unless
you are certain that you were intended to receive them, even if they were
sent by people you know.

• Be careful with information obtained through the Internet. If any web site
suggests that you install a new program, be certain that it has a security
certificate.

• If you are copying an executable file from the Internet or local network, be
sure to scan it with Kaspersky Anti-Virus 6.0 SOS.

• Use discretion when visiting web sites. Many sites are infected with
dangerous script viruses or Internet worms.

Rule No. 3: Pay close attention to information from Kaspersky Lab.

16 Kaspersky Anti-Virus 6.0 SOS

In most cases, Kaspersky Lab announces a new outbreak long before it
reaches its peak. The likelihood of the infection in such a case is low, and
once you download the threat signature updates, you will have plenty of
time to protect yourself against the new virus.

Rule No. 4: Do not trust virus hoaxes, such as prank programs and emails about

infection threats.

Rule No. 5: Use the Windows Update tool and regularly install Windows

operating system updates.

Rule No. 6: Buy legitimate copies of software from official distributors.

Rule No. 7: Limit the number of people who are allowed to use your computer.

Rule No. 8: Lower the risk of unpleasant consequences of a potential infection

by backing data up in a timely manner. If you lose your data, the system can
fairly quickly be restored if you have backup copies. Store distribution
floppies, CDs, flash drives, and other storage media with software and
valuable information in a safe place.

Rule No. 9: Regularly inspect the list of programs installed on your computer. To

do so, open Install/Remove Programs in the Control Panel, or open the
Program Files directory. You may discover software here that was installed
on your computer without your knowledge, for example, while you were
using the Internet or installing a different program. Programs like these are
almost always potentially dangerous.

CHAPTER 2. KASPERSKY ANTI-

VIRUS 6.0 SOS

Kaspersky Anti-Virus 6.0 SOS heralds a new generation of data security
products.

What really sets Kaspersky Anti-Virus 6.0 SOS apart from other software is that
this application is a supplemental anti-virus facility providing on-demand
scanning functionality. Kaspersky Anti-Virus 6.0 SOS can co-exist with other anti­virus solutions without any conflict.

Kaspersky Anti-Virus 6.0 SOS does not provide continuous anti-virus security!

2.1. What’s new in Kaspersky Anti­Virus 6.0 SOS

This section provides a detailed description of new features in Kaspersky Anti­Virus 6.0 SOS.

New Virus Scan Features

• File scanning technology has been improved to lower the CPU load and
increase the speed of file scans. This is achieved through the use of
iChecker™ technology (see . By operating this way, the program rules out
scanning files twice.

• The scan process now runs as a background task, enabling the user to
continue using the computer. If there is a competition for system
resources, the virus scan will pause until the user’s operation is
completed and then resumes at the point where it left off.

• Critical areas of the computer, which if infected would seriously affect
data quality or security, are given their own separate task. This task can
be configured to run automatically every time the system is started.

• The user notification function has been expanded for certain events that
arise during program operation. You can select the method of notification
yourselves for each of these event types: e-mails, sound notifications,
pop-up messages.

18 Kaspersky Anti-Virus 6.0 SOS

• Now the protection system has the option of centralized remote
administration, using an added administration interfaced under Kaspersky
Administration Kit.

New Program Interface Features

• The new Kaspersky Anti-Virus 6.0 SOS interface makes the program’s
functions clear and easy to use. You can also change the program’s
appearance by using your own graphics and color schemes.

• The program regularly provides you with tips as you use it: Kaspersky
Anti-Virus 6.0 SOS displays advisories on virus scan and update status,
provides runtime hints and tips, and a thorough Help section.

New Program Update Features

• This version of the program debuts our improved update procedure:
Kaspersky Anti-Virus 6.0 SOS automatically checks the update source for
updates. If it finds new updates, Anti-Virus downloads them and installs
them on the computer.

• The program downloads updates incrementally, ignoring files that have
already been downloaded. This lowers the download traffic for updates by
up to 10 times.

• Updates are downloaded from from the most efficient source.

• You can choose not to use a proxy server, by downloading program

updates from a local source. This noticeably reduces the traffic on the
proxy server.

• The program has an update rollback feature that can return to the
previous version of the signatures, if the threat signatures are damaged or
there is an error in copying.

• A tool has been added to Updater that copies updates to a local folder to
give other computers on the network access to them. This cuts down on
Internet traffic.

2.2. Components of Kaspersky Anti­Virus 6.0 SOS

Kaspersky Anti-Virus 6.0 SOS includes:

• Virus Scan Tasks (see 2.2.1 on pg. 19) that virus-check the computer’s
memory and file system, as individual files, folders, disks, or regions.

Kaspersky Anti-Virus 6.0 SOS 19

• Support Tools (see 2.2.2 on pg. 19) that provide threat signature updates
and support for the program, as well as extend its functionality.

2.2.1. Virus scan tasks

It is extremely important periodically to scan your computer for viruses.
Therefore, Kaspersky Anti-Virus 6.0 SOS comprises the following virus scan
tasks:

Critical Areas

Scans all critical areas of the computer for viruses. This includes system
memory, programs loaded on startup, boot sectors on the hard drive, and
the Microsoft Windows system directories. The task aims to detect active
viruses quickly without fully scanning the computer.

My Computer

Scans for viruses on your computer with a thorough inspection of all disk
drives, memory, and files.

Startup Objects

Scans for viruses in all programs that are loaded automatically on startup,
plus RAM and boot sectors on hard drives.

There is also the option to create other virus-scan tasks and create a schedule
for them. For example, you can create a scan task for email databases once per
week, or a virus scan task for the My Documents folder.

2.2.2. Program tools

Kaspersky Anti-Virus 6.0 SOS includes a number of support tools, which are
designed to provide real-time software support, expanding the capabilities of the
program and assisting you as you go.

Update

In order to be prepared for a hacker attack, or to delete a virus or some
other dangerous program, Kaspersky Anti-Virus 6.0 SOS needs to be
kept up-to-date. The Updater component is designed to do exactly that. It
is responsible for updating the Kaspersky Anti-Virus 6.0 SOS threat
signatures and program modules.

The update distribution feature can save threat signature and application
module updates retrieved from Kaspersky Lab update servers in a local
folder. It then grants other computers on the network access to them to
conserve on Internet bandwidth.

20 Kaspersky Anti-Virus 6.0 SOS

Data Files

At application runtime, a report is generated for virus scan and application
update tasks. The reports contain information on completed operations
and their results. By using the Reports feature, you will remain up-to-date
on the execution of any task. Should problems arise, the reports can be
sent to Kaspersky Lab, allowing our specialists to study the situation in
greater depth and help you as quickly as possible.

Kaspersky Anti-Virus 6.0 SOS sends all files suspected of being
dangerous to a special Quarantine area, where they are stored in
encrypted form to avoid infecting the computer. You can scan these
objects for viruses, restore them to their previous locations, delete them,
or manually add files to Quarantine. Files that are found not to be infected
upon completion of the virus scan are automatically restored to their
former locations.

The Backup area holds copies of files disinfected and deleted by the
program. These copies are created in case you either need to restore the
files, or want information about their infection. These backup copies are
also stored in an encrypted form to avoid further infection.

You can manually restore a file from Backup to the original location and
delete the copy.

Support

All registered Kaspersky Anti-Virus 6.0 SOS users can take advantage of
our technical support service. To learn where exactly you can get
technical support, use the Support feature.

Using these links, you can go to a Kaspersky Lab user forum and a list of
frequently asked questions that may help you resolve your issue.. In
addition, by completing the form on the site, you can send Technical
Support a message on the error or failure in the operation of the
application.

You will also be able to access Technical Support on-line, and, of course,
our employees will always be ready to assist you with Kaspersky Anti­Virus 6.0 SOS by phone.

2.3. Hardware and software system
requirements

For Kaspersky Anti-Virus 6.0 SOS to run properly, your computer must meet
these minimum requirements:

Kaspersky Anti-Virus 6.0 SOS 21

General Requirements:

• 50 MB of free hard drive space

• CD-ROM drive (for installing Kaspersky Anti-Virus 6.0 SOS from an

installation CD)

• Microsoft Internet Explorer 5.5 or higher (for updating threat signatures
and program modules through the Internet)

• Microsoft Windows Installer 2.0

Microsoft Windows 98, Microsoft Windows Me, Microsoft Windows NT
Workstation 4.0 (Service Pack 6a):

• Intel Pentium 300 MHz processor or faster (or compatible)

• 64 MB of RAM

Microsoft Windows 2000 Professional (Service Pack 4 or higher), Microsoft
Windows XP Home Edition, Microsoft Windows XP Professional (Service Pack 1
or higher), Microsoft Windows XP Professional x64 Edition:

• Intel Pentium 300 MHz processor or compatible

• 128 MB of RAM

Microsoft Windows Vista, Microsoft Windows Vista x64:

• Intel Pentium 800 MHz 32-bit (x86)/ 64-bit (x64) or faster (or compatible)

• 512 MB of RAM

2.4. Software packages

You can purchase the boxed version of Kaspersky Anti-Virus 6.0 SOS from our
resellers, or download it from Internet shops, including the eStore section of

www.kaspersky.com.

If you buy the boxed version of the program, the package will include:

• A sealed envelope with an installation CD containing the program files

• A license key, included with the installation package or on a special

diskette, or an application activation code on the CD slip.

• A User Guide

• The end-user license agreement (EULA)

Before breaking the seal on the installation disk envelope, carefully read
through the EULA.

22 Kaspersky Anti-Virus 6.0 SOS

If you buy Kaspersky Anti-Virus 6.0 SOS from an online store, you copy the
product from the Kaspersky Lab website (Downloads → Product Downloads).
You can download the User Guide from the Downloads → Documentation
section.

You will be sent a license key or activation code by email after your payment has
been received.

The End-User License Agreement is a legal agreement between you and
Kaspersky Lab that specifies the terms on which you may use the software you
have purchased.

Read the EULA through carefully.

If you do not agree with the terms of the EULA, you can return your boxed
product to the reseller from whom you purchased it and be reimbursed for the
amount you paid for the program. If you do so, the sealed envelope for the
installation disk must still be sealed.

By opening the sealed installation disk, you accept all the terms of the EULA.

2.5. Support for registered users

Kaspersky Lab provides its registered users with an array of services to make
Kaspersky Anti-Virus 6.0 SOS more effective.

When the program has been activated, you become a registered user and will
have the following services available until the license expires:

• New versions of the program free of charge

• Consultation on questions regarding installation, configuration, and

operation of the program, by phone and email

• Notifications on new Kaspersky Lab product releases and new viruses
(this services is for users that subscribe to Kaspersky Lab news mailings)

Kaspersky Lab does not provide technical support for operating system use and
operation, or for any products other than its own.

CHAPTER 3. INSTALLING

KASPERSKY ANTI-VIRUS

6.0 SOS

Kaspersky Anti-Virus 6.0 SOS can be collocated with other third-party and
Kaspersky Lab anti-virus applications. This does not create any conflict with
other anti-virus applications with the exception of:

• Kaspersky Anti-Virus 6.0 and 7.0;

• Kaspersky Internet Security 6.0 and 7.0;

• Kaspersky Anti-Virus 6.0 for Windows Workstation;

• Kaspersky Anti-Virus 6.0 for Windows Servers.

Kaspersky Anti-Virus 6.0 SOS does not provide real-time computer security and
is a supplemental anti-virus application!

There are several ways to install Kaspersky Anti-Virus 6.0 SOS:

• Local Installation: install the application on a single host. Direct access to
the host in question is required to run and complete the install. A local
install may be performed in one of the two modes below:

• an interactive install using the application Installation Wizard
(see 3.1 on p. 25); this mode requires user input for the install to
proceed;

• a non-interactive install run from the command line and not
requiring any user input for the install to proceed (see 3.3 on
p. 33).

• Remote Installation: install the application to networked computers
remotely from an administrator workstation using:

• the Kaspersky Administration Kit software suite (see Kaspersky
Administration Kit Deployment Guide);

• Microsoft Windows Server 2000/2003 group domain policies
(see 3.4 on 33).

Before installing Kaspersky Anti-Virus 6.0 SOS, we recommend closing all other
applications (this also applies to installation using Kaspersky Administration Kit).

24 Kaspersky Anti-Virus 6.0 SOS

3.1. Installation procedure using the
Installation Wizard

To install Kaspersky Anti-Virus 6.0 SOS on your computer, open the Windows
Installer file on the installation CD.

Note:
Installing the program with an installer package downloaded from the Internet is
identical to installing it from an installation CD.

An installation wizard will open for the program. Each window contains a set of
buttons for navigating through the installation process. Here is a brief explanation
of their functions:

• Next – accepts an action and moves forward to the next step of

installation.

• Back – goes back to the previous step of installation.

• Cancel – cancels product installation.

• Finish – completes the program installation procedure.

Let’s take a closer look at the steps of the installation procedure.

Step 1. Checking for the necessary system conditions to

install Kaspersky Anti-Virus 6.0 SOS

Before the program is installed on your computer, the installer checks your
computer for the operating system and service packs necessary to install
Kaspersky Anti-Virus 6.0 SOS. It also checks your computer for other necessary
programs and verifies that your user rights allow you to install software.

If any of these requirements is not met, the program will display a message
informing you of the fault. You are advised to install any necessary service packs
through Windows Update, and any other necessary programs, before installing
Kaspersky Anti-Virus 6.0 SOS.

Step 2. Installation Welcome window

If your system fully meets all requirements, an installation window will appear
when you open the installer file with information on beginning the installation of
Kaspersky Anti-Virus 6.0 SOS.

To continue installation, click the Next button. You may cancel installation by
clicking Cancel.

Installing Kaspersky Anti-Virus 6.0 SOS 25

Step 3. Viewing the End-User License Agreement

The next window contains the End-User License Agreement which is made
between you and Kaspersky Lab. Carefully read through it, and if you agree to all

the terms of the agreement, select I accept the terms of the License
Agreement and click the Next button. Installation will continue.

To cancel the installation, press the Cancel button.

Step 4. Selecting an installation folder

The next stage of Kaspersky Anti-Virus 6.0 SOS installation determines where
the program will be installed on your computer. The default path is:

• <drive> → Program Files → Kaspersky Lab → Kaspersky Anti-Virus

6.0 SOS – for 32-bit systems.

• <drive> → Program Files (х86) → Kaspersky Lab → Kaspersky Anti-
Virus 6.0 SOS – for 64-bit systems.

You can specify a different folder by clicking the Browse button and selecting it
in the folder selection window, or by entering the path to the folder in the field
available.

Remember that if you enter the full path to the installation folder manually, its
length must not exceed 200 characters or contain special characters..

To continue installation, click the Next button.

Step 5. Searching for other anti-virus programs

In this stage, the installer searches for other anti-virus products installed on your
computer.

If another anti-virus application is detected, Kaspersky Anti-Virus 6.0 SOS will
proceed with the installation. Otherwise, a warning will be displayed to the effect
that the application does not provide full computer anti-virus security.

To continue installation, click the Next button.

Step 6. Finishing installing your program

In this stage, the program will ask you to finish installing the program on your
computer. You can decide if you want to use the settings and threat signatures
from a previous version of Kaspersky Anti-Virus SOS (for example, if you
installed the beta version and now you are installing the commercial version).

Let’s take a closer look at how to use the options described above.

26 Kaspersky Anti-Virus 6.0 SOS

If you have previously installed another version or build of Kaspersky Anti-Virus
SOS on your computer and you saved its threat signatures when you uninstalled

it, you can use it in the current version. To do so, check Threat signatures.
The threat signatures included with the program installation will not be copied to
your computer.

To use application settings that you configured and saved from a previous
version, check

To continue installation, click the Next button.

Application settings.

Step 7. Selecting Installation Type

In this stage, you select how much of the program you want to install on your
computer. You have three options:

Complete. If you select this option, all Kaspersky Anti-Virus 6.0 SOS

components will be installed. The installation will recommence with Step

5.

Custom. If you select this option, you can select the program components

that you want to install. For more, see Step 8.

To select a setup type, click the appropriate button.

Step 8. Selecting Program Components to Install

This step occurs only if you select the Custom setup type.

If you selected Custom installation, you can select the components of Kaspersky
Anti-Virus 6.0 SOS that you want to install. By default, the virus scan component
and the Administration Agent plug-in for remote administration using Kaspersky
Administration Kit.

To select the components you want to install, left-click the icon alongside a
component name and select Will be installed on local hard drive from the
menu. More information on selected component’s functionality and the amount of
disk space required for its installation is available at the bottom of the program
installation window.

If you do not want to install a component, select Entire feature will be
unavailable item from the context menu. Remember that by choosing not to
install a component you deprive yourself of protection against a wide range of
dangerous programs.

After you have selected the components you want to install, click Next. To return
the list to the default programs to be installed, click Reset.

Click Install in the next window.

Installing Kaspersky Anti-Virus 6.0 SOS 27

Step 9. Completing the installation procedure

The Complete Installation window contains information on finishing the
Kaspersky Anti-Virus 6.0 SOS installation process.

To start the setup wizard, click Next (see 3.2 on page 28).

If installation is completed successfully, you will need to restart your computer,
and a message on the screen will tell you so.

3.2. Setup Wizard

The Kaspersky Anti-Virus 6.0 SOS Setup Wizard starts after the installation has
been finished. It is designed to help you configure the initial program settings to
conform to the features and uses of your computer.

The Setup Wizard interface is designed like a standard Windows Wizard and
consists of a series of steps that you can move between using the Back and
Next buttons, or complete using the Finish button. The Cancel button will stop
the Wizard at any point.

You can skip this initial settings stage when installing the program by closing the
Wizard window. In the future, you can run it again from the program interface if
you restore the default settings for Kaspersky Anti-Virus 6.0 SOS (see 10.10 on
page 112).

3.2.1. Activating the program

Before activating the program, make sure that the computer's system date
settings match the actual date and time.

You can activate the program by installing a license key. Kaspersky Anti-Virus

6.0 SOS check the key for a license agreement and to determine rights for using
application and its expiration date.

The license key contains system information necessary for all the program’s
features to operate, and other information:

• Support information (who provides program support and where you can
obtain it)

• Name, number, and expiration date of your license

28 Kaspersky Anti-Virus 6.0 SOS

3.2.1.1. Selecting a program activation method

Depending on whether you have a key for Kaspersky Anti-Virus or need to obtain
one from the Kaspersky Lab server, you have several options for activating the
program:

Activate using the activation code. Select this activation option if you

have purchased the full version of the program and were provided with
an activation code. Using this activation code you will obtain a key file
providing access to the application's full functionality throughout the
effective term of the license agreement.

Activate trial version. Select this activation option if you want to install

the trail version of the program before making the decision to buy a
commercial version. You will be given a free key valid for a term
specified in the trial version license agreement.

Apply existing license key. Activate the application using a Kaspersky

Anti-Virus 6.0 license key file.

Activate later. If you choose this option, you will skip the activation

stage. Kaspersky Anti-Virus 6.0 SOS will be installed on your computer
and you will have access to all program features except updates (you
can only update the threat signatures once after installing the program).

The first two activation options use a Kaspersky Lab web server, which requires
an Internet connection. Before activating, make sure to edit your network settings
(see 9.4.3 on p. 82) in the window that opens when you click LAN settings (if
necessary). For more in-depth information on configuring network settings,
contact your system administrator or ISP.

If you have no Internet connection when installing the program you can activate
the application later (see 10.5 on p. 100) using its interface or you can use
Internet access of another computer to register at Kaspersky Lab Technical
Support website and get the key using activation code.

3.2.1.2. Entering the activation code

You must enter an activation code to activate the program. If you purchase the
program through the Internet, you will receive the activation code by e-mail. If
you purchase a boxed version of the program, you will find the activation code on
the installation CD-ROM envelope.

The activation code is a sequence of numbers and letters separated by dashes
into four sections of five characters each, no spaces. For example, 11AA1­11AAA-1AA11-1A111. Note that the code must be entered in Latin characters.

Installing Kaspersky Anti-Virus 6.0 SOS 29

Enter your contact information in the lower part of the window: full name, e-mail
address, and country and city of residence. This information might be requested
to identify a registered user if, for example, a key is lost or stolen. If that were to
happen, your contact information will enable you to obtain a new license key.

3.2.1.3. Obtaining a key file

The Settings Wizard connects to Kaspersky Lab servers and sends them your
registration data (the activation code and personal information), which are
inspected on the server.

If the activation code passes inspection, the Wizard receives a key file. If you
install the demo version of the program, the Settings Wizard will receive a trial
key file without an activation code.

The file received will be installed automatically to use the program and you will
see an activation completion window with detailed information on the key being
used.

If the activation code does not pass inspection, you will see a corresponding
message on the screen. If this occurs, contact the software vendors from whom
you purchased the program for information.

3.2.1.4. Selecting a license key file

If you have a license key file for Kaspersky Anti-Virus 6.0 SOS, the Wizard will
ask if you want to install it. If you do, use the Browse button and select the file
path for the key file with the .key extension in the file selection window.

After you have successfully installed the key, you will see information about the
license in the lower part of the window: name of the person to whom the software
is registered, license number, license type (full, beta-testing, demo, etc.), and the
key expiration date.

3.2.1.5. Completing program activation

The Setup Wizard will inform you that the program has been successfully
activated. It will also display information on the license key installed: name of the
person to whom the software is registered, license number, license type (full,
beta-testing, demo, etc.), and the expiration date for the key.

30 Kaspersky Anti-Virus 6.0 SOS

3.2.2. Configuring update settings

The efficiency of virus scan tasks on your computer depends directly on updating
the threat signatures and program modules regularly. In this window, the Setup
Wizard asks you to select a mode for program updates, and to configure a
schedule.

Automatically. Kaspersky Anti-Virus 6.0 SOS checks the update source for

updates at specified intervals. During virus outbreaks, the check frequency may
increase, and decrease when they are gone. If it finds new updates, Anti-Virus
downloads them and installs them on the computer. This is the default setting.

Every 2 hours.Updates will run automatically according to the schedule

created. You can configure the schedule by clicking Edit.

Manually. If you choose this option, you will run program updates yourself.

Note that the threat signatures and program modules included with the software
may be outdated by the time you install the program. That is why we recommend
downloading the latest program updates. To do so, click Update now. Then
Kaspersky Anti-Virus 6.0 SOS will download the necessary updates from the
update servers and will install them on your computer.

If you want to configure updates (set up network properties, select the resource
from which updates will be downloaded, set up running task under a certain
account or enable update distribution option), click Settings.

3.2.3. Configuring a virus scan schedule

Scanning selected areas of your computer for malicious objects is one of the key
steps in protecting your computer.

When you install Kaspersky Anti-Virus 6.0 SOS, three default virus scan tasks
are created. In this window, the Setup Wizard asks you to choose a scan task
setting:

Startup objects

By default, Kaspersky Anti-Virus 6.0 SOS automatically scans Startup
objects when it starts up. You can edit the schedule properties in another
window by clicking Change.

Critical Areas

To automatically scan critical areas of your computer (system memory,
Startup objects, boot sectors, Windows system folders) for viruses, check
the appropriate box. You can configure the schedule by clicking Change.

The default setting for this automatic scan is disabled.