Page 1
Kaspersky Anti-Virus 8.0 for
ADMINISTRATOR'S
GUIDE
P R O G R A M VE R S I O N : 8 . 0
Windows Servers Enterprise
Edition
Page 2
2
Dear User!
Thank you for choosing our product. We hope that this documentation will help you in your work and answer your
questions about this software product.
Attention! This document is the property of Kaspersky Lab ZAO (further also as Kaspersky Lab): all rights to this
document are reserved by the copyright laws of the Russian Federation, and by international treaties. Illegal reproduction
and distribution of this document or parts thereof will result in civil, administrative or criminal liability in accordance with
the laws of the Russian Federation.
Any type of reproduction or distribution of any materials, including in translated form, is allowed only with the written
permission of Kaspersky Lab.
This document and graphical images it contains may be used exclusively for information, non-commercial or personal
purposes.
This document may be amended without prior notice. For the latest version, please refer to Kaspersky Lab’s website at
http://www.kaspersky.com/docs.
Kaspersky Lab assumes no liability for the content, quality, relevance or accuracy of any materials used in this document
which rights are held by third parties, or for potential damages associated with usage of such documents.
The document contains registered trademarks and service marks belonging to their respective owners.
Revision date: 8/13/2010
© 1997-2010 Kaspersky Lab ZAO. All Rights Reserved.
http://www.kaspersky.com
http://support.kaspersky.com
Page 3
3
TABLE OF CONTENTS
INTRODUCTION .......................................................................................................................................................... 13
GENERAL INFORMATION ABOUT KASPERSKY ANTI-VIRUS ................................................................................. 14
Real-time protection and on-demand scan ............................................................................................................. 14
About infected and suspicious objects .................................................................................................................... 15
OBTAINING INFORMATION ABOUT THE PROGRAM............................................................................................... 16
Information sources to research ............................................................................................................................. 16
Contacting the Sales Department ........................................................................................................................... 17
Contacting Technical Support ................................................................................................................................. 17
Discussing Kaspersky Lab programs on the forum ................................................................................................ 18
USING KASPERSKY ANTI-VIRUS CONSOLE AND ACCESS TO KASPERSKY ANTI-VIRUS FEATURES ............. 19
About Kaspersky Anti-Virus console ....................................................................................................................... 19
Advanced settings after installation of Kaspersky Anti-Virus console on another computer ................................... 19
Adding Kaspersky Anti-Virus users to the KAVWSEE Administrators group on the protected server ............... 20
Enabling network connections for Anti-Virus management service ................................................................... 20
Enabling network connections for Kaspersky Anti-Virus console ...................................................................... 21
Starting Kaspersky Anti-Virus console from the Start menu ................................................................................... 22
Kaspersky Anti-Virus icon in the notification area of the task tray .......................................................................... 23
The Kaspersky Anti-Virus console window ............................................................................................................. 24
Distribution of access permissions to Kaspersky Anti-Virus functions .................................................................... 25
About access permissions to Kaspersky Anti-Virus functions ........................................................................... 25
Configuring access rights to Kaspersky Anti-Virus functions ............................................................................ 26
Dialog boxes: Kaspersky Anti-Virus Console.......................................................................................................... 28
The Select computer window ............................................................................................................................ 28
Kaspersky Anti-Virus node ................................................................................................................................ 29
STARTING AND STOPPING KASPERSKY ANTI-VIRUS SERVICE. ......................................................................... 31
VIEWING PROTECTION STATUS AND KASPERSKY ANTI-VIRUS INFORMATION ................................................ 32
CONFIGURING GENERAL KASPERSKY ANTI-VIRUS SETTINGS USING MMC ..................................................... 36
Procedure of configuring general Kaspersky Anti-Virus settings using MMC ......................................................... 36
Dialog boxes: Configuring general settings ............................................................................................................ 39
Kaspersky Anti-Virus Properties: General tab ................................................................................................... 40
Kaspersky Anti-Virus Properties: Advanced tab ................................................................................................ 40
Kaspersky Anti-Virus Properties: Malfunction diagnosis tab ............................................................................. 41
Kaspersky Anti-Virus subsystem codes ............................................................................................................ 42
TASK MANAGEMENT ................................................................................................................................................. 44
Categories of Kaspersky Anti-Virus tasks ............................................................................................................... 44
Creating on-demand scan task ............................................................................................................................... 45
Saving task after changing its settings ................................................................................................................... 47
Renaming tasks ...................................................................................................................................................... 47
Removing tasks ...................................................................................................................................................... 47
Starting/pausing/resuming/stopping tasks manually ............................................................................................... 48
Managing task schedules ....................................................................................................................................... 48
Enabling and disabling scheduled tasks ........................................................................................................... 48
Configuring task schedules using MMC ............................................................................................................ 48
Page 4
A D M I N I S T R A T O R ' S G U I D E
4
Using different user account to launch the task ...................................................................................................... 51
About using accounts to launch tasks ............................................................................................................... 51
Specifying user account for running a task ....................................................................................................... 51
Dialog boxes: task management ............................................................................................................................ 53
Task properties: Additional tab .......................................................................................................................... 53
Task properties: Run as tab .............................................................................................................................. 54
Task properties: Schedule tab .......................................................................................................................... 54
UPDATING KASPERSKY ANTI-VIRUS BASES AND APPLICATION MODULES ...................................................... 56
About updating Kaspersky Anti-Virus bases ........................................................................................................... 56
About updating application modules ....................................................................................................................... 57
Schemes for updating bases and program modules of anti-virus applications used within organization ................ 57
Update tasks ........................................................................................................................................................... 61
Configuring update tasks ........................................................................................................................................ 62
Selecting update source, configuring connection with update source and regional settings ............................. 62
Configuring Download updates task settings .................................................................................................... 67
Configuring Application modules update task settings ...................................................................................... 68
Update task statistics .............................................................................................................................................. 71
Rolling back Kaspersky Anti-Virus database updates ............................................................................................ 71
Rolling back application module update ................................................................................................................. 71
Dialog boxes: update .............................................................................................................................................. 72
Update node ..................................................................................................................................................... 72
Application database update node .................................................................................................................... 73
Application modules update node ..................................................................................................................... 75
Updates distribution node ................................................................................................................................. 76
Database update rollback node ........................................................................................................................ 77
Application database update: General tab ........................................................................................................ 78
Modules update: General tab ............................................................................................................................ 78
Updates distribution: General tab ...................................................................................................................... 80
Update servers window ..................................................................................................................................... 81
Connection settings tab .................................................................................................................................... 81
Regional settings tab ........................................................................................................................................ 82
REAL-TIME PROTECTION .......................................................................................................................................... 83
About real-time protection tasks ............................................................................................................................. 83
Configuring Real-time file protection task ............................................................................................................... 83
Protection scope in the Real-time file protection task ....................................................................................... 85
Defining protection scope in the Real-time file protection task .................................................................... 86
Pre-defined protection scopes ..................................................................................................................... 87
Creating a protection scope ........................................................................................................................ 90
About virtual protection scope ..................................................................................................................... 90
Creating virtual protection scopes: adding dynamic drives, folders and files into protection scope ............. 91
Configuring security settings for the selected node ........................................................................................... 92
Selecting pre-defined security levels in the Real-time file protection task ................................................... 92
Configuring security settings manually in Real-time file protection task ...................................................... 94
Working with templates in Real-time protection tasks ....................................................................................... 98
Saving security settings to a template ......................................................................................................... 98
Viewing security settings in a template ........................................................................................................ 99
Applying a template ................................................................................................................................... 101
Deleting a template ................................................................................................................................... 102
Page 5
T A B L E O F C O N T E N T S
5
Selecting protection mode .................................................................................................................................... 102
Using heuristic analyzer in Real-time file protection tasks .................................................................................... 103
Real-time file protection task statistics .................................................................................................................. 104
Configuring Script Monitoring task ........................................................................................................................ 105
Script monitoring task statistics ............................................................................................................................ 108
Dialog boxes: real-time protection ........................................................................................................................ 109
Real-time protection node ............................................................................................................................... 109
Real-time file protection node ......................................................................................................................... 110
The Overview and administration tab Real-time protection ............................................................................. 111
The Configuring protection scope tab Real-time file protection ....................................................................... 112
Adding exclusions window Real-time file protection ........................................................................................ 113
Task properties: General tab Real-time protection .......................................................................................... 114
Task properties: General tab Protection mode ................................................................................................ 114
General tab, the security settings window Real-time protection ...................................................................... 115
Actions tab, the security settings window Real-time protection ....................................................................... 117
Performance tab, the security settings window Real-time protection .............................................................. 118
The Choose action depending on the threat type window. Real-time protection............................................. 120
Excluding objects: List of exclusions box Real-time protection ....................................................................... 120
Excluding threats: List of exclusions box Real-time protection........................................................................ 121
List of files extensions scanned by default. Real-time protection .................................................................... 122
Scan according to the specified list of extensions: the List of extension masks window. Real-time protection125
The Templates window. Real-time protection ................................................................................................. 125
The Template properties window. Real-time protection .................................................................................. 126
Templates: The General tab Real-time protection .......................................................................................... 126
The Settings tab Real-time protection ............................................................................................................. 127
Script monitoring node .................................................................................................................................... 127
ON-DEMAND SCAN .................................................................................................................................................. 129
About on-demand scan tasks ............................................................................................................................... 129
Configuring on-demand scan tasks ...................................................................................................................... 130
Scan scope in on-demand scan tasks ............................................................................................................ 132
About defining scan scope in on-demand scan tasks................................................................................ 132
Pre-defined scan scopes ........................................................................................................................... 132
Creating scan scope .................................................................................................................................. 134
Working with templates in on-demand scan tasks..................................................................................... 135
Including network drives, folders or files into the scan scope .................................................................... 138
Creating virtual scan scopes: adding dynamic drives, folders and files to scan scope. ............................. 138
Configuring security settings in the on-demand scan tasks ............................................................................ 140
Selecting pre-defined security levels for on-demand scan tasks ............................................................... 141
Configuring security settings manually in on-demand scan tasks ............................................................. 143
Using heuristic analyzer in on-demand scan tasks ............................................................................................... 148
Running background on-demand scan task ......................................................................................................... 149
On-demand scan task statistics ............................................................................................................................ 150
Dialog boxes: On-demand scan ........................................................................................................................... 152
The On-demand scan node ............................................................................................................................ 152
The Scan at system startup node ................................................................................................................... 154
The Scanning Critical Areas node ................................................................................................................... 156
The Scan Quarantine objects node ................................................................................................................. 157
The New On-demand scan task node ............................................................................................................. 158
Page 6
A D M I N I S T R A T O R ' S G U I D E
6
The Overview and administration tab On-demand scan ................................................................................. 159
The Configuring scan scope tab. On-demand scan ........................................................................................ 160
Adding the scan scope window ....................................................................................................................... 162
Adding exclusions window .............................................................................................................................. 162
Task properties: General tab On-demand scan .............................................................................................. 163
General tab, the security settings window On-demand scan .......................................................................... 164
Actions tab, the security settings window On-demand scan ........................................................................... 165
Performance tab, the security settings window On-demand scan................................................................... 166
Configuring security settings: the Tiered storage tab. On-demand scan ......................................................... 167
The Choose action depending on the threat type window. On-demand scan ................................................. 168
Excluding objects: List of exclusions box On-demand scan ............................................................................ 169
Excluding threats: List of exclusions box On-demand scan ............................................................................ 169
List of files extensions scanned by default. On-demand scan......................................................................... 170
Scan according to the specified list of extensions: the List of extension masks window. On-demand scan ... 173
The Templates window. On-demand scan ...................................................................................................... 173
The Template properties window. On-demand scan ....................................................................................... 173
Templates: The General tab On-demand scan ............................................................................................... 174
Templates: the Settings tab. On-demand scan ............................................................................................... 174
TRUSTED ZONE ....................................................................................................................................................... 175
About Kaspersky Anti-Virus trusted zone ............................................................................................................. 175
Adding exclusions to trusted zone ........................................................................................................................ 176
Adding process to the list of trusted processes ............................................................................................... 176
Disabling real-time file protection during backup copying ............................................................................... 179
Adding exclusion rules .................................................................................................................................... 179
Applying trusted zone ........................................................................................................................................... 182
Templates: the Settings tab. On-demand scan ..................................................................................................... 182
Dialog boxes: trusted zone ................................................................................................................................... 182
The Active processes window ......................................................................................................................... 182
The Trusted processes tab ............................................................................................................................. 183
The Add trusted process window .................................................................................................................... 183
The Exclusion rules tab ................................................................................................................................... 184
The Exclusion rule window.............................................................................................................................. 185
The Select object window ............................................................................................................................... 186
ISOLATION OF SUSPICIOUS OBJECTS. USING QUARANTINE ............................................................................ 187
About isolation of suspicious objects .................................................................................................................... 187
Viewing quarantined objects ................................................................................................................................. 187
Sorting quarantined objects ............................................................................................................................ 190
Filtering objects in Quarantine ........................................................................................................................ 190
Scanning quarantined objects Scan Quarantine objects task settings ................................................................. 191
Restoring objects from quarantine ........................................................................................................................ 192
Quarantining objects ............................................................................................................................................. 195
Deleting objects from quarantine .......................................................................................................................... 196
Sending suspicious object to Kaspersky Lab for analysis .................................................................................... 196
Configuring quarantine settings using MMC ......................................................................................................... 197
Quarantine statistics ............................................................................................................................................. 198
Dialog boxes: Quarantine ..................................................................................................................................... 200
The Quarantine node ...................................................................................................................................... 200
The Properties window Quarantine ................................................................................................................. 202
Page 7
T A B L E O F C O N T E N T S
7
The Filter settings window. Quarantine ........................................................................................................... 202
The Object restoration window. Quarantine .................................................................................................... 203
The Object with such name already exists window. Quarantine ..................................................................... 204
The Statistics tab Quarantine .......................................................................................................................... 205
BACKUP COPYING OF OBJECTS BEFORE DISINFECTION/DELETION. USING BACKUP .................................. 206
About backing up objects before disinfection / deletion ........................................................................................ 206
Viewing files stored in the Backup ........................................................................................................................ 206
Sorting files in the Backup............................................................................................................................... 208
Filtering files in the Backup ............................................................................................................................. 209
Restoring files from the Backup ............................................................................................................................ 210
Deleting files from the Backup .............................................................................................................................. 212
Configuring backup settings using MMC .............................................................................................................. 213
Backup statistics ................................................................................................................................................... 214
Dialog boxes: Backup ........................................................................................................................................... 215
The Backup storage node ............................................................................................................................... 215
The Properties window: Backup storage ......................................................................................................... 216
The Filter settings window: Backup storage .................................................................................................... 217
The Object restoration window: Backup storage ............................................................................................. 218
The Object with such name already exists window: Backup storage .............................................................. 218
The Statistics window: Backup storage ........................................................................................................... 219
EVENT REGISTRATION. KASPERSKY ANTI-VIRUS LOGS .................................................................................... 220
Logging methods .................................................................................................................................................. 220
System audit log ................................................................................................................................................... 220
Sorting events in the system audit log ............................................................................................................ 222
Filtering events in the system audit log ........................................................................................................... 222
Deleting events from System audit log ............................................................................................................ 223
Task execution logs .............................................................................................................................................. 224
About task execution logs ............................................................................................................................... 224
Viewing the list of task execution logs. Log statuses ...................................................................................... 224
Sorting task execution logs ............................................................................................................................. 227
Viewing task information using the log ............................................................................................................ 227
Exporting information from task execution log into a text file .......................................................................... 232
Deleting task execution logs ........................................................................................................................... 232
Kaspersky Anti-Virus event log in Event Viewer ................................................................................................... 232
Configuring log settings using MMC ..................................................................................................................... 233
Dialog boxes: logs ................................................................................................................................................ 236
The logs node ................................................................................................................................................. 236
The System audit log node ............................................................................................................................. 236
The Task execution logs node ........................................................................................................................ 238
The Execution log window .............................................................................................................................. 240
Task execution log: the Filter settings window ................................................................................................ 241
System audit log: the Filter settings window ................................................................................................... 242
The Event properties window .......................................................................................................................... 243
The Properties window: Logs, the General tab ............................................................................................... 244
The Properties window: Logs, the Additional tab ............................................................................................ 245
INSTALLING AND REMOVING LICENSES ............................................................................................................... 246
About Kaspersky Anti-virus licenses ..................................................................................................................... 246
Viewing information about installed licenses ........................................................................................................ 247
Page 8
A D M I N I S T R A T O R ' S G U I D E
8
Installing the license ............................................................................................................................................. 249
Removing the license ........................................................................................................................................... 250
Dialog boxes: Licenses ......................................................................................................................................... 251
The Licenses node .......................................................................................................................................... 251
The License addition window .......................................................................................................................... 252
The Properties: <License serial number> window, the General tab ................................................................ 252
The Properties: <License serial number> window, the Additional tab ............................................................. 253
NOTIFICATION SETTINGS ....................................................................................................................................... 254
Administrator and user notification methods ......................................................................................................... 254
Configuring administrator and user notifications ................................................................................................... 255
Dialog boxes: Notifications ................................................................................................................................... 261
Kaspersky Anti-Virus settings: the Notification tab .......................................................................................... 261
The Message text window............................................................................................................................... 262
Notification settings: the Messaging Service tab ............................................................................................. 263
Notification settings: the Email tab .................................................................................................................. 263
Notification settings: the Executable file tab .................................................................................................... 264
Notification settings: the Additional tab ........................................................................................................... 264
HIERARCHICAL STORAGE MANAGEMENT ........................................................................................................... 265
About the hierarchical storage management system ............................................................................................ 265
Configuring the hierarchical storage type ............................................................................................................. 265
IMPORTING AND EXPORTING SETTINGS ............................................................................................................. 267
About importing and exporting settings ................................................................................................................ 267
Exporting settings ................................................................................................................................................. 268
Importing settings ................................................................................................................................................. 268
MANAGING KASPERSKY ANTI-VIRUS FROM THE COMMAND LINE ................................................................... 269
Kaspersky Anti-Virus command line commands ................................................................................................... 269
Displaying Kaspersky Anti-Virus command help. KAVSHELL HELP .............................................................. 270
Starting and stopping Kaspersky Anti-Virus service. KAVSHELL START, KAVSHELL STOP ....................... 271
Scanning selected area. KAVSHELL SCAN ................................................................................................... 271
Starts the Scanning Critical Areas task. KAVSHELL SCANCRITICAL ........................................................... 274
Managing the specified task asynchronously. KAVSHELL TASK ................................................................... 275
Starting and stopping real-time protection tasks. KAVSHELL RTP ................................................................. 276
Starting Kaspersky Anti-Virus bases update task. KAVSHELL UPDATE ....................................................... 276
Rolling back Kaspersky Anti-Virus database updates KAVSHELL ROLLBACK ............................................. 279
Installing and removing licenses KAVSHELL LICENSE ................................................................................. 279
Enabling, configuring and disabling the trace log. KAVSHELL TRACE .......................................................... 280
Cleaning the iSwift base. KAVSHELL FBRESET ............................................................................................ 281
Enabling and disabling dump file creation. KAVSHELL DUMP ....................................................................... 282
Importing settings. KAVSHELL IMPORT ........................................................................................................ 283
Exporting settings KAVSHELL EXPORT ........................................................................................................ 283
Return codes ........................................................................................................................................................ 284
Return code for the commands KAVSHELL START and KAVSHELL STOP ................................................. 284
Return code for KAVSHELL SCAN and KAVSHELL SCANCRITICAL commands ......................................... 285
Return codes for KAVSHELL TASK command ............................................................................................... 286
Return codes for KAVSHELL RTP command ................................................................................................. 286
Return codes for KAVSHELL UPDATE command .......................................................................................... 287
Return codes for KAVSHELL ROLLBACK command ..................................................................................... 287
Page 9
T A B L E O F C O N T E N T S
9
Return codes for KAVSHELL LICENSE command ......................................................................................... 288
Return codes for KAVSHELL TRACE command ............................................................................................ 288
Return codes for KAVSHELL FBRESET command ........................................................................................ 288
Return codes for the command KAVSHELL DUMP ........................................................................................ 289
Return codes for KAVSHELL IMPORT command .......................................................................................... 289
Return codes for KAVSHELL EXPORT command .......................................................................................... 290
MANAGING ANTI-VIRUS USING KASPERSKY ADMINISTRATION KIT ................................................................. 291
Configuring Kaspersky Anti-Virus using Application settings dialog box .............................................................. 291
The Program settings dialog box .................................................................................................................... 291
Managing quarantined objects and configuring Quarantine settings ............................................................... 293
Quarantine functions and configuration tools ............................................................................................ 293
Configuring quarantine settings in Kaspersky Administration Kit .............................................................. 294
Managing Backup files and configuring Backup settings ................................................................................ 296
Functions of Backup and tools used to control these functions ................................................................. 296
Configuring backup settings in Kaspersky Administration Kit .................................................................... 297
Managing trusted zone ................................................................................................................................... 299
Adding processes to the trusted list (Kaspersky Administration Kit) .......................................................... 300
Disabling real-time file protection during backup copying .......................................................................... 302
Adding exclusions to trusted zone ............................................................................................................. 303
Applying trusted zone in Kaspersky Administration Kit .............................................................................. 307
Configuring Kaspersky Administration Kit notifications ................................................................................... 308
General information on notification settings in Kaspersky Administration Kit ............................................ 308
Configuring administrator and user notifications in the Notification Settings dialog box ............................ 309
Configuring settings in Kaspersky Administration Kit ...................................................................................... 310
Configuring log settings in Kaspersky Administration Kit ................................................................................ 314
Creating and configuring policies .......................................................................................................................... 316
About policies .................................................................................................................................................. 316
Creating a policy using Kaspersky Administration Kit ..................................................................................... 317
Configuring policy in Kaspersky Administration Kit ......................................................................................... 321
Disabling scheduled launch of local predefined tasks ..................................................................................... 324
Creating and configuring tasks ............................................................................................................................. 325
About creating tasks ....................................................................................................................................... 325
Creating a task using Kaspersky Administration Kit ........................................................................................ 325
Configuring task in Kaspersky Administration Kit ............................................................................................ 337
Managing servers scan. Assigning the Scan critical areas task status to on-demand scan task .................... 338
DESCRIPTION OF KASPERSKY ANTI-VIRUS SETTINGS ...................................................................................... 340
General Kaspersky Anti-Virus settings ................................................................................................................. 340
Maximum number of active processes ............................................................................................................ 340
Number of processes for real-time protection ................................................................................................. 341
Number of working processes for background on-demand scan tasks ........................................................... 342
Task recovery ................................................................................................................................................. 343
Actions when running on UPS power .............................................................................................................. 344
Event generation thresholds ........................................................................................................................... 344
Trace log settings ............................................................................................................................................ 345
Creating a trace log ................................................................................................................................... 345
Trace log file folder .................................................................................................................................... 346
Trace log level of detail ............................................................................................................................. 346
Size of single trace file .............................................................................................................................. 347
Page 10
A D M I N I S T R A T O R ' S G U I D E
10
Tracking individual Kaspersky Anti-Virus subsystems. .............................................................................. 347
Creating Kaspersky Anti-Virus processes memory dump files ........................................................................ 348
Log settings .......................................................................................................................................................... 350
Level of details in the task logs, system audit log and Kaspersky Anti-Virus log in the Event Viewer. ............ 350
Storage location for task execution logs and system audit logs ...................................................................... 351
Storage period for task execution logs ............................................................................................................ 351
Storage period for events in the system audit log ........................................................................................... 351
Task schedule settings ......................................................................................................................................... 352
Frequency ....................................................................................................................................................... 352
Schedule start date and task start time ........................................................................................................... 353
Schedule disabling date .................................................................................................................................. 354
Maximum duration of task ............................................................................................................................... 355
Time period within 24 hours for task execution to be paused ......................................................................... 355
Launching skipped tasks ................................................................................................................................. 356
Randomize the task start within interval, min .................................................................................................. 356
Security settings in the Real-time file protection task and on-demand scan tasks ................................................ 357
Protection mode .............................................................................................................................................. 357
Scanned objects ............................................................................................................................................. 358
Actions depending on the threat type .............................................................................................................. 360
Excluding objects ............................................................................................................................................ 360
Excluding threats ............................................................................................................................................ 361
Offline file processing ...................................................................................................................................... 362
Scan only new and changed files .................................................................................................................... 363
Scanning compound objects ........................................................................................................................... 364
Action to be performed with infected objects................................................................................................... 364
Actions to be performed on infected objects in the Real-time file protection task ...................................... 365
Actions to be performed on infected objects in the On-demand scan tasks .............................................. 366
Actions to be performed on suspicious objects ............................................................................................... 366
Actions to be performed on suspicious objects in the Real-time file protection task ................................. 367
Actions to be performed on suspicious objects in the On-demand scan tasks .......................................... 368
Maximum object scan time.............................................................................................................................. 368
Maximum size of scanned compound object .................................................................................................. 369
Use of iChecker technology; ........................................................................................................................... 369
Enabling iSwift technology .............................................................................................................................. 370
Checking files for Microsoft signatures ........................................................................................................... 371
Heuristic analyzer settings .............................................................................................................................. 372
Using the heuristic analyzer ...................................................................................................................... 372
Analysis level............................................................................................................................................. 373
Updating task settings .......................................................................................................................................... 374
Common settings for all update tasks ............................................................................................................. 374
Update source ........................................................................................................................................... 375
FTP server mode for connection with protected server ............................................................................. 376
Update source connection timeout ............................................................................................................ 376
Using and configuring proxy server ........................................................................................................... 376
Regional settings for optimization of updates retrieval (Protected server location) ................................... 380
Program Module Updates task settings .......................................................................................................... 380
Distribution and installation of critical application module updates or only checking for releases ............. 381
Receiving information on the release of Critical Kaspersky Anti-Virus patches ......................................... 381
Updates Distribution task settings ................................................................................................................... 382
Page 11
T A B L E O F C O N T E N T S
11
Updates content ........................................................................................................................................ 382
Folder to save updates in .......................................................................................................................... 383
Quarantine settings .............................................................................................................................................. 383
Quarantine folder ............................................................................................................................................ 384
Maximum quarantine size ............................................................................................................................... 384
Free quarantine space threshold .................................................................................................................... 385
Folder for restoration: Quarantine ................................................................................................................... 386
Backup settings .................................................................................................................................................... 386
Backup folder .................................................................................................................................................. 387
Maximum backup size .................................................................................................................................... 388
Backup free space threshold........................................................................................................................... 388
Restore to folder: Backup................................................................................................................................ 389
KASPERSKY ANTI-VIRUS COUNTERS ................................................................................................................... 390
Performance counters for System Monitor ........................................................................................................... 390
About Kaspersky Anti-Virus performance counters ......................................................................................... 390
Total number of denied requests .................................................................................................................... 391
Total number of skipped requests ................................................................................................................... 392
Number of requests not processed because of lack of system resources ...................................................... 392
Number of requests sent to be processed ...................................................................................................... 393
Average number of file interception dispatcher threads .................................................................................. 393
Maximum number of file interception dispatcher threads ................................................................................ 394
Number of infected objects in processing queue ............................................................................................ 394
Number of objects processed per second ....................................................................................................... 395
Kaspersky Anti-Virus SNMP counters and traps .................................................................................................. 395
About Kaspersky Anti-Virus SNMP counters and traps .................................................................................. 395
Kaspersky Anti-Virus SNMP counters ............................................................................................................. 396
Performance counters ............................................................................................................................... 396
General counters ....................................................................................................................................... 396
Update counter .......................................................................................................................................... 397
Real-time protection counters ................................................................................................................... 397
Quarantine counters .................................................................................................................................. 398
Backup counters........................................................................................................................................ 398
Script monitoring counters ......................................................................................................................... 398
SNMP traps ..................................................................................................................................................... 398
USING THIRD-PARTY CODE ................................................................................................................................... 405
Program code ....................................................................................................................................................... 405
Boost 1.33 ....................................................................................................................................................... 406
Conversion Routines Between UTF32, UTF-16 and UTF-8 ............................................................................ 407
Debugging Tools For Windows 6.12.2.633 ..................................................................................................... 407
Driver Installation Tools (DIFxApp) 2.1.1 ........................................................................................................ 407
EnsureCleanup 2000 ...................................................................................................................................... 407
GSOAP 2.7.0D ................................................................................................................................................ 407
Independent Implementation Of MD5 (RFC 1321) .......................................................................................... 408
Layout 1995 .................................................................................................................................................... 408
LZMA SDK 4.40 .............................................................................................................................................. 408
MD5 Message-Digest Algorithm 18.11.2004................................................................................................... 408
Microsoft Active Template Library (ATL 8.0) ................................................................................................... 408
Microsoft Cabinet Software Development Kit 2.0 ............................................................................................ 408
Page 12
A D M I N I S T R A T O R ' S G U I D E
12
Microsoft Driver Development Kit 6000 ........................................................................................................... 408
Microsoft Exchange Server 2003 SDK ............................................................................................................ 409
Microsoft Internet Client SDK 4.0 .................................................................................................................... 409
Microsoft Visual Studio 6.0.............................................................................................................................. 409
Microsoft Windows Server 2003 SP1 SDK ..................................................................................................... 409
Microsoft Windows Software Development Kit 6.0 .......................................................................................... 409
NSIS 2.46........................................................................................................................................................ 409
SHA 1 1.2........................................................................................................................................................ 413
SQLITE 3.7.2 .................................................................................................................................................. 414
STDSTRING 27.04.2001 ................................................................................................................................ 414
WIN95ADG 1995 ............................................................................................................................................ 414
WIX 2.0 ........................................................................................................................................................... 414
Windows Template Library (WTL 7.5) ............................................................................................................. 414
ZLIB 1.0.8, 1.2.3 ............................................................................................................................................. 414
Other information .................................................................................................................................................. 414
KASPERSKY LAB ...................................................................................................................................................... 415
INDEX ........................................................................................................................................................................ 418
Page 13
13
INTRODUCTION
This guide contains description of how to use Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition
(hereinafter referred to as Kaspersky Anti-Virus).
Complete manual describes Kaspersky Anti-Virus control via MMC console installed on the protected server or remote
workstation (hereinafter referred to as Kaspersky Anti-Virus Console).
Kaspersky Anti-Virus command line commands are described in the Managing Kaspersky Anti-Virus from the command
line section.
Configuration and control using Kaspersky Administration Kit section discusses centralized protection of servers with the
Kaspersky Anti-Virus installed using Kaspersky Administration Kit.
The Kaspersky Anti-Virus counters section describes Kaspersky Anti-Virus counters for System Monitor application as
well as SNMP counters and traps.
If you have not found an answer to your question about Kaspersky Anti-Virus in this document, please feel free to refer to
other resources containing information about this product.
Page 14
14
GENERAL INFORMATION ABOUT
IN THIS SECTION
Real-time protection and on-demand scan...................................................................................................................... 14
About infected and suspicious objects ............................................................................................................................ 15
KASPERSKY ANTI-VIRUS
Kaspersky Anti-Virus protects servers running Microsoft Windows against threats penetrating computers through file
exchange. It is designed for usage in local area networks of medium to large organizations. Kaspersky Anti-Virus users
are computer network administrators and specialists responsible for the Anti-Virus protection of networks.
You can install Kaspersky Anti-Virus on servers which perform various functions as detailed below: on terminal servers
and printing servers, on application servers and domain controllers as well as on file servers as such servers are more
susceptible to virus infections that others due to file exchange with the user workstations.
You can control the protection of the server on which the Anti-Virus is installed using various tools: Kaspersky Anti-Virus
console in MMC, command line commands. You can also employ the Kaspersky Administration Kit software for
centralized administration of multiple servers running Kaspersky Anti-Virus. You can view Kaspersky Anti-Virus
performance counters for System Monitor application as well as SNMP counters and traps.
REAL-TIME PROTECTION AND ON-DEMAND SCAN
You can use two Kaspersky Anti-Virus functions to ensure server protection: real-time protection and on-demand scan.
You can enable or disable these features manually or using the schedule.
Real-time protection
Real-time protection automatically starts with Kaspersky Anti-Virus startup by default and continues running in the
background mode.
Kaspersky Anti-Virus scans the following objects of the protected server when they are accessed:
files;
alternate file system threads (NTFS-threads);
master boot record and boot sectors on the local hard drives and removable media.
When an application writes a file to a server or reads a file from it, Kaspersky Anti-Virus will intercept this file, scan it for
the presence of threats and perform actions you specified if it has detected a threat: attempts to disinfect the file or
simply deletes it. Kaspersky Anti-Virus returns the file to the application only if it is not infected or if it has been
successfully disinfected.
Kaspersky Anti-Virus scans object not only for viruses but also for other types of threats, for example, Trojan horses,
adware or spyware.
Additionally, Kaspersky Anti-Virus continuously monitors attempts to execute scripts VBScript or JScript. created using
Microsoft Windows Script (or Active Scripting) technologies on the protected server. Application checks script code and
automatically restricts execution of scripts it has found malicious.
The task of real-time Anti-Virus server protection is to ensure maximum server security with the minimum slowdown of
file exchange.
Page 15
G E N E R A L I N F O R M A T I O N A B O U T K A S P E R S K Y A N T I - V I R U S
15
On-demand scan
An on-demand scan involves one-time complete or selective scan for object threats on the server.
Kaspersky Anti-Virus scans files, server RAM and the startup objects which are rather difficult to restore once they have
been corrupted.
By default Kaspersky Anti-Virus scans critical computer areas once a week. We recommend launching critical areas
scans manually after periods when real-time file protection has been disabled.
ABOUT INFECTED AND SUSPICIOUS OBJECTS
Kaspersky Anti-Virus stores a set of Anti-Virus bases Databases are files containing records that are used to identify
presence of malicious code from hundreds of thousands known threats in the detectable objects. Records contain
information about control sections of threats' code and algorithms used for disinfecting objects where these threats are
contained.
If Kaspersky Anti-Virus detects (in a detectable object) sections of code that fully coincide with the control code sections
of a threat based on the information provided in the bases, it will find such object infected.
Kaspersky Anti-Virus assigns the suspicious status to an object, if it contains a code portion partially matching the
signature code of a known threat (according to the defined conditions). Kaspersky Anti-Virus also recognizes objects
detected by Heuristic Analyzer as suspicious. Heuristic Analyzer recognizes suspicious objects based on their behavior.
It would not be true to say that the code of such object fully or partially coincides with the code of the known threat, but it
does contain some instructions or command sequences characteristic of malicious objects.
Page 16
A D M I N I S T R A T O R ' S G U I D E
16
OBTAINING INFORMATION ABOUT THE
IN THIS SECTION
Information sources to research ...................................................................................................................................... 16
Contacting the Sales Department ................................................................................................................................... 17
Contacting Technical Support ......................................................................................................................................... 17
Discussing Kaspersky Lab programs on the web forum ................................................................................................. 18
PROGRAM
If you have any questions regarding purchasing, installing or using the application, you can obtain quick response.
Kaspersky Lab provides many sources of information about the program. You can select the most convenient source
depending on how important your issue.
INFORMATION SOURCES TO RESEARCH
You have the following information sources for search at your disposal:
products page at the Kaspersky Lab's website;
product page at the Technical Support website (Knowledge Base);
help system;
documentation.
Products page at the Kaspersky Lab's website
http://www.kaspersky.com/kaspersky_antivirus_windows_server_enterprise
This page contains general information about Kaspersky Anti-Virus, its functionality and features. You can purchase
Kaspersky Anti-Virus or extend licensed usage by visiting our online store.
Application page at the Technical Support website (Knowledge Base)
http://support.kaspersky.com/wsee8
This page contains articles published by the Technical Support specialists.
These articles contain useful information, recommendations and answers to frequently asked questions about
purchase, installation and use of the Kaspersky Anti-Virus. They are grouped by subjects, such as Working with key
files, Updating databases, or Operation malfunction recovery. The articles may answer questions which are related
not only to this particular application, but also to other Kaspersky Lab's products; they also can contain general
Technical Support news.
Help system
The application installation package includes the full help file.
Page 17
O B T A I N I N G I N F O R M A T I O N A B O U T T H E P R O G R A M
17
Full help provides the information on how to manage computer protection: view protection status, scan various
computer areas for viruses, perform other tasks.
To open help, select Call up help in the Help menu of Kaspersky Anti-Virus Console.
If you have any questions about a separate window of Kaspersky Anti-Virus, you can refer to the context help.
To open the context help, click the Help button in required window, or press the F1 key.
Documentation
Documentation set for Kaspersky Anti-Virus provides the information that is essential for working with it.
Installation Guide includes the requirements to the computer concerning the application installation, as well as
instructions for its installation, working efficiency testing and initial setup.
Administrator's Guide provides the information on how to manage the application from Kaspersky Anti-Virus
Console, command line of the protected server, and Kaspersky Administration Kit, as well as which SNMP counters
and traps are published by Kaspersky Anti-Virus.
Deployment Guide contains information on the typical schemes of program use and types of protected objects.
Files with these documents in PDF format are included into Kaspersky Anti-Virus distribution kit.
After you have installed Kaspersky Anti-Virus console you can open Administrator's Guide from the Start menu.
CONTACTING THE SALES DEPARTMENT
If you have questions about selecting or purchasing Kaspersky Anti-Virus or extending your license, please call Sales
Department in our Moscow Central Office at:
+7 (495) 797-87-00, +7 (495) 645-79-39, +7 (495) 956-70-00
Support is provided in Russian or English.
You can also send your inquiries to Sales Department specialists by email at sales@kaspersky.com.
CONTACTING TECHNICAL SUPPORT
If you have already purchased Kaspersky Anti-Virus, you can obtain information about it from the Technical Support,
either by phone or via the Internet.
Helpdesk specialists will answer your questions on installing and using the application, and if your computer has been
infected, they will help you overcome effects of malware.
Before contacting Technical Support, please read the Technical Support Terms and Conditions
(http://support.kaspersky.com/support/rules).
Email request to Technical Support
You can send your question to Technical Support Service specialists by filling out Helpdesk Request form
(http://support.kaspersky.com/helpdesk.html).
You can send your question in Russian, English, German, French or Spanish.
To send an email message with your question, please, indicate your client number obtained during registration at
the Technical Support website along with your password.
Page 18
A D M I N I S T R A T O R ' S G U I D E
18
If you have not yet registered your Kaspersky Lab's applications you can fill out registration form
(https://support.kaspersky.com/en/personalcabinet/registration/form/). Specify application activation code or key file
name during registration process.
You will receive Technical Support specialist's response to your emailed question, at the email address specified in
your question and in your Personal Cabinet (https://support.kaspersky.com/en/PersonalCabinet).
Describe the problem you have encountered in the request web form providing as much detail as possible. Specify
the following in the required fields:
Request type. Select the topic that describes encountered problem most closely, for example, Product
installation/removal problems or Virus scan/removal problems. If you have not found the best topic, select
General Question.
Application name and version number.
Request text. Describe the problem with as much details as possible.
Client number and password. Enter the client number and password you have received during registration at
the Technical Support website.
Email address. Technical Support will send answer to your question to this email address.
Technical support by phone
If you have an issue that needs to be resolved immediately, you can always call your local Technical Support.
Before contacting specialists of the Russian (http://support.kaspersky.ru/support/support_local) or international
(http://support.kaspersky.com/support/international) Technical Support, please, collect information
(http://support.kaspersky.com/support/details) about your computer and anti-virus software installed on it. This will
help our support specialists to resolve your issue as soon as possible.
DISCUSSING KASPERSKY LAB PROGRAMS ON THE FORUM
If your question does not require an urgent answer, you can discuss it with Kaspersky Lab's specialists and other users
in our forum located at http://forum.kaspersky.com.
In this forum you can view existing topics, leave your comments, create new topics and use search feature.
Page 19
19
USING KASPERSKY ANTI-VIRUS CONSOLE
IN THIS SECTION
About Kaspersky Anti-Virus console ............................................................................................................................... 19
Advanced settings after installation of Kaspersky Anti-Virus console on another computer............................................ 19
Starting Kaspersky Anti-Virus console from the Start menu ............................................................................................ 22
Kaspersky Anti-Virus icon in the notification area of the task tray ................................................................................... 23
The Kaspersky Anti-Virus console window...................................................................................................................... 24
Distribution of access permissions to Kaspersky Anti-Virus functions ............................................................................. 25
Dialog boxes: Kaspersky Anti-Virus Console .................................................................................................................. 28
AND ACCESS TO KASPERSKY ANTI-VIRUS
FEATURES
ABOUT KASPERSKY ANTI-VIRUS CONSOLE
The Kaspersky Anti-Virus console is an isolated snap-in added to the MMC console (Microsoft Management Console).
After the installation of the Kaspersky Anti-Virus console the installer creates the msc file in the installation folder and
adds Kaspersky Anti-Virus snap-in to the list of isolated Microsoft Windows snap-ins.
You can open the Kaspersky Anti-Virus console on the protected server by starting it from the Start menu or from the
shortcut menu of Kaspersky Anti-Virus icon in the task tray.
You can launch msc-file of Kaspersky Anti-Virus snap-in or add Kaspersky Anti-Virus snap-in to the existing MMC
console as a new element in the tree. In Microsoft Windows 64-byte version you can add Kaspersky Anti-Virus snap-in
only in MMC 32-byte version (MMC32): open MMC using the shell with command: mmc.exe /32.
You can manage Kaspersky Anti-Virus via the MMC installed on the protected server or on any other computer within the
network. After you have installed Anti-Virus console on the another computer you must perform advanced configuration
(see section Additional settings after installation of Kaspersky Anti-Virus console on another computer on page 19).
You can add several Kaspersky Anti-Virus snap-ins to a single console opened in the authorizing mode in order to use it
for managing protection of multiple servers on which Kaspersky Anti-Virus is installed.
ADVANCED SETTINGS AFTER INSTALLATION OF
KASPERSKY ANTI-VIRUS CONSOLE ON ANOTHER
COMPUTER
If you installed Kaspersky Anti-Virus Console onto computer other than the protected server, perform the following steps
described in this section in order to remotely control Kaspersky Anti-Virus on the protected server:
Page 20
A D M I N I S T R A T O R ' S G U I D E
20
add Kaspersky Anti-Virus users to the KAVWSEE Administrators group on the protected server;
IN THIS SECTION
Adding Kaspersky Anti-Virus users to the KAVWSEE Administrators group on the protected server ............................. 20
Enabling network connections for Anti-Virus management service ................................................................................. 20
Enabling network connections for Kaspersky Anti-Virus console .................................................................................... 21
if protected server is running Microsoft Windows Server 2003 or Microsoft Windows Server 2008, allow network
connections for Anti-Virus management service kavfsgt.exe on this computer;
if during console installation you have not enabled the option to Allow network connections for Kaspersky
Anti-Virus MMC console, then allow network connections for the console in the firewall of the computer, where
the console is installed.
ADDING KASPERSKY ANTI-VIRUS USERS TO THE KAVWSEE ADMINISTRATORS GROUP ON THE PROTECTED SERVER
In order to manage Kaspersky Anti-Virus via the Anti-Virus console in MMC installed on another computer Kaspersky
Anti-Virus users must have full access to the Anti-Virus management service (Kaspersky Anti-Virus Management) on the
protected server. By default only users of administrators group on the protected server have access to this service.
To learn which services Kaspersky Anti-Virus registers refer to document Kaspersky Anti-Virus 8.0 for Windows Servers
Enterprise Edition. Installation Guide.
During the installation Kaspersky Anti-Virus registers KAVWSEE Administrators group on the protected server. Users of
this group are granted access to the Kaspersky Anti-Virus management service. You can grant or disallow users access
to the Kaspersky Anti-Virus management service by adding them to the KAVWSEE Administrators group or removing
them from this group.
You will be able to access Kaspersky Anti-Virus under a local account if an account with the same name and password is
registered on the protected server.
ENABLING NETWORK CONNECTIONS FOR ANTI-VIRUS MANAGEMENT
SERVICE
In order to establish connections between console and Kaspersky Anti-Virus management service it is necessary to allow
network connections through the Firewall for Kaspersky Anti-Virus management service on the protected server.
If Kaspersky Anti-Virus runs under Microsoft Windows Server 2003 or Microsoft Windows Server 2008, you should
configure network connections.
To allow network connections for Kaspersky Anti-Virus management service, perform the following steps:
1. On the protected server running under Microsoft Windows Server 2003 or Microsoft Windows Server 2008
select Start → Control Panel → Security → Windows Firewall.
2. In the Windows Firewall settings window select the command Change settings.
Page 21
U S I N G K A S P E R S K Y A N T I -V I R U S C O N S O L E A ND A C C E S S T O KA S P E R S K Y A N T I - V I R U S
21
3. In the list of predefined exceptions on the Exceptions tab check the flags: COM + Network access, Windows
Management Instrumentation (WMI) and Remote Administration.
4. Press the Add Program button.
5. Select kavfsgt.exe file in the Add Program dialog box. It is located in the folder that you have specified as a
destination folder during Kaspersky Anti-Virus console in MMC installation.
6. Click OK.
7. Press the OK button in the Windows Firewall settings dialog window.
ENABLING NETWORK CONNECTIONS FOR KASPERSKY ANTI-VIRUS
CONSOLE
Kaspersky Anti-Virus console on the remote computer uses the DCOM protocol in order to receive information about
Kaspersky Anti-Virus events (objects scanned, tasks completed, etc.) from the Kaspersky Anti-Virus management
service on the protected server. You will need to allow network connection via firewall on this computer in order to open
connections between console and Kaspersky Anti-Virus management service.
Perform the following steps:
Make sure that anonymous remote access to COM applications is allowed (but not remote launch and activation
of COM applications);
In the Windows firewall open TCP port 135 and allow network connections for the executable file kavfsrcn.exe
of Kaspersky Anti-Virus remote management process.
The client computer on which Kaspersky Anti-Virus console is installed uses port TCP 135 in order to access the
protected server and to receive the server response.
In order to apply the new connection settings: if the Kaspersky Anti-Virus console was opened while you were
configuring the connection between the protected server and the computer with the console installed, close the console,
wait for 30-60 seconds (until the Kaspersky Anti-Virus remote management process kavfsrcn.exe is completed) and then
run it again.
To allow anonymous remote access to COM applications, perform the following steps:
1. On computer with Kaspersky Anti-Virus console installed open the Component Services console by selecting
Start → Run and typing dcomcnfg and clicking OK.
2. Expand the Computers node in the Component Services console on your computer, right-click My Computer
node and select Properties item from the context menu.
3. In the COM Security of the Properties dialog box, press the Edit Limits button in the Access Permissions
group of settings.
4. Make sure that the Allow remote access box is checked for the ANONYMOUS LOGON user in the Access
Permission dialog box.
5. Click OK.
In order to open TCP port 135 in the Windows firewall and to allow network connections for the executable file of
Kaspersky Anti-Virus remote management process:
1. Close Kaspersky Anti-Virus console on remote computer.
2. Perform one of the following steps:
In Microsoft Windows XP or Microsoft Windows Vista:
Page 22
A D M I N I S T R A T O R ' S G U I D E
22
a. In Microsoft Windows XP SP2 or higher select Start → Windows Firewall.
In Microsoft Windows Vista select Start→ Control Panel → Windows Firewall and in the Windows
Firewall window select the command to Change settings.
b. In Windows Firewall dialog window (or Windows Firewall settings) press the Add port button on
the Exceptions tab.
c. In the Name field specify the part name RPC (TCP/135) or enter another name, for example
Kaspersky Anti-Virus DCOM and specify port number (135) in the Port name field.
d. Select TCP protocol.
e. Click OK.
f. Press the Add program button on the Exceptions tab.
In Microsoft Windows 7:
a. Select Start → Control Panel → Windows Firewall, in the Windows Firewall window select Allow a
program or feature through Windows Firewall.
b. In the Allow programs to communicate through Windows Firewall window press the Allow
another program... button.
3. Specify kavfsgt.exe file in the Add Program dialog window. It is located in the folder that you have specified as
a destination folder during Kaspersky Anti-Virus console in MMC installation.
4. Click OK.
5. Press OK in the Windows Firewall (Windows Firewall settings) dialog box.
STARTING KASPERSKY ANTI-VIRUS CONSOLE FROM THE START MENU
Make sure that Kaspersky Anti-Virus console is installed on computer.
To start Kaspersky Anti-Virus console from the Start menu:
1. Select Start → Programs → Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition →
Administration Tools → Kaspersky Anti-Virus Console.
If you plan to add to the Kaspersky Anti-Virus console other snap-ins, open console in the authoring mode:
select Start → Programs → Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition →
Administration Tools. Open the shortcut menu of the Kaspersky Anti-Virus MMC console and select the
Author command).
If you started Kaspersky Anti-Virus console on the protected server, the console window will open (see the
figure below).
Page 23
U S I N G K A S P E R S K Y A N T I -V I R U S C O N S O L E A ND A C C E S S T O KA S P E R S K Y A N T I - V I R U S
23
active (colored) if any real-time protection task is currently in progress: Real-time file protection or Script
monitoring (see page 83);
inactive (black and white) - if the Real-time file protection task or the Script Monitoring is not being performed
at the moment.
Figure 1: Kaspersky Anti-Virus Console
2. If you started Kaspersky Anti-Virus console on computer other than the protected server, connect to the
protected server: Right-click Kaspersky Anti-Virus snap-in and then select Connect to another computer from
the context menu, in the Select computer dialog box select Another computer, and enter protected server
name in the input field.
If the account that you used to log on to Microsoft Windows does not have the access right to Kaspersky AntiVirus Management Service on the server, specify a different account that has such rights. For details on which
accounts you can grant access to Kaspersky Anti-Virus Management Service refer to section Adding Anti-Virus
users to the KAVWSEE Administrators group on the protected server (see page 20).
KASPERSKY ANTI-VIRUS ICON IN THE NOTIFICATION
AREA OF THE TASK TRAY
Each time Kaspersky Anti-Virus automatically starts after the server restart, Kaspersky Anti-Virus icon will be
displayed in the notification area of the task tray. It is displayed by default if you have installed the Tray Program
component during Kaspersky Anti-Virus setup.
Kaspersky Anti-Virus icon may have one of the two statuses:
Page 24
A D M I N I S T R A T O R ' S G U I D E
24
Right-clicking the icon with the mouse opens the context menu of Kaspersky Anti-Virus (see the figure below).
COMMAND
DESCRIPTION
Open Kaspersky Anti-Virus
Console
Opens Kaspersky Anti-Virus console (if installed).
About the program
Opens the About the program window with information about Kaspersky Anti-Virus.
If you are registered as Kaspersky Anti-Virus user, then the About window would
contain information about urgent updates installed.
Hide
Hides Kaspersky Anti-Virus icon in the notification area of the task panel.
In order to display Kaspersky Anti-Virus icon
select Start Programs →Kaspersky Anti-Virus 8.0 for Windows Servers
Enterprise Edition →Tray Application.
Figure 2: Context menu of Anti-Virus icon
Context menu offers several commands, which you can use to display the application dialogs (see the table below).
Table 1. Commands of the context menu displayed for the Kaspersky Anti-Virus tray icon
Using general Anti-Virus settings, you can enable or disable the display of the Anti-Virus icon each time Anti-Virus starts
automatically following the server restart (see section Procedure of configuring general Kaspersky Anti-Virus settings
using MMC on page 36).
THE KASPERSKY ANTI-VIRUS CONSOLE WINDOW
Kaspersky Anti-Virus console window includes the console tree and the result panel. Console tree displays Kaspersky
Anti-Virus functional components and the results pane - information about the node selected (see figure below).
If run from the Start menu, Kaspersky Anti-Virus console will contain the quick access panel (from an .msc file saved
when Anti-Virus is installed). If you added Kaspersky Anti-Virus utility to the MMC console yourself, the console will not
contain the quick access panel.
Page 25
U S I N G K A S P E R S K Y A N T I -V I R U S C O N S O L E A ND A C C E S S T O KA S P E R S K Y A N T I - V I R U S
25
IN THIS SECTION
About access permissions to Kaspersky Anti-Virus functions ......................................................................................... 25
Configuring access rights to Kaspersky Anti-Virus functions ........................................................................................... 26
Figure 3: Kaspersky Anti-Virus Console window
DISTRIBUTION OF ACCESS PERMISSIONS TO KASPERSKY ANTI-VIRUS FUNCTIONS
ABOUT ACCESS PERMISSIONS TO KASPERSKY ANTI-VIRUS
FUNCTIONS
By default access to all Kaspersky Anti-Virus functions is granted to the users of the Administrators group and users of
group KAVWSEE Administrators created on the protected server during Kaspersky Anti-Virus installation.
Users who have access to Anti-Virus function Managing permissions can grant access to Anti-Virus functions to other
users registered on the protected server or included into the domain.
Page 26
A D M I N I S T R A T O R ' S G U I D E
26
If a user is not registered in the Kaspersky Anti-Virus users' list, he cannot view the Kaspersky Anti-Virus console.
FEATURE
DESCRIPTION
Retrieving statistics
Viewing the status of the functional Kaspersky Anti-Virus components and
statistics of the tasks in progress
Manage task state
Kaspersky Anti-Virus task starting/stopping/pausing/resuming
Task management
Creating and deleting on-demand scan tasks
Read settings
Viewing general Kaspersky Anti-Virus and task settings
Viewing settings of task execution logs, system audit log and notifications
Exporting Kaspersky Anti-Virus settings
Edit settings
Viewing and changing general Kaspersky Anti-Virus and task settings
Importing and exporting Kaspersky Anti-Virus settings
Viewing and changing task settings
Viewing and changing settings of task execution logs, system audit log and
notifications
Manage storages
Quarantine objects
Removing objects from the Quarantine and removing files from Backup
Restoring quarantined and backed-up objects
Logs reading
Viewing Anti-Virus events in task execution logs and system audit log
Logs administration
Deleting task execution logs and purging system audit log
License management
Installing and removing licenses
Read permissions
Viewing the list of Kaspersky Anti-Virus users
Edit permissions
Adding and deleting Kaspersky Anti-Virus users
Modifying user access permissions to Kaspersky Anti-Virus functions
You can grant to Kaspersky Anti-Virus users (user groups) the permissions for access to the system according to the
following levels:
Full control - access to all Kaspersky Anti-Virus features;
Change - access to all Kaspersky Anti-Virus features except for management of user access rights;
Read - only the right to display and view functional Kaspersky Anti-Virus components, general Kaspersky Anti-
Virus settings, settings of its features and tasks, statistics and user rights.
You also can perform advanced configuration of access permissions: allow or disallow access to individual Kaspersky
Anti-Virus features (see the table below).
Table 2. Distribution of access permissions to Kaspersky Anti-Virus functions
CONFIGURING ACCESS RIGHTS TO KASPERSKY ANTI-VIRUS
FUNCTIONS
To add or delete a user (group) or change access permissions for the user (group), perform the following steps:
1. Right-click the Kaspersky Anti-Virus node in the console tree to bring up its context menu and select
Modify user permissions.
Page 27
U S I N G K A S P E R S K Y A N T I -V I R U S C O N S O L E A ND A C C E S S T O KA S P E R S K Y A N T I - V I R U S
27
The application will display the Permissions for Kaspersky Anti-Virus dialog (see the figure below).
Figure 4: The Permissions for Kaspersky Anti-Virus dialog box
2. Use the Permissions for Kaspersky Anti-Virus dialog to perform the following operations:
In order to add a user (a group) to the list of Kaspersky Anti-Virus users, press the Add button and select
users or groups you wish to add;
To grant access permissions to Kaspersky Anti-Virus features for a user (group) you added, select the user
(group) from the Groups or users list and use the Permissions for <User (Group)> section to check
Allow boxes for the following permissions:
Full control – to grant access to all Kaspersky Anti-Virus functions;
Read – to grant access to functions Statistics reading, Settings reading, Logs reading and Rights
reading;
Modification – to grant access to all Kaspersky Anti-Virus functions except function Right
modification.
Page 28
A D M I N I S T R A T O R ' S G U I D E
28
To perform advanced permission configuration (Custom permissions), click Advanced button. Select the
IN THIS SECTION
The Select computer window .......................................................................................................................................... 28
Kaspersky Anti-Virus node .............................................................................................................................................. 29
user or group of your choice and click Edit button in the Advanced security settings dialog box, and then
in the Permission entries dialog box check Allow or Deny next to features which you wish to make
accessible/unavailable (see the figure below). List of features along with their brief description is provided in
the table About access permissions to Kaspersky Anti-Virus features (see page 25). Click OK.
Figure 5: The Permission Entry dialog box
3. Click the OK button in the Permissions for Kaspersky Anti-Virus dialog.
DIALOG BOXES: KASPERSKY ANTI-VIRUS CONSOLE
THE SELECT COMPUTER WINDOW
In the Select computer window, specify the server whose protection you want to administer through Kaspersky AntiVirus Console.
The two following options are available:
Page 29
U S I N G K A S P E R S K Y A N T I -V I R U S C O N S O L E A ND A C C E S S T O KA S P E R S K Y A N T I - V I R U S
29
SEE ALSO
Starting Kaspersky Anti-Virus console from the Start menu ............................................................................................ 22
Local computer (the computer on which this console is running), if you started Kaspersky Anti-Virus console on
the protected server.
Another computer, if you start Kaspersky Anti-Virus console on a different computer rather than on the
protected server. Specify the computer name in the input field. You can enter the name manually or select the
computer from a list using the Browse button.
If the user account that you are using to log into Microsoft Windows does not have sufficient privileges to access
Kaspersky Anti-Virus administration service on the selected server, specify a user account with the appropriate
privileges. To do so, select Connect on behalf of user's account and manually enter the user name or select
it from a list using the Browse button and specify the password.
KASPERSKY ANTI-VIRUS NODE
Kaspersky Anti-Virus Console is displayed in the MMC console tree as a node named Kaspersky Anti-Virus.
Once connected to the server, the computer name and user account used to connect are added to the name of the node
(Kaspersky Anti-Virus <Computer name> as <user account name>). The name of the node does not change when a
connection is made to a local computer.
Kaspersky Anti-Virus console window includes the console tree and the result panel. Kaspersky Anti-Virus console
window also contains a quick access bar.
Console tree
The console tree displays Kaspersky Anti-Virus functional components.
The Kaspersky Anti-Virus node will include subnodes, each of which is used to manage a specific Kaspersky Anti-Virus
feature:
Real-time protection: controls real-time protection of files and script scanning There is a separate node for
each component:
Real-time file protection.
Script monitoring dialog will open.
On-demand scan: handles on-demand virus scan tasks. There is a separate node for each system task:
Scan at system startup.
Scanning Critical Areas.
Scan Quarantine objects.
A separate node is created for each user-defined task and for each group task created and sent to the server by
Kaspersky Administration Kit.
Quarantine: manages Quarantine settings and handles quarantined objects. The node contains a list of
quarantined objects.
Backup: manages Backup settings and handles objects in Backup. The node contains a list of backup copies.
Page 30
A D M I N I S T R A T O R ' S G U I D E
30
Update: manages updates for Kaspersky Anti-Virus databases and program modules and update distribution to
SEE ALSO
Viewing protection status and Kaspersky Anti-Virus information ..................................................................................... 32
a local update source folder. The node contains subnodes for administering each system update task and
update rollback task:
Program database update.
Program modules update.
Update distribution.
Database update rollback.
A separate node is created for each task created and sent to the server by Kaspersky Administration Kit.
Logs: manages reports on real-time protection, on-demand scans, and update tasks, and manages Kaspersky
Anti-Virus audit logs.
Licenses: installs and deletes Kaspersky Anti-Virus license and displays information on licenses installed.
EMC Celerra: status of support of the data storage system EMC Celerra.
Result panel
The Result panel displays information on the current protection status of the server, information about Kaspersky AntiVirus, and the status of its components.
Quick access bar and context menu for the Kaspersky Anti-Virus node
Using context menu commands for the Kaspersky Anti-Virus node and the links in the task pad, you can perform the
following actions:
Connect to another computer - connects to another computer to manage the protection components installed
on it.
Start Anti-Virus/Stop Anti-Virus – starts and stops the program. To carry out these operations, you can also
use the buttons on the toolbar.
Configure trusted zone – create an exclusion from the scan.
Modify user privileges – change access rights.
Configure notifications - configure notification settings.
Tiered storage - configure Tiered storage settings.
Export program settings - save program settings from file.
Import program settings – restores program settings from file.
About the program - view general information about the application.
Properties - view and configure general Kaspersky Anti-Virus settings.
Page 31
31
STARTING AND STOPPING KASPERSKY ANTI-VIRUS SERVICE.
By default Kaspersky Anti-Virus service starts automatically during the operating system startup. Kaspersky Anti-Virus
service controls the processes in which real-time protection, on-demand scan and updating tasks are being executed.
By default when Kaspersky Anti-Virus services is started, tasks Real-time file protection, Script Monitoring and Scan
at system startup as well as other tasks that are scheduled to start At program startup will be started.
If you stop Kaspersky Anti-Virus service, execution of all tasks will be interrupted. After you restart Kaspersky Anti-Virus
service, interrupted tasks will not be resumed automatically. Only those tasks scheduled to start At program startup will
be restarted.
You can start and stop Kaspersky Anti-Virus service if you are a member of the group of administrators on the protected
server.
To stop or start the Kaspersky Anti-Virus service, perform the following steps:
1. Open the shortcut menu of Kaspersky Anti-Virus snap-in in the console tree.
2. Select one of the following items:
Stop Anti-Virus, to stop Kaspersky Anti-Virus service;
Start Anti-Virus, to start Kaspersky Anti-Virus service.
You also can start and stop Kaspersky Anti-Virus service using the Microsoft Windows Services snap-in.
Page 32
32
VIEWING PROTECTION STATUS AND KASPERSKY ANTI-VIRUS INFORMATION
You can view information about the current status of Kaspersky Anti-Virus and its functional components.
In order to view the protection status and Kaspersky Anti-Virus details:
Click the Kaspersky Anti-Virus snap-in in the console tree (see the figure below).
Kaspersky Anti-Virus node will open.
By default information in the Kaspersky Anti-Virus 8.0 node is refreshed every minute. You can refresh it on demand.
To refresh information in the Kaspersky Anti-Virus node manually:
Open the shortcut menu of the Kaspersky Anti-Virus snap-in and select the Refresh command.
Figure 6: Kaspersky Anti-Virus Console
The following Kaspersky Anti-Virus information will be displayed in the result panel:
Page 33
VI E W I N G P R O T E C T I O N S T A T U S A N D K A S P E R S K Y A N T I - V I R U S I N F O R M A T I O N
33
PROTECTION SECTION
INFORMATION
Protection status
It may have one of the following values:
– Real-time file protection and Script monitoring tasks are running, Scan
critical areas task completed 14 or fewer days ago (default);
- one or both real-time protection tasks stopped by the user, or Critical areas have
not been scanned for a long time event has occurred;
– one of the real-time protection tasks completed with error.
Real-time file protection
Task status – current status of the task, for example Running, Stopped or Paused.
Task statistics:
Threats detected - the number of threat detected since the time the task was started.
Script monitoring
Task status – current status of the task, for example Running, Stopped or Paused.
Task statistics:
Dangerous scripts detected – the number of dangerous scripts detected since the task
was started.
Scan critical areas
Critical areas have not been scanned for a long time. Appears if the Scan Critical
Areas task has not been performed for 30 days (default). You can configure administrator
notification about the event; you can also edit the time that must elapse before event
occurs.
Quarantine
Quarantine status:
If the Maximum quarantine size and Quarantine free space threshold settings are
used, then once the data volume in Quarantine folder reaches the specified size, the
following information is displayed:
Quarantine free space threshold reached;
maximum Quarantine size reached.
Anti-Virus continues to quarantine suspicious objects.
You can configure administrator notifications about these events (see page 255).
You can modify the Quarantine settings (see page 197).
Quarantine statistics:
Quarantined objects - the number of objects currently quarantined.
Size - the amount of data in the Quarantine folder.
Table 3. Information about protection status
Page 34
A D M I N I S T R A T O R ' S G U I D E
34
PROTECTION SECTION
INFORMATION
Backup
Backup status:
If the Maximum Backup size and Minimum free space in Backup settings are used,
then once the data volume in Backup folder reaches the specified size, the following
information is displayed:
Backup free space threshold reached;
maximum Backup size reached.
Kaspersky Anti-Virus will continue to back up files.
You can configure administrator notifications about these events (see page 255).
You can modify the Backup settings (see page 213).
Backup storage statistics:
Backup objects - the number of objects currently in Backup.
Size - amount of data in the Backup.
UPDATES SECTION
INFORMATION
Database updates
Status of the anti-virus databases, which Kaspersky Anti-Virus uses for scanning in the
Real-time file protection task and on-demand scan tasks.
Database state. It may have one of the following values:
– database is current, there are no available critical updates;
– one of the following events has occurred: Database is out of date; Critical
database updates are available; Critical updates are recalled; Server restart is required to
apply updates; Server restart is required to recall updates;
– Database is obsolete or Database is corrupt event occurred.
Database release date - date and time that the latest installed databases were created.
To run Program database update task, click the Update databases link.
Modules update
If critical updates for the Anti-Virus modules (see section About updating Anti-Virus
application modules on page 57) are available, the product displays the update name and
link to the page on Kaspersky Lab web site with detailed information about the update.
The Update modules link opens the Program modules update task, if the task is
configured to retrieve information about available critical updates only; the Program
modules update task start, if it is configured to install available critical updates.
If planned updates for the Anti-Virus modules (see section About updating Anti-Virus
application modules on page 57) are available, the product displays the update name and
link to the page on Kaspersky Lab web site with detailed information about the update.
If server restart is required to apply downloaded updates, the Restart server to apply the
updates message will appear.
Table 4. Information about the status of Kaspersky Anti-Virus database and program modules
Page 35
VI E W I N G P R O T E C T I O N S T A T U S A N D K A S P E R S K Y A N T I - V I R U S I N F O R M A T I O N
35
LICENSE SECTION
INFORMATION
License status
It may have one of the following values:
– license is valid;
– 14 or less days are left before license expires;
– license has expired; no license installed; license agreement violated (for example,
the key file is blacklisted).
You can modify administrator notification about license expiration (see page 255).
License
The Go to Licenses node link opens the Licenses node of the Kaspersky Anti-Virus
MMC console. The Install link allows you to switch to the New License Key Installation
Wizard.
"EMC CELERRA" SECTION
INFORMATION
Status of the support of
EMC Celerra
Displays the status of protection of the network-attached storage system EMC Celerra. It
can take the following values:
Anti-virus agent Celerra not found – the application could not find any software from
EMC, or an error has been encountered in the integration code.
Protection disabled – the application has found software from EMC, but the On-
demand scan component has been disabled for Kaspersky Anti-Virus.
Protection enabled – the application has found software from EMC, and the On-
demand scan component has been enabled for Kaspersky Anti-Virus.
Table 5. Information about license status
Table 6. Information about the status of the support of EMC Celerra
Page 36
36
CONFIGURING GENERAL KASPERSKY
IN THIS SECTION
Procedure of configuring general Kaspersky Anti-Virus settings using MMC ................................................................. 36
Dialog boxes: Configuring general settings ..................................................................................................................... 39
ANTI-VIRUS SETTINGS USING MMC
General Kaspersky Anti-Virus settings establish the general conditions of Anti-Virus operation. They allow controlling of
the number of working processes used by Kaspersky Anti-Virus, enable Kaspersky Anti-Virus task recovery after an
abnormal termination, maintain the tracking log, enable creating the memory dump file of Anti-Virus processes in case of
an abnormal termination, turn on or off the display of Kaspersky Anti-Virus icon each time Anti-Virus starts after the
server restart, and configure other general settings.
PROCEDURE OF CONFIGURING GENERAL KASPERSKY ANTI-VIRUS SETTINGS USING MMC
This section contains a description of configuring Kaspersky Anti-Virus general settings.
To configure general Kaspersky Anti-Virus settings, perform the following steps:
1. Open the shortcut menu of the Kaspersky Anti-Virus snap-in in the console tree and select Properties.
2. Using the following tabs modify the values of the general Kaspersky Anti-Virus settings as per your
requirements:
You can configure the following settings on the General tab (see the figure below):
maximum number of working processes that Kaspersky Anti-Virus can run (see page 340);
fixed number of processes to run real-time protection tasks (see page 341);
Page 37
C O N F I G U RI N G G E N E R A L K A S P E R S K Y A N T I - V I R U S S E T T I N G S U S I N G M M C
37
number of process for background on-demand scan tasks (see page 342);
number of task recovery attempts after their abnormal termination (see page 343).
Figure 7: Kaspersky Anti-Virus Properties dialog box, General tab
Use the Advanced tab to (see the figure below):
indicate whether you want the Kaspersky Anti-Virus icon in the notification area of the taskbar (see
page 23) to appear;
specify the Kaspersky Anti-Virus actions when running on UPS power (see page 344);
specify number of days after which Databases are out of date, Databases are obsolete and Critical
areas have not been scanned for a long time events will occur (see page 344).
Page 38
A D M I N I S T R A T O R ' S G U I D E
38
Figure 8: Kaspersky Anti-Virus Properties dialog box, Advanced tab
Use the Malfunction diagnosis tab to (see the figure below):
enable or disable creation of trace log (see page 345); configure the log settings if required;
Page 39
C O N F I G U RI N G G E N E R A L K A S P E R S K Y A N T I - V I R U S S E T T I N G S U S I N G M M C
39
IN THIS SECTION
Kaspersky Anti-Virus Properties: General tab ................................................................................................................. 39
Kaspersky Anti-Virus Properties: Advanced tab .............................................................................................................. 40
Kaspersky Anti-Virus Properties: Malfunction diagnosis tab ........................................................................................... 41
Kaspersky Anti-Virus subsystem codes .......................................................................................................................... 42
enable or disable creation of Kaspersky Anti-Virus process memory dump files (see page 348).
3. After you have configured the values of the required Kaspersky Anti-Virus settings, press the OK button.
DIALOG BOXES: CONFIGURING GENERAL SETTINGS
Figure 9: Kaspersky Anti-Virus Properties dialog box, Malfunction diagnosis tab
Page 40
A D M I N I S T R A T O R ' S G U I D E
40
KASPERSKY ANTI-VIRUS PROPERTIES: GENERAL TAB
SEE ALSO
Maximum number of active processes .......................................................................................................................... 340
Number of processes for real-time protection ............................................................................................................... 341
Number of working processes for background on-demand scan tasks ......................................................................... 342
Task recovery ................................................................................................................................................................ 343
This tab displays settings that enable you to control:
The number of working processes used by Kaspersky Anti-Virus;
Kaspersky Anti-Virus self-recovery after program processes crash.
The default values are the same as when the program is installed locally. If necessary, you can change them.
The Scalability settings section displays settings that define the number of working processes used by Kaspersky AntiVirus.
If you want Kaspersky Anti-Virus to control the number of processes automatically, select Automatically detect
scalability settings (selected by default).
To specify the maximum number of processes that Kaspersky Anti-Virus can use, select Set the number of working
processes manually and enter:
Maximum number of active processes - maximum number of working processes that Kaspersky Anti-Virus
can use.
Number of processes for real-time protection - maximum number of processes used by real-time protection
tasks.
Number of working processes for background on-demand scan tasks - maximum number of processes
used to perform on-demand scan tasks in the background.
If you lower the number of processes, Kaspersky Anti-Virus will not delete the excess processes immediately. Instead it
will delete them gradually as they reach completion to avoid forcing the tasks to stop.
The Reliability settings section displays settings that control recovery of Kaspersky Anti-Virus if the entire application or
individual processes crash during operation. Select the Perform task recovery checkbox and specify the number of
attempts that should be made to recover tasks. Kaspersky Anti-Virus and all processes started before the crash will then
be recovered automatically. In this case Kaspersky Anti-Virus will recover real-time protection tasks until they are
successfully launched, on-demand scan tasks - up to the number of attempts specified by this setting. By default selfrecovery is enabled, with the number of attempts set to 2. The maximum possible value is 10.
KASPERSKY ANTI-VIRUS PROPERTIES: ADVANCED TAB
This tab displays the settings that control:
display of Kaspersky Anti-Virus system tray anti-virus icon;
Kaspersky Anti-Virus operation when the protected server transitions to an independent power supply;
Page 41
C O N F I G U RI N G G E N E R A L K A S P E R S K Y A N T I - V I R U S S E T T I N G S U S I N G M M C
41
SEE ALSO
Kaspersky Anti-Virus icon in the notification area of the task tray ................................................................................... 23
Actions when running on UPS power ............................................................................................................................ 344
Event generation thresholds .......................................................................................................................................... 344
generation of events: Databases out of date, Databases are obsolete, and Scanning of critical areas has
not been performed for a long time.
Kaspersky Anti-Virus icon reflects the state of real-time protection, provides information about the version of antivirus
installed, and gives you access to the Anti-Virus console. The icon is active (colored) if a Real-time file protection or
Script monitoring task is being run. If both tasks are stopped, the icon is inactive (black and white).
Select Display program icon in the taskbar to display the icon in the system tray on the secure server. Deselect the
checkbox if you do not need to show the icon. The changes to the display of the icon will take effect the next time the
user logs into the system.
In the Use of uninterruptible power supply section, specify how the load on the server will be limited when
transitioning to that power supply. Select Do not start scheduled scan tasks. The on-demand scan will then be
paused. After restoring the standard power mode, the task will resume running on schedule. In order to stop tasks which
are already being performed select checkbox Stop current scan tasks. You will still be able to start on-demand tasks
manually and they will not be stopped by Kaspersky Anti-Virus. Both checkboxes are selected by default.
In the Event generation thresholds section, select one of the following values:
Database is out of date - time period (in days) following the release of the database after which the Database
is out of date event will be logged. By default this is set to 7 days, with a maximum possible value of 365 days.
Database is obsolete - time period (in days) following the release of the database after which the Database is
obsolete event will be logged. By default this is set to 14 days, with a maximum possible value of 365 days.
Scanning of critical areas has not been performed for a long time - how many days after the last critical
area scan of the computer the Scanning of critical areas has not been performed for a long time event will
be logged. By default this is set to 30 days, with a maximum possible value of 365 days.
After these periods have expired, the specified events will be logged, and a notification will be issued according to the
settings for notifications on this event type.
KASPERSKY ANTI-VIRUS PROPERTIES: MALFUNCTION DIAGNOSIS
TAB
This tab displays settings for saving diagnostic information if Kaspersky Anti-Virus crashes.
Select Enable to write traces for debugging information to be logged and specify:
The folder for storing the debugging information files. Debug information is saved to a separate file for each
process. You may enter the path to the object manually in UNC (Universal Naming Convention) format or select
the folder from the standard folder selection window using the Browse button. The folder must be located on
the local drive of the secure server. Do not use folders on virtual drives created using the SUBST command or
network server drives. If you specify a path to a nonexistent folder, the files will not be created.
Level of detail. Choose the value needed from the dropdown menu: Informational events, Important events,
Errors, Critical events or Debug information. The most detailed level is Debug information: which writes all
events to the log, and the least detailed is Critical events, which only writes critical events to the log. The
default level is Informational events.
Page 42
A D M I N I S T R A T O R ' S G U I D E
42
Maximum size of log files. As soon as a file with debugging information reaches the maximum size, Kaspersky
SEE ALSO
Creating a trace log ....................................................................................................................................................... 345
Trace log file folder ........................................................................................................................................................ 346
Trace log level of detail ................................................................................................................................................. 346
Size of single trace file .................................................................................................................................................. 347
Tracking individual Kaspersky Anti-Virus subsystems. ................................................................................................. 347
Anti-Virus begins writing information to a new file. The old file is saved.
The old file is saved. List of Kaspersky Anti-Virus subsystems about which information is logged. In the provided
field Components to be traced enter the subsystem codes for crashes (see section Kaspersky Anti-Virus
subsystem codes on page 42), that will be logged. Codes should be separated by a semicolon. When entering a
subsystem code, note that the code is case-sensitive. Information on all Kaspersky Anti-Virus subsystems is
logged by default.
To disable logging of debugging information, deselect the Enable to write traces checkbox.
Select Create crash dump files to create dump files when Kaspersky Anti-Virus processes crash, and specify the folder
where the crash dump files will be saved. You may enter the path to the object manually in UNC (Universal Naming
Convention) format or select the folder from the standard folder selection window using the Browse button. The folder
must be located on the local drive of the secure server. Do not use folders on virtual drives created using the SUBST
command or network server drives. If you specify a path to a nonexistent folder, the dump file will not be created. Dump
files are not created by default.
To disable the dump file feature, deselect Create crash dump files.
KASPERSKY ANTI-VIRUS SUBSYSTEM CODES
This table lists Kaspersky Anti-Virus subsystem codes used when configuring settings for saving debugging information
to the trace log. When entering a subsystem code, note that the code is case-sensitive.
Page 43
C O N F I G U RI N G G E N E R A L K A S P E R S K Y A N T I - V I R U S S E T T I N G S U S I N G M M C
43
SUBSYSTEM
CODE
SUBSYSTEM NAME
*
All components (default)
gui
User interface subsystem, Kaspersky Anti-Virus plug-in in MMC
ak_conn
Subsystem for integrating NAgent and Kaspersky Administration Kit
bl
Control process, implements Kaspersky Anti-Virus control tasks
wp
Work process, handles anti-virus protection tasks
blgate
Kaspersky Anti-Virus remote management process
ods
On-demand scan subsystem
oas
Real-time file protection subsystem
qb
Quarantine and Backup subsystem
scandll
Auxiliary module for anti-virus scans
core
Subsystem for basic anti-virus functionality
avscan
Anti-virus processing subsystem
avserv
Subsystem for controlling the anti-virus kernel
prague
Subsystem for basic functionality
scsrv
Subsystem for dispatching prompts regarding script interception
script
Script interceptor
updater
Subsystem for updating databases and program modules
snmp
SNMP protocol support subsystem.
perfcount
Performance counter subsystem
Table 7. Kaspersky Anti-Virus subsystem codes
Trace settings for Kaspersky Anti-Virus snap-in (gui) and the administration plug-in for Kaspersky Administration Kit
(ak_conn) are applied after those components have been restarted; Trace settings for the SNMP protocol subsystem
support (snmp) will be displayed after the SNMP service is restarted, and settings for the performance counter
subsystem (perfcount) will be displayed after all processes that use performance counters have been restarted. Trace
settings for other Kaspersky Anti-Virus subsystems are applied immediately after they are saved.
Page 44
44
TASK MANAGEMENT
IN THIS SECTION
Categories of Kaspersky Anti-Virus tasks ....................................................................................................................... 44
Creating on-demand scan task ....................................................................................................................................... 45
Saving task after changing its settings ............................................................................................................................ 47
Renaming tasks .............................................................................................................................................................. 47
Removing tasks ............................................................................................................................................................... 47
Starting/pausing/resuming/stopping tasks manually ....................................................................................................... 48
Managing task schedules ................................................................................................................................................ 48
Using different user account to launch the task ............................................................................................................... 51
Dialog boxes: task management ..................................................................................................................................... 53
CATEGORIES OF KASPERSKY ANTI-VIRUS TASKS
Kaspersky Anti-Virus features of Real-time protection, On-demand scan, Update and License management are
implemented as tasks. You can start and stop these tasks either manually or using the schedule.
By the place of their creation and execution tasks can be local and group. Local tasks can be of two categories: system
and user-defined tasks.
Local tasks
Local tasks are executed only on the protected server which they are created for. Depending upon the launch method,
the following types of local tasks exist:
Local system tasks are created automatically during Kaspersky Anti-Virus installation. You can modify settings
for all system tasks except for the Scan Quarantine objects and Application database rollback tasks. You
cannot rename or delete system tasks. You can launch system and user-defined on-demand scan tasks at the
same time.
Local user-defined tasks. You can add new on-demand scan tasks in the Kaspersky Anti-Virus console. Using
Group tasks
the administration console of the Kaspersky Administration Kit application, you can create new on-demand
scan, database update, database update rollback, and update downloading tasks. Such tasks are called userdefined tasks. You can rename, configure and delete user-defined tasks. You can start many user-defined tasks
at the same time.
Group tasks and tasks for sets of computers created in Kaspersky Administration Kit Administration Console, are
displayed in Kaspersky Anti-Virus console. They are all called group tasks in the Kaspersky Anti-Virus console. You can
manage group tasks and configure them from the Kaspersky Administration Kit application. In the Anti-Virus console you
can only view the status of group tasks.
The Kaspersky Anti-Virus console displays information about the tasks (see the figure below).
Page 45
T A S K M A N A G E M E N T
45
Figure 10: Real-time protection tasks in the Kaspersky Anti-Virus console window
Task management commands are listed in the context menu that opens by right-clicking on the task name.
Task management operations are logged into system audit log (see page 220).
CREATING ON-DEMAND SCAN TASK
You can create user-defined tasks in the On-demand scan node. Creation of user-defined tasks is not provided in other
functional components of Kaspersky Anti-Virus.
To create a new on-demand scan task, perform the following steps:
1. In the console tree, open the context menu of the On-demand scan node and select the command to Add task
(see the figure below).
Figure 11: Example of task creation
Page 46
A D M I N I S T R A T O R ' S G U I D E
46
This will open the Create task dialog box (see the figure below).
2. Enter the following information about the task:
Name – task name, it can consist of 100 characters or less containing any symbols except for % ? І \ | / : *
< >.
Description - any additional information about the task, with maximum length of 2000 characters. This
information will be displayed in the task properties dialog box.
3. Configure the following task settings, if necessary:
The use of heuristic analyzer (see page 372). By default, application uses heuristic analyzer in newly
created on-demand scan tasks. To change analysis level, make sure the Use heuristic analyzer checkbox
is selected and move the slider to the desired position. To disable the heuristic analyzer, deselect the Use
heuristic analyzer checkbox.
Applying trusted zone (see page 175). By default, application uses trusted zone in newly created on-
demand scan tasks. To disable the trusted zone, uncheck the Apply trusted zone box.
Figure 12: The Create task dialog box
Page 47
T A S K M A N A G E M E N T
47
Running background task (see page 149). If you need to run the task in a low-priority process, select the
Execute task in the background checkbox.
4. Click OK. Task will be created. Line with information about this task will appear in the console window.
Operation will be logged into system audit log (see page 220).
SAVING TASK AFTER CHANGING ITS SETTINGS
You can change the settings of a running or stopped (paused) task. New settings will become effective as follows:
If you changed settings of the running task, then for real-time protection tasks new setting values will apply
immediately after you save them, and for all other tasks - next time the task is started;
If you changed settings of the stopped task, new setting values will apply after you save them and start the task.
To save the changed settings of a task, open the shortcut menu of the task name and select the Save task command.
If after changing task settings you select another node in the console tree without first selecting the Save task command,
the setting saving dialog box will appear. Click Yes in this window to save task settings or No to leave the node without
saving changes.
You can also configure the settings for each of the following tasks: Real-time file protection (see section Configuring
Real-time file protection task on page 83), On-demand scan (Configuring on-demand tasks on page 129), Update (see
page 62).
RENAMING TASKS
You can rename only user-defined tasks in the Kaspersky Anti-Virus console, but you cannot rename system or group
tasks.
To rename a task, perform the following steps:
1. Right-click the task name and select Properties command from the context menu.
2. Enter new task name in the <Task name >Properties dialog window in the Name field and click OK.
Task will be renamed. Operation will be logged into system audit log (see page 220).
REMOVING TASKS
You can delete only user-defined tasks in the Kaspersky Anti-Virus console, but you cannot delete system or group
tasks.
To delete a task, perform the following steps:
1. Right-click the task name and select Delete task command from the context menu.
2. Press the Yes button in the Remove task dialog box in order to confirm the action.
The task status in results pane will change and operation will be registered into the system audit log (see page 220).
Page 48
A D M I N I S T R A T O R ' S G U I D E
48
STARTING/PAUSING/RESUMING/STOPPING TASKS
IN THIS SECTION
Enabling and disabling scheduled tasks ......................................................................................................................... 48
Configuring task schedules using MMC .......................................................................................................................... 48
MANUALLY
You can pause or resume all tasks except update tasks.
To start / pause / resume / stop a task,
right-click the task name and select the command you want to perform: Start, Suspend, Resume, or Stop.
The operation will be performed. The task status in the results pane will change and the operation will be registered in
the system audit log (see page 220).
If you pause and resume an on-demand scan task, Kaspersky Anti-Virus will resume the scan of the object on which the
task had been paused.
MANAGING TASK SCHEDULES
ENABLING AND DISABLING SCHEDULED TASKS
After you have configured task schedule once, you can enable and disable it. After you have disabled the schedule, its
settings (startup frequency, start time, etc.) will not be deleted and you will be able to enable the schedule again, if
required.
To enable or disable the schedule, perform the following steps:
1. Right-click the name of the task, for which you wish to configure the schedule, and select Properties command
from the context menu.
2. Perform one of the following actions in the <Task name> Properties dialog box in the Schedule tab:
check the Start task according to schedule box to enable the schedule;
to disable the schedule uncheck the Start task according to schedule box.
3. Click OK.
CONFIGURING TASK SCHEDULES USING MMC
You can configure the schedule of the local system and user-defined tasks in the KasperskyAnti-Virus console (see page
44). You cannot configure group task schedule settings.
See also task schedule settings (see page 352).
To configure task schedule settings, perform the following steps:
1. Right-click the task name the schedule of which you wish to configure and select Properties.
Page 49
T A S K M A N A G E M E N T
49
2. Using the Properties: <Task name> on Schedule tab enable schedule for this task: check Run by the
schedule (see the figure below).
Fields with the schedule settings will be unavailable if the launch of this scheduled system task is disabled by
the Kaspersky Administration Kit policy (see section Enabling scheduled launch of the local system tasks on
page 324 ).
3. Configure schedule settings in accordance with your requirements. To do this, perform the following steps:
a. Specify how often the task will be run (see page 352): select one of the following values in the Frequency
list: Hourly, Daily, Weekly, At program startup, After databases update .Define the following settings:
if you selected Hourly, specify the number of hours in the Every <number> hours in the Task start
settings group;
if you selected Daily, specify the number of days in the Every <number> days in the Task start
settings group;
if you selected Weekly, specify the number of weeks in the Every <number> weeks in the Task start
settings group. Specify weekdays when the task will be launched (Monday, by default).
Figure 13: Example of the Schedule tab with Weekly frequency
Page 50
A D M I N I S T R A T O R ' S G U I D E
50
b. In the Start time field, specify the time when the task will run for the first time (see page 353).
c. In the Start from field, specify the date of the schedule to apply (see section 353).
After you have specified the task startup frequency, the time of the first task execution and the date for the
schedule to be enabled, information about the calculated time for the next task launch will appear in the top
part of the dialog box in the Next start field. Updated information about estimated time of the next task
launch will be displayed each time you open the <Task name> Properties dialog box of the Schedule tab.
The value Prohibited by policy is displayed in the Next start field if active policy settings of Kaspersky
Administration Kit prohibit launching of scheduled system tasks (see section Disabling scheduled launch of
local predefined tasks on page 324).
4. Using the Additional tab configure the following schedule settings in accordance with your requirements (see
the figure below).
a. To specify the maximum duration of a task (see page 355), enter the number of hours and minutes you
want in the Duration field in the Task stop settings group.
Figure 14: <Task name> Properties dialog box, Advanced tab
Page 51
T A S K M A N A G E M E N T
51
IN THIS SECTION
About using accounts to launch tasks ............................................................................................................................. 51
Specifying user account for running a task ...................................................................................................................... 51
b. To specify time period within 24 hours for task execution to be paused (see page 355), enter the Task stop
settings values for duration in the Pause from… until field.
c. To specify schedule disabling date (see page 354), check the End schedule date box and using the
Calendar dialog box select the date when the schedule will be disabled.
d. To enable skipped task launch function (see page 356), check the Run missed tasks box.
e. To enable the use of the Randomize the task start within interval, min setting (see page 356), check the
Randomize the task start within interval and specify the value for this setting in minutes.
5. Click OK to save changes you have made in the <Task name> Properties dialog box.
USING DIFFERENT USER ACCOUNT TO LAUNCH THE TASK
ABOUT USING ACCOUNTS TO LAUNCH TASKS
You can specify an account under which a selected task will be launched of any functional Anti-Virus component except
the Real-time protection component.
By default all tasks except the real-time protection tasks will be run under Local system (SYSTEM) account. While
performing real-time protection tasks Anti-Virus intercepts the object being scanned when an application calls to it and
uses the permissions of that application.
You must specify different account with proper access permissions in the following cases:
In the update task, if you specified public folder on different computer in the network as the update source;
If you use proxy server with built-in Windows NTLM authentication for accessing update sources;
In the on-demand scan tasks, if the Local System (SYSTEM) account does not have the access right to any of
the objects being scanned (for example to the files in public folders in the network).
Under Local System (SYSTEM) account you can launch updating and on-demand scan tasks in which Anti-Virus
accesses public folder on a different computer if this computer is registered within the same domain with the protected
server. In this case account Local System (SYSTEM) must have access rights to these folders. Kaspersky Anti-Virus
will access the computer using rights of account Domain_name\Computer_name$.
SPECIFYING USER ACCOUNT FOR RUNNING A TASK
To specify an account for running a task, perform the following steps:
1. Right-click the task name and select Properties command from the context menu.
Page 52
A D M I N I S T R A T O R ' S G U I D E
52
2. Using the <Task name> Properties dialog box open the Run as tab (see the figure below).
3. On the Run as tab perform the following:
a. Select the User account option.
b. Enter the username and password for the user whose account you wish to use.
The user that you selected must be registered on the protected server or within the same domain as this server.
4. Click OK.
Figure 15: <Task name> Properties dialog box, Run as tab
Page 53
T A S K M A N A G E M E N T
53
IN THIS SECTION
Task properties: Additional tab ........................................................................................................................................ 53
Task properties: Run as tab ............................................................................................................................................ 54
Task properties: Schedule tab ......................................................................................................................................... 54
DIALOG BOXES: TASK MANAGEMENT
TASK PROPERTIES: ADDITIONAL TAB
This tab provides additional task start settings using a schedule.
The upper portion of the window displays the next scheduled start time for the task. The server time is specified in the
format assigned in the Microsoft Windows regional settings on the computer where Kaspersky Anti-Virus console is
installed.
You can configure the following settings:
Duration - longest possible time spent executing a task. Once this time has elapsed, the task will be stopped.
Select this checkbox if you want to limit the time a task is executed, and specify the duration for executing the
task in hours and minutes. If the task should be run to completion, deselect this checkbox. This feature does not
apply to update tasks.
Pause from … until ... – a period of time during the day when the task will be paused.
Select this checkbox if you need to minimize the load on the server during business hours, and specify the
beginning and final times for the period in hours and minutes. This feature does not apply to update tasks.
Update and on-demand scan tasks will resume at the point where they were paused. Real-time protection tasks
will restart. Deselect the checkbox if you do not need to pause tasks. By default the box is unchecked.
End schedule date - the date when the automatic task start will be stopped. The task is not deleted when it is
stopped. You can start it again manually.
Select the checkbox to disable automatic task start and specify the date for the schedule to end. Deselect the
checkbox if you do not need to limit the duration of the schedule. By default the box is unchecked.
Run missed tasks - this feature determines the order for starting tasks if the secure server was unavailable
during the time assigned by the schedule, for example, turned off, or if Kaspersky Anti-Virus was disabled.
Select the checkbox to set the application to run skipped tasks the next time Kaspersky Anti-Virus runs on the
computer. Deselect it if you do not need to run missed tasks. Tasks will then run strictly according to schedule.
Randomize the task start within interval - maximum deviation from the start time set in the schedule during
which the task should be started. Select the checkbox and specify the times when the task will be run.
The setting is not used and the checkbox is not available if the following start frequency is selected: At program
startup, After Administration Server has retrieved updates and At anti-virus database update.
Page 54
A D M I N I S T R A T O R ' S G U I D E
54
SEE ALSO
Maximum duration of task ............................................................................................................................................. 355
Time period within 24 hours for task execution to be paused........................................................................................ 355
Schedule disabling date ................................................................................................................................................ 354
Launching skipped tasks ............................................................................................................................................... 356
Randomize the task start within interval, min ................................................................................................................ 356
SEE ALSO
About using accounts to launch tasks ............................................................................................................................. 51
TASK PROPERTIES: RUN AS TAB
In this window, you can assign the user account under which you want to run the task.
Select one of the following user accounts:
Local System account if additional privileges are not required to perform the task.
User account if additional privileges are needed to successfully perform the task. In the field on the right, select
a user name with sufficient privileges, either manually or from the list using the button, and complete the
Password and Confirm password field.
TASK PROPERTIES: SCHEDULE TAB
This tab displays task schedule settings. The next scheduled start time for the task will be displayed in the upper portion
of the window. The server time is specified in the format assigned in the Microsoft Windows regional settings on the
computer where Kaspersky Anti-Virus console is installed.
To end a scheduled task, deselect the Run by the schedule checkbox. Then the task will not start automatically,
although you can still start it manually.
If you want a task to run automatically, select the Run by the schedule checkbox and specify the schedule settings.
Select a value from the Frequency dropdown menu that corresponds to how often you want to run the task, and specify
the period of time between running the task, as well as the exact time and date for the first scheduled start:
Hourly: the interval between scans is calculated in hours. Enter the length of time between task starts in the
Every N hour(s) field. For example, if you want the task to run hourly: Every 1 hour. In the Start from fields,
specify the date and time for the first scheduled start.
Daily: the task will run every several days. Enter the number of days between task starts in the Every N day(s)
field. For example, to run the task every day: Every 1 day. In the Start time and Start from fields, specify the
date and time for the first scheduled start.
Weekly: the task will run once every several weeks on certain days of the week. In the Every N weeks field, set
the period of time between series of task starts and select the checkboxes for the days of the week when you
want to run the task. For example, to run the task every two weeks on Tuesday and Friday: select Every 2
weeks and select the checkboxes next to Tue and Fri. In the Start time and Start from fields, specify the date
and time for the first scheduled start.
Page 55
T A S K M A N A G E M E N T
55
SEE ALSO
Configuring task schedules using MMC .......................................................................................................................... 48
Frequency ..................................................................................................................................................................... 352
Schedule start date and task start time ......................................................................................................................... 353
At program startup: the task starts up every time Kaspersky Anti-Virus is run.
At anti-virus database update: the task starts after each successful Kaspersky Anti-Virus database update.
This option does not apply to update tasks.
Page 56
56
UPDATING KASPERSKY ANTI-VIRUS BASES
IN THIS SECTION
About updating Kaspersky Anti-Virus bases ................................................................................................................... 56
About updating application modules ............................................................................................................................... 57
Schemes for updating bases and program modules of anti-virus applications used within organization ........................ 57
Update tasks ................................................................................................................................................................... 61
Configuring update tasks................................................................................................................................................. 62
Update task statistics ...................................................................................................................................................... 71
Rolling back Kaspersky Anti-Virus database updates ..................................................................................................... 71
Rolling back application module update .......................................................................................................................... 71
Dialog boxes: update ...................................................................................................................................................... 72
AND APPLICATION MODULES
ABOUT UPDATING KASPERSKY ANTI-VIRUS BASES
Kaspersky Anti-Virus bases stored on the protected server soon become outdated. Kaspersky Lab's Anti-Virus analysts
detect hundreds of new threats daily, create records that identify them and include them into database updates.
(Database updates are one file or set of files containing records that identify threats discovered during the time since the
last update was created). To maintain required server protection level servers, we recommend that you receive database
updates regularly.
By default, if Kaspersky Anti-Virus database is not updated within a week after the moment the latest installed base
updates were created, a Databases out of date event occurs, and if the database is not updated within two weeks, a
Database is obsolete event occurs. Information about bases up-to-date status will be displayed in the Kaspersky Anti-
Virus node (see section Viewing protection status and Anti-Virus information on page 32). You can specify the
number of days before these events occur using general Kaspersky Anti-Virus settings (see page 36) and configure
administrator notifications about these events (see page 255).
You can update databases from Kaspersky Lab's FTP or HTTP update servers or from other update sources using
Kaspersky Anti-Virus task Application database update (see section Update tasks on page 61).
You can download updates to every protected server or use one computer as intermediary by copying all updates onto it
and then distributing them to the servers. And if you use Kaspersky Administration Kit application for the centralized
administration of protection of computers in a company, you can use Kaspersky Administration Kit administration server
as an intermediary for downloading updates. In order to copy bases to the intermediary computer without applying them,
use the Updates distribution task (see section Update tasks on page 61).
You can start database update tasks manually or using the schedule (see page 48).
If the update downloading process is interrupted or results in an error, Kaspersky Anti-Virus will automatically switch
back to using bases with the latest installed updates. If the Anti-Virus bases become corrupted, you can manually roll
them back to the previously installed updates (see section Rolling back Anti-Virus database updates on page 71).
Page 57
U P D A T I N G K A S P E R S K Y A N T I - V I R U S B A S E S A N D A P P L I C A T I O N M O D U L E S
57
If you do not have internet access you can receive update files on diskettes or CD from our partners. You can view
information about the partner you have purchased your copy of Kaspersky Anti-Virus from in the properties of the
installed license within the Kaspersky Anti-Virus console. You can also call our central office in Moscow at +7 (495) 79787-07, +7 (495) 645-79-29 or +7 (495) 956-87-08 for the address of our partner closest to you (support is provided in
Russian and English).
ABOUT UPDATING APPLICATION MODULES
Kaspersky Lab can issue update packages for Kaspersky Anti-Virus application modules. The update packages can be
urgent (or critical) and scheduled. Critical update packages repair vulnerabilities while planned packages add new
features or enhance existing functionality.
Urgent (critical) update packages are uploaded to the Kaspersky Lab's update servers. You can configure their automatic
installation using the Application Module Updates task.
Kaspersky Lab does not publish planned update packages on its update servers for automatic update; you can download
them from Kaspersky Lab's website. Using the Program modules update task you can receive information about the
release of scheduled Kaspersky Anti-Virus updates.
You can download critical updates from the Internet to each protected server or use one computer as intermediary by
copying all updates onto it and then distributing them to the servers. In order to copy and save updates without installing
them use the Updates Distribution task.
Before you install updates of application modules Kaspersky Anti-Virus creates backup copies of the previously installed
modules. If the application modules updating process is interrupted or results in an error, Kaspersky Anti-Virus will
automatically return to the use of the previously installed application modules. You can roll back application modules
manually back to the previously installed updates.
During the installation of downloaded updates Kaspersky Anti-Virus service automatically stops and then restarts.
If you do not have internet access you can receive update files on diskettes or CD from our partners. You can view
information about the partner you have purchased your copy of Kaspersky Anti-Virus from in the properties of the
installed license within the Kaspersky Anti-Virus console. You can also call our central office in Moscow at +7 (495) 79787-07, +7 (495) 645-79-29 or +7 (495) 956-87-08 for the address of our partner closest to you (support is provided in
Russian and English).
SCHEMES FOR UPDATING BASES AND PROGRAM MODULES
OF ANTI-VIRUS APPLICATIONS USED WITHIN
ORGANIZATION
You choice of the update source in the update tasks depends on the bases and application modules update scheme you
use within your organization.
You can update Kaspersky Anti-Virus bases and modules on the protected servers using the following schemes:
download updates directly from the Internet to each protected server (Scheme 1);
download updates from the Internet to one intermediary computer and distribute updates to other servers from
it.
Any computer with the software listed below installed can serve as an intermediary computer:
Kaspersky Anti-Virus (one of the protected servers) (Scheme 2).
Kaspersky Administration Kit Administration Server (Scheme 3).
Page 58
A D M I N I S T R A T O R ' S G U I D E
58
Update using an intermediary computer will allow to decrease internet traffic and will ensure additional server security.
Description of update schemes listed is provided below.
Scheme 1. Updating directly from the Internet
Configure the Program database update (Program modules update) task on each protected server. Specify
Kaspersky Lab's update servers as the update source. Configure the task schedule.
You can specify other HTTP or FTP servers with update folder as the update source.
Scheme 2. Updating from one of the protected servers
To update according to this scheme, perform the following steps:
1. Copy updates to the selected protected server.
Configure the Updates distribution task on the selected server. Specify Kaspersky Lab's update servers as the
update source. Specify target directory where updates will be saved: it must be shared folder.
Using this task you can retrieve updates not only for the protected server but for computers in the local area
network with other Kaspersky Lab's applications version 8.0 installed.
2. Distribute updates to other protected servers.
Page 59
U P D A T I N G K A S P E R S K Y A N T I - V I R U S B A S E S A N D A P P L I C A T I O N M O D U L E S
59
Configure Program database update (Program modules update) task on each protected server (see
the figure below). As update source for this task specify folder on intermediary computer's drive where to
download updates.
Figure 16: Updating from one of the protected servers
Page 60
A D M I N I S T R A T O R ' S G U I D E
60
Scheme 3. Updating via Kaspersky Administration Kit Administration Server
If you use Kaspersky Administration Kit application for centralized administration of Anti-Virus computer protection, you
can download updates via the Kaspersky Administration Kit Administration Server installed in the local area network (see
the figure below).
Figure 17: Updating via Kaspersky Administration Kit Administration Server
To update according to this scheme, perform the following steps:
1. Downloading updates from Kaspersky Lab's update servers to Kaspersky Administration Kit
Administration Server.
Configure the Retrieve updates by Administration server task for the specified set of computers. Specify
Kaspersky Lab's update servers as the update source.
Using this task you can retrieve updates not only for the protected server but for computers in the local area
network with other Kaspersky Lab's applications version 8.0 installed.
2. Distribute updates to protected servers
Distribute updates to protected serves using one of the following methods:
On Kaspersky Administration Kit Administration Server configure an Anti-Virus database (application
module) update group task to distribute updates to protected servers.
Page 61
U P D A T I N G K A S P E R S K Y A N T I - V I R U S B A S E S A N D A P P L I C A T I O N M O D U L E S
61
Using the task schedule specify After Administration Server has retrieved updates as start frequency.
Administration Server will start the task each time it receives updates (recommended method).
You cannot specify start frequency of After receiving updates by Administration Server in the
Kaspersky Anti-Virus console.
Configure the Program database update (Program modules update) task on each of the protected
servers and select Kaspersky Administration Kit Administration Server as the update source for this task.
Configure the task schedule.
If you plan to use Kaspersky Administration Kit administration server for distributing updates, install onto each of the
protected servers Network Agent, an application component included into the installation package of Kaspersky
Administration Kit. It ensures interaction between the Administration Server and Kaspersky Anti-Virus on the protected
server. For more details about the Network Agent and its configuration using Kaspersky Administration Kit see document
Kaspersky Administration Kit. Administrator's Guide.
UPDATE TASKS
There are four pre-defined system update tasks provided with Kaspersky Anti-Virus: Program database update;
Program modules update, Updates distribution and Database update rollback (see the figure below).
Figure 18: Update tasks in the Kaspersky Anti-Virus console
By default, Kaspersky Anti-Virus connects to update source (one of Kaspersky Lab's update servers) every hour by
automatically detecting proxy server settings in the network without authenticating when accessing it.
You can configure database update tasks (see page 62). After you modify the task settings, Kaspersky Anti-Virus will
apply the new values at the next task launch.
You can stop update tasks, however you cannot pause them.
For managing tasks in the Anti-Virus refer to Managing task section (see page 44).
Program database update.
Kaspersky Anti-Virus copies bases from the update source to the protected server and immediately starts using them in
the running real-time security and on-demand scan tasks.
By default, Kaspersky Anti-Virus runs the Program database update task every hour.
Page 62
A D M I N I S T R A T O R ' S G U I D E
62
Program modules update.
IN THIS SECTION
Selecting update source, configuring connection with update source and regional settings ........................................... 62
Configuring Download updates task settings .................................................................................................................. 67
Configuring Application modules update task settings .................................................................................................... 68
Kaspersky Anti-Virus copies updates of its application modules from the update sources to the protected server and
installs them. In order to start using installed application modules computer restart may be required.
Weekly, Fridays at 16:00 (time in the format established by the regional settings of the protected server), Kaspersky AntiVirus will run the Program modules update task to check for available patches and upgrades of Anti-Virus modules
without downloading them.
Updates distribution
Kaspersky Anti-Virus downloads database and application module update files and saves them to the specified network
or local folder without applying them.
Database update rollback
Kaspersky Anti-Virus returns to the use of the bases with previously installed bases.
CONFIGURING UPDATE TASKS
SELECTING UPDATE SOURCE, CONFIGURING CONNECTION WITH
UPDATE SOURCE AND REGIONAL SETTINGS
For each updating task you can specify one or several update sources, configure the connection with the sources and
specify the location of the protected server to optimize downloading of the updates (regional settings).
Please note that after changing update task settings, they are not enforced in the update tasks running at the moment;
they only apply at the next task launch.
To configure the update task settings, perform the following steps:
1. Expand the Update node in the console tree and select one of the update tasks (see the figure below).
Page 63
U P D A T I N G K A S P E R S K Y A N T I - V I R U S B A S E S A N D A P P L I C A T I O N M O D U L E S
63
Figure 19: Program database update task is open
2. Click the Properties link in the results pane to proceed to the task configuration.
Using the tabs of the <Task name> Properties dialog box, configure the update settings based on your
requirements.
Page 64
A D M I N I S T R A T O R ' S G U I D E
64
3. Using the General tab, select the update source which the Kaspersky Anti-Virus will retrieve updates from (see
page 375) (see the figure below).
4. If you select Custom HTTP or FTP servers, or network folders, add one or multiple user-defined update
sources. To specify the source, click the Edit button and in the Update servers dialog click the Add button (see
the figure below). In the entry field define the address of the folder containing update files on FTP or HTTP
server; specify a local or network folder in the UNC (Universal Naming Convention) format. Click OK.
You can enable or disable added user-defined sources: to disable the source you have added uncheck the box
in the list next to it; to enable the source, check the box in the list next to it.
Figure 20: Program database update Properties dialog box, General tab
Page 65
U P D A T I N G K A S P E R S K Y A N T I - V I R U S B A S E S A N D A P P L I C A T I O N M O D U L E S
65
In order to change the order of Kaspersky Anti-Virus calls to the user-defined files, use the Move Up and Move
Down buttons to move the selected source to the beginning or to the end of the list depending on whether you
wish to use it before or after other sources.
Figure 21: Adding user-defined update sources
To change path to the source, select the source in the list and click the Edit button, make the required changes
in the entry field and press the ENTER key.
In order to remove a source, select it in the list and press the Delete button. The source will be deleted from the
list.
5. To use Kaspersky Lab's update servers to download updates if the user-defined sources are unavailable, check
the Use Kaspersky Lab's update servers if custom servers or network folders are not accessible.
6. Using the Connection Settings tab configure the connection with the update source (see the figure below).
Page 66
A D M I N I S T R A T O R ' S G U I D E
66
Perform the following steps:
change FTP server mode for connection with protected server (see page 376);
modify the FTP or HTTP server connection timeout, if necessary (see page 376);
if access to proxy server is required for downloading updates from one of the specified sources, describe
proxy server access settings:
accessing proxy server for connection to various update sources (see page 377);
proxy server settings (see page 378);
authentication method used when accessing proxy server (see page 379);
specify country of the protected server location. (see page 380).
7. After you have configured the required settings, press the OK button to save changes.
Figure 22: Program database update Properties dialog box, Connection settings tab
Page 67
U P D A T I N G K A S P E R S K Y A N T I - V I R U S B A S E S A N D A P P L I C A T I O N M O D U L E S
67
CONFIGURING DOWNLOAD UPDATES TASK SETTINGS
To configure the Updates distribution task, perform the following steps:
1. In the console tree expand the Update node and select the Updates distribution task (see figure below).
Figure 23: Updates distribution task is open
2. Click the Properties link in the results pane.
3. In the Properties: Updates distribution dialog box specify the updates source and the settings used to
connect to it. For instructions refer to the section Selecting update source, configuring connection with update
source (see page 62).
Page 68
A D M I N I S T R A T O R ' S G U I D E
68
4. On the General tab specify update content (see page 382) (see the figure below).
5. Specify local or network folder where Kaspersky Anti-Virus will be saving downloaded updates.
6. Press OK to save the changes.
CONFIGURING APPLICATION MODULES UPDATE TASK SETTINGS
To configure the Application modules update task:
Figure 24: Updates distribution Properties dialog box, General tab
Page 69
U P D A T I N G K A S P E R S K Y A N T I - V I R U S B A S E S A N D A P P L I C A T I O N M O D U L E S
69
1. In the console tree expand the Update node and select the Program modules update task (see the figure
below).
Figure 25: Program modules update task is open
2. Click the Properties link in the results pane.
3. In the Program modules update Properties dialog box specify the updates source and settings used to
connect to it. For instructions refer to the section Selecting update source, configuring connection with update
source (see page 62).
Page 70
A D M I N I S T R A T O R ' S G U I D E
70
4. Specify on the General tab the operations to perform: download and install updates or just check their
availability (see page 381) (see the figure below).
5. If you want Kaspersky Anti-Virus to automatically restart the server upon completion of the task (if this is
required in order to apply the installed application modules), check the Allow system reboot box.
6. If you want to obtain information about Kaspersky Anti-Virus module upgrades, select Receive information
about available application modules updates.
Kaspersky Lab does not publish planned update packages on its update servers for automatic update; you can
download them from Kaspersky Lab's website. You can configure administrator notification about Planned Anti-
Virus modules update available event, which will contain the URL of our site which you can use to download
planned updates. For more details please refer to the Configuring administrator and user notifications section
(see page 255).
7. Press OK to save the changes.
Figure 26: Program modules update Properties dialog box, General tab
Page 71
U P D A T I N G K A S P E R S K Y A N T I - V I R U S B A S E S A N D A P P L I C A T I O N M O D U L E S
71
FIELD
DESCRIPTION
Received data
Total amount of downloaded data
Available critical updates
Number of critical updates available for installation
Available planned
updates
Number of planned updates available for installation
Errors applying updates
If the value of this field is non-zero, the update was not applied. You can view the name of
the update, which caused an error at an attempt to apply it, in the task execution log (see
section Viewing task information using the log on page 227).
UPDATE TASK STATISTICS
While update task is running, you can view real-time information about amount of data downloaded since the task has
been launched until now and other task execution statistics.
After the task is completed or stopped you can view this information in the task log (see section Viewing task information
using the log on page 227).
To view update task statistics, perform the following steps:
1. In the console tree expand the Update node.
2. Select the task which statistics you want to display.
Task statistics will be displayed in the Statistics section of the results panel.
If you are viewing Program database update or Updates distribution task, then Kaspersky Anti-Virus shows the
volume of data retrieved by that time (Received data).
If you are viewing the Program modules update task, you will see the information described in the following table.
Table 8. Information about the Application modules update task
ROLLING BACK KASPERSKY ANTI-VIRUS DATABASE
UPDATES
Before applying database updates Kaspersky Anti-Virus creates backup copies of the bases currently in use. If the
update has been interrupted or has resulted in an error, Kaspersky Anti-Virus will automatically return to the use of the
previously installed bases.
If you encounter any problems after database update you can roll databases back to previous installed bases by starting
the Database update rollback task.
ROLLING BACK APPLICATION MODULE UPDATE
Before you apply updates of application modules Kaspersky Anti-Virus creates backup copies of the version modules
currently in use. If the modules updating process has been interrupted or has resulted in an error, Kaspersky Anti-Virus
will automatically return to the use of the modules with the latest installed updates.
In order to roll back the application modules use the Microsoft Windows component Add and remove programs.
You can roll back application modules manually to previously installed updates.
Page 72
A D M I N I S T R A T O R ' S G U I D E
72
DIALOG BOXES: UPDATE
IN THIS SECTION
Update node .................................................................................................................................................................... 72
Application database update node .................................................................................................................................. 73
Application modules update node ................................................................................................................................... 75
Updates distribution node................................................................................................................................................ 76
Database update rollback node ....................................................................................................................................... 77
Application database update: General tab ...................................................................................................................... 78
Modules update: General tab .......................................................................................................................................... 78
Updates distribution: General tab .................................................................................................................................... 79
Update servers window ................................................................................................................................................... 81
Connection settings tab ................................................................................................................................................... 81
Regional settings tab ....................................................................................................................................................... 82
UPDATE NODE
The Update node is designed for controlling updates of Kaspersky Anti-Virus database updates and program modules,
distributing updates to a local folder, and rolling back database updates.
The node includes subnodes for managing update tasks: Program database update, Program modules update,
Update distribution, Database update rollback.
A separate node is created for each group task created and sent to the server by Kaspersky Administration Kit.
System tasks are built-in features of Kaspersky Anti-Virus and carry out the following functions:
Program database update: updates Kaspersky Anti-Virus databases.
Program modules update: updates Kaspersky Anti-Virus program modules.
Update distribution: saves database and program module updates to a local folder. You can specify this folder
as an update source for Anti-Virus installed on the network and other Kaspersky Lab applications.
Database update rollback: restores the program's databases from a backup copy to be used as the current
version of Kaspersky Anti-Virus databases.
Result panel
The results panel displays the following information on the current status of update tasks:
Task name – name of the update task.
Task category:
System – built-in tasks included with the application.
Page 73
U P D A T I N G K A S P E R S K Y A N T I - V I R U S B A S E S A N D A P P L I C A T I O N M O D U L E S
73
SEE ALSO
About updating Kaspersky Anti-Virus bases ................................................................................................................... 56
About updating application modules ............................................................................................................................... 57
Schemes for updating bases and program modules of anti-virus applications used within organization ........................ 57
Update tasks ................................................................................................................................................................... 61
Configuring update tasks................................................................................................................................................. 62
Update task statistics ...................................................................................................................................................... 71
Rolling back Kaspersky Anti-Virus database updates ..................................................................................................... 71
Rolling back application module update .......................................................................................................................... 71
Group – tasks that are created for the administration group that the protected server belongs to and sent to
the server using Kaspersky Administration Kit remote administration tools.
Task status – current status of the task; percentage of the task that has completed.
Start time – date and time that the task is started. The server time is specified in the format assigned in the
Microsoft Windows regional settings on the computer where Kaspersky Anti-Virus console is installed.
Schedule – start settings using a schedule conditions.
Next start - calculated time that the scheduled task will run.
To work with a task, select the appropriate node from the console tree or from the list displayed in the result panel.
Context menu and task pad
Using the hyperlinks in the task pad and context menu commands, you can perform the following actions:
Export settings - save all user-defined system tasks to file. In doing so, all settings are saved for each task.
Import settings – restores update tasks from file. In doing so, created tasks are not deleted. The imported
tasks are added to the list. If a task with the same name already exists, its settings will be changed and the
values specified in the file are set.
APPLICATION DATABASE UPDATE NODE
The Program database update system task can be used to update Kaspersky Anti-Virus databases.
We recommend that you update the anti-virus databases immediately after installing the program, since the databases
included in the installation will be outdated by the time you install.
The Program database update node is used for starting and stopping the Program database update system task,
configuring the task's settings, creating schedules, and viewing statistics of its performance.
Management
The Management box contains the following information on the task:
Page 74
A D M I N I S T R A T O R ' S G U I D E
74
Task status – current status of the task, for example Running or Stopped.
SEE ALSO
About updating Kaspersky Anti-Virus bases ................................................................................................................... 56
Starting/pausing/resuming/stopping tasks manually ....................................................................................................... 48
Viewing task information using the log .......................................................................................................................... 227
Configuring update tasks................................................................................................................................................. 62
Update task statistics ...................................................................................................................................................... 71
Configuring task schedules using MMC .......................................................................................................................... 48
Categories of Kaspersky Anti-Virus tasks ....................................................................................................................... 44
Start time – date and time that the task is started.
Stop time - date and time that the task will finish.
Task category:
System – built-in tasks included with the application.
Group – tasks that are created for the administration group that the protected server belongs to and sent to
the server using Kaspersky Administration Kit remote administration tools.
The Open execution log link will open the task completion log.
Properties
The Properties box contains the following information on the task schedule and calculated time that the task will run
next, update source, and task settings.
The Change task settings link will open the Properties: Program database update dialog box.
Statistics
The Statistics box enables you to view statistics on a task.
Shortcut menu
Using the context menu commands, you can perform the following actions:
Start – start the task.
Stop – stop the task.
Open execution log – view the last execution log.
Properties - view and configure database update settings and automatic start/stop settings for the task and
assign a user account to run the task.
Page 75
U P D A T I N G K A S P E R S K Y A N T I - V I R U S B A S E S A N D A P P L I C A T I O N M O D U L E S
75
APPLICATION MODULES UPDATE NODE
To maintain server protection on the appropriate level, we recommend regularly installing Kaspersky Anti-Virus updates.
The Program modules update node is for starting and stopping the Program modules update tasks, creating
schedules, configuring the task's settings and viewing statistics on performance.
By default the update task for program modules runs by schedule once per week. The updates are downloaded from
Kaspersky Lab servers. The task checks for urgent and planning program module updates. The updates are not
installed.
Management
The Management box contains the following information on the task:
Task status – current status of the task, for example Running or Stopped.
Start time – date and time that the task is started.
Stop time - date and time that the task will finish.
Task category:
System – built-in tasks included with the application.
Group – tasks that are created for the administration group that the protected server belongs to and sent to
the server using Kaspersky Administration Kit remote administration tools.
The Open execution log link will open the task completion log.
Properties
The Properties box contains the following information on the task schedule and calculated time that the task will run
next, update source, and task settings.
The Properties link will open the Settings: Program modules update dialog box.
Statistics
The Statistics box enables you to view statistics on a task.
Shortcut menu
Using the context menu commands, you can perform the following actions:
Start – start the task.
Stop – stop the task.
Open execution log – view the last execution log.
Properties - view and configure module update settings and automatic start/stop settings for the task and
assign a user account to run the task.
Page 76
A D M I N I S T R A T O R ' S G U I D E
76
SEE ALSO
About updating application modules ............................................................................................................................... 57
Starting/pausing/resuming/stopping tasks manually ....................................................................................................... 48
Configuring task schedules using MMC .......................................................................................................................... 48
Viewing task information using the log .......................................................................................................................... 227
Update task statistics ...................................................................................................................................................... 71
Configuring Application modules update task settings .................................................................................................... 68
UPDATES DISTRIBUTION NODE
Kaspersky Anti-Virus supports the option of distributing database updates and program modules and saving them to a
local update folder. You can specify this folder as an update source for Anti-Virus installed on the network and other
Kaspersky Lab applications. The Update distribution system task delivers this feature.
The Update distribution node is for starting and stopping Update distribution tasks, creating schedules, and viewing
statistics on performance.
Update distribution is started manually by default. The updates are downloaded from Kaspersky Lab servers. Database
updates are only downloaded for Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition.
Management
The Management box contains the following information on the task:
Task status – current status of the task, for example Running or Stopped.
Start time – date and time that the task is started.
Stop time - date and time that the task will finish.
Task category:
System – built-in tasks included with the application.
Group – tasks that are created for the administration group that the protected server belongs to and sent to
the server using Kaspersky Administration Kit remote administration tools.
The Open execution log link will open the task completion log.
Properties
The Properties box contains the following information on the task schedule and calculated time that the task will run
next, update source, and task settings.
The Properties link will open the Settings: Update distribution dialog box.
Statistics
The Statistics box enables you to view statistics on a task.
Page 77
U P D A T I N G K A S P E R S K Y A N T I - V I R U S B A S E S A N D A P P L I C A T I O N M O D U L E S
77
SEE ALSO
Update tasks ................................................................................................................................................................... 61
Starting/pausing/resuming/stopping tasks manually ....................................................................................................... 48
Configuring task schedules using MMC .......................................................................................................................... 48
Viewing task information using the log .......................................................................................................................... 227
Update task statistics ...................................................................................................................................................... 71
Configuring Download updates task settings .................................................................................................................. 67
Shortcut menu
Using the context menu commands, you can perform the following actions:
Start – start the task.
Stop – stop the task.
Open execution log – view the last execution log.
Properties - view and configure update distribution settings and automatic start/stop settings for the task and
assign a user account to run the task.
DATABASE UPDATE ROLLBACK NODE
Before updating Kaspersky Anti-Virus databases, a backup copy is created of them. If the update download is interrupted
or produces an error, Kaspersky Anti-Virus automatically returns to using the previous version of the databases. In
addition, you can roll back the databases used by the application, for example, if they are corrupted.
If this is the case, the backup copy created before the last update will be used as the backup copy.
The Database update rollback system task enables you to restore the program's databases from a backup copy used
as the current version of Kaspersky Anti-Virus databases. When this task is run, the backup copy created before the last
update will be used as the backup copy. The administrator runs the task manually.
The Database update rollback node is for starting and stopping the Database update rollback tasks, and viewing
statistics on performance.
Management
The Management box contains the following information on the task:
Task status – current status of the task, for example Running or Stopped.
Start time – date and time that the task is started.
Stop time - date and time that the task will finish.
Task category:
System – built-in tasks included with the application.
Group – tasks that are created for the administration group that the protected server belongs to and sent to
the server using Kaspersky Administration Kit remote administration tools.
Page 78
A D M I N I S T R A T O R ' S G U I D E
78
The Open execution log link will open the task completion log.
SEE ALSO
Starting/pausing/resuming/stopping tasks manually ....................................................................................................... 48
SEE ALSO
Configuring update tasks................................................................................................................................................. 62
Using the context menu commands, you can perform the following actions:
Start – start the task.
Stop – stop the task.
Open execution log – view the last execution log.
APPLICATION DATABASE UPDATE: GENERAL TAB
This tab is used to configure Kaspersky Anti-Virus database update tasks. The task name is displayed in the upper part
of the tab. Using the fields provided below, from you can select an update source, the resource that contains the most
current set of updates.
Select one of the following options from the Updates source group of fields:
Kaspersky Administration Kit Administration Server: a shared folder on the Administration Server will be
used as an update source. For more details, see the Kaspersky Administration Kit 8.0 Administrator Guide.
You can only select this option if Kaspersky Lab applications on your network are administered using the
Kaspersky Administration Kit remote access system and if NAgent the Kaspersky Administration Kit component
that provides the connect between computers and Administrator Server - is installed on the protected server.
For more details, see the Kaspersky Administration Kit 8.0 Administrator Guide.
Kaspersky Lab's update servers: Kaspersky Lab web sites will be used as update sources, hosting database
and program module updates for all the company's products. This source is the default option.
Other HTTP, FTP servers or network resources: if HTTP or FTP servers or local servers or folders specified
by the user are used as the update source. If you select this option, you must create a list of sources with
current sets of updates. To do so, click the Edit button. If several resources are specified as update sources,
the application will attempt to connect to them one after another, starting from the top of the list, and retrieve the
updates from the first available source.
If the resources that you selected from the list are unavailable, the Kaspersky Lab update servers can be used as the
update source. To enable this feature, select the Use Kaspersky Lab's update servers if custom servers or network
folders are not accessible checkbox..
MODULES UPDATE: GENERAL TAB
This tab is used to configure Kaspersky Anti-Virus program module update tasks. The task name is displayed in the
upper part of the tab. Using the fields provided below, you can set:
update source - a resource hosting a current set of updates;
which updates are distributed and installed;
Page 79
U P D A T I N G K A S P E R S K Y A N T I - V I R U S B A S E S A N D A P P L I C A T I O N M O D U L E S
79
SEE ALSO
Configuring Application modules update task settings .................................................................................................... 68
the action that the system will take if Kaspersky Anti-Virus or the operating system needs to be restarted after
an update.
Select one of the following options from the Updates source group of fields:
Kaspersky Administration Kit Administration Server: a shared folder on the Administration Server will be
used as an update source. For more details, see the Kaspersky Administration Kit 8.0 Administrator Guide.
You can only select this option if Kaspersky Lab applications on your network are administered using the
Kaspersky Administration Kit remote access system and if NAgent the Kaspersky Administration Kit component
that provides the connect between computers and Administrator Server - is installed on the protected server.
For more details, see the Kaspersky Administration Kit 8.0 Administrator Guide.
Kaspersky Lab's update servers: Kaspersky Lab web sites will be used as update sources, hosting database
and program module updates for all the company's products. This source is the default option.
Other HTTP, FTP servers or network resources: if HTTP or FTP servers or local servers or folders specified
by the user are used as the update source. If you select this option, you must create a list of sources with
current sets of updates. To do so, click the Edit button. If several resources are specified as update sources,
the application will attempt to connect to them one after another, starting from the top of the list, and retrieve the
updates from the first available source.
If the resources that you selected from the list are unavailable, the Kaspersky Lab update servers can be used as the
update source. To enable this feature, select the Use Kaspersky Lab's update servers if custom servers or network
folders are not accessible checkbox..
In the Update settings field group, specify the settings to be used for distribution and installation of module updates.
In order to do this, select one of the following options:
Only check for available critical Program modules updates to receive notification of urgent program module
updates available on the update source. The updates will not download by themselves. You will receive a
notification if notifications are enabled for that event type. This is the default option.
Download and install critical Program modules updates to distribute and install urgent program module
updates. If you select this option, select the actions taken if the computer or program need to be restarted after
installation:
Select the Allow system reboot checkbox. Then the system reboot, if necessary to complete program
module updates, will be performed automatically immediately after installing the updates.
This checkbox must be deselected if applications running on the secure server should not be disrupted.
Uncheck the Allow system reboot box; the server operating system restart will then be postponed and you
can restart later if necessary.
Check Receive information about available Program modules updates to receive notifications about all Kaspersky
Anti-Virus program module updates available on the source. The updates will not download by themselves. You can
download them manually from the address specified in the message you receive. You will receive a notification if
notifications are enabled for that event type. This checkbox is selected by default.
Page 80
A D M I N I S T R A T O R ' S G U I D E
80
UPDATES DISTRIBUTION: GENERAL TAB
SEE ALSO
Configuring Download updates task settings .................................................................................................................. 67
This tab is used to configure the Update distribution system task. The task name is displayed in the upper part of the
tab.
The Update distribution task copies Kaspersky Anti-Virus database and program module updates from the specified
source and saves them in a local folder. You can us this folder as an update source for Anti-Virus installed on the
network and other Kaspersky Lab applications.
Select one of the following options from the Updates source group of fields:
Kaspersky Administration Kit Administration Server: a shared folder on the Administration Server will be
used as an update source. For more details, see the Kaspersky Administration Kit 8.0 Administrator Guide.
You can only select this option if Kaspersky Lab applications on your network are administered using the
Kaspersky Administration Kit remote access system and if NAgent the Kaspersky Administration Kit component
that provides the connect between computers and Administrator Server - is installed on the protected server.
For more details, see the Kaspersky Administration Kit 8.0 Administrator Guide.
Kaspersky Lab's update servers: Kaspersky Lab web sites will be used as update sources, hosting database
and program module updates for all the company's products. This source is the default option.
Other HTTP, FTP servers or network resources: if HTTP or FTP servers or local servers or folders specified
by the user are used as the update source. If you select this option, you must create a list of sources with
current sets of updates. To do so, click the Edit button. If several resources are specified as update sources,
the application will attempt to connect to them one after another, starting from the top of the list, and retrieve the
updates from the first available source.
If the resources that you selected from the list are unavailable, the Kaspersky Lab update servers can be used as the
update source. To enable this feature, select the Use Kaspersky Lab's update servers if custom servers or network
folders are not accessible checkbox.. In the Updates distribution settings field group, specify what updates to copy
and save in the local folder. In order to do this, select one of the following options:
Copy program databases updates: download only Kaspersky Anti-Virus database updates (selected by
default).
Copy critical Program modules updates: download only critical Kaspersky Anti-Virus program module
updates.
Copy application databases updates and critical Program modules updates: download database updates
and critical Kaspersky Anti-Virus program module updates.
Copy application databases and modules updates for Kaspersky Lab applications version 8.0: download
database updates and all program module updates available on the update source for Kaspersky Anti-Virus 8.0
applications, including Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition.
In the Local updates source folder field, specify the path to the local or network folder where the module and database
updates downloaded from the source will be saved. You may enter the path manually in UNC (Universal Naming
Convention) format or select the folder using the Browse button.
You should not select virtual drives created with the SUBST command or external network drives from the server as a
local update source. Use the full path to the resource.
Page 81
U P D A T I N G K A S P E R S K Y A N T I - V I R U S B A S E S A N D A P P L I C A T I O N M O D U L E S
81
SEE ALSO
Selecting update source, configuring connection with update source and regional settings ........................................... 62
Update source ............................................................................................................................................................... 375
UPDATE SERVERS WINDOW
The Update servers window is used to create a list of resources used as update sources if Custom HTTP, FTP-servers
or network folders is selected in Kaspersky Anti-Virus settings.
The list may contain the addresses of HTTP and FTP servers and addresses of network and local folders. If the
checkbox in front of the address is selected, the resource is used for updates.
During the update process, the program accesses resources strictly according to the list and will update from the first
available update source. The order of sources on the list can be changed using the Move up / Move down buttons.
You can edit the list using the Add, Edit, and Delete buttons.
CONNECTION SETTINGS TAB
The Connection settings tab displays the update source connection settings.
Specify the connection settings in the General settings section:
Check Use passive FTP mode if possible if you download the updates from an FTP server in passive mode.
It is assumed that the organization's local network uses a firewall and FTP server connections are made in
passive mode. For this reason, the box is checked by default. Deselect the checkbox if active FTP mode is
used.
In the Timeout (sec.) field, specify the wait time for a response from the update server. after which an attempt
will be made to connect with the next update server. This continues until a connection is successfully made or
until all the available update servers are attempted. The default wait time is 10 seconds.
If the program accesses update resources via proxy server, select the following checkboxes in the Updates source
connection settings field group:
Use specified proxy server settings to connect to Kaspersky Lab's update servers if you have opted to
update from the Kaspersky Lab servers, or if the Use Kaspersky Lab's update servers if custom servers or
network folders are not accessible checkbox is selected.
Use specified proxy server settings for custom servers, if Custom HTTP, FTP-servers or network folders
was selected as the update source.
Specify the means of establishing proxy server settings in the Proxy server settings section. In order to do this, select
one of the following options:
Automatically detect the proxy server settings, for example, if Web Proxy Auto-Discovery Protocol ( WPAD )
is used on the local network where the protected server is installed. This is the default option.
Use custom proxy server settings if you would prefer not detecting settings automatically. In the Address
field, enter either the IP address or the symbolic name of the proxy server and specify the number of the proxy
port used to update the application in the Port field.
Select the Bypass proxy server for local addresses checkbox if you plan to download updates from a local HTTP or
FTP servers.
Page 82
A D M I N I S T R A T O R ' S G U I D E
82
Select the authentication mode used when accessing the proxy server in the Proxy server authentication settings
SEE ALSO
Selecting update source, configuring connection with update source and regional settings ........................................... 62
Accessing proxy server when connecting to update sources ........................................................................................ 377
Proxy server settings ..................................................................................................................................................... 378
Authentication method used when accessing proxy server ........................................................................................... 379
SEE ALSO
Selecting update source, configuring connection with update source and regional settings ........................................... 62
Regional settings for optimization of updates retrieval (Protected server location) ....................................................... 380
section: To do so, select the needed value from the dropdown menu:
No authentication required if the proxy server does not authenticate users when it is accessed.
Use NTLM-authentication if NTLM-authentication is used when accessing the proxy server. If this is the case,
the privileges of the user account used to execute the update task will be used to connect to the proxy server.
Use NTLM-authentication by name and password if the user account used to execute the update task does
not have sufficient privileges for NTLM-authentication. In the User name field, select a user name with sufficient
privileges, either manually or from the list using the Browse button, and complete the Password field.
Use login name and password if NTLM-authentication cannot be used. Fill-in the User name and Password
fields.
If you select the Use NTLM-authentication by name and password or Use user account and password option and
the authentication is not successful, an attempt will be made to complete NTLM-authentication under the user account
being used to run the task.
In the Computer location section, specify the geographic location of the protected server. Choose the appropriate
country from the dropdown menu. These settings will determine the nearest Kaspersky Lab server for retrieving updates.
The Kaspersky Lab update servers are located in various parts of the world. Kaspersky Anti-Virus optimizes the update
load on the server by selecting the update server closed to it.
The default option selected is Detect automatically: the country is established using the regional settings of the
computer where Kaspersky Anti-Virus is installed (Start → Settings → Control Panel → Regional and Language
Options → Regional Settings → Location).
REGIONAL SETTINGS TAB
The Regional settings tab specifies the geographical location of the secure server. These settings determine the
nearest Kaspersky Lab server for retrieving updates.
The Kaspersky Lab update servers are located in various parts of the world. Kaspersky Anti-Virus optimizes the update
load on the server by selecting the update server closed to it.
The default option selected is Detect automatically: the country is established using the regional settings of the
computer where Kaspersky Anti-Virus is installed (Start → Settings → Control Panel → Regional and Language
Options → Regional Settings → Location).
To specify the geographical location of the server, select the necessary country from the Location dropdown menu.
Page 83
83
REAL-TIME PROTECTION
IN THIS SECTION
About real-time protection tasks ...................................................................................................................................... 83
Configuring Real-time file protection task ........................................................................................................................ 83
Selecting protection mode ............................................................................................................................................. 102
Using heuristic analyzer in Real-time file protection tasks............................................................................................. 103
Real-time file protection task statistics .......................................................................................................................... 104
Configuring Script Monitoring task ................................................................................................................................ 105
Script monitoring task statistics ..................................................................................................................................... 108
Dialog boxes: real-time protection ................................................................................................................................. 109
ABOUT REAL-TIME PROTECTION TASKS
Kaspersky Anti-Virus provides for two real-time protection system tasks: Real-time file protection and Script
monitoring. For more details about the Anti-Virus Real-time protection feature refer to the Real-time protection and on-
demand scan section (see page 14).
By default Real-time protection tasks are automatically started at Kaspersky Anti-Virus startup. You can stop or restart
these tasks and/or configure their schedule. You can also pause or resume real-time protection tasks if you need to
interrupt object scan briefly, for example for the time of data replication.
You can configure the Real-time file protection task (see section Configuring Real-time file protection task on page
83) – define the protection area and specify security settings for the selected nodes, apply trusted zone, and configure
heuristic analyzer.
When the Script monitoring task is running, the Kaspersky Anti-Virus controls execution of scripts created using
Microsoft Windows Script Technologies (or Active Scripting), for example, VBScript or JScript. Kaspersky Anti-Virus
blocks execution of scripts, which it recognizes as dangerous. If Kaspersky Anti-Virus detects a suspicious script, it will
perform the action that you have selected: allow or disallow its execution. To learn how to allow or disallow execution of
suspicious scripts see the section Configuring Script Monitoring task (see page 105).
CONFIGURING REAL-TIME FILE PROTECTION TASK
By default, Real-time file protection system task uses settings described in the table below. You can modify these
settings - that is configure this task.
After you modify the task settings (for example, specify a different protection area), Kaspersky Anti-Virus will immediately
apply new settings in the running task. In the task execution log it will record the date and time of settings modification
and task configuration before and after it was modified.
To configure the Real-time file protection task, perform the following steps:
1. Expand the Real-time protection node in the console tree.
2. Select the Real-time file protection child node.
Page 84
A D M I N I S T R A T O R ' S G U I D E
84
The server file resource tree and Security level (Standard mode) dialog box will be displayed in the Protection
scope (see figure below) tab.
3. Configure the task settings as necessary (see the table below).
4. Right-click the task name and select Save task from the context menu to save changes to the task.
Figure 27: Real-time file protection task is open
Page 85
R E A L -T I M E P R O T E C T I O N
85
SETTING
DEFAULT VALUE
DESCRIPTION
Protection scope
Entire server
You can restrict the protection scope (see page 85).
Security settings
Common settings for the
entire protection scope;
security level –
Recommended (see page 92).
With the nodes selected in the server file resources tree
you can perform the following operations:
select different pre-defined security level (see page
92);
manually change security settings (see page 143);
save security settings of the selected node as a
template to use them later for a different node (see
page 98).
Protection mode
On access and modification
You can select protection mode (see page 357), i.e.
define the type of access when Kaspersky Anti-Virus will
scan objects.
Heuristic analyzer
The Medium security level is
applied.
You can enable or disable the heuristic analyzer (see
page 372) and configure analysis level.
Trusted zone
Used
If you selected Add to
exclusions threats by mask
not-a-virus: RemoteAdmin*
and Add to exclusions files
recommended by Microsoft,
remote administration
RemoteAdmin programs and
files recommended by Microsoft
will be excluded.
A unified list of exclusions that you can apply to the
selected on-demand scan tasks and the Real-time file
protection task.
Creation and application of trusted zone (see page 175)
IN THIS SECTION
Protection scope in the Real-time file protection task ...................................................................................................... 85
Configuring security settings for the selected node ......................................................................................................... 92
Working with templates in Real-time protection tasks ..................................................................................................... 98
IN THIS SECTION
Defining protection scope in the Real-time file protection task ........................................................................................ 86
Pre-defined protection scopes ......................................................................................................................................... 87
Creating a protection scope ............................................................................................................................................ 90
About virtual protection scope ......................................................................................................................................... 90
Creating virtual protection scopes: adding dynamic drives, folders and files into protection scope ................................. 91
Table 9. Default Real-time file protection task setting
PROTECTION SCOPE IN THE REAL-TIME FILE PROTECTION TASK
Page 86
A D M I N I S T R A T O R ' S G U I D E
86
DEFINING PROTECTION SCOPE IN THE REAL-TIME FILE PROTECTION TASK
If the Real-time file protection task is executed with settings that have default values, Kaspersky Anti-Virus will scan all
objects of the server file system. If your security requirements allow to skip scanning of all objects, you can restrict the
protection scope.
In Kaspersky Anti-Virus console the protection scope is displayed as server file resources tree that Kaspersky Anti-Virus
can scan (see the figure below).
Server file resource tree nodes are displayed as follows:
The node is included into protection scope.
The node is excluded from protection scope.
At least one of the subnodes of this node is excluded from protection scope or security settings of the subnode(s)
differ from that of this node.
Note that the node will be marked with the icon if you select all subnodes but not the parent node itself. In this case
files and folders that do not appear in this node will not be automatically included into protection scope. To include them
into protection scope you can include their parent node into it. Alternatively you can create their virtual copies in
Kaspersky Anti-Virus console and add these objects to the protection scope.
Page 87
R E A L -T I M E P R O T E C T I O N
87
The names of virtual nodes in the protection scope are displayed in blue color.
Figure 28: Example of server file resources tree in the Kaspersky Anti-Virus console
PRE-DEFINED PROTECTION SCOPES
Once you open the Real-time file protection task, server file resources tree will be displayed in Protection scope tab
of the results pane (see the figure below).
Page 88
A D M I N I S T R A T O R ' S G U I D E
88
Example of server file resources tree in the Anti-Virus console.
The server file resources tree contains the following pre-defined protection scopes:
Hard drives. Kaspersky Anti-Virus scans files on the server's hard drives.
Removable drives. Kaspersky Anti-Virus scans files on removable media, for example on CDs or USB drives.
Network places. Kaspersky Anti-Virus scans files that are written into network folders or read from them by
applications running on the server. Kaspersky Anti-Virus does not scan files when such files are called to by
applications from other computers.
Virtual drives. You can include dynamic folders and files and drives that are temporarily connected to the
server into protection scope, for example, common drives of the cluster (create virtual protection scope).
Virtual drives created using a SUBST command are not displayed in the server file resource tree in the Kaspersky AntiVirus console. To include objects on virtual drive into protection scope, include server folder which this virtual drive is
associated with into protection scope.
Page 89
R E A L -T I M E P R O T E C T I O N
89
Connected network drives will not be displayed in the server file resources tree either. To include objects on network
drives into protection scope, specify path to the folder corresponding to this network drive in UNC format.
Figure 29: Example of server file resources tree in the Kaspersky Anti-Virus console
Page 90
A D M I N I S T R A T O R ' S G U I D E
90
CREATING A PROTECTION SCOPE
To create protection scope, perform the following steps:
1. Open the Real-time file protection task.
2. On the Configuring protection scope tab of the results pane, in the server file resource tree, perform the
following steps:
To exclude an individual node from the protection scope, expand file resource tree to display the node you
need and uncheck the box next to its name.
To select only the nodes you want to include into the protection scope, uncheck My computer box and
then perform one of the following operations:
If you wish to include all drives of one type into the protection area, check the box next to the name of
the required disk type (e.g., to add all removable drives on server, enable the Removable drives
checkbox);
If you want to include an individual disk of a certain type into protection scope, expand the node that
contains the list of drives of this type and check the box next to the name of the required drive. For
example, in order to select removable drive F:, expand node Removable drives and check the box for
drive F:;
If you would like to include only single folder on the disk into protection scope, expand server file
resource tree to display the folder you want to include into protection scope and check the box next to
its name. Using the same procedure you can also include files into protection scope.
3. Right-click the task name and select Save task from the context menu to save changes to the task.
You can start Real-time file protection task only if at least one of the server file resources tree nodes is
included into protection scope.
If you specify complex protection scope, for example specify different security setting values for multiple nodes
in the server file resource tree, this may somewhat slowdown object scan when they are accessed.
ABOUT VIRTUAL PROTECTION SCOPE
Kaspersky Anti-Virus can scan not only existing folders and files on hard and removable drives, but also drives that are
connected to the server temporarily, for example common cluster drives and folders and files that are dynamically
created on the server by various applications and services.
If you included all server objects into protection scope, all these dynamic nodes will automatically be included into
protection scope. However, if you would like to specify special values for security settings of these dynamic nodes or if
you selected not the entire server for real-time protection, but single areas, then to include dynamic drives, files or folders
into protection scope, you will have to first create them in Kaspersky Anti-Virus console - that is to specify virtual
protection scope. These drives, files and folders being created will exist only in Kaspersky Anti-Virus console, but not in
the file structure of the protected server.
If, while creating a protection area, you select all nested folders or files without selecting the parent folder, then all
dynamic folders or files which will appear in it will not be automatically included into the protected area. You should
create their virtual copies in Kaspersky Anti-Virus console and add them to protection scope.
About creation of a virtual protection area in the Real-time file protection task, see page 91.
About creation of a virtual protection area in the on-demand scan tasks, see page 138.
Page 91
R E A L -T I M E P R O T E C T I O N
91
CREATING VIRTUAL PROTECTION SCOPES: ADDING DYNAMIC DRIVES,
FOLDERS AND FILES INTO PROTECTION SCOPE
To add a virtual drive to the protection scope, perform the following steps:
1. In the console tree expand the Real-time protection node in the console tree and select Real-time file
protection subnode.
2. On the Configuring protection scope tab of the results pane, in the server file resource tree right-click the
Virtual drives node and select virtual drive name from the list of available names (see figure below).
Figure 30: Selecting a name for created virtual drive
3. Check box next to the drive added to include the drive into protection scope.
4. Right-click the task name and select Save task from the context menu to save changes to the task.
To add virtual folder or virtual file into protection scope, perform the following steps:
1. Expand the Real-time protection node in the console tree and select Real-time file protection subnode.
Page 92
A D M I N I S T R A T O R ' S G U I D E
92
2. Right-click the node, where you wish to add a folder or file in the Configuring protection scope tab of the
IN THIS SECTION
Selecting pre-defined security levels in the Real-time file protection task ....................................................................... 92
Configuring security settings manually in Real-time file protection task ......................................................................... 94
results pane in the server file resources tree and select Add virtual folder or Add virtual file from the context
menu (see the figure below).
Figure 31: Selecting the context menu item on the Configuring protection scope tab.
3. In the entry field specify name for folder (file). You can specify file name mask using special symbols * and ?.
4. In the line with the name of folder created (or file created) select the checkbox to include this folder (file) into
protection scope.
5. Right-click the task name and select Save task from the context menu to save changes to the task.
CONFIGURING SECURITY SETTINGS FOR THE SELECTED NODE
SELECTING PRE-DEFINED SECURITY LEVELS IN THE REAL-TIME FILE
PROTECTION TASK
You can apply one of the following pre-defined security levels for the nodes selected in the server file resources tree:
maximum speed, recommended and maximum protection. Each of these levels has its own set of security settings.
Setting values for pre-defined security levels are provided in the table further in this section.
Page 93
R E A L -T I M E P R O T E C T I O N
93
SETTINGS
SECURITY LEVEL
MAXIMUM SPEED
RECOMMENDED
MAXIMUM
PROTECTION
Scanned objects (see page 358)
By extension
By format
By format
Scan only new and changed files (see page
363)
Enabled
Enabled
Disabled
Action to be performed on infected objects
(see page 364)
Disinfect, delete if
disinfection is
impossible
Disinfect, delete if
disinfection is
impossible
Disinfect, delete if
disinfection is
impossible
Action to be performed on suspicious objects
(see page 366)
Quarantine
Quarantine
Quarantine
Excluding objects (see page 360)
No
No
No
Excluding threats (see page 361)
No
No
No
Maximum object scan time (see page 368)
60 sec.
60 sec.
60 sec.
Maximum size of scanned compound object
(see page 369)
8 MB
8 MB
Not set
Alternate NTFS threads scan (see page 358)
Yes
Yes
Yes
Drive boot sectors scan (see page 358)
Yes
Yes
Yes
Scanning compound objects (see page 364)
Packed objects*
* New and changed
objects only
SFX archives*
Packed objects*
Embedded OLE-
objects*
* New and changed
objects only
SFX archives*
Packed objects*
Embedded OLE-
objects*
* All objects
Maximum Speed
You can set the Maximum Speed security level on the server if, apart from the use of Kaspersky Anti-Virus on the
servers and workstations, there are additional computer security measures in your network, for example, firewalls are set
up, network user security policies are in place.
Recommended
The Recommended security level (set by default). This level was admitted by Kaspersky Lab's experts to be sufficient
for protection of file servers in most networks. It ensures optimum combination of protection quality and performance on
servers being protected.
Maximum Protection
Use this security level if you impose high requirements to the computer security in the network.
Table 10. Pre-defined security levels and
Note that Objects protection mode, Use iChecker, Use iSwift, Use heuristic analyzer and Checking files for
Microsoft signatures settings are not included into the settings of pre-defined security levels. If you change Objects
protection mode, Use iChecker, Use iSwift, Use heuristic analyzer or Checking files for Microsoft signatures
settings, the selected security level will not change.
Page 94
A D M I N I S T R A T OR' S G U I D E
94
To select one of the preset security levels, perform the following steps:
1. In the console tree expand the Real-time protection node and select the nested Real-time file protection
node.
2. On the Configuring protection scope tab of the results pane, in the server file resource tree select the node
which pre-defined security level you want to select for.
3. Make sure that this node is included into the protected area (see section Creating a protection scope on
page 90).
4. Using the Security level dialog box select a security level you wish to apply from the Security level box (see
the figure below).
5. The dialog box will display the list of security setting values corresponding to the security level you selected.
6. Right-click the task name and select Save task from the context menu to save changes to the task.
CONFIGURING SECURITY SETTINGS MANUALLY IN REAL-TIME FILE PROTECTION TASK
By default common security settings are used for the entire protection area in the Real-time file protection task. Their
values correspond to those of the Recommended pre-defined security level (see page92 ).
You can modify default values of security settings by configuring them as common settings for the entire protection
scope or as different settings for different nodes in the server file resource tree.
Figure 32: Security level dialog box
Page 95
R E A L -T I M E P R O T E C T I O N
95
The security settings that you configure for the selected node will be automatically applied to all of its subnodes.
However, if you configure security settings for a subnode separately, the security settings of the parent node will not
apply to it.
To configure security settings of the selected node manually, perform the following steps:
1. In the console tree expand the Real-time protection node and select the nested Real-time file protection
node.
2. On the Configuring protection scope tab of the results pane, in the server file resource tree select the node
which security settings you want to configure.
3. Press the Settings button in the bottom part of the dialog box.
The Security settings dialog box will be displayed.
For the selected node of the protection scope you can apply a predefined template containing security settings
(see page 98).
4. Configure the required security settings of the selected node in accordance with your requirements. To do this,
perform the following steps:
On the General tab (see the figure below) perform the following actions:
Under the Objects protection heading, specify whether Kaspersky Anti-Virus will scan all protection
areas or objects of certain formats or having certain extensions and whether Kaspersky Anti-Virus will
scan disk boot sectors and master boot records and alternative NFTS streams - scanned objects (see
page 358);
Under the Productivity heading, specify whether the Kaspersky Anti-Virus will scan all objects within
the selected area or new and changed only (see page363).
Page 96
A D M I N I S T R A T O R ' S G U I D E
96
Under the Compound objects protection heading, indicate which compound objects will be scanned
by Kaspersky Anti-Virus (see page 364).
Figure 33: General tab, the security settings window
In the Actions tab (see the figure below) perform the following actions:
Select action to be performed on infected objects (see page 364);
Select action to be performed on suspicious objects (see page 366);
Page 97
R E A L -T I M E P R O T E C T I O N
97
Select actions to be performed on objects depending on the threat type (see page 360).
Figure 34: Actions tab, the security settings window
In the Performance tab (see the figure below) perform the following actions:
Exclude from processing files according to name or mask (see page 360);
Exclude threats by name or mask from processing (see page 361);
Specify maximum scan duration for an object (see page 368);
Specify maximum size of scanned compound object (see page 369);
enable or disable iChecker technology (see page 369);
enable or disable iSwift technology (see page 370).
Page 98
A D M I N I S T R A T O R ' S G U I D E
98
IN THIS SECTION
Saving security settings to a template ............................................................................................................................. 98
Viewing security settings in a template ........................................................................................................................... 99
Applying a template ....................................................................................................................................................... 101
Deleting a template ....................................................................................................................................................... 102
Figure 35: Performance tab, the security settings window
5. After you have configured the required security settings, open the shortcut menu on the task name and select
the Save command in order to save the changes in the task.
WORKING WITH TEMPLATES IN REAL-TIME PROTECTION TASKS
SAVING SECURITY SETTINGS TO A TEMPLATE
After you have configured the security settings of any of the nodes in the server file resource tree for the Real-time file
protection you can save their values into a template in order to save apply it to any other node.
Page 99
R E A L -T I M E P R O T E C T I O N
99
To save the set of security setting values into a template, perform the following steps:
1. In the console tree expand the Real-time protection node in the console tree and select Real-time file
protection subnode.
2. On the Configuring protection scope tab of the results pane, in the server file resource tree select the node
which security settings you want to save.
3. Press the Settings button in the bottom part of the dialog box.
4. In the dialog box with protection area settings, on the General tab, click the Save as template button.
5. In the Template properties dialog, enter the name for the template in the Template name field (see
the figure below).
6. Enter additional template information in the Description field.
Figure 36: Template properties dialog box
7. Click OK. Template with the set of setting values will be saved.
VIEWING SECURITY SETTINGS IN A TEMPLATE
To view security settings in a template that you have created, perform the following steps:
1. In the console tree expand the Real-time protection node.
Page 100
A D M I N I S T R A T O R ' S G U I D E
100
2. Right-click the Real-time file protection task and select Settings templates from the context menu (see the
figure below).
Figure 37: Templates dialog box
3. The Templates dialog box displays a list of templates that you can apply to the Real-time protection task.
Loading...