Kaspersky ANTI-VIRUS 7.0 User Manual

KASPERSKY LAB

Kaspersky Anti-Virus 7.0

USER GUIDE

KASPERSKY A N TI-VI R U S 7. 0

User Guide

Kaspersky Lab

http://www.kaspersky.com

Revision date: December, 2007

Contents

CHAPTER 1. THREATS TO COMPUTER SECURITY................................................. 9

1.1. Sources of Threats ................................................................................................ 9

1.2. How threats spread ............................................................................................. 10

1.3. Types of Threats .................................................................................................. 12

1.4. Signs of Infection ................................................................................................. 14

1.5. What to do if you suspect infection ..................................................................... 15

1.6. Preventing Infection ............................................................................................. 16

CHAPTER 2. KASPERSKY ANTI-VIRUS 7.0 .............................................................. 18

2.1. What‟s new in Kaspersky Anti-Virus 7.0 ............................................................. 18

2.2. The elements of Kaspersky Anti-Virus Defense ............................................... 20

2.2.1. Real-Time Protection Components.............................................................. 21

2.2.2. Virus scan tasks ............................................................................................ 22

2.2.3. Update ........................................................................................................... 23

2.2.4. Program tools................................................................................................ 23

2.3. Hardware and software system requirements ................................................... 24

2.4. Software packages .............................................................................................. 25

2.5. Support for registered users ................................................................................ 26

CHAPTER 3. INSTALLING KASPERSKY ANTI-VIRUS 7.0 ....................................... 27

3.1. Installation procedure using the Installation Wizard ........................................... 27

3.2. Setup Wizard ....................................................................................................... 31

3.2.1. Using objects saved with Version 5.0 .......................................................... 32

3.2.2. Activating the program .................................................................................. 32

3.2.2.1. Selecting a program activation method ................................................. 32

3.2.2.2. Entering the activation code .................................................................. 33

3.2.2.3. User Registration ................................................................................... 34

3.2.2.4. Obtaining a Key File............................................................................... 34

3.2.2.5. Selecting a Key File ............................................................................... 34

3.2.2.6. Completing program activation.............................................................. 35

3.2.3. Selecting a security mode ............................................................................ 35

3.2.4. Configuring update settings .......................................................................... 36

4 Kaspersky Anti-Virus 7.0

3.2.5. Configuring a virus scan schedule ............................................................... 36

3.2.6. Restricting program access .......................................................................... 37

3.2.7. Application Integrity Control .......................................................................... 37

3.2.8. Finishing the Setup Wizard .......................................................................... 38

3.3. Installing the program from the command prompt ............................................. 38

CHAPTER 4. PROGRAM INTERFACE ....................................................................... 39

4.1. Icon in the taskbar notification area .................................................................... 39

4.2. The context menu ................................................................................................ 40

4.3. Main program window ......................................................................................... 41

4.4. Program settings window .................................................................................... 45

CHAPTER 5. GETTING STARTED .............................................................................. 47

5.1. What is the computer‟s protection status? .......................................................... 47

5.2. Verifying the Status of Each Individual Protection Component ......................... 49

5.3. How to scan your computer for viruses .............................................................. 50

5.4. How to scan critical areas of the computer ......................................................... 51

5.5. How to scan a file, folder or disk for viruses ....................................................... 51

5.6. How to update the program ................................................................................ 52

5.7. What to do if protection is not running ................................................................ 53

CHAPTER 6. PROTECTION MANAGEMENT SYSTEM ............................................ 54

6.1. Stopping and resuming real-time protection on your computer ......................... 54

6.1.1. Pausing protection ........................................................................................ 55

6.1.2. Stopping protection ....................................................................................... 56

6.1.3. Pausing / Stopping Individual Protection Components ............................... 57

6.1.4. Restoring protection on your computer ........................................................ 57

6.2. Advanced Disinfection Technology .................................................................... 58

6.3. Running Application on a Portable Computer .................................................... 58

6.4. Runtime Computer Performance ........................................................................ 59

6.5. Troubleshooting Kaspersky Anti-Virus Compatibility with Other Applications .. 59

6.6. Running Virus Scans and Updates as Another User ......................................... 60

6.7. Configuring Scheduled Tasks and Notifications ................................................. 61

6.8. Types of Malware to Monitor ............................................................................... 63

6.9. Creating a trusted zone ....................................................................................... 64

6.9.1. Exclusion rules .............................................................................................. 65

6.9.2. Trusted applications ...................................................................................... 70

Contents 5

CHAPTER 7. FILE ANTI-VIRUS ................................................................................... 73

7.1. Selecting a file security level ............................................................................... 74

7.2. Configuring File Anti-Virus ................................................................................... 75

7.2.1. Defining the file types to be scanned ........................................................... 76

7.2.2. Defining protection scope ............................................................................. 78

7.2.3. Configuring advanced settings ..................................................................... 80

7.2.4. Using Heuristic Analysis ............................................................................... 82

7.2.5. Restoring default File Anti-Virus settings ..................................................... 84

7.2.6. Selecting actions for objects ......................................................................... 84

7.3. Postponed disinfection ........................................................................................ 86

CHAPTER 8. MAIL ANTI-VIRUS .................................................................................. 87

8.1. Selecting an email security level ......................................................................... 88

8.2. Configuring Mail Anti-Virus .................................................................................. 89

8.2.1. Selecting a protected email group................................................................ 90

8.2.2. Configuring email processing in Microsoft Office Outlook........................... 92

8.2.3. Configuring email scans in The Bat! ............................................................ 93

8.2.4. Using Heuristic Analysis ............................................................................... 95

8.2.5. Restoring default Mail Anti-Virus settings .................................................... 96

8.2.6. Selecting actions for dangerous email objects ............................................ 97

CHAPTER 9. WEB ANTI-VIRUS .................................................................................. 99

9.1. Selecting Web Security Level ........................................................................... 100

9.2. Configuring Web Anti-Virus ............................................................................... 102

9.2.1. General scan settings ................................................................................. 102

9.2.2. Creating a trusted address list .................................................................... 104

9.2.3. Using Heuristic Analysis ............................................................................. 104

9.2.4. Restoring default Web Anti-Virus settings ................................................. 105

9.2.5. Selecting responses to dangerous objects ................................................ 106

CHAPTER 10. PROACTIVE DEFENSE .................................................................... 108

10.1. Activity Monitoring Rules ................................................................................. 112

10.2. Application Integrity Control ............................................................................ 115

10.2.1. Configuring Application Integrity Control rules......................................... 116

10.2.2. Creating a list of common components ................................................... 118

10.3. Registry Guard ................................................................................................ 119

10.3.1. Selecting registry keys for creating a rule ................................................ 121

6 Kaspersky Anti-Virus 7.0

10.3.2. Creating a Registry Guard rule ................................................................ 122

CHAPTER 11. SCANNING COMPUTERS FOR VIRUSES ..................................... 125

11.1. Managing virus scan tasks .............................................................................. 126

11.2. Creating a list of objects to scan ..................................................................... 126

11.3. Creating virus scan tasks ................................................................................ 128

11.4. Configuring virus scan tasks ........................................................................... 129

11.4.1. Selecting a security level .......................................................................... 130

11.4.2. Specifying the types of objects to scan .................................................... 131

11.4.3. Additional virus scan settings ................................................................... 133

11.4.4. Scanning for rootkits ................................................................................. 135

11.4.5. Using heuristic methods ........................................................................... 136

11.4.6. Restoring default scan settings ................................................................ 137

11.4.7. Selecting actions for objects ..................................................................... 137

11.4.8. Setting up global scan settings for all tasks ............................................. 139

CHAPTER 12. TESTING KASPERSKY ANTI-VIRUS FEATURES ......................... 140

12.1. The EICAR test virus and its variations .......................................................... 140

12.2. Testing File Anti-Virus ..................................................................................... 142

12.3. Testing Virus scan tasks ................................................................................. 143

CHAPTER 13. PROGRAM UPDATES ....................................................................... 145

13.1. Starting the Updater ........................................................................................ 146

13.2. Rolling back to the previous update ................................................................ 147

13.3. Configuring update settings ............................................................................ 147

13.3.1. Selecting an update source ...................................................................... 148

13.3.2. Selecting an update method and what to update .................................... 150

13.3.3. Update distribution .................................................................................... 152

13.3.4. Actions after updating the program .......................................................... 153

CHAPTER 14. MANAGING KEYS ............................................................................. 155

CHAPTER 15. ADVANCED OPTIONS ...................................................................... 157

15.1. Quarantine for potentially infected objects...................................................... 158

15.1.1. Actions with quarantined objects ............................................................. 159

15.1.2. Setting up Quarantine .............................................................................. 160

15.2. Backup copies of dangerous objects .............................................................. 161

15.2.1. Actions with backup copies ...................................................................... 162

Contents 7

15.2.2. Configuring Backup settings .................................................................... 163

15.3. Reports ............................................................................................................ 163

15.3.1. Configuring report settings ....................................................................... 166

15.3.2. The Detected tab ...................................................................................... 166

15.3.3. The Events tab .......................................................................................... 167

15.3.4. The Statistics tab ...................................................................................... 168

15.3.5. The Settings tab ........................................................................................ 169

15.3.6. The Registry tab ....................................................................................... 170

15.4. Rescue Disk .................................................................................................... 171

15.4.1. Creating a rescue disk .............................................................................. 172

15.4.2. Using the rescue disk ............................................................................... 173

15.5. Creating a monitored port list .......................................................................... 174

15.6. Scanning Secure Connections ....................................................................... 176

15.7. Configuring Proxy-Server ................................................................................ 178

15.8. Configuring the Kaspersky Anti-Virus interface .............................................. 180

15.9. Using advanced options .................................................................................. 182

15.9.1. Kaspersky Anti-Virus event notifications .................................................. 183

15.9.1.1. Types of events and notification delivery methods ........................... 184

15.9.1.2. Configuring email notification ............................................................ 185

15.9.1.3. Configuring event log settings ........................................................... 186

15.9.2. Self-Defense and access restriction ........................................................ 187

15.9.3. Importing and exporting Kaspersky Anti-Virus settings........................... 189

15.9.4. Restoring default settings ......................................................................... 189

15.10. Technical Support ......................................................................................... 190

15.11. Closing Application ........................................................................................ 192

CHAPTER 16. WORKING WITH THE PROGRAM FROM THE COMMAND LINE 194

16.1. Activating the application ................................................................................. 195

16.2. Managing program components and tasks .................................................... 196

16.3. Anti-virus scans ............................................................................................... 199

16.4. Program updates ............................................................................................. 203

16.5. Rollback settings ............................................................................................. 204

16.6. Exporting protection settings ........................................................................... 204

16.7. Importing settings ............................................................................................ 205

16.8. Starting the program ........................................................................................ 205

16.9. Stopping the program ...................................................................................... 206

16.10. Creating a trace file ....................................................................................... 206

8 Kaspersky Anti-Virus 7.0

16.11. Viewing Help .................................................................................................. 207

16.12. Return codes from the command line interface ........................................... 207

CHAPTER 17. MODIFYING, REPAIRING, AND REMOVING THE PROGRAM .... 208

17.1. Modifying, repairing, and removing the program using Install Wizard........... 208

17.2. Uninstalling the program from the command line .......................................... 210

CHAPTER 18. FREQUENTLY ASKED QUESTIONS ............................................... 211

APPENDIX A. REFERENCE INFORMATION ........................................................... 213

A.1. List of files scanned by extension ..................................................................... 213

A.2. Valid file exclusion masks ................................................................................. 215

A.3. Valid exclusion masks by Virus Encyclopedia classification ........................... 216

APPENDIX B. KASPERSKY LAB ............................................................................... 218

B.1. Other Kaspersky Lab Products ........................................................................ 219

B.2. Contact Us ......................................................................................................... 228

APPENDIX C. LICENSE AGREEMENT .................................................................... 230

CHAPTER 1. THREATS TO

COMPUTER SECURITY

As information technology has rapidly developed and penetrated many aspects
of human existence, so the number and range of crimes aimed at breaching in­formation security has grown.

Cyber criminals have shown great interest in the activities of both state structures
and commercial enterprises. They attempt to steal or disclose confidential infor­mation, which damages business reputations, disrupts business continuity, and
may impair an organization's information resources. These acts can do extensive
damage to assets, both tangible and intangible.

It is not only big companies who are at risk, individual users can also be at­tacked. Criminals can gain access to personal data (for instance, bank account
and credit card numbers and passwords), or cause a computer to malfunction.
Some types of attacks can give hackers complete access to a computer, which
can then be used as part of a “zombie network” of infected computers to attack
servers, send out spam, harvest confidential information, and spread new viruses
and Trojans.

In today‟s world, it is widely acknowledged that information is a valuable asset

which should be protected. At the same time, information must be accessible to
those who legitimately require it (for instance, employees, clients and partners of
a business). Hence the need to create a comprehensive information security
system, which must take account of all possible sources of threats, whether hu­man, man-made, or natural disasters, and use a complete array of defensive
measures, at the physical, administrative and software levels.

1.1. Sources of Threats

A person, a group of people, or phenomena unrelated to human activity can
threaten information security. Following from this, all threat sources can be put
into one of three groups:

The human factor. This group of threats concerns the actions of

people with authorized or unauthorized access to information. Threats
in this group can be divided into:

External, including cyber criminals, hackers, internet scams, un-

principled partners, and criminal organizations.

10 Kaspersky Anti-Virus 7.0

Internal, including the actions of company staff and users of home

PCs. Actions taken by this group could be deliberate or accidental.

The technological factor. This threat group is connected with technical

problems – use of obsolete or poor-quality software and hardware to
process information. This can lead to equipment failure and often to da­ta loss.

The natural-disaster factor. This threat group includes the whole

range of events caused by nature and independent of human activity.

All three threat sources must be accounted for when developing a data security
protection system. This User Guide focuses on the area that is directly tied to
Kaspersky Lab‟s expertise – external threats involving human activity.

1.2. How threats spread

As modern computer technology and communications tools develop, hackers
have more opportunities for spreading threats. Let‟s take a closer look at them:

The Internet

The Internet is unique, since it is no one‟s property and has no
geographical borders. In many ways, this has promoted the development
of web resources and the exchange of information. Today, anyone can
access data on the Internet or create their own webpage.

However, these very features of the worldwide web give hackers the
ability to commit crimes on the Internet, and makes the hackers difficult to
detect and punish.

Hackers place viruses and other malicious programs on Internet sites and
disguise them as useful freeware. In addition, scripts which are run
automatically when certain web pages are loaded, may perform hostile
actions on your computer by modifying the system registry, retrieving your
personal data without your consent, and installing malicious software.

By using network technologies, hackers can attack remote PCs and
company servers. Such attacks may result in a resource being disabled or
used as part of a zombie network, and in full access being gained to a
resource and any information residing on it.

Lastly, since it became possible to use credit cards and e-money through
the Internet in online stores, auctions, and bank homepages, online
scams have become increasingly common.

Threats to Computer Security 11

Intranet

Your intranet is your internal network, specially designed for handling
information within a company or a home network. An intranet is a unified
space for storing, exchanging, and accessing information for all the
computers on the network. Therefore, if any one network host is infected,
other hosts run a significant risk of infection. To avoid such situations,
both the network perimeter and each individual computer must be
protected.

Email

Since the overwhelming majority of computers have email client programs
installed, and since malicious programs exploit the contents of electronic
address books, conditions are usually right for spreading malicious
programs. The user of an infected host unwittingly sends infected
messages out to other recipients who in turn send out new infected
messages, etc. For example, it is common for infected file documents to
go undetected when distributed with business information via a

company‟s internal email system. When this occurs, more than a handful

of people are infected. It might be hundreds or thousands of company
workers, together with potentially tens of thousands of subscribers.

Beyond the threat of malicious programs lies the problem of electronic
junk email, or spam. Although not a direct threat to a computer, spam
increases the load on email servers, eats up bandwidth, clogs up the

user‟s mailbox, and wastes working hours, thereby incurring financial

harm.
Also, hackers have begun using mass mailing programs and social

engineering methods to convince users to open emails, or click on a link
to certain websites. It follows that spam filtration capabilities are valuable
for several purposes: to stop junk email; to counteract new types of online
scans, such as phishing; to stop the spread of malicious programs.

Removable storage media

Removable media (floppies, CD/DVD-ROMs, and USB flash drives) are
widely used for storing and transmitting information.

Opening a file that contains malicious code and is stored on a removable
storage device can damage data stored on the local computer and spread
the virus to the computer‟s other drives or other computers on the
network.

12 Kaspersky Anti-Virus 7.0

1.3. Types of Threats

There are a vast number of threats to computer security today. This section will
review the threats that are blocked by Kaspersky Anti-Virus.

Worms

This category of malicious programs spreads itself largely by exploiting vul­nerabilities in computer operating systems. The class was named for the
way that worms crawl from computer to computer, using networks and
email. This feature allows worms to spread themselves very rapidly.

Worms penetrate a computer, search for the network addresses of other
computers, and send a burst of self-made copies to these addresses. In ad­dition, worms often utilize data from email client address books. Some of
these malicious programs occasionally create working files on system disks,
but they can run without any system resources except RAM.

Viruses

Viruses are programs which infect other files, adding their own code to them
to gain control of the infected files when they are opened. This simple defini­tion explains the fundamental action performed by a virus – infection.

Trojans

Trojans are programs which carry out unauthorized actions on computers,
such as deleting information on drives, making the system hang, stealing
confidential information, and so on. This class of malicious program is not a
virus in the traditional sense of the word, because it does not infect other
computers or data. Trojans cannot break into computers on their own and
are spread by hackers, who disguise them as regular software. The damage
that they inflict can greatly exceed that done by traditional virus attacks.

Recently, worms have been the commonest type of malicious program damaging
computer data, followed by viruses and Trojans. Some malicious programs com­bine features of two or even three of these classes.

Adware

Adware comprises programs which are included in software, unknown to the
user, which is designed to display advertisements. Adware is usually built in­to software that is distributed free. The advertisement is situated in the pro­gram interface. These programs also frequently collect personal data on the
user and send it back to their developer, change browser settings (start
page and search pages, security levels, etc.) and create traffic that the user
cannot control. This can lead to a security breach and to direct financial
losses.

Threats to Computer Security 13

Spyware

This software collects information about a particular user or organization
without their knowledge. Spyware often escapes detection entirely. In gen­eral, the goal of spyware is to:

trace user actions on a computer;
gather information on the contents of your hard drive; in such cas-

es, this usually involves scanning several directories and the sys­tem registry to compile a list of software installed on the computer;

gather information on the quality of the connection, bandwidth,

modem speed, etc.

Riskware

Potentially dangerous applications include software that has no malicious
features but could form part of the development environment for malicious
programs or could be used by hackers as auxiliary components for malicious
programs. This program category includes programs with backdoors and
vulnerabilities, as well as some remote administration utilities, keyboard
layout togglers, IRC clients, FTP servers, and all-purpose utilities for stop­ping processes or hiding their operation.

Another type of malicious program that is similar to adware, spyware, and risk­ware are programs that plug into your web browser and redirect traffic. The web
browser will open different web sites than those intended.

Jokes

Software that does not cause a host any direct harm but displays messages
that such harm has already been caused or will result under certain condi­tions. These programs often warn the user of non-existent dangers, such as
messages that warn of formatting the hard drive (although no formatting ac­tually takes place) or detecting viruses in uninfected files.

Rootkits

These are utilities which are used to conceal malicious activity. They mask
malicious programs to keep anti-virus programs from detecting them.
Rootkits modify basic functions of the computer‟s operating system to hide
both their own existence and actions that the hacker undertakes on the in­fected computer.

Other dangerous programs

These are programs created to, for instance, set up denial of service (DoS)
attacks on remote servers, hack into other computers, and programs that
are part of the development environment for malicious programs. These
programs include hack tools, virus builders, vulnerability scanners, pass-

14 Kaspersky Anti-Virus 7.0

Warning!

From this point forward, we will use the term "virus" to refer to malicious and
dangerous programs. The type of malicious programs will only be emphasized
where necessary.

word-cracking programs, and other types of programs for cracking network
resources or penetrating a system.

Kaspersky Anti-Virus uses two methods for detecting and blocking these threat
types:

Reactive: it is a method designed to search for malicious objects using

continuously updating application databases. This method requires at
least one instance of infection to add the threat signature to the data­bases and to distribute a database update.

Proactive – in contrast to reactive protection, this method is based not

on analyzing the object‟s code but on analyzing its behavior in the sys­tem. This method is aimed at detecting new threats that are still not de­fined in the signatures.

By employing both methods, Kaspersky Anti-Virus provides comprehensive pro­tection for your computer from both known and new threats.

1.4. Signs of Infection

There are a number of signs that a computer is infected. The following events
are good indicators that a computer is infected with a virus:

Unexpected messages or images appear on your screen or you hear

unusual sounds;
The CD/DVD-ROM tray opens and closes unexpectedly;
The computer arbitrarily launches a program without your assistance;
Warnings pop up on the screen about a program attempting to access

the Internet, even though you initiated no such action;

There are also several typical traits of a virus infection through email:

Friends or acquaintances tell you about messages from you that you

never sent;
Your inbox houses a large number of messages without return ad-

dresses or headers.

Threats to Computer Security 15

It must be noted that these signs can arise from causes other than viruses. For
example, in the case of email, infected messages can be sent with your return
address but not from your computer.

There are also indirect indications that your computer is infected:

Your computer freezes or crashes frequently;
Your computer loads programs slowly;
You cannot boot up the operating system;
Files and folders disappear or their contents are distorted;
The hard drive is frequently accessed (the light blinks);
The web browser (e.g., Microsoft Internet Explorer) freezes or behaves

unexpectedly (for example, you cannot close the program window).

In 90% of cases, these indirect systems are caused by malfunctions in hardware
or software. Despite the low likelihood that these symptoms are indicative of in­fection, a full scan of your computer is recommended (see 5.3 on pg. 50) if they
should manifest themselves.

1.5. What to do if you suspect

infection

If you notice that your computer is behaving suspiciously…

1. Don‟t panic! This is the golden rule: it could save you from losing impor­tant data.

2. Disconnect your computer from the Internet or local network, if it is on
one.

3. If the computer will not boot from the hard drive (the computer displays
an error message when you turn it on), try booting in safe mode or with
the emergency Microsoft Windows boot disk that you created when you
installed the operating system.

4. Before doing anything else, back up your work on removable storage
media (floppy, CD/DVD, flash drive, etc.).

5. Install Kaspersky Anti-Virus, if you have not done so already.

6. Update databases and application modules (see 5.6 on pg. 52). If poss­ible, download the updates off the Internet from a different uninfected

computer, for instance at a friend‟s, an Internet café, or work. It is better

to use a different computer since, when you connect an infected com-

16 Kaspersky Anti-Virus 7.0

puter to the Internet, there is a chance that the virus will send important
information to hackers or spread the virus to the addresses in your ad­dress book. That is why if you suspect that your computer has a virus,
you should immediately disconnect from the Internet. You can also get
threat signature updates on floppy disk from Kaspersky Lab or its dis­tributors and update your signatures using the disk.

7. Select the security level recommended by the experts at Kaspersky
Lab.

8. Start a full computer scan (see 5.3 on pg. 50).

1.6. Preventing Infection

Not even the most reliable and deliberate measures can provide 100% protection
against computer viruses and Trojans, but following such a set of rules signifi­cantly lowers the likelihood of virus attacks and the level of potential damage.

One of the basic methods of battling viruses is, as in medicine, well-timed pre-
vention. Computer prophylactics involve a rather small number of rules that, if
complied with, can significantly lower the likelihood of being infected with a virus
and losing data.

Below is a listing of basic safety rules which, if followed, will help mitigate the risk
of virus attacks.

Rule No. 1: Use anti-virus software and Internet security programs. To do so:

Install Kaspersky Anti-Virus as soon as possible.
Regularly (see 5.6 on pg. 52) update the program‟s threat signatures. In

the event of virus outbreaks updates may occur several times a day
with application databases on Kaspersky Lab update servers updating
immediately.

Select the security settings recommended by Kaspersky Lab for your

computer. You will be protected constantly from the moment the com­puter is turned on, and it will be harder for viruses to infect your com­puter.

Select the settings for a complete scan recommended by Kaspersky

Lab, and schedule scans for at least once per week. If you have not in­stalled Firewall, we recommend that you do so to protect your computer
when using the Internet.

Threats to Computer Security 17

Rule No. 2: Use caution when copying new data to your computer:

Scan all removable storage drives, for example floppies, CD/DVDs, and

flash drives, for viruses before using them (see 5.5 on pg. 51).

Treat emails with caution. Do not open any files attached to emails un-

less you are certain that you were intended to receive them, even if they
were sent by people you know.

Be careful with information obtained through the Internet. If any web site

suggests that you install a new program, be certain that it has a security
certificate.

If you are copying an executable file from the Internet or local network,

be sure to scan it with Kaspersky Anti-Virus.

Use discretion when visiting web sites. Many sites are infected with

dangerous script viruses or Internet worms.

Rule No. 3: Pay close attention to information from Kaspersky Lab.

In most cases, Kaspersky Lab announces a new outbreak long before it
reaches its peak. The corresponding likelihood of infection is still low, and
you will be able to protect yourself from new infection by downloading
updated application databases.

Rule No. 4: Do not trust virus hoaxes, such as prank programs and emails about

infection threats.

Rule No. 5: Use the Microsoft Windows Update tool and regularly install Micro-

soft Windows operating system updates.

Rule No. 6: Buy legitimate copies of software from official distributors.
Rule No. 7: Limit the number of people who are allowed to use your computer.
Rule No. 8: Lower the risk of unpleasant consequences of a potential infection:

Back up data regularly. If you lose your data, the system can fairly

quickly be restored if you have backup copies. Store distribution flop­pies, CD/DVDs, flash drives, and other storage media with software and
valuable information in a safe place.

Create a Rescue Disk (see 15.4 on pg. 171) that you can use to boot

up the computer, using a clean operating system.

Rule No. 9: Review list of software installed on your computer on a regular ba-

sis. This can be accomplished using the Install/Remove Programs service

under Control Panel or simply by viewing the contents of the Program
Files folder. You can discover software here that was installed on your com-

puter without your knowledge, for example, while you were using the Inter­net or installing a different program. Programs like these are almost always
riskware.

CHAPTER 2. KASPERSKY ANTI-

VIRUS 7.0

Kaspersky Anti-Virus 7.0 heralds a new generation of data security products.
What really sets Kaspersky Anti-Virus 7.0 apart from other software, even from

other Kaspersky Lab products, is its multi-faceted approach to data security.

2.1. What’s new in Kaspersky Anti-

Virus 7.0

Kaspersky Anti-Virus 7.0 (henceforth referred to as “Kaspersky Anti-Virus”, or
“the program”) has a new approach to data security. The program‟s main feature

is that it combines and noticeably improves the existing features of all the com-

pany‟s products in one security solution. The program provides protection

against viruses. New modules offer protection from unknown threats.
You will no longer need to install several products on your computer for overall

security. It is enough simply to install Kaspersky Anti-Virus 7.0.
Comprehensive protection guards all incoming and outgoing data channels. A

flexible configuration of all application components allows for maximum customi­zation of Kaspersky Anti-Virus to the needs of each user. Configuration of the
entire program can be done from one location.

Let‟s take a look at the new features in Kaspersky Anti-Virus.

New Protection Features

Kaspersky Anti-Virus protects you both from known malicious programs,

and from programs that have not yet been discovered. Proactive De­fense (see Chapter 10 on pg. 108) is the program‟s key advantage. It
analyzes the behavior of applications installed on your computer, moni­toring changes to the system registry, and fighting hidden threats. The
component uses a heuristic analyzer to detect and record various types
of malicious activity, with which actions taken by malicious programs
can be rolled back and the system can be restored to its state prior to
the malicious activity.

File Anti-Virus technology has been improved to lower the load on the

central processor and disk subsystems and increase the speed of file

Kaspersky Anti-Virus 7.0 19

scans using iChecker and iSwift. By operating this way, the program
rules out scanning files twice.

The scan process now runs as a background task, enabling the user to

continue using the computer. If there is a competition for system re­sources, the virus scan will pause until the user‟s operation is com­pleted and then resumes at the point where it left off.

Individual tasks are provided for scanning Critical Areas of the computer

and startup objects that could cause serious problems if infected and for
detecting rootkits used to hide malware on your system. You can confi­gure these tasks to run automatically every time the system is started.

E-mail protection from malicious programs has been significantly im-

proved. The program scans these protocols for emails containing virus­es:

IMAP, SMTP, POP3, regardless of which email client you use
NNTP, regardless of the email client
Regardless of the protocol (including MAPI and HTTP), using plug-

ins for Microsoft Office Outlook and The Bat!

Special plug-ins are available for the most common mail clients, such as

Microsoft Office Outlook, Microsoft Outlook Express (Windows Mail),
and The Bat! that can configure mail protection from viruses directly in
the mail client.

The user notification function (see 15.9.1 on pg. 183) has been ex-

panded for certain events that arise during program operation. You can
select the method of notification yourselves for each of these event
types: e-mails, sound notifications, pop-up messages.

The program now has the ability to scan traffic sent over SSL protocol.
New features included application self-defense technology, protection

from unauthorized remote access of Kaspersky Anti-Virus services, and
password protection for program settings. These features help keep
malicious programs, hackers, and unauthorized users from disabling
protection.

The option of creating a rescue disk has been added. Using this disk,

you can restart your operating system after a virus attack and scan it for
malicious objects.

A News Agent has been added. It is a module designed for real-time

delivery of news content from Kaspersky Lab.

20 Kaspersky Anti-Virus 7.0

New Program Interface Features

The new Kaspersky Anti-Virus interface makes the program‟s functions

clear and easy to use. You can also change the program‟s appearance

by using your own graphics and color schemes.

The program regularly provides you with tips as you use it: Kaspersky

Anti-Virus displays informative messages on the level of protection and
includes a thorough Help section. A security wizard built into the appli­cation provides a complete snapshot of a host's protection status and
allows to proceed directly to issue resolution.

New Program Update Features

This version of the application debuts our improved update procedure:

Kaspersky Anti-Virus automatically checks the update source for update
packages. When the program detects fresh updates, it downloads them
and installs them on the computer.

The program downloads updates incrementally, ignoring files that have

already been downloaded. This lowers the download traffic for updates
by up to 10 times.

Updates are downloaded from the most efficient source.
You can choose not to use a proxy server, by downloading program up-

dates from a local source. This noticeably reduces the traffic on the
proxy server.

A rollback capability has been implemented to recover to a previous ap-

plication database version in the event of file corruption or copy errors.

A feature has been added for distributing updates to a local folder to

give other network computers access to them to save bandwidth.

2.2. The elements of Kaspersky

Anti-Virus Defense

Kaspersky Anti-Virus protection is designed with the sources of threats in mind.
In other words, a separate program component deals with each threat, monitor­ing it and taking the necessary action to prevent malicious effects of that threat
on the user's data. This setup makes the system flexible, with easy configuration
options for all of the components that fit the needs of a specific user or business
as a whole.

Kaspersky Anti-Virus 7.0 21

Kaspersky Anti-Virus includes:

Real-time protection components (see 2.2.1 on pg. 21) providing real-

time protection of all data transfer and input paths through your com­puter.

Virus Scan Tasks (see 2.2.2 on pg. 22) used to scan individual files,

folders, drives, or areas for viruses or to perform a full computer scan.

Updates (see 2.2.3 on pg. 23) to assure currency of internal application

modules and databases used to scan for malware.

2.2.1. Real-Time Protection Components

These protection components defend your computer in real time:
File Anti-Virus

A file system can contain viruses and other dangerous programs. Malicious
programs can remain inactive in computer file system for years after one day
being copied from a floppy disk or from the Internet, without showing them­selves at all. But you need only act upon the infected file, and the virus is in­stantly activated.

File Anti-virus is the component that monitors your computer‟s file system. It
scans all files that are opened, run, and saved on your computer and any at­tached drives. The program intercepts every attempt to access a file and
scans the file for known viruses, only making the file available to be used
further if it is not infected or is successfully disinfected by File Anti-Virus. If a
file cannot be disinfected for any reason, it will be deleted, with a copy of the
file either saved in Backup (see 15.2 on pg. 161), or moved to Quarantine
(see 15.1 on pg. 158).

Mail Anti-Virus

Email is widely used by hackers to spread malicious programs, and is one of
the most common methods of spreading worms. This makes it extremely
important to monitor all email.

The Mail Anti-Virus component scans all incoming and outgoing email on
your computer. It analyzes emails for malicious programs, only granting the
addressee access to the email if it is free of dangerous objects.

Web Anti-Virus

Opening various web sites you put your computer at risk for infection with vi­ruses which will be installed using scripts contained in such web pages as
well as for downloading dangerous objects.

22 Kaspersky Anti-Virus 7.0

Web Anti-Virus is specially designed to combat these risks, by intercepting

and blocking scripts on web sites if they pose a threat, and by thoroughly
monitoring all HTTP traffic.

Proactive Defense

The number of malicious programs grows daily. Such programs become
more complex combining several types of threats and modifying delivery
routes. They become ever more difficult to detect.

To detect a new malicious program before it has time to do any damage,
Kaspersky Lab has developed a special component, Proactive Defense. It is
designed to monitor and analyze the behavior of all installed programs on
your computer. Kaspersky Anti-Virus decides, based on the program‟s ac­tions: is it potentially dangerous? Proactive Defense protects your computer
both from known viruses and from new ones that have yet to be discovered.

2.2.2. Virus scan tasks

In addition to constantly monitoring all potential pathways for malicious pro­grams, it is extremely important to periodically scan your computer for viruses.
This is required to stop the spread of malicious programs not detected by real­time protection components because of the low level of protection selected or for
other reasons.

The following tasks are provided by Kaspersky Anti-Virus to perform virus scans:

Critical Areas

Scans all critical areas of the computer for viruses. These include: system
memory, system startup objects, master boot records, Microsoft Windows
system folders. The objective is quickly to detect active viruses on the sys­tem without starting a full computer scan.

My Computer

Scans for viruses on your computer with a through inspection of all disk
drives, memory, and files.

Startup Objects

Scans for viruses in all programs that are loaded automatically on startup,
plus RAM and boot sectors on hard drives.

Rootkit Scan

Scans the computer for rootkits that hide malicious programs in the operat­ing system. These utilities injected into system, hiding their presence and
the presence of processes, folders, and registry keys of any malicious pro­grams described in the configuration of the rootkit.

Kaspersky Anti-Virus 7.0 23

There is also the option to create other virus-scan tasks and create a schedule
for them. For example, you can create a scan task for mailboxes once per week,
or a virus scan task for the My Documents folder.

2.2.3. Update

In order to always be ready to delete a virus or some other dangerous program,
Kaspersky Anti-Virus needs real-time support. Update is designed to do exactly
that. It is responsible for updating databases and application modules utilized by
Kaspersky Anti-Virus.

The update distribution feature enables you to save databases and program
modules retrieved from Kaspersky Lab servers to a local folder and then grant
access to them to other computers on the network to reduce Internet traffic.

2.2.4. Program tools

Kaspersky Anti-Virus includes a number of support tools, which are designed to
provide real-time software support, expanding the capabilities of the program and
assisting you as you go.

Reports and Data Files

At runtime, the application generates a report on each real-time protection
component, virus scan task, and application update. It contains information
on results and operations performed. Details on any Kaspersky Anti-Virus
component are available through the Reports feature. In the event of prob­lems, such reports may be forwarded to Kaspersky Lab for our specialists to
take a closer look at the situation and provide assistance as soon as possi­ble.

All suspicious objects are placed by Kaspersky Anti-Virus in a special area
known as Quarantine where they are stored in an encrypted format to pro­tect the computer from infection. These objects may be scanned for viruses,
restored to the original location, or deleted. Objects may be placed in qua­rantine manually. All objects found by the scan to be uninfected are auto­matically restored to their original location.

Backup Storage holds copies of objects disinfected or deleted by the appli­cation. These copies are created in case there is a need to restore objects

or reconstruct the course of their infection. Backups are also stored in an
encrypted format to protect the computer from infection. A backed-up object
may be restored to the original location or deleted.

24 Kaspersky Anti-Virus 7.0

Activation

When purchasing Kaspersky Anti-Virus, you enter into a licensing agree­ment with Kaspersky Lab which governs the use of the application as well as
your access to application database updates and Technical Support over a
specified period of time. The term of use and other information necessary for
full functionality of the program are provided in a key file.

Using the Activation feature, you can find detailed information on the key
you are using or purchase a new key.

Support

All registered Kaspersky Anti-Virus users can take advantage of our tech­nical support service. To learn where exactly you can get technical support,
use the Support feature.

By following these links you can access the Kaspersky Lab user forum or
send feedback or an error report to Technical Support by completing a spe­cial online form.

You will also be able to access online Technical Support, Personal Cabinet
services, and our employees will certainly always be ready to assist you with
Kaspersky Anti-Virus by phone.

2.3. Hardware and software system

requirements

For Kaspersky Anti-Virus 7.0 to run properly, your computer must meet these
minimum requirements:

General Requirements:

50 MB of free hard drive space
CD/DVD-ROM drive (for installing Kaspersky Anti-Virus 7.0 from an in-

stallation CD/DVD)

Microsoft Internet Explorer 5.5 or higher (for updating databases and

application modules through the Internet)

Microsoft Windows Installer 2.0

Microsoft Windows 2000 Professional (Service Pack 2 or higher), Microsoft Win­dows XP Home Edition, Microsoft Windows XP Professional (Service Pack 2 or
higher), Microsoft Windows XP Professional x64 Edition:

Intel Pentium 300 MHz processor or faster (or compatible)

Kaspersky Anti-Virus 7.0 25

Before breaking the seal on the installation disk envelope, carefully read
through the EULA.

128 MB of RAM

Microsoft Windows Vista, Microsoft Windows Vista x64:

Intel Pentium 800 MHz 32-bit (x86)/ 64-bit (x64) or faster (or compati-

ble)

512 MB of RAM

2.4. Software packages

You can purchase the boxed version of Kaspersky Anti-Virus from our resellers,
or download it from Internet shops, including the eStore section of

www.kaspersky.com.

If you buy the boxed version of the program, the package will include:

A sealed envelope with an installation CD containing the program files

and documentation in PDF format

A User Guide in printed form (if this item was included in the order) or a

Product Guide

The program activation code, attached to the installation CD envelope
The end-user license agreement (EULA)

If you buy Kaspersky Anti-Virus from an online store, you copy the product from
the Kaspersky Lab website (Downloads Product Downloads). You can
download the User Guide from the Downloads Documentation section.

You will be sent an activation code by email after your payment has been re­ceived.

The End-User License Agreement is a legal agreement between you and Kas­persky Lab that specifies the terms on which you may use the software you have
purchased.

Read the EULA through carefully.
If you do not agree with the terms of the EULA, you can return your boxed prod-

uct to the reseller from whom you purchased it and be reimbursed for the amount
you paid for the program. If you do so, the sealed envelope for the installation
disk must still be sealed.

By opening the sealed installation disk, you accept all the terms of the EULA.

26 Kaspersky Anti-Virus 7.0

Kaspersky Lab does not provide technical support for operating system use and
operation, or for any products other than its own.

2.5. Support for registered users

Kaspersky Lab provides its registered users with an array of services to make
Kaspersky Anti-Virus more effective.

When the program has been activated, you become a registered user and will
have the following services available until the key expires:

Hourly updates of the application databases and new versions of the

program free of charge

Consultation on questions regarding installation, configuration, and op-

eration of the program, by phone and email

Notifications on new Kaspersky Lab product releases and new viruses

(this service is provided for users that subscribe to Kaspersky Lab news
mailings on the Technical Support Service website

http://support.kaspersky.com/subscribe/)

Caution!

It is recommended that all running applications be closed before a Kaspersky
Anti-Virus install is attempted.

Note:

Installing the program with an installer package downloaded from the Internet is
identical to installing it from an installation CD.

CHAPTER 3. INSTALLING

KASPERSKY ANTI-VIRUS

7.0

There are several ways to install Kaspersky Anti-Virus 7.0 to a host:

interactively, using the application Installation Wizard (see 3.1 on pg.

27); this mode requires user input for the install to proceed;

non-interactively, this type of install is performed from the command line

and does not require any user input for the install to proceed (see 3.3
on pg. 38).

3.1. Installation procedure using the

Installation Wizard

To install Kaspersky Anti-Virus to your computer, start the setup file on the prod­uct CD.

This will attempt to locate the application install package (file with an *.msi exten-
sion) and if the package is located, you will be prompted to check for Kaspersky
Anti-Virus updates on Kaspersky Lab servers. If no install package file is found,
you will be prompted to download it. Following the download, the application in­stall will begin. In the event that the user opts not to download, the install will
continue normally.

An installation wizard will open for the program. Each window contains a set of
buttons for navigating through the installation process. Here is a brief explanation
of their functions:

28 Kaspersky Anti-Virus 7.0

Next – accepts an action and moves forward to the next step of installa-

tion.

Back – goes back to the previous step of installation.
Cancel – cancels product installation.
Finish – completes the program installation procedure.

Let‟s take a closer look at the steps of the installation procedure.

Step 1. Checking for the necessary system conditions to in-

stall Kaspersky Anti-Virus

Before the program is installed on your computer, the installer checks your com­puter for the operating system and service packs necessary to install Kaspersky
Anti-Virus. It also checks your computer for other necessary programs and veri­fies that your user rights allow you to install software.

If any of these requirements is not met, the program will display a message in­forming you of the fault. You are advised to install any necessary service packs
through Windows Update, and any other necessary programs, before installing
Kaspersky Anti-Virus.

Step 2. Installation Welcome window

If your system fully meets all requirements, an installation window will appear
when you open the installer file with information on beginning the installation of
Kaspersky Anti-Virus.

To continue installation, click the Next button. To cancel the installation, click

Cancel.

Step 3. Viewing the End-User License Agreement

The next window contains the End-User License Agreement entered into be­tween you and Kaspersky Lab. Carefully read through it, and if you agree to all

the terms of the agreement, select I accept the terms of the License
Agreement and click the Next button. Installation will continue. To cancel the
installation, click Cancel.

Step 4. Selecting Installation Type

In this step, you are prompted to select installation type:

Quick Install. If this option is selected, Kaspersky Anti-Virus will be installed

using default settings only, as recommended by Kaspersky Lab special­ists. At the end of the install, an activation wizard will be started (see

3.2.2 on pg. 32).

Custom Install. Under this option you will be prompted to select the applica-

tion components to be installed, the installation folder, and to activate as

Installing Kaspersky Anti-Virus 7.0 29

Note

This step is not performed unless a Custom install is selected.

well as configure the installation using a special wizard (see 3.2 on pg.

31).

Under the former option, the install will be performed non-interactively, i. e. sub­sequent steps described in this section will be skipped. In the latter case, you will
be required to enter or confirm certain data.

Step 5. Selecting an installation folder

The next stage of Kaspersky Anti-Virus installation determines where the pro­gram will be installed on your computer. The default path is:

For 32-bit systems: <Drive>\Program Files\Kaspersky Lab\Kaspersky

Anti-Virus 7.0

For 64-bit systems: <Drive> Program Files (х86) Kaspersky

Lab Kaspersky Anti-Virus 7.0.

You can specify a different folder by clicking the Browse button and selecting it
in the folder selection window, or by entering the path to the folder in the field
available.

Caution!
If you specify a full directory path manually, please note that it should not exceed

200 characters or contain special characters.

To continue installation, click the Next button.

Step 6. Selecting program components to install

If you selected Custom installation, you can select the components of Kaspersky
Anti-Virus that you want to install. By default, all real-time protection and virus
scan are selected.

To select the components you want to install, left-click the icon alongside a com­ponent name and select Will be installed on local hard drive from the menu.
You will find more information on what protection a selected component pro­vides, and how much disk space it requires for installation, in the lower part of
the program installation window.

If you do not want to install a component, select Entire feature will be unavail-
able from the context menu. Remember that by choosing not to install a compo­nent you deprive yourself of protection against a wide range of dangerous pro­grams.

30 Kaspersky Anti-Virus 7.0

Caution!

Kaspersky Anti-Virus 7.0 supports Version 6.0 and Version 7.0 key files. Keys
used for Version 5.0 applications are not supported.

After you have selected the components you want to install, click Next. To return
the list to the default programs to be installed, click Reset.

Step 7. Using Previously Saved Installation Settings

In this step, you are prompted to specify whether you wish to use previously
saved security settings or application databases if these were in fact saved when
a previous Kaspersky Anti-Virus installation was removed from your computer.

Let us look in more detail at ways to access the above functionality.
If a previous version (build) of Kaspersky Anti-Virus was installed on your com-

puter and application databases have been saved, they may be imported into the
version being installed. Check Application databases. Databases bundled
with the application will not be copied to your computer.

To use protection settings configured for a previous version and saved on your
computer, check Application Runtime Settings.

Step 8. Searching for other anti-virus programs

In this stage, the installer searches for other anti-virus products installed on your
computer, including Kaspersky Lab products, which could raise compatibility
issues with Kaspersky Anti-Virus.

The installer will display on screen a list of any such programs it detects. The
program will ask you if you want to uninstall them before continuing installation.

You can select manual or automatic uninstall under the list of anti-virus applica­tions detected.

If the list of anti-virus programs contains Kaspersky Anti-Virus® 6.0, we recom­mend in the event of a manual install saving the key file that it uses before delet­ing them, as you can use it as your key for Kaspersky Anti-Virus 7.0. We also
recommend saving Quarantine and Backup objects. These objects will automat­ically be moved to the Kaspersky Anti-Virus Quarantine and Backup and you can
continue working with them.

In the event Kaspersky Anti-Virus 6.0 is uninstalled automatically, its activation
information will be saved by the software and will be rolled over during a Version

7.0 install.

To continue installation, click the Next button.