KASPERSKY Anti-Virus Check Point Firewall Admin 5.5 User Manual

KASPERSKY LAB

Kaspersky Anti-Virus® 5.5 for Check PointTM Firewall-1®

Administrator's Guide

KASPERSKY ANTI-VIRUS ® 5.5 FOR CHECK POINTTM

FIREWALL-1

Administrator's Guide

http://www.kaspersky.com

Revision date: November, 2006

Table of Contents

CHAPTER 1. INTRODUCTION......................................................................................6

1.1. Computer viruses and malicious software............................................................6

1.2. Purpose, main functions and structure of Kaspersky Anti-Virus..........................8

1.3. What's new in version 5.5?.................................................................................10

1.4. Software and hardware requirements................................................................11

1.5. Distribution kit ...................................................................................................... 12

1.5.1. License Agreement.......................................................................................13

1.6. Services provided for registered users...............................................................13

1.7. Formatting conventions.......................................................................................13

CHAPTER 2. OPERATION OF KASPERSKY ANTI-VIRUS.......................................15

2.1. Deploying the application....................................................................................15

2.2. Deployment of anti-virus protection....................................................................15

2.3. Anti-virus protection system maintenance..........................................................17

CHAPTER 3. INSTALLING AND REMOVING THE APPLICATION..........................18

3.1. Installing the application......................................................................................18

3.1.1. First-time installation.....................................................................................19

3.1.2. Reinstalling the application...........................................................................22

3.2. Removing the application....................................................................................22

CHAPTER 4. INTEGRATION OF KASPERSKY ANTI-VIRUS WITH CHECK

CHAPTER 5. STARTING USING THE APPLICATION...............................................34

POINT

4.1. Registering Security Server with Check PointTM Firewall-1®.............................23

4.2. Obtaining a Security Server certificate................................................................32

5.1. Starting the application........................................................................................ 34

5.2. Application interface............................................................................................34

5.3. Creating the list of monitored servers................................................................. 37

5.4. Connecting the Management Console to the server.........................................38

5.5. Connecting the Security Server to Check PointTM Firewall-1®...........................39

5.6. Minimum required settings.................................................................................. 46

FIREWALL-1®............................................................................................23

5.2.1. Main application window .............................................................................. 34

5.2.2. Shortcut menu .............................................................................................. 36

4 Kaspersky Anti-Virus 5.5 for Check Point

Firewall-1®

5.7. Protection without additional configuration......................................................... 47

5.8. Verifying the application performance ................................................................ 48

5.8.1. Test “virus” EICAR and its modifications.....................................................48

5.8.2. Testing the HTTP traffic protection..............................................................49

5.8.3. Testing the SMTP traffic protection.............................................................. 49

5.8.4. Testing the FTP traffic protection................................................................. 50

CHAPTER 6. UPDATING THE ANTI-VIRUS DATABASE..........................................51

6.1. Downloading updates from the internet.............................................................. 54

6.2. Installing updates from a network folder.............................................................55

6.3. Automatic updates...............................................................................................56

6.4. Updating the anti-virus database in the manual mode.......................................57

CHAPTER 7. ANTI-VIRUS PROTECTION.................................................................. 58

7.1. Anti-virus objects processing .............................................................................. 60

7.1.1. Actions performed with objects transferred via HTTP protocol...................61

7.1.2. Actions performed with objects transferred via FTP protocol.....................62

7.1.3. Actions performed with objects transferred via SMTP protocol..................62

7.2. Anti-Virus protection level.................................................................................... 63

7.3. Enabling and disabling the anti-virus protection. Selecting the anti-virus

protection level...................................................................................................63

7.4. Scanning HTTP traffic......................................................................................... 65

7.5. Scanning FTP traffic............................................................................................70

7.6. Scanning SMTP traffic.........................................................................................73

7.7. Anti-virus scan efficiency.....................................................................................75

CHAPTER 8. BACKUP STORAGE.............................................................................. 79

8.1. Viewing the backup storage................................................................................ 80

8.2. Backup storage filter............................................................................................81

8.3. Restoring objects from the backup storage........................................................ 84

8.4. Deleting objects from the backup storage..........................................................86

8.5. Configuring the backup storage settings............................................................87

CHAPTER 9. REPORTS...............................................................................................89

9.1. Creating reports...................................................................................................91

9.2. Creating the report template ............................................................................... 92

9.3. Viewing reports....................................................................................................95

CHAPTER 10. APPLICATION EVENT LOG................................................................98

Table of Contents 5

10.1. Configuring the diagnostics level......................................................................99

10.2. Configuring log files settings ...........................................................................101

CHAPTER 11. LICENSE KEYS..................................................................................102

11.1. License information.........................................................................................104

11.2. License key details..........................................................................................105

11.3. License-related notifications............................................................................ 107

11.4. Installing the license key ................................................................................. 107

11.5. Removing a license key..................................................................................108

CHAPTER 12. NOTIFICATIONS................................................................................110

CHAPTER 13. FREQUENTLY ASKED QUESTIONS...............................................114

A.1.1.1. NOTIFICATION SETTINGS.......................................................................... 118

A.1.1.2. GLOSSARY.................................................................................................... 122

A.1.1.3. KASPERSKY LAB..........................................................................................126

A.2. Other Kaspersky Lab Products ........................................................................ 127

A.3. Contact Us.........................................................................................................134

A.3.1.1. LICENSE AGREEMENT................................................................................136

CHAPTER 1. INTRODUCTION

The main source of viruses today is the global Internet. Most virus infections happen via e-mail. The facts that almost every computer has e-mail client applications installed and that malicious programs are able to take a full advantage of software address books in order to find new victims are favorable factors for the distribution of malware. Without even suspecting it, the user of an infected computer is sending infected e-mail messages to his or her contacts, who, in turn, send new waves of infected messages and so on. It is not uncommon when infected files, due to someone's negli gence, enter commercial mailing lists of large companies. In this case, the virus will affect not just five, but hundreds or even thousands recipients of such mailings who then will send infected files to dozens thousands of their contacts.

It is now acknowledged that for some companies information has become a more important asset than their physical property or cash. At the same time, in order to gain profit through the use of the information, it has to be available to the company's employees, clients and partners. This raises the issue of data security and, as its important element, the issue of protection of the corporate mail servers against the external threats, preventing virus outbreaks within the corporate networks.

1.1. Computer viruses and malicious software

The constant growth in the number of computer users and new possibilities of data exchange between them via e-mail or internet result in the increased threat of virus infections and data corruption or theft by malicious computer programs.

In order to be aware of the potential threats to your computer, it is helpful to know what the types of malicious software (“malware”) are and how they work. In general, malicious programs fall into one of the following three categories:

• Worms – malicious programs that belong to this category use network resources for distribution. These programs were called "worms" due to their ability to tunnel from one computer to another, using networks, email and other channels. Due to this ability, worms can prolif erate extremely fast.

Worms penetrate a computer, determine IP addresses of other computers, and send copies of themselves to these computers. Apart from the network addresses, worms often use data contained in the address books of e-mail client applications installed on the infected machine. Sometimes worms create work files on disks, but they also can function without utilizing any resources of the infected computer except RAM.

Introduction 7

• Viruses –programs that infect other program s by adding their c ode to the infected program's code in order to gain control when infected files ar e run. This simple definition helps determine that the major action a virus performs is infecting computer programs. Viruses spread somewhat slower than worms.

• Trojan horses – perform unauthorized actions on infected computers, for instance, depending on the particular conditions, they can erase information on hard drives, "freeze" the system, steal confidential information, etc. In the strict sense, Trojan Horses are not viruses as they do not infect programs or data, and are unable to sneak independently into computers and are distributed by malicious users as some "useful" software. However, Trojans may inflict far greater damages compared to a regular virus attack.

Recently, worms have become the most widespread type of malware, followed by viruses and Trojans. Some malicious computer programs have characteristics of two or even all three of the above categories.

The following potentially dangerous types of malware have also become widespread:

• Adware - code that, without the user's knowledge, is included into a program's code in order to display advertising messages. As a rule, adware is integrated into freeware programs. The advertising component is located in the interface. Adware programs are often used to gather users' personal information and send it to the developer, change browser's settings (browser's home page, search page, security levels, etc.) and create traffic that is not controlled by the user. All this may lead to the infringement of the security policies and further to direct financial losses.

• Riskware - programs that are not supposed to perform any malicious functions, but contain security breaches and errors and therefore can be used by intruders as auxiliary components of malicious programs. This type of software includes, for example remote administration programs, IRC client programs, FTP programs and various utilities used for e nding or hiding running processes.

• Spyware - software used to obtain unauthorized access to user's data, for tracking actions performed on this computer or gathering information about the contents of the hard drive. Such programs help t he intruder not only gather information, but also gain control over the user's computer. Spyware programs are often distributed along with freeware and installed on the user's computer without the user's knowledge. This type of software includes keyboard spies, password hacking programs and software used for gathering confidential information (for example credit card numbers).

8 Kaspersky Anti-Virus 5.5 for Check Point

• Automatic dialers (Pornware) - programs that establish modem connection with various pay-per-visit internet (as a rule, pornographic) websites.

• Hacking tools - tools used by hackers to obtain access to the user's computer. This type of software includes various illegal vulnerability scanners, password hacking programs and other types of soft ware used to hack network resources or to obtain unauthoriz ed access to th e s ystem under attack.

Although malicious programs are distributed mainly via ema il and the Internet, a floppy disk or a CD can also be a source of infection. Therefore, the task of comprehensive protection against potential threats now extends far beyond simple regular scans for viruses, and includes the more co mplex task of real-time anti-virus protection.

Henceforth in the text of this Guide the term "virus" will be used to refer to viruses, Trojan Horses and worms. A particular type of malware will be mentioned only when it is required.

Firewall-1®

1.2. Purpose, main functions and structure of Kaspersky AntiVirus

Kaspersky Anti-Virus® for Check PointTM Firewall-1

as Kaspersky Anti-Virus) is a system that provi des anti-virus monitoring of files transmitted over HTTP, FTP and SMTP protocols via Check PointTM Firewall-1® firewall that ensures high quality protection of corporate networks against malware.

Kaspersky Anti-Virus is controlled using special user interface incorporat ed into Microsoft Management Console (hereinafter - MMC).

The application performs the following functions:

• performs anti-virus scan and processing of data streams transmitted via HTTP and FTP protocols. Depending on the settings, the application will skip or attempt to disinfect a malicious object, block acces s to it and notif y about detection of such objects.

• passes over disinfected files to the client that requested this HTT P or FT P stream.

• scans incoming and outgoing e-mail messages transmitted via SMTP protocol and all attached files for the presence of malic ious code in the realtime format. Depending on the settings selected, the application will pass infected messages, delete them or attach to them a warning message.

(hereinafter referred to

Introduction 9

• creates list of objects that will not be scanned for viruses.

• saves backup copies of objects to a special storage before disinfecting,

deleting or blocking the object for the consequent restoring which prevents the loss of data. Configurable filters allow to easily locate the original copies of objects.

• notifies user requesting an object that contains malicious code.

• notifies a bout the results of the anti-virus object scan, anti-virus database

updates, report creation, forthcoming expiration of the license and change of the application status by launching external progr ams including scripts written by the administrator. This feature allows the administrator to setup notifications about the above events in a most convenient way.

• updates the anti-virus database from internet or from the l ocal folder either in the manual or automatic mode. Internet updates can be performed from the Kaspersky Lab's FTP and HTTP internet servers.

Anti-virus scan and disinfection of infected objects are performed based on the records of the anti-virus database that contains description of all currently known viruses, methods used for the disinfection of objects infected with these viruses and description of potentially dangerous programs (riskware).

As new viruses are created daily, it is extremely important that you maintain your anti-virus database up-to-date.

The anti-virus database at the Kaspersky Lab's servers is updated on an hourly basis. We recommend that you upd ate your anti-virus database with the same frequency (see Chapter 6, page 51).

• Maintains events log and creates reports about the results of the antivirus scan on a regular basis. The application allows creat ing reports using built-in templates at the required time interval.

• Allows configuring application settings depending on the intensity and the nature of the traffic as well as the characteristics of the hardware installed (amount of RAM, speed, number of processors, etc.).

• Manages license keys

Kaspersky Anti-Virus 5.5 for Check Point

Firewall-1® includes the following

components:

• Security server that provides the anti-virus functionalit y and updating of the anti-virus database and includes administrative services for remote management, configuring and ensuring the integrity of the app lication and of the data stored.

• Management Console that provides the user interface for managing the administrative services of the application and allows installing the application, configuring settings and managing the server component. T he man-

10 Kaspersky Anti-Virus 5.5 for Check Point

Firewall-1®

agement module is implemented as the extension of the Microsoft Management Console (MMC).

1.3. What's new in version 5.5?

Kaspersky Anti-Virus 5.5 for Check PointTM Firewall-1® has the following distinctions from the previous version:

• Completel y revised intuitive graphical interfac e implemented according to the Microsoft Management Console standards. Using the new interface, the administrator can start using the application without the need to configure any preliminary settings. Additionally, this interface offers a wide range of options for configuring the customized application management environment that can be adapted to the conditions of any particular corporate network to the maximum possible extent.

• The use of extended set of the anti-virus database for scanning objects helps protect traffic not only against malware, but also against potentiall y dangerous programs (riskware), such as spyware, adware, automatic dialing programs, hacking software and joke programs.

• The possibility to select anti-virus protection levels has been implemented which enables the administrator to adjust the security level of the stream passing through the firewall and the Anti-Virus load during the scan.

• Configura ble filters allow to easily locate the origin al copies of objects for example for their subsequent restoration.

• A new feature has been added that allows user to scale the a pplication based on the number of processors installed on the computer on which the application is residing. In order to enhance the efficiency of the application (increasing the number of objects that can be analyzed at the same time) several instances of the anti-virus kernel can be launched and r un simultaneously.

• The possibility to control the size of the queue of the objects to be scanned allows a more precise control of the Anti-Virus load depending on the amount of data being scanned.

• A possibility to scan objects in RAM without using the disk subsystem has been added, which considerably incr eases the efficiency of the application.

• Due to the support of AMON and ELA protocols a deeper level of K aspersky Anti-Virus integration with Check Point achieved, which allows transferring information about Kaspersky AntiVirus operation and viewing it using standard Check Point tools.

• The logging capability has been drastically improved. T he application n o w allows logging registered events into the Microsoft Windows application

Firewall-1® has been

Firewall-1®

Introduction 11

log and in the application's logs. An ability to configure the degree of information completeness and the extent of detail has been added. Logs can be viewed using the Microsoft Windows Events Viewer tool and standard text editors, such as Notepad.

• An abilit y to create regular extended reports about the anti -virus scan results. Reports can be created either in the automatic mode or by the administrator's request. The reports maintaining system ensures fast, convenient and consistent method of accessing information using standard tools, such as for example, Microsoft Internet Explorer.

• Controlling the application from the command line is not supported.

1.4. Software and hardware requirements

Kaspersky Anti-Virus is used with Check PointTM Firewall-1® (versions NG, NG AI and NGX).

For the installation and operation of the ap plication c omp onents the s oft ware an d hardware of your computer must comply with the following minimum requirements:

Management server:

• Hardware requirements:

• processor Intel Pentium 300 MHz or higher;

• about 512 MB free RAM;

• about 20 MB of free disk space for the application installation

(not counting the size of the backup storage and other service folders);

• at least 1 GB of free disk space for t emporary storage of data copied from the internet before the anti-virus scan and for the backup files storage.

• Software requirements:

• Microsoft Windows 2000 Professional with Service Pack 4 or

higher installed;

• Microsoft Windows XP Professional Edition with Service Pack 2 or higher installed;

• Microsoft Windows 2000 Server with Service Pack 4 or higher installed;

• Microsoft Windows 2000 Advanced Server with Service Pack 4 or higher installed;

• Microsoft Windows Server 2003 Standard Edition or higher;

12 Kaspersky Anti-Virus 5.5 for Check Point

Firewall-1®

• Microsoft Windows Server 2003 Enterprise Edition or higher.

Management console:

• Hardware requirements:

• processor Intel Pentium II 300 MHz or higher;

• 256 MB RAM;

• 10 MB free disk space.

• Software requirements:

• Microsoft Windows 2000 Professional with Service Pack 4 or

higher installed;

• Microsoft Windows XP Professional Edition with Service Pack 2 or higher installed;

• Microsoft Windows 2000 Server with Service Pack 4 or higher installed;

• Microsoft Windows 2000 Advanced Server with Service Pack 4 or higher installed;

• Microsoft Windows Server 2003 Standard Edition or higher;

• Microsoft Windows Server 2003 Enterprise Edition or higher.

1.5. Distribution kit

You can purchase Kaspersky Anti-Virus either from our dealers (retail box) or online (for example, visit http://www.kaspersky.com and follow the E-Store link).

The retail box package includes:

• a sealed envelope with the installation CD containing the application files;

• User's Guide

• a license key on the installation CD or on a special diskette;

• License Agreement

Before you open the envelope with the CD make sure that you have carefully read the license agreement..

If you buy Kaspersky Anti-Virus online, you will have to download the applicatio n from the Kaspersky Lab's website. In this case, the distribution kit will include this Guide along with the application. The license key will be e-mailed to you upon the receipt of your payment.

Introduction 13

1.5.1. License Agreement

License Agreement is a legal contract between you and Kaspersky Lab Ltd., which contains the terms and conditions, on which you may us e the anti-virus product you have purchased.

Read the License Agreement carefully!

If you do not agree with the terms of the license agreement, you can return Kaspersky Anti-Virus to your dealer for a full refund. In this case, the envelope with the installation CD must remain sealed.

By opening the sealed envelope containing the i nstallatio n CD or b y installing th e product on your computer you accept all terms and conditions of the License Agreement.

1.6. Services provided for registered users

Kaspersky Lab Ltd. offers to all legally registered users an extensive service package enabling them to use Kaspersky Anti-Virus more efficiently .

After purchasing a subscription, you become a registered user and, dur ing the period of your subscription, you will be provided with the following services:

• you will be receiving new versions of the purchased software product;

• support on issues related to the installation, configuration and use of the

purchased software product. Services will be provided by phone or via email;

• information about new Kaspersky Lab products and about new viruses appearing worldwide (this service is provided to users who subscribe to the Kaspersky Lab's newsletter).

Support on issues related to the performance and the use of oper ating systems or other technologies is not provided.

1.7. Formatting conventions

Various formatting features and icons are used throughout this document depending on the purpose and the meaning of the text. The table below lists the conventions used in the text.

14 Kaspersky Anti-Virus 5.5 for Check Point

Format feature Meaning/Usage

Firewall-1®

Bold font

Note

Attention!

In order to perform,

Step 1. …

Task, example

Solution

[key] – modifier name.

Information messages and command line text

Titles of menus, menu items, windows, dialog boxes and their elements, etc.

Additional information, notes

Information requiring special attention

Description of the successive user's steps and possible actions

Statement of a problem, example of the demonstration of the application's capabilities

Implementation of the task

Command line modifier

Text of configuration files, information messages and command line

CHAPTER 2. OPERATION OF

KASPERSKY ANTI-VIRUS

Kaspersky Anti-Virus 5.5 for Check PointTM Firewall-1® acts as a filter: processes data, transferred over HTTP, FTP and SMTP protocols, identifies monitored objects, analyzes them for the presence of malicious code and bl ocks attempts of infected files and web documents to penetrate the local network.

2.1. Deploying the application

The structure of Kaspersky Anti-Virus 5.5 for Check PointTM Firewall-1® includes two components. The anti-virus functionality is performed by the server component, called the Security Server. The user interface is provided by the Management Console.

The process of Kaspersky Anti-Virus deployment is identic al for the local and the distributed Check Point

The Security Server component is a CVP server. It is integrated into the Check

Firewall-1® application in accordance with OPSECTM standards and by

Point default supports protected data transfer protocol.

The Security Server can be installed either on one com puter with Check Point Firewall-1® or on any other computer connected via a TCP/IP protocol with th e computer where Check Point

The Security Server installation option depends on the operating system installe d on the computer with Check Point system complies with the server component installation requir ements or on the traffic transferred via Check Point

It should be noted that when processing a large amount of data traffic, Kaspersky Anti-Virus may somewhat slow down the computer and this may affect the throughput of Check Point Security Server on a dedicated computer for networks with large amount of traffic.

Firewall-1® configuration.

Firewall-1® is installed.

Firewall-1®, on whether this computer

Firewall-1®.

Firewall-1®. Therefore we recommend installing the

2.2. Deployment of anti-virus protection

In order to create anti-virus protection system using Kaspersky AntiVirus 5.5 for Check Point

Firewall-1®:

16 Kaspersky Anti-Virus 5.5 for Check Point

Firewall-1®

1. Install the Security Server component on the computer that has a TCP/IP connection to the computer where the Check Point Firewall-1

application is installed. The installation is performed

from the installation CD.

If there are several Check PointTM Firewall-1® servers installed in the network, each server shall have its own Security Server component installed.

It is also possible to install several Security Server components to scan data received from a single Check PointTM Firewall-1® application. In this case, data distribution between the anti-virus servers will be performed by the firewall. The anti-virus scan results for each Security Server , namely,

• backup storage content;

• information included into the reports;

• the group of events registered in the Windows logs and in the

application’s logs;

will be provided only for objects forwarded to this Security Server by Check Point

Firewall-1®.

The number of instances of Kaspersky Anti-Virus installed in the network will be determined by the number of installed Security Servers.

2. Perform integration of Kaspersky Anti-Virus and Check Point

Firewall-1® (see Chapter 4, page 23) for each of the installed Security Servers.

3. Install the Management Cons ole on the com puter that h as a TCP/IP network connection with the computer on which the Securit y Server is installed. The Management Console provides a centralized access to all network resources from a single administrator’s workstation; therefore, it is sufficient to install this component on one computer only. However, if several administrators are working together, the Management Console can be installed on each administrator’s computer.

4. Create the list of monitored servers (see section 5.3, page 37).

5. Connect the Management Console to the servers (see section 5.4, page 38).

6. Configure settings for connecting to Check Point

Firewall-1® (see

section 5.5, page 39) for each server.

7. Configure the anti-virus protection system for each server:

Operation of Kaspersky Anti-Virus 17

• Fine-tune the anti-virus database update settings (see Chapter 6, page 51).

• Verify the correctness of the settings and of the Anti-Virus operation using a test "virus" EICAR (see section 5.8, page 48).

• Configure the event logs and reports settings (see Chapter 10, page 98 and Chapter 9, page 89).

• Configure notifications about the results of anti-virus object scan, anti-virus database updates, report creation, forthcoming expiration of the license, change of the application status (see Chapter 12 on page 110).

2.3. Anti-virus protection system maintenance

Maintaining the server anti-virus protection in the up-to-date state involves:

• updating the anti-virus database on a regular basis;

• reviewing the application work logs and anti-virus scan result reports.

CHAPTER 3. INSTALLING AND

REMOVING THE APPLICATION

Before the installation of Kaspersky Anti-Virus, make sure that the software and hardware of the computers used meet the installation requirements. The minimum allowable configuration is described in section 1.4, page 2.

For installation of Kaspersky Anti-Virus 5.5 for Check Point 1® the local administrator's rights are required for the computer on which the installation is performed.

Updating from previous versions of Kaspersky Anti-Virus for Check

Firewall to version 5.5 is not available.

Point

3.1. Installing the application

The setup wizard will offer you to install the application components of Kaspersky Anti-Virus 5.5 for Check PointTM Firewall-1®, Security Server and Management Console, on the computer on which the setup wizard is ru n. You can select either complete or custom installation of the application or repair an invalid installatio n of Kaspersky Anti-Virus.

After the Management Console is installed, Kaspersky Anti-Virus group and a shortcut icon to run it will appear in the Run/Programs menu in your computer.

The Security Server will be installed on your computer as a service with a set of attributes as follows:

• name - Kaspersky Anti-Virus 5.5 for Check Point

• launch – automatic;

• profile - Local system.

You can review the properties of the Security Server and monitor its operation using standard Microsoft Windows administration tool - Computer Management/Services. Information about the operation of the Security Server is registered and saved in the Windows application log on th e computer on whi c h the Security Server is installed and in the Kaspersky Anti-Virus application logs.

Firewall-1

Firewall-

;

Installing and removing the application 19

3.1.1. First-time installation

In order to install Kaspersky Anti-Virus, run the executable file from the installation CD. The installation process will be fac ilitated by the setup wizard. Setup wizard will offer you to configure the installation settings and start the installation. Following below is a detailed discussion of each step of the application installation.

The process of installation from the installation package received via internet is completely analogous to the installation from the installation CD.

Step 1. Verifying the version of the installed operating

system

Before the installation begins, the setup wizard will verify whether your computer complies with the minimum hardware and software requirements. If these requirements are not met, the installation will not be performed.

If you system does not comply with the software requirements, update your operating system to the required version, install all required Service Packs and start the installation of Kaspersky Anti-Virus one more time.

Step 2. Greeting and License Agreement

First steps of the installation process are standard and involve unpacking the required files from the distribution kit and copying them to the hard drive of your computer. After this, a greeting window and a window containing the License Agreement will open. Read the text of the License Agreement and accept terms and conditions contained therein to proceed with the installation.

Step 3. Selecting the type of the installation

During this step, select the installation type: complete or custom. In order to install on your computer both the Security Server and the

Management Console, select the Complete option. The application will be installed into the default folder (Program files\Kaspersky Lab\Kaspersky AntiVirus for Check Point

If you wish to install only one component of the application or to change the default installation folder, use the custom type of the installation. In this case, you will be offered to select the required component and specify path to the installation folder.

Firewall).

20 Kaspersky Anti-Virus 5.5 for Check Point

Firewall-1®

Step 4. Selecting application components to be installed

If you selected the custom installation option, specify application components to be installed on your computer. You can also change the default fold er into which they will be installed.

You can select either both components or only the Admini stration console to be installed. The Security server will not be installed without the Console.

By default, you will be offered to install both components (the Security Server and the Management Console) into the Program files\Kaspersk y Lab\Kaspersky Anti-Virus for Check Point

Firewall folder. If this folder does not exist, it will be created automatically. You can change the installation folder using the Bro wse button.

If your system does not comply with the minimum hardware or software requirements for the installation of the Security Server, you will be offered to install only the Management Console.

Note that the setup wizard will display reference information about the selected component and the disk space required for its installation.

Step 5. Selecting the data folder

During the installation of the Security Server, the setup wizard will create service folders and databases required for the application to work. These folders and databases include:

• temporary files and backup storage folders;

• folder to store the anti-virus database used by the application;

• reports storage folder;

• logs storage folders;

• backup storage database;

• report statistics database.

The data folder must be excluded from the scan scope of any anti-virus applications installed on your computer.

Specify the folder to store the service data. By default you will be offered to create folder Program files\Kaspersky Lab\Kaspersky Anti-Virus for Check

Point

Firewall\DataFolder. You can change the path to the folder using the

Browse button.

After the application is installed, you will be abl e to change the path to the data folder using the Kaspersky Anti-Virus Management Console, in the anti-virus protection settings window (the General tab of the Anti-Virus protection window). The new value will apply at the Security Server restart.

Installing and removing the application 21

Note that databases used by the application are created only once, during the installation of the Security Server.

If you decide change the application data folder, then i n order to ensur e the correct data transfer into the new folder, the entire content of the old folder shall be copied, including the subfolders structure a nd the names of the subfolders shall remain intact.

If the integrity of the data folder structure has been affected, the Security Server will not run and, consequently, Kaspersky Anti-Virus will not work.

Step 6. Launching the installation

After the settings are configured, launch the installation process. In order to do this, press the Install button. This will start the process of copying the application files to your computer.

Step 7. Installing license key

During the installation of the Security Server, you will be offered to install the license key for Kaspersky Anti-Virus 5.5 for Check PointTM Firewall-1®.

You can also install the license key later using the Management Console, however, note that without the license key the anti-virus functionality of the application will not be available and you will only be able to launch the Management Console.

During this step, Kaspersky Anti-Virus 5.5 for Check PointTM Firewall-1® license key will be installed. The license key is your personal "key" that contains all service information required for the full-featured functionality of the application and additional reference information, namely:

• support information (who is providing support and how you can get help);

• restriction on the number of workstations;

• the license name, number and expiration date.

Install the current license key in the window that will open. In order to do this, press the add button in the corresponding section. Specify the license key file (*.key) to be installed using the standard Windows Select file dialog box. As a result, the selected license key will be installed as the current license key for Kaspersky Anti-Virus.

You can use your license key used with the previous application vers ion

- Kaspersky Anti-Virus 4.0 as the license key for Kaspersky Anti-Virus

5.5 for Check Point

Firewall-1® if it is still valid.

You can also install a backup license key that will be activated automatically upon the expiry of the current license key.

22 Kaspersky Anti-Virus 5.5 for Check Point

If, at the time of the installation, you still do not have the license key (for example you ordered it from Kaspersky Lab via inter net but have not received it yet), you can install it later when you run the application for the first time using the Management Console. Note that without the license key you cannot start using Kaspersky Anti-Virus.

Firewall-1®

Step 8. Completing the installation

After the installation is complete, press the Finish button in the final window of the setup wizard.

3.1.2. Reinstalling the application

You have to reinstall Kaspersky Anti-Virus if the first-time ins tallati on appea red to be incorrect or if the executable files were corrupted during the operation.

In order to reinstall the application select the Repair option in the window that will open.

This will start reinstallation of Kaspersky Anti-Virus, which will use the same settings as the previous installation. For example, if the previous installation was a custom installation, then the reinstallation initiated by the Repair button will also be a custom type installation.

3.2. Removing the application

You can remove Kaspersky Anti-Virus for Check PointTM Firewall-1® from your computer using standard Windows Add/Remove Programs tool or the application distribution kit. This will remove all installed Kaspersky An ti-Virus components, namely the Security Server and the Management Console, from your computer.

In order to remove Kaspersky Anti-Virus for Check Point using the distribution kit:

run the executable file from the installation CD and select the Remove option in the window that will open.

Firewall-1®

CHAPTER 4. INTEGRATION OF

KASPERSKY ANTI-VIRUS WITH CHECK POINTTM FIREWALL-1®

The process of integration of Kaspersky Anti-Virus with Check PointTM Firewall-

is a standard procedure for OPSECTM applications and involves two steps:

1. Registration of the Security Server with Check Point as an OPSEC

2. Obtaining the Security Server certificate.

After Kaspersky Anti-Virus is integrated with Check Point the Security Server to Check Point

If traffic passing through the firewall is sent to several servers, each server must be integrated with Security Check PointTM Firewall-1®.

application.

Firewall-1®, connect

Firewall (see section 5.5, page 39).

4.1. Registering Security Ser ver with Check Point

Firewall-1®

Registering OPSECTM applications is described in detail in the Check PointTM Guides. Provided below is the procedure of configuring the settings that are specific to Kaspersky Anti-Virus. The configuration process must be perf ormed from the Check PointTM Firewall-1® management console (Check Point

SmartDashboard

In order to register the Security Server with Check PointTM Firewall-1® as an OPSEC

1. Create a new network object (Network Objects/New Nodes/Host)

application:

for the computer on which the Security Server is installed. Specify the network name and the IP address of this computer in the window that will open (see Figure 1)

24 Kaspersky Anti-Virus 5.5 for Check Point

Firewall-1®

Figure 1. Creating a Security Server network object

2. When creating a new object, that is an OPSECTM application (OPSEC

Application/New) in the General tab of the OPSECTM Application Properties settings configuration window (see Figure 2), perform the following:

• Using the Name entry field, enter the name of the OPSEC application that will be used for addressing to the Security Server of the Check Point

Firewall-1® services.

• Select the Security Server network object created earlier from Host the drop-down list;

Integration of Kaspersky Anti-Virus with Check PointTM 25

• In the Server Entities and Client Entities sections, select CVP, AMON and ELA as protocols supported by the application.

Configuring the protocols settings is not required. Kaspersky Anti-Virus uses the default Check Point Firewall-1

If the configuration of Check PointTM Firewall-1® interaction with OPSEC

settings.

applications is different from

the standard configuration, setup the settings as required.

Figure 2. Creating an OPSECTM application

26 Kaspersky Anti-Virus 5.5 for Check Point

3. Setup a secure connection of the Security Server to Chec k PointTM Firewall-1® (Secure Internal Communications). The following will be created as the result:

• key to obtain a Security Server certificate;

• a Security Server certificate;

• a Security Server SIC name (OPSEC

application’s SIC

name).

The Security Server SIC name will be displayed in the OP-

Application Properties window, in the DN field (sec-

SEC tion Secure Internal Communication).

4. Describe protocols that will be subject to the anti-virus scan.

Kaspersky Anti-Virus scans the data passing through the firewall via HTTP, FTP and SMTP protocols. Create the following:

• a URI resource for transferring the HTTP protocol data for scanning;

• an FTP resource for transferring the FTP protocol data for scanning;

• an SMTP resource for transferring the SMTP protocol data for scanning;

When describing the resources, specify the follo wing parameters in order to enable Check Point

to transfer data to the Anti-Virus to

perform the scan:

• to create URI, FTP and SMTP resources check the Use CVP (Content Vectoring Protocol) box on the CVP tab (see Figure

3) and select the name of the OPSEC

application

corresponding to the Security Server in the CVP server field;

Firewall-1®

Integration of Kaspersky Anti-Virus with Check PointTM 27

Figure 3. Creating a URI-resource.

The CVP tab

• to create an FTP resource check the GET and the PUT boxes in the Methods section on the Match tab (see Figure 4);

28 Kaspersky Anti-Virus 5.5 for Check Point

Figure 4. Creating an FTP resource.

The Match tab

• to create a URI resource, select the Enforce URI capabilities option in the Use this resource to section on the General tab (see Figure 5).

Firewall-1®

Integration of Kaspersky Anti-Virus with Check PointTM 29

Figure 5. Creating a URI resource.

The General tab

In order to increase the efficiency of the anti-virus scan, specify the following settings values on the CVP tab (see Figure 3):

• Check the CVP server is allowed to modify content box for URI-, SMTP- and FTP-resources.

This parameter controls the possibility of disinfection and replacement of objects detected during the anti-virus scan (see section 7.1, page 60).

If the box is not checked, disinfection (as well as replacement for HTTP and SMTP objects) will not be performed. Such objects will be identified as infected and blocked by Check

Point

Firewall-1®.

• Check the Send HTTP Headers to CVP server box for the URI resource and the Send SMTP Headers to CVP server box - for the SMTP resource.

30 Kaspersky Anti-Virus 5.5 for Check Point

• Select the Return data before content is approved option in the Reply Order section for URI, SMTP and FTP resource.

This parameter determines the possibility of early data transfer to the user before this data is scanned (see section 7.4, page

65).

If this option is not selected for the URI and FTP resources, then early data transfer will not be performed during the scan of objects transferred over HTTP and FTP protocols.

Please take into account the following restrictions when creating a SMPT resource:

• the size of messages redirected by Check Point

wall-1

for the anti-virus scan displayed in the Do not send mail larger than field on the Action2 tab (see Figure 6);

• the size of messages passing through Check Point

Firewall-1

(Network Objects/ Check PointTM /Advanced/SMTP) displayed in the Don’t accept mail larger than field (see Figure 7).

The specified values must match the traffic parameters. Messages with the size exceeding the restrictions will not be processed by Check Point

Firewall-1® and, therefore, will not be submitted to the anti-virus scan and will not delivered to the user.

Firewall-1®

Fire-

+ 111 hidden pages