KASPERSKY LAB
Kaspersky Anti-Virus for Microsoft
ISA Server 2004/2006 Enterprise
Edition
ADMINISTRATOR'S
GUIDE
KASPERSKY A NTI-VIR U S F O R M I C ROSOF T ISA SER VER
200 4 / 2 006 EN TERP R I S E EDITI O N
Administrator's Guide
Kaspersky Lab
http://www.kaspersky.com
Revision date: March, 2009
Contents
CHAPTER 1. KASPERSKY ANTI-VIRUS® FOR MICROSOFT ISA SERVER
2004/2006 ENTERPRISE EDITION ........................................................................... 5
1.1. Hardware and software requirements ............................................................... 6
1.2. Distribution kit ................................................................................................... 7
1.3. License Agreement ........................................................................................... 8
1.4. Services provided for registered users .............................................................. 8
CHAPTER 2. TYPICAL DEPLOYMENT SCENARIOS ............................................... 9
CHAPTER 3. INSTALLING THE APPLICATION ...................................................... 11
3.1. Configuring Microsoft ISA Server before installing the application ................... 11
3.2. Installing Kaspersky Anti-Virus® ...................................................................... 12
3.2.1. First installation ........................................................................................ 13
3.2.2. Reinstalling............................................................................................... 19
3.3. Upgrading ....................................................................................................... 20
CHAPTER 4. USING KASPERSKY ANTI-VIRUS® FOR ISA SERVER.................... 22
4.1. Connecting to a Server Array .......................................................................... 22
4.2. Default scan settings....................................................................................... 24
4.3. Managing scans ............................................................................................. 26
4.3.1. Configuring general settings of anti-virus scans ........................................ 28
4.3.2. Configuring Anti-Virus settings for individual servers ................................ 37
4.3.3. Managing client groups ............................................................................ 42
4.3.4. Specifying policies for anti-virus scanning................................................. 46
4.4. Updating the anti-virus database..................................................................... 53
4.4.1. Scheduled updating of the anti-virus database ......................................... 56
4.4.2. On-demand updating ............................................................................... 57
4.4.3. Updating on individual servers.................................................................. 57
4.5. Configuring user notifications .......................................................................... 58
4.6. Testing Kaspersky Anti-Virus® operation......................................................... 59
4.7. Application statistics and diagnostics .............................................................. 59
4.7.1. Recording and viewing statistics ............................................................... 60
4 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
4.7.2. Notifying the administrator using ISA Server Alerts ................................... 62
4.7.3. Configuring diagnostics options for the application ................................... 63
4.8. Restrictions that apply to using Kaspersky Anti-Virus ...................................... 65
4.9. Using the application without connecting to the configuration server ............... 66
4.10. Managing license keys ................................................................................. 67
4.10.1. Installing a new license key .................................................................... 67
4.10.2. Renewing your license ........................................................................... 69
4.10.3. Removing a license key ......................................................................... 70
CHAPTER 5. FREQUENTLY ASKED QUESTIONS ................................................ 71
APPENDIX A. GLOSSARY ...................................................................................... 78
APPENDIX B. KASPERSKY LAB ............................................................................. 79
APPENDIX C. LICENSE AGREEMENT ................................................................... 82
Note:
The interface for managing Kaspersky Anti-Virus for Microsoft ISA Server can be
installed on a workstation for remote administration of the product.
CHAPTER 1. KASPERSKY ANTI-
VIRUS® FOR MICROSOFT
ISA SERVER 2004/2006
ENTERPRISE EDITION
Kaspersky Anti-Virus® for Microsoft ISA Server 2004/2006 Enterprise Edition (hereafter, also Kaspersky Anti-Virus®) is a system of anti-virus protection
of files transferred using the HTTP and FTP protocols via the Microsoft Internet
Security and Acceleration Server. It ensures reliable protection of corporate networks from penetration of malicious software.
Kaspersky Anti-Virus® for Microsoft ISA Server acts as a filter that intercepts
packets transferred via the HTTP and FTP protocols, isolates controlled objects
from this data, analyzes them for the presence of viruses, and prevents infected
files and Web documents from penetrating a corporate network.
The program includes data stream filters and the anti-virus kernel.
The filters are integrated into Microsoft ISA Server as plug-ins, and the anti-virus
kernel is installed into the system as a service.
The anti-virus protection settings are managed through a special interface, which
is a snap-in for Microsoft Management Console (hereafter referred to as MMC).
The application performs the following functions:
Anti-virus protection and processing of data streams received from the
Internet.
Generation of data streams from disinfected files and the delivery of
these streams to the client upon request.
Blocking the download of data streams if disinfection fails.
Scheduled and manual updating of the anti-virus database via the Inter-
net.
6 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Note:
Kaspersky Anti-Virus does not protect data transferred via other protocols and
VPN connections.
Note:
The application does not work with Microsoft ISA Server Standard Edition.
Logging of statistics about program performance and displaying the re-
sults using standard Microsoft Windows tools.
Management of license keys.
In addition, Kaspersky Anti-Virus® for Microsoft ISA Server allows the administrator to:
Set parameters for anti-virus protection and for user notifications about
dangerous events.
Create groups of clients based on their network addresses. For exam-
ple, you can use the existing administration division to define anti-virus
policy settings for each of the groups created. This can significantly
speed up the scanning process.
Create a list of trusted servers for one or several groups of users; the
traffic from these servers will be excluded from anti-virus scanning.
Create a list of object types excluded from anti-virus protection.
Kaspersky Anti-Virus® supports the following data transfer protocols:
HTTP 1.0 and 1.1 (RFC 2616);
FTP (RFC 775, 959, 2389, Extensions to FTP);
FTP over HTTP.
1.1. Hardware and software
requirements
Software requirements for Kaspersky Anti-Virus:
Kaspersky Anti-Virus for Microsoft ISA Server operates in integration with Micro-
soft Internet Security and Acceleration (ISA) Server 2004 Enterprise Edition or
Microsoft Internet Security and Acceleration (ISA) Server 2006 Enterprise Edition
installed under the Microsoft Windows Server 2003 operating system.
Kaspersky Anti-Virus ® for Microsoft ISA Server 7
Note:
The amount of free disk space required to temporarily store data downloaded
from the Internet before an anti-virus scan starts depends on the density of traffic
processed by Microsoft ISA Server. As a rule, 200 MB is enough but if traffic is
heavy and files downloaded are too large, more space can be required.
Note:
Before you unseal the envelope containing the CD, be sure to thoroughly review
the license agreement.
To use Kaspersky Anti-Virus® for Microsoft ISA Server, your computer must meet
the following minimum requirements:
Pentium III processor running at 733 MHz or higher.
512 MB RAM.
At least 50 MB hard disk space for installation of the program.
At least 200 MB hard disk space for temporary storage of the queue of
objects copied from the Internet before scanning for viruses.
1.2. Distribution kit
You can purchase Kaspersky Anti-Virus® for Microsoft ISA Server either from our
distributors (retail box) or online at one of our Internet shops (for example,
www.kaspersky.com – select the E-store link).
The retail box includes:
a sealed envelope with an installation CD containing files for the soft-
ware product;
administrator's guide;
a license key written on a floppy disk or included into the distribution
package;
license agreement.
If you buy Kaspersky Anti-Virus® for Microsoft ISA Server online, you download
the installation file of the product from the Kaspersky Lab web site. This installa-
tion file includes this Administrator’s Guide and the license key. The license key
can also be sent to you by e-mail after receiving your payment.
8 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Warning!
Make sure you read the License Agreement!
Note:
Support on issues related to the performance and the use of operating systems
or other technologies is not provided.
1.3. License Agreement
The License Agreement is a legal agreement between you and the manufacturer
(Kaspersky Lab) describing the terms on which you may employ the anti-virus
product which you have purchased.
If you do not agree to the terms of this LA, you can return the unused product to
your Kaspersky Anti-Virus® dealer for a full refund, making sure the envelope
containing the CD is sealed.
If you unseal the envelope or install the program, you are considered to have
agreed to all the terms of the LA.
1.4. Services provided for registered
users
Kaspersky Lab Ltd. offers to all legally registered users an extensive service
package enabling them to use Kaspersky Anti-Virus more efficiently.
After purchasing a subscription, you become a registered user and, during the
period of your subscription, you will be provided with the following services:
you will be receiving new versions of the purchased software product;
support on issues related to the installation, configuration and use of the
purchased software product. Services will be provided by phone or via
email;
information about new Kaspersky Lab products and about new viruses
appearing worldwide (this service is provided to users who subscribe to
the Kaspersky Lab's newsletter).
Note:
You can install separate components of Kaspersky Anti-Virus® by manually installing the application (see Chapter 3 on page 11).
CHAPTER 2. TYPICAL
DEPLOYMENT SCENARIOS
A typical scenario for management of server applications implies remote administration from a computer with an installed administration console (the remote
management component).
The scenario requires that all the components of Kaspersky Anti-Virus application must be installed on the Microsoft ISA Server computer, and the Kaspersky
Anti-Virus administration console has to be deployed on the administrator’s
workstation. The computer that runs the administration console of Kaspersky
Anti-Virus® for ISA Server must only have the Microsoft ISA Server administration tools installed.
The following Kaspersky Anti-Virus® filters can be integrated into the Microsoft
ISA Server system:
Kaspersky Anti-Virus FTP Filter.
Kaspersky Anti-Virus Web Filter.
After Kaspersky Anti-Virus® is installed, you will be able to manage the above
filters through the Microsoft ISA Server Administration interface.
Figure 1 shows the scheme used for processing the initial data streams that are
common for all possible Kaspersky Anti-Virus® deployment scenarios.
10 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Figure 1. Processing of data streams by Kaspersky Anti-Virus
Warning!
To avoid disabling anti-virus protection of servers, make sure that the FTP
Access Filter is activated.
CHAPTER 3. INSTALLING THE
APPLICATION
To install the Kaspersky Anti-Virus® correctly, you should first configure properly
FTP Access Filer, a standard filter for Microsoft ISA Server.
If you also use Microsoft ISA Server 2004 Service Pack 2, you need to enable
the support for decompressing HTTP objects.
3.1. Configuring Microsoft ISA
Server before installing the
application
Microsoft ISA Server provides a standard filter for controlling data packets received via the FTP protocol: FTP Access Filter. The status of this filter affects the
performance of Kaspersky Anti-Virus for Microsoft ISA Server.
Data stream filters are controlled from the standard console tree of ISA Server
Management.
To configure FTP Access Filter:
In the console tree of the ISA Management main window, select the
Microsoft Security and Acceleration Server 2004/2006\<Server
name>\Configuration\Add-Ins node and click the Application Filters
tab.
If the filter is disabled, you will see the icon in the list.
Sometimes, third-party filters are used in conjunction with standard Microsoft ISA
Server filters. However, these additional filters can affect the performance of the
anti-virus application if their settings prevent the initial data from entering the
Kaspersky Anti-Virus® filters.
If you want to use the remote administration feature of Kaspersky Anti-Virus, you
must additionally enable a TCP connection between the remote administration
12 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Warning!
To remotely manage Kaspersky Anti-Virus, the remote machine should have the
right to administrate Microsoft ISA Server. This is regulated by a built-in system
policy of the Microsoft ISA Server Remote Management\Microsoft Management
Console (MMC).
Note:
Before installing Kaspersky Anti-Virus, we recommend that you uninstall antivirus applications for Microsoft ISA Server of other vendors because mutual operation of miscellaneous anti-virus applications might cause compatibility issues.
application console and the computer where the Microsoft ISA Server is installed.
For this, the application installer automatically creates the rule Allows Kas-
persky Anti-Virus for Microsoft ISA Server Remote Management. By default,
this rule is inactive after installation.
By default, the rule remains disabled during installation and so the administrator
can analyze it in the console of Microsoft ISA Server before activating it.
In addition, to ensure correct interaction between Kaspersky Anti-Virus and Microsoft ISA Server 2004 Service Pack 2, you should enable in ISA Server settings the option that allows decompression of traffic before its submission for
processing by the Web filters (support for compressed content).
In order to enable the support,
In the console tree of the ISA Management main window, select the Microsoft
Security and Acceleration Server 2004\<Server
name>\Configuration\General node and then click the Define HTTP Compression Preferences link in the right window part. In the HTTP Compression
window that opens after that go to the Content Inspection tab and enable the
Decompress incoming packets to allow ISA Server Web filters to inspect
the content checkbox.
3.2. Installing Kaspersky Anti-Virus
The installation procedure for Kaspersky Anti-Virus® for Microsoft ISA Server is
standard for most Microsoft Windows applications.
The installation application can be run locally on Microsoft ISA Server or remotely, by establishing a terminal session. You can select complete installation or
custom installation and restore an Anti-Virus configuration in the case of an incorrect installation.
®
Installing the application 13
Warning!
Kaspersky Anti-Virus installation requires a connection with a configuration server!
Moreover, to install Kaspersky Anti-Virus the account used for product setup
must have server administrator privileges on the target computer being also able
to administrate the configuration of Microsoft ISA Server.
Note:
If errors occur during installation, please contact the Technical Support service
(http://www.kaspersky.com/support).
Warning!
If you want to install the administration console of Kaspersky Anti-Virus® for Microsoft ISA Server on a computer, make sure that Microsoft Windows 2000 (with
Service Pack 4 and higher) and Microsoft ISA Server administration tools are
installed on this computer!
During installation of Kaspersky Anti-Virus, certain errors might occur preventing
correct product setup. To avoid such errors, make sure before installation that
your server meets all hardware and software requirements (see section 1.1 on
page 6).
3.2.1. First installation
Step 1. Welcome and License Agreement dialog boxes
The Kaspersky Anti-Virus® setup wizard starts with the Welcome and License
Agreement dialog boxes. The License Agreement dialog box contains the text
of the License Agreement. To proceed with the installation, read the agreement
thoroughly and accept its terms.
Step 2. Selecting installation options
At this stage, the program offers two installation options: complete installation or
custom installation (Fig. 2). If you are installing the entire Kaspersky Anti-Virus®
application (anti-virus kernel, administration tools, etc.) on a Microsoft ISA Server
computer, select complete installation.
If you want to install a separate component of Kaspersky Anti-Virus®, select cus-
tom installation. For example, if you want to remotely manage Kaspersky AntiVirus®, install only the administration console on the administrator’s workstation.
14 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Figure 2. Selecting the Setup Type
Step 3. Selecting the application components to be installed
In this stage, you select the Kaspersky Anti-Virus® components to be installed on
your computer (see Fig. 3).
Installing the application 15
Note:
To speed up anti-virus scanning and handling objects, we recommend that you
specify four anti-virus engines per one physical processor. Thus, for example,
the recommended number of anti-virus kernels running on two physical processors is eight.
Figure 3. Selecting the administration console to install
You can also click the Change… button to specify a different destination folder
for the selected components.
Step 4. Configuring the anti-virus protection settings
In this installation step, you must define the anti-virus protection settings that will
be used as default values (Fig. 4). The following settings can be adjusted:
File system folder for storing the scan queue. This folder should meet
the minimum requirements for free disk space for temporarily storing
data copied from the Internet before anti-virus scanning (see section 1.1
on page 6).
Folder for storing the anti-virus database that is used to detect and dis-
infect viruses.
Folder for storing temporary files created by the program during its op-
eration.
Number of anti-virus kernel instances running simultaneously.
16 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Number of queued objects.
Each of the above parameters has a default value. To change the default values,
click the corresponding buttons or enter data into the corresponding fields.
Figure 4. Default settings for the application
Immediately after this stage is completed, the program will start copying files to
your computer. Microsoft ISA Server services will be automatically restarted1.
Step 5. Completing the setup
In this step, the wizard informs you that Kaspersky Anti-Virus has been successfully installed.
You can also run a wizard for automatic installation of application license keys by
selecting the corresponding box (see Figure 5). If this check box is selected, after
the installation completes, a dialog box opens (see Figure 6) in which you can
add/install a license key file.
1
Microsoft ISA Server services will not start if they have been stopped before Kaspersky
Anti-Virus installation.
Installing the application 17
Warning!
Without an installed license key, Kaspersky Anti-Virus will not scan traffic and the
anti-virus database will not be updated.
It is possible to install license keys after the application is installed (see section 4.9 on page 66).
Figure 5. Completing the setup procedure
18 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Warning!
Please keep in mind that the anti-virus protection of Microsoft ISA Server will
remain disabled until synchronization with the configuration server is complete
and the Microsoft ISA Server services are restarted.
Warning!
After Kaspersky Anti-Virus installation to a single server, you should synchronize
Microsoft ISA Server with its configuration server and replicate data between all
configuration servers (if there are several of them). Only then you will be able to
proceed with the installation of Kaspersky Anti-Virus to the next server in the
array. Otherwise the application may be deployed incorrectly.
Figure 6. Selecting the license key
After setup completion the installer will display a window containing information
about synchronization of the local copy of Microsoft ISA Server configuration with
the configuration server of the array. If the process does not complete successfully the administrator has to wait until synchronization is complete and restart
the Firewall service of Microsoft ISA Server manually.
After setup you can start the administration console of Kaspersky Anti-Virus using the main Microsoft Windows menu (Start Programs Kaspersky Anti-
Virus 5.6 for Microsoft ISA Server 2004/2006 Enterprise Edition).
Installing the application 19
Warning!
After Kaspersky Anti-Virus installation to a single server, you should synchronize
Microsoft ISA Server with its configuration server and replicate data between all
configuration servers (if there are several of them). Only then you will be able to
proceed with the installation of Kaspersky Anti-Virus to the next server in the
array. Otherwise the application may be deployed incorrectly.
Warning!
If you are deploying the application on a server array, all the servers in it must
have identical versions (Kaspersky Anti-Virus 5.6 for Microsoft ISA Server
2004/2006 Enterprise Edition) installed. The administration console cannot control servers with other installed versions of Kaspersky Anti-Virus.
Note:
All the configuration parameters of Kaspersky Anti-Virus 5.6 for Microsoft ISA
Server 2004/2006 Enterprise Edition (including license keys) are preserved and
replicated between the servers of a Microsoft ISA Server array using internal
mechanisms of Microsoft ISA Server 2004 Enterprise Edition and Microsoft ISA
Server 2006 Enterprise Edition. Please see the documentation for Microsoft ISA
Server 2004 Enterprise Edition and Microsoft ISA Server 2006 Enterprise Edition
for details on configuration management.
3.2.2. Reinstalling
Kaspersky Anti-Virus for ISA Server must be reinstalled if the first installation of
the application was incorrect or if you want to install a component of Kaspersky
Anti-Virus®.
To correctly install the anti-virus application, select Repair in the dialog box that
appears on your screen (Fig. 7).
In this case, the setup wizard will repeat the previous installation procedure.
Thus, if the previous installation was a custom type, after you select Repair, the
reinstallation procedure will also be performed in custom mode.
20 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Figure 7. Selecting the reinstallation mode
3.3. Upgrading
If your server has Kaspersky Anti-Virus 5.5 installed, you can upgrade it to version 5.6.
If your server has application version 5.5 installed:
Run the installer to upgrade it to version 5.6 (please see section 3.2 on
page 12 for details). The installer will detect the earlier version and up-
grade it preserving the application settings and setup type (complete or
custom).
If you are upgrading Microsoft ISA Server 2004 Enterprise Edition to Microsoft
ISA Server 2006 Enterprise Edition, Kaspersky Anti-Virus stops functioning. This
behaviour is caused by the fact that the upgrade procedure of Microsoft ISA
Server does not preserve the registration of third-party filters.
If your server has application version 5.5 installed, then after Microsoft ISA Server upgrade:
Run the installer (please see section 3.2 on page 12 for details). The in-
staller will detect the earlier version and upgrade it preserving the appli-
cation settings and setup type (complete or custom).
Installing the application 21
If your server has application version 5.6 installed, then after Microsoft ISA Server upgrade:
Select in Microsoft Windows Control Panel the Add or Remove Pro-
grams → Kaspersky Anti-Virus 5.6 for Microsoft ISA Server
2004/2006 and click the Repair button in its properties.
CHAPTER 4. USING KASPERSKY
ANTI-VIRUS® FOR ISA
SERVER
After the application is installed and the Microsoft ISA Server services are restarted, Kaspersky Anti-Virus is ready for work as all the required parameters
have been already set.
Kaspersky Anti-Virus can be managed locally or remotely.
Please note that remote management requires enabled access to the server via
the following protocols:
Protocols listed in the standard system policy of Microsoft ISA Server
that Allows remote MMC management from selected computers.
Access via those protocols is allowed by adding a remote computer to
that system policy.
Remote administration protocol of Kaspersky Anti-Virus for Micro-
soft ISA Server. Access via the protocol is enabled by a special firewall
rule created by Kaspersky Anti-Virus installer.
4.1. Connecting to a Server Array
When the administration console starts, you see a window for connecting to a
configuration server (Fig. 8). Specify the following:
Computer on which the configuration server is installed:
Local computer
Another computer. Enter the computer name or click Browse… to
specify a computer on your network.
Account:
Use credential of currently logged-in user.
Use different credentials. If you select that option, you will have to
specify the information of the account that will be used to
access the configuration server (user name, domain, and password).
Using Kaspersky Anti-Virus® for ISA Server 23
Note:
f the configuration server is unavailable, anti-virus protection is not disabled (see
section 4.9 on page 66 for details).
Figure 8. The Connection window
In the next window (see Fig. 9), select the array of servers, which will be
managed.
Figure 9. Selecting a server array
24 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
The connection settings are automatically saved after the connection to a server
array is established for the first time. Next time, you need to enter only the password for the specified user account.
After connection is established, the application tree displays a list of all available
Microsoft ISA Server arrays. To connect to another array, expand the application
node in the console (see Fig. 10), select Connect in the results pane and specify
required settings. You can also use the same option on the Action menu or on
the shortcut menu of the Kaspersky Anti-Virus for Microsoft ISA Server
2004/2006 Enterprise Edition node.
Figure 10. Connecting to a server array
4.2. Default scan settings
You can configure scan settings on the tabs of the Properties of Kaspersky
Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition dialog box.
The following are the default scan settings:
The HTTP tab defines settings that regulate the application perfor-
mance (see section 4.3.1.2 on page 32 for more detail) and messages
sent to the client (see section 4.5 on page 57). The following are the de-
fault scan settings:
Disinfect HTTP traffic – enabled
Maximum scanning duration before sending data to client, sec – 30
seconds.
Using Kaspersky Anti-Virus® for ISA Server 25
Maximum time span between chunks of data sent to the client, sec
– 10 seconds.
Data not sent to the client before scan completes, % – 10 %.
Enable partial content download – enabled.
Error messages sent to the client.
<html>
<head>
<title>Kaspersky Anti-Virus for Microsoft ISA
Server</title>
</head>
<body>
<h1>Kaspersky Anti-Virus for Microsoft ISA
Server</h1>
<p>Internal Scanner Error "%ERR_TEXT%"
(%ERR%)</p>
</body>
</html>
Message sent to the client about detection of a malicious object:
<html>
<head>
<title>Kaspersky Anti-Virus for Microsoft ISA
Server</title>
</head>
<body>
<h1>Kaspersky Anti-Virus for Microsoft ISA
Server</h1>
<p>The requested URL "%URL%" is infected with
%VIRUSNAME% virus</p>
</body>
</html>
The FTP tab (see section 4.3.1.3 on page 36 for more detail) contains
information about data received by the server before the first chunk of
data is sent to the client, KB – 128 KB.
The Anti-Virus tab (see section 4.3.1.1 on page 29) displays scan set-
tings:
Scan archives
Scan compressed executable files
On this tab, you can also define the type of the anti-virus database used by
the application.
The Licensing tab (see section 4.9 on page 66) displays the number of
days the administrator will be notified about the license expiry. The
26 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
number of days is set in the Notify about license expiration field and it is
seven days by default. The administrator is notified by messages dis-
played in the system log on the computer running Kaspersky Anti-Virus®
for ISA Server.
The Updating tab (see section 4.4 on page 53) defines the source of
updates for the anti-virus database, the settings and frequency of its
updating. By default, updating is performed every three hours. The up-
date server is randomly selected from the list.
The Antivirus tab (see section 4.3.2 on page 37 for details) in the server
properties dialog box lists a set of folders for Kaspersky Anti-Virus® for ISA
Server working data:
Folder for storing anti-virus databases:
…/Program Files/Kaspersky Lab/Kaspersky Anti-Virus for ISA
Server/bases
Folder for scan queue:
…/Program Files/Kaspersky Lab/Kaspersky Anti-Virus for ISA
Server/TaskQueue
Folder for temporary files:
…/Program Files/Kaspersky Lab/Kaspersky Anti-Virus for ISA
Server/Temp
Number of queue items cached in memory – 128 objects.
Cached item buffer size – 128 KB.
Number of anti-virus engines running simultaneously – 4.
Number of engines reserved for scanning "fast" items – 1.
Scan queue size – 1024 objects.
Maximum scan time – 1800 seconds.
4.3. Managing scans
The scanning process is managed using the Kaspersky Anti-Virus® for ISA Servers main window shown in Fig. 11.
In the console tree, each node corresponding to a server consists of the following
branches: Servers, Groups and Policies.
The view of branches on the right side of the main window can be customized.
By default, all application branches and possible manipulations with them are
displayed as Taskpad view. You can change the view to Advanced by selecting
Using Kaspersky Anti-Virus® for ISA Server 27
the corresponding item from the shortcut menu. To open the shortcut menu,
right-click the corresponding node in the Kaspersky Anti-Virus application
node2 (Fig. 12).
Figure 11. The main window of Kaspersky Anti-Virus for Microsoft ISA Server
2
Below, the description of the elements of the scan management dialog box refers to
their Taskpad view.
28 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Figure 12. Shortcut menu
To configure management settings, use the following capabilities of Kaspersky
Anti-Virus®. With these you can:
Edit general Kaspersky Anti-Virus settings common for a whole server
array including all anti-virus scanning policies (see section 4.3.1 on
page 28).
Edit the general scan settings for each server on which Kaspersky Anti-
Virus® is installed (see section 4.3.2 on page 37).
Create and manage groups of clients that can be supervised using
common policies (see section 4.3.3 on page 42).
Set up new rules for anti-virus protection different from the default rules.
The new rules are added by creating new policies (see section 4.3.4 on
page 46). In the new policy, you can redefine the settings for traffic fil-
tering and then assign a group of users to the policy created.
4.3.1. Configuring general settings of anti-
virus scans
You can modify and customize the anti-virus scanning settings in accordance
with specific requirements of your corporate environment.
To edit general settings of anti-virus scanning:
In the Kaspersky Anti-Virus® main window (Figure 11), select Edit Kas-
persky Anti-Virus settings to open the Properties of Kaspersky An-
ti-Virus for Microsoft ISA Server dialog box.
General settings of anti-virus scanning are specified on the Anti-Virus, HTTP
and FTP tabs. Further we shall examine them closely.
Using Kaspersky Anti-Virus® for ISA Server 29
Note:
General settings will apply to all servers of an array. Please see section 4.3.2 on
page 37 for details of individual server configuration.
Note:
The license key status displayed on the General tab (see Figure 13) can differ
from its actual status if the key has been blocked by Kaspersky Lab. The real
status of a license key is shown in the server properties window (see Figure 18).
License key status can be different on each server; it depends upon the antivirus database version that a server uses.
4.3.1.1. General settings
The General tab (see Figure 13) displays general information about Kaspersky
Anti-Virus: version of the administration console and brief license information
(license owner, expiry date and license key status).
30 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Note:
If the tool for extracting archives is disabled, the archives will be scanned as
normal files. In this case, the program will detect only those viruses that have
penetrated the archived file.
Figure 13. The General tab
The Anti-Virus tab (see Figure 14) displays the settings of Kaspersky AntiVirus® common for a whole server array. Let us examine their values closely.
If you want to enable extracting and scanning of archives, check the
Scan archives box.
Using Kaspersky Anti-Virus® for ISA Server 31
Note:
If the tool for extracting archives is disabled, the archives will be scanned as
normal files. In this case, the program will detect only those viruses that have
penetrated the archived file.
Note:
When scanning multi-volume archives, Kaspersky Anti-Virus scans each of the
volumes as a separate object. In this case, the application can detect malicious
code only if one of the volumes contains the entire piece of code. If a virus is
divided into separate parts, during partial data loading, the anti-virus application
will be unable to detect it. In this case, there is a possibility that malicious code
can propagate after the object restores its integrity.
Note:
Multi-volume archives can be scanned after they are saved on the hard disk by
other Kaspersky Lab applications, for example, Kaspersky Anti-Virus for Windows File Servers.
32 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Warning!
Kaspersky Anti-virus does not scan password-protected archives!
Note:
As for archives, if this option is disabled, executable files will be scanned as uncompressed. The program will detect only those viruses that have penetrated the
compressed file.
Figure 14. The Anti-Virus tab
If you want to scan compressed executable files, check the Scan com-
pressed executable files box.
Since all these modes increase the load on your computer resources during antivirus scans, this can delay sending files to the client.
In the lower part of the tab, you can select the anti-virus database that will be
used to detect viruses:
Using Kaspersky Anti-Virus® for ISA Server 33
Warning!
The use of the extended and redundant databases may cause false alarms, for
example, during downloading the software for additionally protecting the PC.
These can be remote administration programs that have no installer.
Standard databases (viruses only) – the application will use the data-
base containing descriptions of all currently known viruses and methods
of their detection and eradication. This is a default option.
Extended databases (viruses + RiskWare) – in addition to virus signa-
tures, the database contains descriptions of the so-called riskware, i.e.
the applications that known to be potentially vulnerable to hacker at-
tacks, unauthorized access, etc.
Redundant database (viruses + RiskWare, SpyWare, AdWare) – the
application will use the most complete version of the database. In addi-
tion to the above-described database, this version contains descriptions
of spy applications (SpyWare) and applications used to broadcast unso-
licited advertisements (AdWare).
Spy application allow unauthorized users to get access to personal information, such as web browser history, passwords, bank accounts, etc., and
send it to interested parties.
The so-called AdWare installed together with other software displays advertisements in new browser windows, thereby impelling the user to visit the
website of the advertiser. This software may irritate users and lead to increasing the company’s total traffic.
The default option for Kaspersky Anti-Virus® is to use the standard anti-virus
database. The extended and redundant databases are used to provide the highest-level protection for data. The use of these databases increases the load on
your system required to scan the data.
4.3.1.2. Settings for HTTP scanning
On the HTTP tab (Fig. 15), you can modify settings for scanning HTTP traffic and
set restrictions for processing data transferred via the HTTP protocol. Here you
can also edit messages sent to the clients.
In the upper three fields, specify the settings for HTTP scanning:
Select the Disinfect HTTP traffic check box if you want Kaspersky An-
ti-Virus to cure an infected object upon its detection;
34 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Note:
Kaspersky Anti-Virus can disinfect only the files transferred via HTTP protocol.
When an infected file is detected transferred via the FTP protocol, Kaspersky
Anti-Virus blocks access to the infected object without attempts to disinfect it.
Warning!
Upon the second request for the same file, the client will be notified that the requested file is infected only if the time span between the first and the second
requests is 100 seconds or less. This version of the application does not support
modification of that parameter.
Enter the maximum delay time for a chunk of data scanned by the ap-
plication in the Maximum scanning duration before sending data to
client, sec field. This field specifies the time limit for scanning data. Af-
ter the limit is reached, scanned data is converted into a stream and
sent to the client that requested it. This parameter affects the way in-
fected objects are treated after they are detected:
If infected code had been detected before the first chunk of data
containing a part of this file was sent to the client, the client receives a disinfected file.
If infected code was detected after the first chunk of data containing
a part of this infected file had been sent to the client, the program
terminates the connection. Upon the second request for this file,
the client will be immediately notified that the requested file is infected.
Using Kaspersky Anti-Virus® for ISA Server 35
Warning!
The value of this field cannot exceed the value of the Maximum scanning dura-
tion before sending data to client, sec field.
Figure 15. The HTTP tab
Specify the time span for sending the next chunk of data to the client
upon request in the Maximum time span between chunks of data
sent to the client, sec field.
Set the percentage of data accumulated by Kaspersky Anti-Virus® for
subsequent analysis and scanning in the Data not sent to the client
before scan completes, % field.
The Enable partial content download checkbox enables/disables partial downloading of data in cases, for example, of an Internet connection failure when
downloading a file.
36 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Warning!
Note that Kaspersky Anti-Virus can detect malicious code only if the entire code
is contained in any part of the object that is being partially downloaded. If an object is divided into parts during downloading and pieces of virus code are contained inside these parts, the virus might spread after the object integrity is restored.
Warning!
Note that Kaspersky Anti-Virus can detect malicious code only if the entire code
is contained in any part of the object that is being partially downloaded. If an object is divided into parts during downloading and pieces of virus code are contained inside these parts, the virus might spread after the object integrity is restored.
For more information about the fields for editing messages sent to the client, see
section. 4.5 on page 58.
At any time during editing the current settings, you can return to default settings
by clicking the Set default values button.
4.3.1.3. Settings for FTP scanning
On the FTP tab (Fig. 16), you can modify settings for scanning Microsoft ISA
Server data transmitted via FTP.
In addition to the anti-virus protection mode, you can specify the amount of data
transmitted via the FTP protocol and collected by the server for subsequent
analysis. After the server receives the specified amount of data, the data is sent
to the client. The maximum value of this field is 1024 Kb.
The Enable partial content download checkbox enables/disables partial down-
loading of data in cases, for example, of an Internet connection failure when
downloading a file.
While editing the current settings, you can return to the default values at any time
by clicking the Set default values button.
Using Kaspersky Anti-Virus® for ISA Server 37
Figure 16. The FTP tab
4.3.2. Configuring Anti-Virus settings for
individual servers
To view a list of servers on which Kaspersky Anti-Virus is installed, expand the
Servers node in the right part of the window (see Figure 17). For each server,
you can view the name and version of Kaspersky Anti-Virus installed on this
computer.
38 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Figure 17. The Servers window of Kaspersky Anti-Virus
To configure anti-virus settings for an individual server:
In the results pane of the Kaspersky Anti-Virus console (see Figure 17),
select the target server and click Edit server settings.
In the new window, the General tab (see Figure 18) displays general information
about the server:
Server name
Version of the anti-virus application
The status of Anti-Virus engines
License expiration date
License key status
Application mode
Number of records in the anti-virus database
Date of the last database update.
Using Kaspersky Anti-Virus® for ISA Server 39
Warning!
For the changes in the path to the scan queue to take effect, you should restart
the Microsoft ISA Server Control service and the Kaspersky Anti-Virus service.
Figure 18. The General tab
On the Settings tab (see Figure 19), you can edit the configuration of Kaspersky
Anti-Virus for an individual server.
In the three fields located in the upper part of the tab, you can edit the default
paths to the Kaspersky Anti-Virus® working folders. These folders are used to
store:
The anti-virus database that is used during anti-virus scanning.
Temporary files. When protection of archives and compressed executa-
ble files is enabled, Kaspersky Anti-Virus® places the extracted files in
the temporary folder. After scanning, the temporary files are deleted.
The scan queue. Here the program places objects that are to be
scanned, being scanned, or those that have been scanned and are
ready for delivery to the client.
40 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Warning!
Kaspersky Anti-Virus® for Microsoft ISA Server can be used in combination with
other programs providing for anti-virus protection of the file system of your computer. In such case, correct operation of Kaspersky Anti-Virus® for Microsoft ISA
Server requires that its folders for the scan queue and temporary files should be
excluded from scans performed by these additional programs.
Figure 19. The Settings tab
In the lower part of the tab, you can specify the following settings affecting the
Kaspersky Anti-Virus performance:
Number of queue items cached in memory
Cached item buffer size, KB
Using Kaspersky Anti-Virus® for ISA Server 41
Warning!
For the changes in the number of queued objects cached in memory and the
buffer size for cached object to take effect, you should restart the Microsoft ISA
Server Control service and the Kaspersky Anti-Virus service.
Note:
You can select up to 32 anti-virus engine instances to be run simultaneously. It is
recommended that you run four anti-virus kernels on one physical processor.
Note:
The number of queued objects can range from 1 to 16383. The default value is
1024.
Warning!
If the queue is full, a new object will not be scanned. It will be flagged as clean
and sent to the client.
Number of anti-virus engines running simultaneously
To enhance the efficiency in processing large amounts of data, Kaspersky
Anti-Virus® can simultaneously run several anti-virus engine instances. By
default, four anti-virus kernels are formed and run simultaneously during application startup.
Number of engines reserved for scanning "fast" items.
In this field, you can specify the number of anti-virus kernel instances reserved for scanning some categories of HTTP traffic (the so-called “fast”
traffic). This allows you to decrease the time spent by Kaspersky Anti-Virus
to scan large objects.
The following types of objects can be classified as HTTP traffic “fast” objects:
Text files of size less than 2 MB
Graphic files of size less than 2 MB
Other objects (excluding executable files) of size below 256 KB.
Scan queue size. In this field, specify the maximum number of objects
that can be placed to a working directory for objects queued for anti-
virus scanning.
42 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Note:
The number of queued objects can range from 1 to 16383. The default value is
1024.
Warning!
In case of multiple simultaneous connections (more than 1000) with an HTTP or
FTP server, the time for scanning some of the queued objects might exceed the
server timeout. In this case, the connections to the server will be terminated, and
all objects will not be delivered to the clients.
Note:
You can set a value ranging from 1 to 86400 seconds, inclusive. The default value is 1800.
Warning!
If an object is not scanned during the specified time, it will be flagged as clean
and sent to the client.
Note:
During installation, the application automatically creates the default user and
default user group, because at least one user group is required for Kaspersky
Anti-Virus operation.
Note:
All Microsoft ISA Server clients that do not belong to any group are assigned to
the default group.
Maximum scan time, sec. In this field, specify the maximum time al-
lowed for scanning a single object.
You can always restore the default settings by clicking the Set default values
button.
On the Diagnostics tab, you can specify the diagnostic detail level displayed in
logs (see section 4.7.3 on page 63).
4.3.3. Managing client groups
Each group includes local network clients; each client can be a member of one or
several groups. The same policy can be applied to different groups.
Using Kaspersky Anti-Virus® for ISA Server 43
Note:
All Microsoft ISA Server clients that do not belong to any group are assigned to
the default group.
Warning!
The default user and user group cannot be deleted!
If a client is a member of several groups, it is scanned for viruses using settings
for the group with the mildest rules of anti-virus protection.
An example is a client belonging both to the Accountant Department group for
which these chunks of data are scanned, and to the Administrators group for
which these chunks of data are excluded from scanning. In this case, an antivirus scan of this client will be performed with the settings for the Administrators
group.
In the present version of Kaspersky Anti-Virus®, clients are defined by their IP
address or a range of IP addresses. Clients with a specified IP address can be
computers with pre-set network services and static IP addresses, for example,
mail servers. For network clients that do not have static IP addresses, you can
create one client and specify the subnet address and subnet mask.
To switch to the list of groups, select Manage groups in the Kaspersky AntiVirus® main window (Figure 11). The Groups dialog box of Kaspersky Anti-
Virus clients will appear on your screen (Fig. 20).
A similar action is invoked when you click the Groups node in the server tree.
The administrator can rename existing groups, change their descriptions, create
new groups, and delete old groups.
44 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Figure 20. The Manage groups of Kaspersky Anti-Virus clients dialog window
To create a new group of clients
1. Select the Create group option.
2. In the Create a Group dialog box (Fig. 21), enter the name and
description of the new group.
3. In the next dialog box (Fig. 22), click Add clients …
4. In the Clients dialog box, either select a client from the list of existing
clients or create a new client by clicking New…
5. If you select New…, you will see the Client Properties dialog box. In
this dialog box, fill in the Client name field and select one of the following options:
One IP address to add a client with a static IP address.
Subnet to add a client specified by a subnet mask.
Range of IP addresses to specify a range of IP addresses for a
client.
Using Kaspersky Anti-Virus® for ISA Server 45
Figure 21. Creating a new group
6. After the new clients are included in a group, click Finish to finish
creating a group.
Figure 22. Adding clients to a new group
46 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Note:
The default policy is assigned to the newly created group.
Note:
If you delete an existing client, information about this client is deleted only from
the group you are currently editing.
Note:
During installation, the application automatically creates the default policy, because at least one policy is required for Kaspersky Anti-Virus operation.
Warning!
The default policy cannot be deleted!
Note:
Only one policy can be assigned to each group. For example, the Administra-
tors policy is assigned to the Administrators group; no other policy can be as-
signed to this group.
To change the description and names of clients in a group:
Select the required group in the Manage groups of Kaspersky AntiVirus clients dialog window (Fig. 20) and click Edit group properties.
This will open the Group properties dialog box. On the General tab of this dialog box, change the name and description of the group. On the Clients tab, you
can add a client or delete an existing client from the group.
To delete a group:
Select the required group in the Manage groups of Kaspersky AntiVirus clients dialog box (Fig. 20) and click Delete a group.
4.3.4. Specifying policies for anti-virus
scanning
A specific policy can be assigned to each group of clients. The anti-virus policies
define additional settings of filtering incoming traffic for different groups of clients,
thus increasing the speed of anti-virus scanning.
Using Kaspersky Anti-Virus® for ISA Server 47
To switch to the list of policies:
Select Manage policies in the Kaspersky Anti-Virus® main window
(Figure 11). You will see the Manage Kaspersky Anti-Virus policies
dialog box (Fig. 23).
You can also go to the policy management window selecting the Policies node
in the server array tree.
Figure 23. The Manage Kaspersky Anti-Virus policies dialog box
To create a new policy:
1. Click Create policy.
2. In the Create a Policy dialog box (Fig. 24), enter the name and a
description of the policy.
3. In the next dialog box (Fig. 25), click Add group and select a group of
clients to be assigned to the new policy.
4. In the Add Trusted Servers to a Policy dialog box (Fig. 26), click Add
server to specify trusted servers. The incoming traffic from these
servers will be excluded from anti-virus scanning. In the Trusted Server
dialog box (Fig. 30), enter the description of the server and its
properties (see section 4.3.4.1 on page 50 about trusted servers). After
the list of trusted servers is complete, click Next.
48 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
5. In the next dialog window (Fig. 27), click Add object type to add a type
of object to be excluded from anti-virus scanning (see section 4.3.4.2 on
page 52 for more details).
6. After the list of trusted object types is complete, click Finish.
Figure 24. Creating a new policy
Figure 25. Adding a group of clients
Using Kaspersky Anti-Virus® for ISA Server 49
Figure 26. Adding trusted servers
Figure 27. Adding an object type
50 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Figure 28. The General tab
Figure 29. The Groups tab
Note:
After a policy is deleted, all groups of clients assigned to this policy are automatically assigned to the default policy.
To edit policy settings:
In the Manage Kaspersky Anti-Virus policies dialog box (Fig. 23), se-
lect the policy and click Edit policy settings.
On the General tab of the new Policy properties dialog box (Fig. 28), you can
rename the policy and change its description.
On the Groups tab (Fig. 29), you can change the list of groups assigned to this
policy, add a new group to the list of groups, or remove group from the list.
On the Servers tab and the Object Types tab, you can edit the list of trusted
servers and objects excluded from scans for this anti-virus policy.
To delete a policy:
In the Manage Kaspersky Anti-Virus policies dialog box (Fig. 23), se-
lect a policy and click Delete policy.
4.3.4.1. Managing a list of trusted servers
For each policy, the administrator can specify a list of trusted servers. The incoming traffic from these servers is excluded from anti-virus protection. This list
Using Kaspersky Anti-Virus® for ISA Server 51
only contains names of servers from which traffic cannot contain any malicious
objects. The larger the list of trusted servers is, the less Kaspersky Anti-Virus®
intrudes into the data streams requested by the clients of the groups assigned to
this policy.
The list of trusted servers can be managed from the Servers tab of the Policy
properties dialog box.
When a new trusted server is added to the list, the program opens the Trusted
Server dialog box (Fig. 30). Here you can configure settings for this trusted server by specifying one of the following items:
Server domain name.
Server IP address.
Subnet.
Range of IP addresses.
Figure 30. Adding a trusted server
52 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Note:
The list of objects excluded from scanning contains BMP, GIF, and PNG files by
default.
If you do not want Kaspersky Anti-Virus to scan objects in streaming transfers of
audio and video broadcasts, exclude from the scanning scope objects of these
types: Adobe Flash video, Windows Media Streaming Protocol object and
QuickTime video.
To delete a trusted server from the list, click the corresponding button on the
Servers tab.
4.3.4.2. Creating a list of objects excluded from
scans
Just like the list of trusted servers, definition of the types of objects excluded from
anti-virus scanning reduces the load on Microsoft ISA Server.
The list of object types is managed from the Object Type tab of the Policy
properties dialog box. When a new type is added by pressing the Add object
type… button, the Object Type dialog box appears (Fig. 31).
Figure 31. Adding types of objects
The Trusted zone policy is created by default when installing Kaspersky AntiVirus. This policy includes a list of domains and object types, which most probably will not impact the network security if excluded from the scan by Anti-Virus
(for example, Microsoft Corporation and Kaspersky Lab domains, Adobe Flash
Video, Windows Media Streaming Protocol and JPEG objects).
When installed, the Trusted zone policy applies to requests issued by any
network user. It may be edited or deleted if necessary.
Using Kaspersky Anti-Virus® for ISA Server 53
Note:
New anti-virus databases are released on Kaspersky Lab updating servers every
hour!
Warning!
Master server should be granted the rights for reading and recording in the
shared network resource used for the distribution of updates to other servers.
Slave servers should be granted the rights for reading (please refer to Chapter 5,
page 71 for more details on the configuration of access settings).
4.4. Updating the anti-virus database
Updates to your anti-virus database can be downloaded on demand or automatically (scheduled). The updated anti-virus database can be downloaded from two
sources:
the Internet (from Kaspersky Lab update servers via FTP or HTTP)
from a local or shared folder.
The updates of anti-virus databases are managed on the Update tab of the
Properties of Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006
Enterprise Edition dialog box (Figure 32).
Centralized updating allows to copy anti-virus database updates only once for all
servers and then distributing them via shared network resource.
To configure centralized updating, assign the master server of centralized updat-
ing status to a server on the Update tab.
The master server will download anti-virus database updates from the Internet
and place them on a shared network resource. Resource name should be also
specified on the Update tab.
Other servers of the array are slave servers of centralized updating. These serv-
ers use only the network resource as update source; anti-virus databases are
copied on this resource by the master server. Slave servers do not download any
updates from the Internet.
Centralized updating from Kaspersky Lab servers is disabled by default.
54 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Figure 32. Configuring update settings
To configure updating settings for downloading updates from the Internet:
1. Click Edit server settings… but ton
2. In the Updating dialog window, select the Update from the Internet
radio button.
3. Click Settings for updating via the Internet to specify the updating
server.
4. In the new dialog box (Fig. 34):
Choose Select update server automatically if you want to retrieve
updates from a random server.
Choose From the specified server only if you want to retrieve up-
dates from a user-defined server. Enter the server address in
the corresponding field.
Using Kaspersky Anti-Virus® for ISA Server 55
5. In the Use HTTP proxy part, enter the HTTP proxy parameters if such
a proxy is used in your system:
Select Use local proxy of the Microsoft ISA Server to use a local
proxy of the Microsoft ISA server to update the anti-virus database via the Internet.
Select Use other proxy server, and in the Proxy name and port
fields enter the proxy name and port that differ from the local
proxy of the Microsoft ISA server.
Figure 33. Configuring the database updating server
56 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Figure 34. Configuring updating settings for downloading updates from the Internet
6. In the FTP settings part, check the corresponding box to use passive
FTP mode for retrieving updates through FTP.
To update your anti-virus database from a local folder:
In the Updating dialog window, select Update from a local or network
shared folder and enter the full path to the desired folder (see Figure
33).
4.4.1. Scheduled updating of the anti-virus
database
To enable automatic updating of your anti-virus database, check the Automatically update databases box.
The anti-virus database is updated as often as set by the Microsoft ISA Server
administrator. By default, the database is updated every three hours.
In the corresponding three fields (see Figure 33), you can change the frequency
and time of updating the anti-virus database.
Using Kaspersky Anti-Virus® for ISA Server 57
Note:
You can update the anti-virus database on demand regardless of whether scheduled updating of the anti-virus database is enabled or disabled.
4.4.2. On-demand updating
On the Updating tab (see Figure 32), click Update now to start downloading the
updated anti-virus database according to the current settings.
The Status field displays the current updating status.
4.4.3. Updating on individual servers
If centralized updating is disabled in the Kaspersky Anti-Virus properties window
(see Figure 32), you can configure update settings for each individual server on
the Updating tab in the server properties window (see Figure 35). All settings on
this tab are similar to those described in the previous chapter.
Figure 35. Configuring update settings for an individual server
58 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Note:
Messages are formed only if the malicious object was detected by the Web filter
of Kaspersky Anti-Virus.
4.5. Configuring user notifications
If Kaspersky Anti-Virus® detects an infected file that cannot be disinfected in a
data stream, the connection terminates and the client that requested these data
receives an HTML message about detection of a malicious object.
The following is the default message created in the Message sent to the client
about detection of a malicious object field (Fig. 15):
<html>
<head>
<title>Kaspersky Anti-Virus for Microsoft ISA Server</title>
</head>
<body>
<h1>Kaspersky Anti-Virus for Microsoft ISA Server</h1>
<p>The requested URL "%URL%" is infected with %VIRUSNAME%
virus</p>
</body>
</html>
The following macros are used in the message text:
%URL% – the URL of the Internet resource requested by the user.
%VIRUSNAME% – the name of the virus that infected a data stream.
If an internal system error occurs after the request is sent, the client that requested the data receives the following HTML message formed in the Error
message sent to the client field on the HTTP tab of the Properties of Kaspersky Anti-Virus for Microsoft ISA Server dialog box (Fig. 15):
<html>
<head>
<title>Kaspersky Anti-Virus for Microsoft ISA
Server</title>
</head>
<body>
<h1>Kaspersky Anti-Virus for Microsoft ISA Server</h1>
<p>Internal Scanner Error "%ERR_TEXT%" (%ERR%)</p>
</body>
</html>
Using Kaspersky Anti-Virus® for ISA Server 59
Warning!
Never use real viruses to test the operation of an anti-virus product!
The following macros are used in the message text:
%ERR_TEXT% – error description
%ERR% – error code
On the HTTP tab of the Properties of Kaspersky Anti-Virus for Microsoft ISA
Server dialog box, you can edit messages sent to the client (Fig. 15). Maximum
message length is 10240 bytes. The encoding of this page depends on the regional settings of your operating system. For example, if English is set as the
default language, the encoding will be windows-1252.
4.6. Testing Kaspersky Anti-Virus
®
operation
After installing and adjusting Kaspersky Anti-Virus®, we recommend that you test
its settings and operation of the program using a test “virus” or its modifications.
The test virus was specially designed by the organization (The European Institute for Computer Antivirus Research) for testing anti-virus products.
The test “virus” IS NOT ACTUALLY A VIRUS because it does not contain code
that can really harm your computer. However, most anti-virus products identify
this file as a virus.
You can download the test “virus” from the official website of the EICAR organi-
zation at http://www.eicar.org/anti_virus_test_file.htm.
When the file is being downloaded from the EICAR website, the anti-virus program detects it and labels it as an infected object that cannot be disinfected.
Thus, under default settings (see section 4.1 on page 22), the Internet connection will be terminated and you will see a warning about downloading an object
infected with the eicar virus.
4.7. Application statistics and
diagnostics
You can view Kaspersky Anti-Virus® performance statistics using perfomance
counters and modify options for notifying the administrator upon critical events.
60 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
You can also have Kaspersky Anti-Virus® log statistics to diagnose problems that
might occur when the program is filtering data streams.
This section discusses these features in more detail.
4.7.1. Recording and viewing statistics
The Kaspersky-Anti-Virus performance statistics can be managed and viewed
using standard Microsoft Windows performance counters that are available from
the Performance console (Start -> Settings -> Control Panel
-> Administration Tools -> Performance).
To select the parameters to be logged:
1. Switch to the Add Counters dialog box (Fig. 36) and select Use local
computer counters if Microsoft ISA Server is managed from an ISA
Server computer, or Select counters from computer if Microsoft ISA
Server is managed from a remote administrator’s workstation.
2. From the Performance Object drop-down list, select the KAV for ISA
object. A list of parameters currently logged appears in the lower left
field:
Select All counters if you want to view statistics of all the parame-
ters of Kaspersky Anti-Virus® performance, and click Add.
Choose Select counters from list if you want to view information
only on specified parameters of the application performance.
Then, select a necessary counter from the list and click Add.
Using Kaspersky Anti-Virus® for ISA Server 61
Warning!
The following settings are required to view counters from a remote computer!
Figure 36. Customizing statistics settings
3. To view statistics from a remote computer, you must be granted the
following permissions on the computer where Kaspersky Anti-Virus® for
Microsoft ISA Server is installed:
Read access to the following files:
%windir%\System32\PERFCxxx.DAT
%windir%\system32\PERFHxxx.DAT
Read access to the following registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT
\CurrentVersion\Perflib
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Con
trol\SecurePipeServers\Winreg
Read and write access to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Ser
vices\Anti-Virus KL for Microsoft ISA
62 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Note:
For detailed information about the above list of permissions, refer to the Microsoft Windows Server 2000/2003 documentation.
By default, these permissions are granted to users from the Administrators
group on the computer where Kaspersky Anti-Virus® for Microsoft ISA Server is
installed.
System privileges (assigned from Control Panel -> Administrative
tools -> Local Security Policy -> Security settings -> Local Policies -> User permissions):
o Profile System Performance.
o Profile Single Process.c
4. To view statistics on a server with Kaspersky Anti-Virus® for Microsoft
ISA Server from a remote computer, the following services must be
enabled:
o Remote Registry Administration.
o NetBIOS access (check the File and Printer Sharing for Mi-
crosoft Networks checkbox in My Network Places -> Properties -> LAN -> Properties).
4.7.2. Notifying the administrator using ISA
Server Alerts
Using ISA Server Alerts system tools, you can notify administrator upon critical
events that might occur during performance of applications installed on Microsoft
ISA Server. The administrator can be informed by various means, such as logging events to system log, sending notifications by e-mail, etc.
The administrator must respond to some critical events related to Kaspersky
Anti-Virus® performance. For example, critical events are Your license is about to
expire (see Figure 37), Error updating the anti-virus database from the update
source, or Infected object detected in HTTP traffic. Kaspersky Anti-Virus critical
events are added to the existing list of critical events after the application is installed on the server. You can customize how you will be notified upon occurrence of such events.
Using Kaspersky Anti-Virus® for ISA Server 63
Figure 37. Customizing administrator notifications about critical events.
4.7.3. Configuring diagnostics options for
the application
Kaspersky Anti-Virus® allows you to monitor the application performance on each
server in a Microsoft ISA Server array and record results in the following log files:
kavisaDATE.log – Kaspersky Anti-Virus® log that stores the customizable
amount of information about application performance during the designated time period. In the file name, DATE is the date of creation of this
file in the format YearMonthDate, for example, kavisa20040410.log.
If the program is trying to add report to the file while you are currently
editing the file, Kaspersky Anti-Virus® will create a new file with a slightly
modified name, for example, kavisa20040410_1.log.
virusDATE.log – Kaspersky Anti-Virus® log file that stores information about
malicious objects detected during scans.
64 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Note:
The time of events, written to the above-listed event logs, is displayed in Universal Coordinated Time (UTC) format
You can customize the report detail level on the Diagnostics tab of the Properties of Kaspersky Anti-Virus for Microsoft ISA Server dialog box (see
Figure 38).
Figure 38. Diagnostics options for Kaspersky Anti-Virus®
All critical events related to Kaspersky Anti-Virus® performance are also saved to
the Windows system log.
In the left pane of the tab, you can select tasks, such as Updating anti-virus database, Licensing, etc. The right pane shows types of messages generated by
Kaspersky Anti-Virus® for the selected task and their detail level.
For any type of messages, you can select one of the following detail levels:
Using Kaspersky Anti-Virus® for ISA Server 65
None – Do not log any information.
Minimum – Record only main events, for example, application startup
and shutdown, etc.
Medium – In addition to main event, log additional events describing
Kaspersky Anti-Virus® performance in more detail (for example, errors
when connecting to update servers).
Maximum – Log all possible information on application performance,
except for debugging messages.
Debug – Log all information, including debugging messages. This diag-
nostics mode displays a substantial number of messages, which may
decrease system performance and lead to quickly consumption of disk
space. We recommend using this mode only when you debug the application.
By default, the minimum detail level is set for all log records.
On this tab, you can also set the frequency of refreshing the log files and their
number.
You can always restore the default settings by clicking the Set default values
button.
4.8. Restrictions that apply to using
Kaspersky Anti-Virus
There are some settings of Kaspersky Anti-Virus that make work more comfortable. However, they tend to increase the risk of penetration of harmful objects into
a protected network, too. The settings include:
The opportunity to complete interrupted file downloads via HTTP. In or-
der to increase the reliability of anti-virus protection, it is not recommended to allow resuming interrupted downloads. Otherwise, parts of a
file will be scanned as separate objects. A harmful object's signature
may be split then so that Kaspersky Anti-Virus cannot recognize it.
Decreasing the Maximum scan time value. For objects that are
scanned for quite long time (because of a large object size or low speed
of its download from a remote server), restriction of the maximum scanning duration may result in skipping unchecked objects which, however,
will be assigned the Clean status.
The Maximum scanning duration before sending data to client and
Data received by the server before the first chunk of data is sent to
66 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Note:
In case if there is no connection to the configuration server, the administration
console does not work.
the client options. Lower values of these options can force the application to pass parts of objects scanned too long to the client before scanning completes thus increasing the risk of harmful code penetration into
the network.
Data not sent to the client before scan completes. Decreasing the
value of that option increases the risk of virus penetration when a file is
being scanned and transmitted at the same time.
There are also a few limitations following from the operational logic of Kaspersky
Anti-Virus 5.6:
The application only scans incoming HTTP and FTP traffic relayed via
the ISA server.
The application does not scan the data requested by clients from web
servers hosted on the ISA server.
The application does not scan the data uploaded by clients to web
servers hosted on the ISA server.
4.9. Using the application without
connecting to the configuration
server
If a Microsoft ISA server is not connected to a configuration server, anti-virus
protection remains active. To scan the data being transferred, the application
uses the settings from the local copy of the configuration file retrieved during the
last connection to the configuration server.
Connections to the configuration server, as well as synchronization of data, are
performed automatically. All changes take effect only after connection between
the Microsoft ISA server and configuration server is re-established.
While the ISA server is disconnected, notifications are not sent (see section 4.7.2
on page 62). They are recorded only in the local log file (see section 4.7.3 on
page 63).
Using Kaspersky Anti-Virus® for ISA Server 67
Note:
You cannot use a trial key more than once!
Warning!
Even if one manually installs the fresh anti-virus database after the application
license expires, Kaspersky Anti-Virus will treat this action as a violation of the
license agreement.
As a result, anti-virus scanning will be disabled!
4.10. Managing license keys
The license keys are managed on the Licensing tab of the Properties of Kas-
persky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition dialog box .
A valid license key allows you to take advantage of all available features of Kaspersky Anti-Virus®.
If you have not yet decided to purchase a full version of Kaspersky Anti-Virus®,
we can provide you with a trial key valid for two weeks or a month. After the trial
period expires, the key will be blocked and anti-virus scanning of data streams
will be no longer possible.
If you have no license key for Kaspersky Anti-Virus® for ISA Server or your license key does not match the application, Kaspersky Anti-Virus® will not work.
After the license expires, Kaspersky Anti-Virus® for Microsoft ISA Server retains
its functionality except for the update service. You will be able to scan data
streams for viruses using the out-of-date database. In this case, we do not guarantee 100% protection from new viruses that appear after your Anti-Virus license
expires.
If you fail to find the license key in the distribution kit, contact the distributor who
sold you this copy of Kaspersky Anti-Virus.
4.10.1. Installing a new license key
For normal operation of Kaspersky Anti-Virus, you must install a license key.
To install a license key:
On the Licensing tab (see Figure 39), in the Current license key field
click Add/Replace… and select the current license key file (*.key) in the
dialog box that appears on your screen.
68 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Figure 39. Managing license keys
After the license key is added, the following information will be displayed:
license key status;
license key type;
license owner;
license expiry date;
license key serial number;
number of protected computers
If you want the program to send you reminders about the expiry of the license:
On the Licensing tab (see Figure 39), enter the corresponding number
of days in the special field. Starting from the specified day prior to the
expiry of the license, the program will display daily reminders in the sys-
Using Kaspersky Anti-Virus® for ISA Server 69
Note:
You can see the license expiry date on the General tab of the Kaspersky AntiVirus® for Microsoft ISA Server main window.
Warning!
You cannot install more than two license keys!
tem log of the computer on which Kaspersky Anti-Virus® is installed.
This message will show the number of days left before the license expiry.
You can also install a backup key, which will take effect immediately after the
previous key expires. Thus, you will be able to keep your server constantly protected from viruses.
To install a backup key, click Add… in the Backup license key field (see Figure
39) and select the reserve key file (*.key) in the file selection dialog box that appears on your screen.
After the reserve license key is installed, the following information about the license key will be displayed:
license expiration date;
license key serial number;
number of protected computers.
If you have installed a backup key beforehand, it will be immediately put into operation after your current license key expires. In this case, the program removes
the out-of-date license key. Thus, your license key can be automatically
renewed.
4.10.2. Renewing your license
If your license has expired, you need to renew it to restore the functionality of the
program, i. e., you must purchase a new license key. Kaspersky Anti-Virus® will
not update the anti-virus database until your license is renewed, and, hence we
do not guarantee 100% protection from viruses.
To renew your license, you need to:
Contact the seller of your copy of the product and purchase a new Kaspersky Anti-Virus® license key,
or
70 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Purchase a license key at Kaspersky Lab. Write a letter of request directly to the Sales Department of our company (sales@kaspersky.com)
or fill in the corresponding form on our website
(http://www.kaspersky.com), in the E-Store section. After your payment
is received, we will send you a license key at the e-mail address indicated in the corresponding field of your order. The license key received
must be installed on the application (see section 4.10.1 on page 67).
4.10.3. Removing a license key
During installation of a new license key, you can manually remove the expired
key by clicking the corresponding button on the Licensing tab.
If you have installed two keys – current and backup – and want to remove the
current key before it expires, you will remove the backup key together with the
current one.
CHAPTER 5. FREQUENTLY
ASKED QUESTIONS
Question: Is it possible to use Kaspersky Anti-Virus with anti-virus software supplied by other manufacturers?
In order to avoid conflicts we recommend that you uninstall ant-virus
software of other manufacturers for Microsoft ISA Server prior to installation of Kaspersky Anti-Virus.
Question: Why does Kaspersky Anti-Virus® cause a certain decrease of server
performance, noticeably loading the CPU?
Virus detection is a computationally intensive mathematical problem requiring structural analysis, checksum calculation and mathematical data conversions. Processor time is therefore the main resource consumed by the antivirus software, and each new virus added to the anti-virus database increases the overall scanning time. This is a necessary sacrifice for the security and safety of your data.
Other anti-virus products speed up scanning by excluding both viruses
which are less easily detectable or less frequent in the geographic location
of the anti-virus vendor, and file formats that require complicated analysis
(e.g. PDF) from their databases.
In contrast, Kaspersky Lab believes that the purpose of its anti-virus applications is to establish real and complete anti-virus security for its users. We
believe that "partial protection" is even worse than no protection at all, because it forces users to take personal precautions.
Kaspersky Anti-Virus gives its users maximum protection. Experienced users can, of course, accelerate anti-virus scanning to the detriment of overall
security by disabling scanning of various file types, but we do not recommend doing so for users who want the best protection.
For maximum user protection, Kaspersky Anti-Virus recognizes more than
1200 formats of archived and compressed files and disinfects viruses contained in four types of archives. This is essential for anti-virus security, because harmful executable code may be hidden inside files of any recognized
format. However, despite the daily growth in the number of viruses detected
by Kaspersky Anti-Virus as well as the ever increasing number of recognized file formats, each subsequent version of our product functions faster
than the previous one.
72 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Question: Why do I need the license key ? Will my Kaspersky Anti-Virus® work
without it?
No, Kaspersky Anti-Virus® does not work without a license key.
If you are still deciding whether or not to purchase Kaspersky Anti-
Virus®, we can provide you with a temporary key file (trial key), which
will only work for two weeks or a month. When this period expires, the
key will be blocked.
Question: What happens when the product license expires?
After expiration of the license Kaspersky Anti-Virus® will continue operating, but anti-virus database updating will be disabled. Kaspersky AntiVirus® will continue cleaning infected objects but only using the old antivirus database.
If your server had a trial version of the Anti-Virus installed (version with
a trial key or a key for beta testing), it will stop anti-virus scanning when
its license expires.
If this situation occurs, inform your system administrator or contact for
license extension the distributor who sold you the product or directly
Kaspersky Lab Ltd.
Question: Anti-virus scanning is not performed. Infected files are downloaded
from the network. Why?
If this issue occurs, verify that:
1. Kaspersky Anti-Virus uses a valid license key.
You can view the current application operation mode in the server properties
dialog box on the General tab (see Figure 18). Anti-virus scanning is performed
in the full functionality mode even when updating is not allowed.
If the mode differs from the recommended one, you should install a new license
key or renew your license (see section 4.9 on page 66).
2. Your browser is configured so that all requests are handled by the antivirus filter of Kaspersky Anti-Virus.
3. The Microsoft ISA Server services have been restarted at least once after Kaspersky Anti-Virus installation because Microsoft ISA Server activates new filters only when its services are started.
To solve this issue, make sure that all necessary filters are activated in the
Administration Console and restart services from the Microsoft ISA Server
console.
4. Kaspersky Anti-Virus filters have been initialized after Microsoft ISA
Server services were restarted.
Frequently Asked Questions 73
In this case, the Web / FTP filters have been initialized record appears in
the application log and system log.
If this record has not appeared, please contact Kaspersky Lab Technical
Support.
5. The product works correctly using EICAR test virus (see section 4.6 on
page 59).
If the test virus is not recognized as an infected object, it is probably loaded
from the local cache of your browser. In this case, run a browser command
that forces downloading of files from the server bypassing browser cache.
6. If Microsoft ISA Server 2004 Service Pack 2 is installed on your server,
make sure that the ISA Server option Decompress incoming packets
to allow ISA Server Web filters to inspect the content is enabled.
7. If the issue still persists and you have filters of other vendors installed
on the Microsoft ISA Server (in addition to standard ISA Server’s web
filters), the reason for this issue might be incompatibility of some of
these additional filters with the Kaspersky Anti-Virus filter. To check this
possibility, disable all additional web filters using the ISA Server administration console, restart the Microsoft ISA Server Firewall service and
run Kaspersky Anti-Virus again.
If the issue is not solved after you have performed the steps above,
please contact Kaspersky Lab Technical Support (see Appendix A).
Question: What are the hourly updates for?
A few years ago viruses were transmitted on floppy disks, and adequate
computer protection could be achieved by installation of an anti-virus
program followed by rare updates to its anti-virus database. However,
recent virus epidemics spread around the world in several hours, and
anti-virus protection with old database may be helpless against a new
threat. In order to resist new viruses, you should update the anti-virus
database on a daily basis.
Each year Kaspersky Lab increases the frequency of its issued updates
to the anti-virus database. Currently it is updated every hour.
Question: The anti-virus database is not updated. Why?
To find out the reason why the database is not updating, first enable the
Debug diagnostics mode for all categories of the System control and
Database updating subsystems on the Diagnostics tab (see Figure
38). Then, manually start updating and, after updating completes, analyze the application log (see section 4.7.1 on page 60).
If the application is configured to download updates from the Internet
(see Figure 34), the reason might be that connection to the update
74 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Warning!
Kaspersky Anti-Virus starts updating under the LocalSystem account that has
limited default rights within the local network (see section 4.4 on page 53).
Warning!
For correct updating, it is required that the anti-virus database in the specified
folder should reproduce the folder structure of Kaspersky Lab update servers.
Otherwise the updater will be unable to locate the anti-virus databases in the
specified folder.
server cannot be established. In this case, the application log contains
records on unsuccessful attempts to connect to the server or on connection time-outs. Check updating settings and Microsoft ISA Server
settings in the following order:
1. Define the method for downloading Kaspersky Anti-Virus updates:
o local proxy of Microsoft ISA Server
o another proxy server (or retrieving updates without a proxy
server)
This information is displayed in the Configure Updating from Internet dialog
box (Figure 34).
2. If a local proxy of the Microsoft ISA Server is used:
o Make sure that your server can connect to the Kaspersky Lab
update servers. For example, configure the Internet options of
Microsoft Internet Explorer on the computer where Kaspersky
Anti-Virus is installed and open any web page.
o Check the authentication mode on the proxy server and, if ne-
cessary, specify the user name / password in the Kaspersky
Anti-Virus updater settings (see Figure 34).
3. If updating is performed through another proxy server or without
using a proxy, make sure that the Microsoft ISA Server Firewall filter rules allow the updating application to access the Internet (ka-
visasrv.exe process).
If the application is configured to retrieve updates from either a local or
shared folder (Figure 33), the following issues might occur:
There are no access rights to the specified folder;
Database files are placed in incorrect order in the storage.
In addition to the problems described above, during centralized updating
the main server must possess read and write access rights for the
shared folder used as update source. All other servers must have read
access rights.
Frequently Asked Questions 75
If the issue is not solved after you performed the steps above, please
contact Kaspersky Lab Technical Support.
Question: Is it possible for an intruder to replace the anti-virus database?
Every anti-virus database has a one-of-a-kind signature checked by
Kaspersky Anti-Virus when accessing the database. If the signature is
wrong or the date of the database is later than that of the license expiration, Kaspersky Anti-Virus will not use it.
Question: I use centralized updating of anti-virus databases. What access permissions are required for a network folder (“network share”) that is used for distributing database updates?
The Kaspersky Anti-Virus update component either reads from or writes to the
network folder, depending on the server’s role (as master or slave) in centralized
updating. The update component runs under the System account.
The next two sections describe how to assign access permissions to the network
folder when Kaspersky Anti-Virus is deployed in two different situations: within a
domain, and within a workgroup.
Domain deployment
Every computer in a domain has a domain account, for which the account name
is the same as the computer’s network name.
Any process running on the computer under the local System account acts as
the domain account of its host computer while accessing domain network resources.
To allow the update component to transfer updates successfully:
1. Define the access rights to the network folder:
Grant “read” access to the domain accounts of all computers run-
ning Kaspersky Anti-Virus for Microsoft ISA Server.
Grant “read/write” access to the account of the computer acting as
the master server for centralized updating.
2. Define the access rights for the network share’s corresponding local
folder, in which updates will be stored. Make sure that the local access
rights are at least equal to the rights granted to the network folder.
Workgroup deployment
A workgroup computer’s local System account does not have a unique identity
on a network, and appears only as an ANONYMOUS LOGON account.
To allow anonymous access to the network folder, you must grant the necessary
access rights to the ANONYMOUS LOGON account, and change the local secu-
76 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
rity policies on the computer where the network folder resides to grant anonymous network access.
To allow the update component to transfer updates successfully:
1. Define the access rights to the network folder:
If the network folder resides on a master server for centralized up-
dating:
o Grant “read/change” access to this computer’s System ac-
count;
o Grant “read” access to the ANONYMOUS LOGON account;
If the network folder resides on a slave server for centralized updat-
ing:
o Grant “read” access to this computer’s System account;
o Grant “read/change” access to the ANONYMOUS LOGON ac-
count;
If the network folder resides on a computer that does not run Kas-
persky Anti-Virus for Microsoft ISA Server:
o Grant “read/change” access to the ANONYMOUS LOGON ac-
count.
2. Define access rights for the network share’s corresponding local folder,
in which updates will be stored. Make sure that the local access rights
are at least equal to the rights granted to the network folder.
To grant anonymous access privilege, you must modify the local security policies
on the computer which hosts the network folder:
For Microsoft Windows Server 2003, use the local security policies editor:
Start the local policies editor (Start Control Pan-
el Administrative Tools Local Security Policy).
Choose the Security Settings Local Policies Security Op-
tions section.
In the details pane, right-click the item Network access: Shares
that can be accessed anonymously and open its properties. On
the Local Policy Setting tab, type the name of the network folder
to which access should be allowed.
To apply the changes, right-click the Security Settings node and
select Reload in the displayed shortcut menu.
Frequently Asked Questions 77
For Microsoft Windows 2000, configure the privileges in the system registry:
modify the registry value NullSessionShares in the registry key
HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services la
nmanserver parameters.
А
C
I
U
APPENDIX A. GLOSSARY
This documentation uses some terms specific to anti-virus protection. The glossary is a list of definitions of these terms. The glossary entries are arranged in
alphabetical order for ease of use.
Administrator Console – an application providing a user interface for ad-
ministrating Kaspersky Anti-Virus® for Microsoft ISA Servers.
Anti-virus database – the database created by Kaspersky Lab experts that
contains definitions of all currently known viruses and methods of their
detection and disinfection. At Kaspersky Lab, the database is updated
every hour as new viruses appear. Therefore, system administrators
must regularly update the anti-virus database.
Client – is a user of a corporate network who uses Microsoft ISA Server to
access the Internet.
Controlled object – any file transmitted via the HTTP and FTP protocols
through a firewall.
Infected object – an object containing malicious code.
Initial data stream – is a stream of data transmitted via the HTTP and FTP
protocols.
Updating the anti-virus database – installation of the new anti-virus data-
base retrieved from Kaspersky Lab update servers.
APPENDIX B. KASPERSKY LAB
Founded in 1997, Kaspersky Lab has become a recognized leader in information
security technologies. It produces a wide range of high-performance data security software including anti-virus, anti-spam and anti-hacking systems.
Kaspersky Lab is an international company. Headquartered in the Russian Federation, the company has offices in the United Kingdom, France, Germany, Japan, the Benelux countries, China, Poland, Romania and the USA (California). A
new company office, the European Anti-Virus Research Centre, has recently
been established in France. Kaspersky Lab's partner network includes over 500
companies worldwide.
Today Kaspersky Lab employs over 450 highly qualified specialists including 10
MBA degree holders and 16 PhD degree holders. Several of Kaspersky Lab’s
senior experts are members of the Computer Anti-Virus Researchers Organization (CARO).
Our company’s most valuable assets are the unique knowledge and expertise
accumulated by its specialists during fourteen years fighting continuously against
computer viruses. A thorough analysis of computer virus activities enables the
company's specialists to foresee trends in malware development, and deliver to
our users timely protection against new types of attacks. Resistance to future
attacks is the basic policy implemented in all Kaspersky Lab's products. At all
times, the company's products remain one step ahead of other vendors in delivering anti-virus coverage to our clients.
Years of hard work have made the company one of the top anti-virus software
developers. Kaspersky Lab was one of the first businesses of its kind to develop
many modern anti-virus software standards. The company's flagship product,
Kaspersky Anti-Virus, provides full-scale protection for all tiers of a network:
workstations, file servers, mail systems, firewalls, internet gateways and handheld computers. Its convenient and easy-to-use management tools maximize the
degree of automation of anti-virus protection for computers and corporate networks. Many well-known manufacturers use the Kaspersky Anti-Virus kernel,
including Nokia ICG (USA), Aladdin (Israel), Sybaris (USA), G Data (Germany),
Deerfield (USA), Alt-N (USA), Microworld (India) and BorderWare (Canada).
Kaspersky Lab's customers receive a wide range of additional services that ensure both stable operation of the company's products, and compliance with the
customer’s specific business requirements. We design, implement and support
corporate anti-virus complexes. Kaspersky Lab's anti-virus database is updated
every hour. The company provides its customers with 24-hour technical support
service available in several languages.
80 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
Address:
Russia, 123060, Moscow, 1-st Volokolamsky Proezd,
10, Building 1
Tel., Fax:
+7 (495) 797-87-00, +7 (495) 645-79-39,
+7 (495) 956-70-00
24/7 Emergency Support:
+7 (495) 797-87-07, +7 (495) 645-79-29,
+7 (495) 956-87-08
Support of business
product users:
+7 (495) 797-87-07, +7 (495) 645-79-29,
+7 (495) 956-87-08 (from 10 am until 7 pm)
http://support.kaspersky.com/helpdesk.html
Support for corporate
users:
Contact information will be provided after you purchase a corporate software product depending on
your support package.
Kaspersky Lab web
forum:
http://forum.kaspersky.com
Anti-Virus Lab:
newvirus@kaspersky.com
(only for sending new viruses in archives)
User documentation
development group:
docfeedback@kaspersky.com
(only for sending feedback on documentation and
Help system)
Sales Department:
+7 (495) 797-87-00, +7 (495) 645-79-39,
+7 (495) 956-70-00
sales@kaspersky.com
General Information:
+7 (495) 797-87-00, +7 (495) 645-79-39,
+7 (495) 956-70-00
info@kaspersky.com
If you have any questions, you can contact our dealers or contact Kaspersky Lab
directly. Detailed consultations are provided by phone or e-mail. You will receive
full and comprehensive answers to any question.
Appendix B 81
WWW:
http://www.kaspersky.com/
http://www.viruslist.com
APPENDIX C. LICENSE
AGREEMENT
Standard End User License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LEGAL
AGREEMENT (“AGREEMENT”), FOR THE LICENSE OF KASPERSKY ANTI-
VIRUS (“SOFTWARE”) PRODUCED BY KASPERSKY LAB (“KASPERSKY
LAB”).
IF YOU HAVE PURCHASED THIS SOFTWARE VIA THE INTERNET BY
CLICKING THE ACCEPT BUTTON, YOU (EITHER AN INDIVIDUAL OR A
SINGLE ENTITY) CONSENT TO BE BOUND BY AND BECOME A PARTY TO
THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF
THIS AGREEMENT, CLICK THE BUTTON THAT INDICATES THAT YOU DO
NOT ACCEPT THE TERMS OF THIS AGREEMENT AND DO NOT INSTALL
THE SOFTWARE.
IF YOU HAVE PURCHASED THIS SOFTWARE ON A PHYSICAL MEDIUM,
HAVING BROKEN THE CD’S SLEEVE YOU (EITHER AN INDIVIDUAL OR A
SINGLE ENTITY) ARE CONSENTING TO BE BOUND BY THIS AGREEMENT.
IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT DO
NOT BREAK THE CD’s SLEEVE, DOWNLOAD, INSTALL OR USE THIS
SOFTWARE.
IN ACCORDANCE WITH THE LEGISLATION, REGARDING KASPERSKY
SOFTWARE INTENDED FOR INDIVIDUAL CONSUMERS AND PURCHASED
ONLINE FROM THE KASPERSKY LAB OR ITS PARTNER’S INTERNET WEB
SITE, THE CUSTOMER SHALL HAVE A PERIOD OF FOURTEEN (14)
WORKING DAYS AS FROM THE DELIVERY OF THE PRODUCT TO MAKE
RETURN OF IT TO THE MERCHANT FOR THE EXCHANGE OR REFUND,
PROVIDED THE SOFTWARE IS NOT UNSEALED.
REGARDING THE KASPERSKY SOFTWARE INTENDED FOR INDIVIDUAL
CONSUMERS NOT PURCHASED ONLINE VIA INTERNET, THIS SOFTWARE
NEITHER CAN BE RETURNED NOR EXCHANGED EXCEPT FOR CONTRARY
PROVISIONS FROM THE PARTNER WHO SELLS THE PRODUCT. IN THIS
CASE, KASPERSKY LAB WILL NOT BE HELD BY THE PARTNER'S
CLAUSES.
THE RIGHT TO RETURN AND REFUND EXTENDS ONLY TO THE ORIGINAL
PURCHASER.
Appendix C 83
All references to “Software” herein shall be deemed to include the software acti-
vation code with which you will be provided by Kaspersky Lab as a part of the
Kaspersky Anti-Virus.
1. License Grant. Subject to the payment of the applicable license fees, and subject to the terms and conditions of this Agreement, Kaspersky Lab hereby grants
you the non-exclusive, non-transferable right to use the Software and the ac-
companying documentation (the “Documentation”) for the term of this Agreement
solely for your own internal business purposes. You may install one copy of the
Software on one computer.
1.1 Use. If the Software was purchased on a physical medium you have the right
to use the Software for protection of such a number of computers as indicated on
the box. If the Software was purchased via Internet you have the right to use the
Software for protection of such a number of computers as you ordered when
purchased the Software.
1.1.1 The Software is “in use” on a computer when it is loaded into the temporary
memory (i.e., random-access memory or RAM) or installed into the permanent
memory (e.g., hard disk, CD-ROM, or other storage device) of that computer.
This license authorizes you to make only as many back-up copies of the Software as are necessary for its lawful use and solely for back-up purposes, pro-
vided that all such copies contain all of the Software’s proprietary notices. You
shall maintain records of the number and location of all copies of the Software
and Documentation and will take all reasonable precautions to protect the Software from unauthorized copying or use.
1.1.2 The Software protects computer against viruses whose signatures are contained in the threat signatures database which is available on Kaspersky Lab's
update servers.
1.1.3 If you sell the computer on which the Software is installed, you will ensure
that all copies of the Software have been previously deleted.
1.1.4 You shall not decompile, reverse engineer, disassemble or otherwise reduce any part of this Software to a humanly readable form nor permit any third
party to do so. The interface information necessary to achieve interoperability of
the Software with independently created computer programs will be provided by
Kaspersky Lab by request on payment of its reasonable costs and expenses for
procuring and supplying such information. In the event that Kaspersky Lab notifies you that it does not intend to make such information available for any reason,
including (without limitation) costs, you shall be permitted to take such steps to
achieve interoperability, provided that you only reverse engineer or decompile
the Software to the extent permitted by law.
84 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
1.1.5 You shall not make error corrections to, or otherwise modify, adapt, or
translate the Software, nor create derivative works of the Software, nor permit
any third party to copy (other than as expressly permitted herein).
1.1.6 You shall not rent, lease or lend the Software to any other person, nor
transfer or sub-license your license rights to any other person.
1.1.7 You shall not provide the activation code or license key file to third parties
or allow third parties access to the activation code or license key. The activation
code and license key are confidential data.
1.1.8 Kaspersky Lab may ask you to install the latest version of the Software (the
latest version and the latest maintenance pack).
1.1.9 You shall not use this Software in automatic, semi-automatic or manual
tools designed to create virus signatures, virus detection routines, any other data
or code for detecting malicious code or data.
1.1.10 Kaspersky Lab, with your consent explicitly confirmed in corresponding
Statement, has the right to gather information about potential threats and vulnerabilities from your computer. The information thus gathered is used in a generic
form for the sole purpose of improving Kaspersky Lab’s products.
2. Support 3.
(i) Kaspersky Lab will provide you with the support services (“Support Ser-
vices”) as defined below for a period specified in the License Key File
(service period) and indicated in the "Service" window, from the moment
of activation on:
(a) payment of its then current support charge, and:
(b) successful completion of the Support Services Subscription Form
as provided to you with this Agreement or as available on the Kaspersky Lab website, which will require you to enter activation code
3
When using demo software, you are not entitled to the Technical Support specified in
Clause 2 of this EULA, nor do you have the right to sell the copy in your possession to
other parties.
You are entitled to use the software for demo purposes for the period of time specified in
the license key file starting from the moment of activation (this period can be viewed in
the Service window of the software's GUI).
Appendix C 85
also provided to you by Kaspersky Lab with this Agreement. It shall
be at the absolute discretion of Kaspersky Lab whether or not you
have satisfied this condition for the provision of Support Services.
Support Services shall become available after Software activation.
Kaspersky Lab's technical support service is also entitled to demand from you additional registration for identifier awarding for
Support Services rendering.
Until Software activation and/or obtaining of the End User identifier
(Customer ID) technical support service renders only assistance in
Software activation and registration of the End User.
(ii) Support Services will terminate unless renewed annually by payment of
the then-current annual support charge and by successful completion of
the Support Services Subscription Form again.
(iii) “Support Services” means:
(a) Regular updates of the anti-virus database;
(b) Free software updates, including version upgrades;
(c) Technical support via Internet and hot phone-line provided by
Vendor and/or Reseller;
(d) Virus detection and disinfection updates in 24-hours period.
(iv) Support Services are provided only if and when you have the latest ver-
sion of the Software (including maintenance packs) as available on the
official Kaspersky Lab website (www.kaspersky.com) installed on your
computer.
3. Ownership Rights. The Software is protected by copyright laws. Kaspersky
Lab and its suppliers own and retain all rights, titles and interests in and to the
Software, including all copyrights, patents, trademarks and other intellectual
property rights therein. Your possession, installation, or use of the Software does
not transfer any title to the intellectual property in the Software to you, and you
will not acquire any rights to the Software except as expressly set forth in this
Agreement.
4. Confidentiality. You agree that the Software and the Documentation, including
the specific design and structure of individual programs constitute confidential
proprietary information of Kaspersky Lab. You shall not disclose, provide, or oth-
86 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
erwise make available such confidential information in any form to any third party
without the prior written consent of Kaspersky Lab. You shall implement reasonable security measures to protect such confidential information, but without limitation to the foregoing shall use best endeavours to maintain the security of the
activation code.
5. Limited Warranty.
(i) Kaspersky Lab warrants that for six (6) months from first download or
installation the Software purchased on a physical medium will perform
substantially in accordance with the functionality described in the Documentation when operated properly and in the manner specified in the
Documentation.
(ii) You accept all responsibility for the selection of this Software to meet
your requirements. Kaspersky Lab does not warrant that the Software
and/or the Documentation will be suitable for such requirements nor that
any use will be uninterrupted or error free.
(iii) Kaspersky Lab does not warrant that this Software identifies all known
viruses, nor that the Software will not occasionally erroneously report a
virus in a title not infected by that virus.
(iv) Your sole remedy and the entire liability of Kaspersky Lab for breach of
the warranty at in paragraph (i) will be at Kaspersky Lab option, to repair, replace or refund of the Software if reported to Kaspersky Lab or
its designee during the warranty period. You shall provide all information as may be reasonably necessary to assist the Supplier in resolving
the defective item.
(v) The warranty in paragraph (i) shall not apply if you (a) make or cause to
be made any modifications to this Software without the consent of Kaspersky Lab, (b) use the Software in a manner for which it was not intended, or (c) use the Software other than as permitted under this
Agreement.
(vi) The warranties and conditions stated in this Agreement are in lieu of all
other conditions, warranties or other terms concerning the supply or
purported supply of, failure to supply or delay in supplying the Software
or the Documentation which might but for this paragraph (vi) have effect
between Kaspersky Lab and you or would otherwise be implied into or
incorporated into this Agreement or any collateral contract, whether by
statute, common law or otherwise, all of which are hereby excluded (including, without limitation, the implied conditions, warranties or other
Appendix C 87
terms as to satisfactory quality, fitness for purpose or as to the use of
reasonable skill and care).
6. Limitation of Liability.
(i) Nothing in this Agreement shall exclude or limit Kaspersky Lab’s liability
for (a) the tort of deceit, (b) death or personal injury caused by its
breach of a common law duty of care or any negligent breach of a term
of this Agreement, or (c) any other liability which cannot be excluded by
law.
(ii) Subject to paragraph (i) above, Kaspersky Lab shall bear no liability
(whether in contract, tort, restitution or otherwise) for any of the following losses or damage (whether such losses or damage were foreseen,
foreseeable, known or otherwise):
(a) Loss of revenue;
(b) Loss of actual or anticipated profits (including for loss of profits
on contracts);
(c) Loss of the use of money;
(d) Loss of anticipated savings;
(e) Loss of business;
(f) Loss of opportunity;
(g) Loss of goodwill;
(h) Loss of reputation;
(i) Loss of, damage to or corruption of data, or:
(j) Any indirect or consequential loss or damage howsoever
caused (including, for the avoidance of doubt, where such loss
or damage is of the type specified in paragraphs (ii), (a) to (ii),
(i).
(iii) Subject to paragraph (i) above, the liability of Kaspersky Lab (whether in
contract, tort, restitution or otherwise) arising out of or in connection with
the supply of the Software shall in no circumstances exceed a sum
equal to the amount equally paid by you for the Software.
88 Kaspersky Anti-Virus for Microsoft ISA Server 2004/2006 Enterprise Edition
7. This Agreement contains the entire understanding between the parties with
respect to the subject matter hereof and supersedes all and any prior understandings, undertakings and promises between you and Kaspersky Lab, whether
oral or in writing, which have been given or may be implied from anything written
or said in negotiations between us or our representatives prior to this Agreement
and all prior agreements between the parties relating to the matters aforesaid
shall cease to have effect as from the Effective Date.
Loading...