KASPERSKY Anti-Virus Microsoft ISA 8.0 User Manual
Kaspersky Anti-Virus 8.0 for Microsoft ISA Server and
Forefront TMG Standard Edition
ADMINISTRATOR'S GUIDE
PROGRAM VERSION: 8.0
2
Dear User!
Thank you for choosing our product. We hope that this document will help you in your work and provide answers to the
majority of your questions.
Attention! This document is the property of Kaspersky Lab: all rights to this document are reserved by the copyright laws
of the Russian Federation, and by international treaties. Illegal reproduction and distribution of this document or parts
thereof will result in civil, administrative or criminal liability in accordance with the laws of the Russian Federation.
Any type of reproduction or distribution of any materials, including in translated form, is allowed only with the written
permission of Kaspersky Lab.
This document and the graphic images it contains may be used exclusively for information, non-commercial or personal
purposes.
This document may be amended without additional notification. For the latest version, please refer to Kaspersky Lab’s
website at http://www.kaspersky.com/docs.
Kaspersky Lab assumes no liability for the content, quality, relevance or accuracy of any materials used in this document
for which the rights are held by third parties, or for the potential damages associated with using such documents.
The document contains registered trademarks and service marks belonging to their respective owners.
Revision date: 15.10.2010
© 1997-2010 Kaspersky Lab ZAO. All Rights Reserved.
http://www.kaspersky.com
http://support.kaspersky.com/
3
TABLE OF CONTENTS
DISTRIBUTION KIT ....................................................................................................................................................... 6
The license agreement ............................................................................................................................................. 6
Services for registered users .................................................................................................................................... 6
KASPERSKY ANTI-VIRUS 8.0 FOR MICROSOFT ISA SERVER AND FOREFRONT TMG STANDARD EDITION .... 7
Main features of the application ................................................................................................................................ 7
Hardware and software requirements ................................................................................................ ....................... 7
APPLICATION ARCHITECTURE ................................................................................................................................ 10
DEPLOYMENT OF THE PROTECTION SYSTEM FOR CLIENT COMPUTERS ........................................................ 12
APPLICATION SETUP................................................................................................................................................. 13
Preparing installation .............................................................................................................................................. 13
Upgrading an earlier version ................................................................................................................................... 13
Application setup procedure ................................................................................................................................... 13
Step 1. Verifying that the system meets the installation requirements .............................................................. 14
Step 2. Setup wizard welcome screen ................................ .............................................................................. 14
Step 3. Viewing the License Agreement ........................................................................................................... 14
Step 4. Selecting the type of the installation ..................................................................................................... 15
Step 5. Custom Installation ............................................................................................................................... 15
Step 6. Selecting a data storage folder ................................ ............................................................................. 16
Step 7. Configuring the remote administration rule ........................................................................................... 16
Step 8. Copying of the application files and registration of its components ...................................................... 17
Step 9. Completing the installation .................................................................................................................... 17
Activating the application. Information about activation options available for the application ................................. 17
Changes in the system after installation ................................................................................................................. 18
Getting started ........................................................................................................................................................ 18
Restoring the application ........................................................................................................................................ 19
Removing the application ....................................................................................................................................... 19
Final Configuration Wizard ..................................................................................................................................... 19
MANAGING LICENSES ............................................................................................................................................... 21
Activating the application ........................................................................................................................................ 21
Reserve key adding ................................................................................................................................................ 22
The Notify about license expiration configuring ...................................................................................................... 23
APPLICATION INTERFACE ........................................................................................................................................ 24
Main application window ......................................................................................................................................... 24
Application configuration windows .......................................................................................................................... 25
STARTING AND STOPPING THE APPLICATION ...................................................................................................... 27
CONNECTING THE ADMINISTRATION CONSOLE TO THE SECURITY SERVER .................................................. 28
CHECKING THE CONSISTENCY OF THE APPLICATION SETTINGS ...................................................................... 29
Testing the HTTP traffic protection ......................................................................................................................... 30
Testing the FTP traffic protection ............................................................................................................................ 30
Testing the SMTP / POP3 traffic protection ............................................................................................................ 30
A D M I N I S T R A T O R ' S G U I D E
4
DEFAULT TRAFFIC PROTECTION ............................................................................................................................ 31
DATABASE UPDATE................................................................................................................................................... 32
Reviewing the database status ............................................................................................................................... 32
Updating the database manually ............................................................................................................................ 33
Automatic database updates .................................................................................................................................. 33
Selecting the updates source ................................................................................................................................. 33
Configuring updates via the Internet ....................................................................................................................... 34
Updating the database from a network folder ......................................................................................................... 35
Updating from a network folder: Kaspersky Anti-Virus within a domain ................................ ............................ 35
Updating from a network folder: Kaspersky Anti-Virus in a workgroup ............................................................. 36
ANTI-VIRUS SCAN ...................................................................................................................................................... 37
Configuring the anti-virus scanning performance ................................................................................................... 37
Configuring the HTTP traffic scan settings ............................................................................................................. 38
Configuring the FTP traffic scan settings ................................................................................................................ 39
Configuring the SMTP traffic scan settings ............................................................................................................. 39
Configuring the POP3 traffic scan settings ............................................................................................................. 40
USING THE ANTI-VIRUS POLICIES ........................................................................................................................... 41
Protocol policy ........................................................................................................................................................ 42
Anti-Virus exclusion policy ...................................................................................................................................... 42
Anti-Virus policy ...................................................................................................................................................... 43
Adding policy rules ................................................................................................................................................. 43
Changing rule priority ............................................................................................................................................. 45
Changing rule settings ............................................................................................................................................ 45
Disabling a policy rule ................................ ................................ ............................................................................. 45
Deleting a policy rule .............................................................................................................................................. 46
NETWORK OBJECTS ................................................................................................................................................. 47
Network objects creation ........................................................................................................................................ 47
Changing the network object properties ................................................................................................................. 49
Removing network objects...................................................................................................................................... 49
REPORTS .................................................................................................................................................................... 50
Creating a report generation task ........................................................................................................................... 51
Viewing a report ...................................................................................................................................................... 51
Clearing report ........................................................................................................................................................ 52
Clearing a report generation task ........................................................................................................................... 52
Changing the report generation settings ................................................................................................................. 52
Changing the general reporting settings ................................................................................................................. 52
Clearing the statistical data for reports ................................................................................................................... 53
MONITORING THE APPLICATION ACTIVITY ............................................................................................................ 54
Kaspersky Anti-Virus runtime status ....................................................................................................................... 55
Statistics on the Kaspersky Anti-Virus activity ........................................................................................................ 55
BACKUP NODE ................................................................................................ ........................................................... 56
Backup settings ...................................................................................................................................................... 56
Review the information about stored objects .......................................................................................................... 57
Configuring the Backup appearance ...................................................................................................................... 57
Dynamic filtering of the objects list ......................................................................................................................... 58
Filter creation in Backup ......................................................................................................................................... 58
T A B L E O F C O N T E N T S
5
Saving an object from Backup to disk ..................................................................................................................... 59
Saving the list of objects in Backup ........................................................................................................................ 59
Deleting objects from Backup ................................................................................................................................. 59
DIAGNOSTICS ............................................................................................................................................................ 61
CHANGING THE APPLICATION DATA FOLDER LOCATION .................................................................................... 63
ENABLING HTTPS TRAFFIC INSPECTION ............................................................................................................... 64
APPENDIX 1. CHANGES TO THE MICROSOFT WINDOWS REGISTRY .................................................................. 65
INFORMATION ABOUT THIRD-PARTY CODE .......................................................................................................... 68
Software code ......................................................................................................................................................... 68
A C# IP ADDRESS CONTROL ......................................................................................................................... 68
BOOST 1.36.0, 1.39.0 ...................................................................................................................................... 69
EXPAT 1.2 ........................................................................................................................................................ 69
LOKI 0.1.3 ......................................................................................................................................................... 69
LZMALIB 4.43 ................................................................................................................................................... 70
MICROSOFT CABINET SOFTWARE DEVELOPMENT KIT ............................................................................ 70
SQLITE 3.6.18 .................................................................................................................................................. 70
WIX 3.0 ............................................................................................................................................................. 70
ZLIB 1.0.8, 1.2, 1.2.3 ........................................................................................................................................ 72
Other information .................................................................................................................................................... 73
KASPERSKY LAB END USER LICENSE AGREEMENT ............................................................................................ 74
GLOSSARY ................................................................................................................................................................. 79
KASPERSKY LAB ................................................................................................................................ ........................ 83
INDEX .......................................................................................................................................................................... 84
6
DISTRIBUTION KIT
IN THIS SECTION
The license agreement ...................................................................................................................................................... 6
Services for registered users ............................................................................................................................................. 6
You can purchase Kaspersky Anti-Virus 8.0 for Microsoft ISA Server and Forefront TMG Standard Edition (further
referred to as Kaspersky Anti-Virus) from our partners or buy it online at an Internet shop, such as the eStore section of
http://www.kaspersky.com. Kaspersky Anti-Virus is provided as a part of Kaspersky Total Space Security
(http://www.kaspersky.com/total_space_security) and Kaspersky Security for Internet Gateway
(http://www.kaspersky.com/kaspersky_security_internet_gateway). After purchasing a license for Kaspersky Anti-Virus,
you will receive an e-mail containing a link to download the application from the web site of Kaspersky Lab and a key file
for license activation.
THE LICENSE AGREEMENT
The License Agreement is a legal agreement between you and Kaspersky Lab that specifies the terms on which you may
use the software you have purchased.
Read the License Agreement through carefully.
If you do not accept the terms and conditions of the license agreement, you can decline the product offer and receive a
refund.
SERVICES FOR REGISTERED USERS
Kaspersky Lab Ltd. offers an extensive service package to all legally registered users of Kaspersky Security, enabling
them to boost the application's performance.
After purchasing a license, you become a registered user and, during the period of your license, you will be provided with
these services:
Regular updates to the application databases and updates to the software package;
Support on issues related to the installation, configuration and use of the purchased software product. Services
will be provided by phone or email;
Information about new Kaspersky Lab products and about new viruses appearing worldwide. This service is
available to users who subscribe to Kaspersky Lab's newsletter on the Technical Support Service web site
(http://support.kaspersky.com/subscribe/).
Support on issues related to the performance and use of operating systems, or other non-Kaspersky technologies, is not
provided.
7
KASPERSKY ANTI-VIRUS 8.0 FOR
IN THIS SECTION
Main features of the application ........................................................................................................................................ 7
Hardware and software requirements ............................................................................................................................... 7
MICROSOFT ISA SERVER AND FOREFRONT
TMG STANDARD EDITION
Kaspersky Anti-Virus 8.0 for Microsoft ISA Server and Forefront TMG Standard Edition (hereinafter referred to as
Kaspersky Anti-Virus) provides secure interaction with the traffic passing the firewall for all corporate employees
automatically blocking malware and riskware from incoming HTTP, FTP, SMTP and POP3 data streams.
MAIN FEATURES OF THE APPLICATION
Kaspersky Anti-Virus offers the following functionality:
Real-time scanning of HTTP, FTP, SMTP, and POP3 traffic.
Scanning of inbound HTTPS traffic (for Forefront TMG only).
Wide choice of traffic filtering settings including support for groups of network objects and scanning rules.
Current maintenance of protection using regular updates to the Anti-Virus database.
Riskware detection.
Real-time monitoring of the Kaspersky Anti-Virus activity.
Complete information about the operation of Kaspersky Anti-Virus obtained using configurable reports.
Protected Backup storage for copies of blocked objects.
Precise configuration of anti-virus scanning performance, depending upon the server capability and the Internet
connection bandwidth.
Load distribution among server processors.
Remote management of Kaspersky Anti-Virus using Administration Console implemented as a standard MMC
snap-in.
HARDWARE AND SOFTWARE REQUIREMENTS
Software requirements for the Kaspersky Anti-Virus host computer:
1. Any of the following operating systems:
To use Kaspersky Anti-Virus with Microsoft ISA Server 2006 Standard Edition:
A D M I N I S T R A T O R ' S G U I D E
8
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 R2
To use Kaspersky Anti-Virus with Forefront TMG Standard Edition:
Microsoft Windows Server x64 2008 SP2
Microsoft Windows Server x64 2008 R2
2. Microsoft Management Console 3.0.
3. Microsoft .NET Framework 3.5 SP1.
4. Microsoft ISA Server 2006 Standard Edition/ Forefront TMG Standard Edition Console.
To use Kaspersky Anti-Virus with Microsoft ISA Server 2006 Enterprise Edition or Forefront TMG Enterprise Edition, the
following requirements should be met:
The corporate configuration includes one array only.
The array includes one server only.
The configuration storage is installed on the same server as Kaspersky Anti-Virus.
If an caused by isolated Forefront TMG Enterprise Edition server is connected to a stand-alone or EMS-managed array,
Kaspersky Anti-Virus loses its operability; in this case, Anti-Virus cannot be removed by means of any standard tools of
the operating system. Removing the server from the array will neither help restore Kaspersky Anti-Virus nor remove it
correctly.
This behavior is caused by the technical features of Forefront TMG Enterprise Edition.
Hardware requirements for the Kaspersky Anti-Virus host computer:
1. For Kaspersky Anti-Virus with Microsoft ISA Server 2006 Standard Edition:
1 GHz processor
1 GB RAM
2.5 GB of available hard disk drive space
2. For Kaspersky Anti-Virus with Forefront TMG Standard Edition:
64-bit dual-core processor
2 GB RAM
2.5 GB of available hard disk drive space
Software requirements for Administration Console host computer:
1. Any of the following operating systems:
Microsoft Windows 7 x64 Professional / Enterprise / Ultimate Edition
Microsoft Windows 7 Professional / Enterprise / Ultimate Edition
Microsoft Windows Server 2008 x64 Enterprise / Standard Edition
K A S P E R S K Y A N T I - V I R U S 8 . 0 F O R M I C R O S O F T ISA S E R V E R A N D F O R E F R O N T T M G
9
Microsoft Windows Server 2008
Microsoft Windows Server 2003 x64 R2 Enterprise / Standard Edition
Microsoft Windows Server 2003 x64 Enterprise / Standard Edition
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Server 2003 SP2
Microsoft Windows Vista x64
Microsoft Windows Vista
2. Microsoft Management Console 3.0.
3. Microsoft .NET Framework 3.5 SP1.
4. Microsoft ISA Server 2006 Standard Edition/ Forefront TMG Standard Edition Console.
Hardware requirements for the Administration Console host computer:
1 GHz processor
1 GB RAM.
10
APPLICATION ARCHITECTURE
Kaspersky Anti-Virus is supposed to be installed on a server running Microsoft ISA Server / Forefront TMG to protect
client computers against malware intercepting HTTP, FTP, SMTP and POP3 traffic relayed through Microsoft ISA Server
/ Forefront TMG.
The product also scans incoming HTTPS traffic for Forefront TMG. No additional scanning configuration is required for
HTTPS; the application uses the settings defined for HTTP. To allow Kaspersky Anti-Virus to scan HTTPS traffic, you
have to enable traffic inspection in the management console of Forefront TMG (see section "Enabling HTTPS traffic
inspection" on page 64).
Kaspersky Anti-Virus includes the following components:
Anti-Virus filters – these components are integrated with Microsoft ISA Server / Forefront TMG during
installation. The following filter types exist:
Web – intercepts incoming HTTP traffic;
FTP – intercepts incoming FTP traffic;
SMTP – intercepts incoming and outgoing SMTP traffic;
POP3 – intercepts incoming and outgoing POP3 traffic.
Filters intercept traffic using the corresponding protocols, download objects requested by client computers and
feed completely downloaded objects to the scanning subsystem. Filters return requested objects to client
computers or generate notifications about blocked objects when scan process completes.
Scanning subsystem – the component designed for anti-virus scanning of inspected objects. The scanning
subsystem receives downloaded objects from the Anti-Virus filters and checks them for the presence of threats.
The subsystem compares the signatures of the objects being inspected to the records in the Anti-Virus
database; it also uses a heuristic analyzer capable of detecting the viruses that are as yet unknown. After
scanning the application assigns to each object a certain status that determines how the object will be handled
further. Before the application blocks or modifies an object, the latter can be saved in Backup storage to allow
its complete restoration later, if necessary. Information about scanned objects is preserved in a database where
it remains available for the reporting and monitoring subsystems.
Update service – component that updates the Kaspersky Anti-Virus database downloading new data from the
update servers of Kaspersky Lab or other specified sources. The application checks the availability of database
updates and downloads them automatically according to the defined schedule; the procedure can be invoked
manually.
Backup – database on the computer where all Kaspersky Anti-Virus components are installed that contains
copies of dangerous objects made before their processing and collected information about the objects. Objects
are stored in a special format posing no danger for the involved computers. Objects in Backup can be restored
or deleted later.
Reporting subsystem – the component reports the results of anti-virus activity. Information is collected in
accordance with the specified schedule or upon request (manual report generation).
Monitoring subsystem – the component displays the product status in real time: description of the application
functionality, runtime status of the filters and the scanning subsystem. Monitoring also allows visual control of
statistical information pertaining to the objects being scanned.
Diagnostic subsystem – the activity logger for all application components. Information is recorded to text files.
Administration Console – separate program providing access necessary for the control over Kaspersky Anti-
Virus and management of its operation. Administration Console can be installed on the computer running
A P P L I C A T I O N A R C H I T E C T U R E
11
Microsoft ISA Server / Forefront TMG or on another machine that has access to the server. If several
administrators are working jointly, the Management Console can be installed on each administrator's computer.
The work of the application is represented in the following schematic (see figure below).
Figure 1. Operation algorithm of the application
12
DEPLOYMENT OF THE PROTECTION SYSTEM FOR CLIENT COMPUTERS
To create a system guarding client computers within a network against malware, perform the following steps:
1. Install Kaspersky Anti-Virus on the Microsoft ISA Server / Forefront TMG server.
2. Connect Administration Console to the Security Server (see section "Connecting Administration Console to the
Security Server" on page 28).
3. Install the license key (see section "Activating the application" on page 21).
4. Configure the anti-virus protection system:
Define the database updating settings (on page 32).
Configure the anti-virus scanning settings (see section "Anti-virus scan" on page 37).
Configure the policies, which the application will use to process objects (see section "Using the Anti-Virus
policies" on page 41).
Configure the event logs (see section "Diagnostics" on page 61).
5. Verify the application settings and test their operation using the EICAR test "virus" (see section "Checking the
consistency of the application settings" on page 29).
The anti-virus protection of the server will be enabled automatically when Microsoft ISA Server / Forefront TMG is
started.
Keeping system up to date for traffic protection implies the following:
Regular updates of Anti-Virus database' (see section "Database update" on page 32).
Monitoring Kaspersky Anti-Virus activity (see section "Monitoring application activity" on page 54).
Regular reviews of application activity reports (see section "Reports" on page 50).
Processing notifications.
Processing and purging Backup storage (see section "Backup storage" on page 56).
13
APPLICATION SETUP
IN THIS SECTION
Preparing for installation.................................................................................................................................................. 13
Upgrading an earlier version ........................................................................................................................................... 13
Application setup procedure ............................................................................................................................................ 13
Activating the application. Information about activation options available for the application .......................................... 17
Changes in the system after installation .......................................................................................................................... 18
Getting started ................................................................................................................................................................. 18
Restoring the application ................................................................................................................................................. 19
Removing the application ................................................................................................................................................ 19
Final Configuration Wizard .............................................................................................................................................. 19
Kaspersky Anti-Virus is installed using the product Setup Wizard (see section "Application setup procedure" on page 13).
First, read the information pertaining to setup preparation (see section "Preparing for installation" on page 13).
PREPARING FOR INSTALLATION
Prior to the installation of Kaspersky Anti-Virus, make sure that your system meets all hardware and software
requirements of the product (see section "Hardware and software requirements" on page 7). Furthermore, check the
account used to log on the system to make sure it has sufficient privileges to write data to the configuration of Microsoft
ISA Server / Forefront TMG.
UPGRADING AN EARLIER VERSION
You cannot update an earlier version of the program. If your computer has an earlier version installed, you have to
remove it before installing the new version.
APPLICATION SETUP PROCEDURE
To install Kaspersky Anti-Virus on your computer, run the executable file included in the distribution package. If the
product is being deployed in an operating system with the User Account Control (UAC) functionality enabled, you should
start the executable file as administrator.
The application installation program is designed similarly to the standard Microsoft Windows Setup Wizard. Each window
contains a set of buttons to control the installation process:
Next – accepts the action and goes to the next step in the installation procedure;
Back – returns to the previous setup step;
Cancel – cancels application installation;
A D M I N I S T R A T O R ' S G U I D E
14
Install – initiates copying of product files to the hard drive and registration of the application components;
IN THIS SECTION
Step 1. Verifying that the system meets the installation requirements ............................................................................ 14
Step 2. Setup wizard Welcome screen ........................................................................................................................... 14
Step 3. Viewing the License Agreement ......................................................................................................................... 14
Step 4. Selecting the type of installation.......................................................................................................................... 15
Step 5. Custom Installation ............................................................................................................................................. 15
Step 6. Selecting a data storage folder ........................................................................................................................... 16
Step 7. Configuring the remote administration rule ......................................................................................................... 16
Step 8. Copying of the application files and registration of feature components ............................................................. 17
Step 9. Completing the installation .................................................................................................................................. 17
Finish – completes the application installation procedure.
The following are detailed discussions of each step of the application installation.
STEP 1. VERIFYING THAT THE SYSTEM MEETS THE INSTALLATION
REQUIREMENTS
During the first step of the installation procedure the wizard checks whether the operating system and service packs
meet the software requirements for Kaspersky Anti-Virus setup. In addition, it checks if the computer has the software
packages necessary for Kaspersky Anti-Virus operation installed. Setup Wizard also checks whether Microsoft ISA
Server / Forefront TMG is installed on the computer and starts the Microsoft ISA Server Control (isactrl) and Microsoft
ISA Server Storage (isastg) services, if they are installed but not running.
If any of the requirements is not met, the corresponding notice will be displayed on the screen. You are advised to use
the Windows Update service to install the required service packs and necessary software before Kaspersky Anti-Virus
setup.
STEP 2. SETUP WIZARD WELCOME SCREEN
If your system meets all the requirements, starting the installer file will display the Welcome screen informing you that
installation of Kaspersky Anti-Virus on the computer has begun. To continue installation, press the Next button. Click the
Cancel button to exit the installer.
STEP 3. VIEWING THE LICENSE AGREEMENT
The application's next dialog box contains the license agreement between you and Kaspersky Lab. Read it carefully. If
you agree to all the conditions, select the check box I accept the terms and conditions of this Agreement and click
Next. The installation will proceed.
To discontinue installation, click Cancel.
A P P L I C A T I O N S E T U P
15
STEP 4. SELECTING THE TYPE OF INSTALLATION
During this step you have to define the installation type for the application. Two installation options are available:
Complete. Select this option, if all application components should be installed. In that case the wizard will install
the components of Kaspersky Anti-Virus that should be integrated with Microsoft ISA Server / Forefront TMG
and Administration Console. This option is only available if the computer where the Setup Wizard is started, has
Microsoft ISA Server / Forefront TMG installed.
Administration Console. Select this option if you need to install just Administration Console without the
components of Kaspersky Anti-Virus that are supposed to be integrated with Microsoft ISA Server / Forefront
TMG. This setup method is convenient if you need to install on a local computer a management tool for
Kaspersky Anti-Virus running on a remote host.
To select the installation type, click the corresponding button.
STEP 5. CUSTOM INSTALLATION
If Complete setup type has been selected during the previous step, all application components in the Custom
Installation window will be selected for installation to the local hard drive.
The components tree contains the following nodes:
Service – the node containing information about the components of Kaspersky Anti-Virus actually protecting the
data transferred through Microsoft ISA Server / Forefront TMG. To enable protection, you have to integrate with
Microsoft ISA Server / Forefront TMG the filters, which will intercept the data transferred via corresponding
protocols. Select one or several filters included into the Service component.
Filters – the node allows you to select installation of Kaspersky Anti-Virus filters. The following filters are
available:
Web – web filter intercepting HTTP traffic;
FTP – filter intercepting FTP traffic;
SMTP – filter intercepting SMTP traffic;
POP3 – filter intercepting POP3 traffic.
Administration Console – the node for installation of the Administration Console snap-in that is used to
manage Kaspersky Anti-Virus.
Administration Console is an essential part of the application; it will be installed no matter which setup type is
selected. There is no way to install Kaspersky Anti-Virus without Administration Console.
To specify the destination folder where the selected components will be installed, perform the following steps:
1. Select the root node of the components tree All components.
2. Click Browse to open the dialog box for modification of the destination folder.
3. In the Folder name field enter the path to the folder where the selected components should be installed. The
application must be installed on the same drive as Microsoft ISA Server / Forefront TMG.
4. Click the OK button.
You can view the information about disk space necessary for each individual component by clicking the component in the
tree. The right part of the Setup Wizard window will display information about the space required and brief description of
the component's purpose.
A D M I N I S T R A T O R ' S G U I D E
16
To view detailed information about the space available on the logical drives of your computer, perform the following
steps:
1. Click the Drives button.
2. Information will be displayed in the Disk Space Requirements window.
3. To close the window, click OK button.
To select a component for further installation, perform the following steps:
1. Open the menu of the node corresponding to a component by clicking it with the mouse.
2. Select the option Will be installed on local hard drive or All features.
Selecting All features will prepare for installation of the component and all the features it includes.
To cancel the component installation, select the Entire feature will become unavailable option from the context menu.
To continue installation, press the Next button. If you have selected installation of Administration Console only during the
previous step, description of further operation will proceed with Step 9.
STEP 6. SELECTING A DATA STORAGE FOLDER
During this step you have to specify folder on hard drive where the application will store the data that it generates during
operation. The folder contains the following data:
Runtime and anti-virus protection logs.
Service data and temporary data necessary for normal application functioning and reliable non-stop protection.
Anti-virus database used for detection of known malware and viruses.
Reports.
Statistics database.
File storage database.
Backup database.
Other data necessary for integration with Microsoft ISA Server / Forefront TMG.
The Data Folder field contains the path to the default application data folder.
To change the path to the data folder of Kaspersky Anti-Virus.
Enter the path in the Data Folder field or select the necessary folder in the Change destination folder window
displayed after clicking the Change button.
You can change the data folder location after Kaspersky Anti-Virus setup, if necessary (see section "Changing the
application data folder location" on page 63).
To continue installation, press the Next button.
STEP 7. CONFIGURING THE REMOTE ADMINISTRATION RULE
During this step you have to specify the port for connection to Kaspersky Anti-Virus, which will be used to manage the
application via the Administration Console installed on a remote host.
A P P L I C A T I O N S E T U P
17
You can enter the port number in the TCP port field. The default value is 5000.
A selected Activate rule checkbox means that the Setup Wizard will create a custom rule for the Microsoft ISA Server /
Forefront TMG firewall permitting incoming connections to the specified port of the local server. Remote management of
Kaspersky Anti-Virus will be enabled automatically. Clear the check box if you do not plan to allow remote administration
immediately after application setup.
To continue installation, press the Next button.
STEP 8. COPYING OF THE APPLICATION FILES AND REGISTRATION
OF FEATURE COMPONENTS
During this step the installer copies the application files to the program folder specified in the functionality selection dialog
box (see section "Step 5. Custom Installation" on page 15), registers the installed application features in the operating
system, and integrates them with Microsoft ISA Server / Forefront TMG.
To continue installation, click the Next button. The wizard will begin installing the application. Click the Back button if you
need to change the settings selected in the previous screens of the wizard.
Installation and registration of the filters will require a restart of Microsoft ISA Server / Forefront TMG services. Click OK
in the corresponding notification window to restart the services automatically, ensuring proper integration of Kaspersky
Anti-Virus with Microsoft ISA Server / Forefront TMG.
Certain services of Microsoft ISA Server / Forefront TMG will be restarted during Kaspersky Anti-Virus setup. That may
terminate the existing connections established by the client computers.
Clicking the Cancel button in the window requesting service restart will complete the installation procedure and roll back
the installer operations performed for deployment of Kaspersky Anti-Virus. Application setup will be terminated.
STEP 9. COMPLETING THE INSTALLATION
The Setup completion window indicates that the installation of Kaspersky Anti-Virus has been finished.
Select the check box Run Final Configuration Wizard to start the Final Configuration Wizard as soon as the Setup
Wizard window is closed (see section "Final Configuration Wizard" on page 19). The Final Configuration Wizard is
intended for the addition of license key files for the application immediately after setup. Launching the wizard is not
mandatory; the settings specified in the wizard can be modified later in the Administration Console.
Click Finish to close the Setup Wizard window.
Program group Kaspersky Anti-Virus 8.0 for Microsoft ISA Server and Forefront TMG SE will appear in the main
menu; you can start the application Administration Console or open the help system right from that group.
ACTIVATING THE APPLICATION. INFORMATION ABOUT
ACTIVATION OPTIONS AVAILABLE FOR THE APPLICATION
To enable Kaspersky Anti-Virus to use the current Anti-Virus database for protection of the client computers, you have to
activate the application. Application activation means the addition of a license key file to the application.
There are two available activation methods:
Using the Final Configuration Wizard (see section "Final Configuration Wizard" on page 19)
Using the Administration Console (see section "Managing licenses" on page 21)
A D M I N I S T R A T O R ' S G U I D E
18
CHANGES IN THE SYSTEM AFTER INSTALLATION
The installer creates the following folders during the setup procedure:
Installation folder: <ProgramFiles>\Kaspersky Lab\Kaspersky Anti-Virus 8.0 for Microsoft ISA Server and
Forefront TMG Standard Edition, where <ProgramFiles> can take the following values:
If Microsoft ISA / Forefront TMG is installed on the same drive with Microsoft Windows, <ProgramFiles> is
the standard Program Files folder; its location is stored in the environment variable %ProgramFiles% for
32-bit systems or in %ProgramFiles(x86)% for 64-systems.
If Microsoft ISA / Forefront TMG is installed on a drive other than the Microsoft Windows system drive,
<ProgramFiles> stands for <Microsoft ISA / Forefront TMG drive>:\Program Files.
Data folder: <CommonAppDataFolder>\Kaspersky Anti-Virus 8.0 for Microsoft ISA Server and Forefront TMG
Standard Edition\data, where <CommonAppDataFolder> is the standard Common AppData folder for program
data shared among all users. The Common AppData value can be checked in the registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
Common Files Folder (ISD): <CommonFilesFolder>\Kaspersky Lab\ISD>, where <CommonFilesFolder> is the
standard Common Files folder for 32-bit programs of the current user. Path to the folder is stored in the
%CommonProgramFiles% environment variable in 32-bit systems, or in the %CommonProgramFiles(x86)%
variable for 64-bit systems.
Program Menu Folder: <ProgramMenuFolder>\Kaspersky Anti-Virus 8.0 for Microsoft ISA Server and
Forefront TMG Standard Edition, where <ProgramMenuFolder> stands for the Common Programs folder
containing the Start menu items for all users. The Common Programs value can be checked in the registry
key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell
Folders].
Downloaded Installations Folder: <DownloadedInstallationsFolder>\{0D40E22B-2FB4-4237-AB63-
3FFA9A4CE2EA}, where <DownloadedInstallationsFolder> stands for the standard Downloaded Installations
folder for setup files located at %WinDir%\Downloaded, where %WinDir% is the system folder of Microsoft
Windows.
The installer also performs the following operations:
Installs the following additional software: Microsoft Windows Installer 3.1, Microsoft Visual C++ 2005
Redistributable Package (x86).
Registers the service of Kaspersky Anti-Virus 8.0 for Microsoft ISA Server and Forefront TMG SE
(kavisasrv.exe).
Creates on Microsoft ISA Server / Forefront TMG a firewall rule permitting remote access from Administration
Console to a computer running the installed Kaspersky Anti-Virus.
Adds two groups of performance counters: Kaspersky Anti-Virus for ISA and TMG Filters and Kaspersky
Anti-Virus for ISA and TMG Service.
Registers the subsystem for notification about Kaspersky Anti-Virus events in Microsoft ISA Server / Forefront
TMG.
Changes to the registry of Microsoft Windows for 32- and 64-bit OS versions are listed in the Appendix 1.
GETTING STARTED
After its installation, Kaspersky Anti-Virus will start working using the default minimum configuration based on the
settings recommended by the experts of Kaspersky Lab. If necessary, depending on the network properties and the
characteristics of the computer on which Microsoft Exchange Server / Forefront TMG is installed, you can change the
settings.
A P P L I C A T I O N S E T U P
19
The application settings are configured from the administrator's workstation using Management Console.
You are advised to configure hourly automatic database updates (see section "Automatic database updates" on
page 33).
You can use test "viruses" to make sure that the application functions properly (see section "Checking the consistency of
the application settings" on page 29).
To control whatever Kaspersky Anti-Virus is doing, use the Monitoring node (see section "Monitoring application
activity" on page 54).
RESTORING THE APPLICATION
Kaspersky Anti-Virus may have to be restored if the initial installation has completed incorrectly, or if the executable files
or registration of application features have been disrupted during operation.
To reinstall the application, start the executable file included in the distribution kit. You may also use the software
installation and removal wizard in Microsoft Windows.
To use the software installation and removal wizard in Microsoft Windows, perform the following steps:
1. Open the Open the Uninstall or change a program window. To open the window, you can use the following
method:
a. Use the following key combination WINDOWS KEY + R.
b. Type in the displayed Run dialog box the command appwiz.cpl and press ENTER.
2. Find in the Uninstall or change a program window the record corresponding to Kaspersky Anti-Virus and
highlight it.
3. Click the Uninstall / Change button.
4. In the wizard window click the Next button.
5. Click the Restore button in the next wizard window.
6. Click the Change button in the next window of Kaspersky Anti-Virus setup wizard and wait until the repeated
setup procedure completes. The wizard will automatically overwrite the installed application files, register again
the components of Kaspersky Anti-Virus and integrate them with Microsoft ISA Server / Forefront TMG.
REMOVING THE APPLICATION
You can remove the application from your computer using the standard Windows Add/Remove Programs tool, or using
the application distribution kit. This will remove all installed components from your computer.
FINAL CONFIGURATION WIZARD
The Final Configuration Wizard is intended for addition of license key files for the application immediately after setup.
The Final Configuration Wizard starts automatically once the installation procedure completes, if you have checked the
box Start the Final Configuration Wizard on the last screen of the Setup Wizard.
Each wizard window contains a set of buttons to control the installation process:
Next – accepts the action and goes to the next step in the wizard.
Back – returns to the previous wizard step.
A D M I N I S T R A T O R ' S G U I D E
20
Cancel – closes the wizard discarding changes.
Finish – completes the wizard saving the changes and closing its window.
The first screen of the Final Configuration Wizard, Adding the main license key, can be used to add the current license
key for the application.
To add the main license key for the application, perform the following steps:
1. Click the Add/Replace button and use the displayed window to specify a valid license key file (with the *.key
extension).
2. Once the key is added, the following information will be displayed on the screen:
Key type.
Owner.
User count.
Expiration date.
Serial number.
The second screen of the Final Configuration Wizard, Adding the reserve license key, can be used to add a backup
license key for the application.
To add the main license key for the application, perform the following steps:
1. Click the Add/Replace button and use the displayed window to specify a valid license key file (with the *.key
extension).
2. Once the key is added, the following information will be displayed on the screen:
User count.
Expiration date.
Serial number.
3. A reserve key automatically becomes active when the current license key expires.
21
MANAGING LICENSES
IN THIS SECTION
Activating the application................................................................................................................................................. 21
Adding a reserve key ...................................................................................................................................................... 22
Configuring notification of license expiration ................................................................................................................... 23
To enable Kaspersky Anti-Virus to protect client computers using the latest anti-virus database, a valid license key is
required (see section "Activating the application" on page 21).
If the license is missing, Microsoft ISA Server / Forefront TMG traffic will not be scanned and the Anti-Virus will not
update its database.
If the license key is expired, Kaspersky Anti-Virus scans the traffic using the existing anti-virus database but does not
update it. You are advised to configure a notification about license expiry (see section "Configuring notification of license
expiration" on page 23).
If a license is blacklisted, Microsoft ISA Server / Forefront TMG traffic will not be scanned but Kaspersky Anti-Virus will
update its database.
The application may have two license keys installed at the same time: the current and the reserve key. The reserve key
automatically becomes active once the current active key expires (see section "Adding a reserve key" on page 22).
ACTIVATING THE APPLICATION
To activate the application, that is to enable Kaspersky Anti-Virus to protect the client computers, you need to add its
license key.
If the license is missing, Microsoft ISA Server / Forefront TMG traffic will not be scanned and the Anti-Virus will not
update its database.
If the license key is expired, Kaspersky Anti-Virus scans the traffic using the existing anti-virus database but does not
update it. You are advised to configure a notification about license expiration (see section "Configuring notification of
license expiration" on page 23).
If a license is blacklisted, Microsoft ISA Server / Forefront TMG traffic will not be scanned but Kaspersky Anti-Virus will
update its database.
To activate the application, perform the following steps:
1. Select in the Administration Console tree the node corresponding to the server.
2. Click the General settings button.
3. Select the Licenses tab in the General settings window that will open (see figure below).
4. Click the Add/Replace button and use the displayed window to specify a valid license key file (with the *.key
extension).
5. Once the key is added, the following information will be displayed on the screen:
Key type.
A D M I N I S T R A T O R ' S G U I D E
22
Owner.
User count.
Expiration date.
Serial number.
Figure 2. The License keys tab
ADDING A RESERVE KEY
To add a reserve key, perform the following steps:
1. Select in the Administration Console tree the node corresponding to the server.
2. Click the General settings button.
3. Select the Licenses tab in the General settings window that will open.
4. Click the Add button and use the displayed window to specify the reserve license key file (with the *.key
extension).
5. Once the key is added, the following information will be displayed on the screen:
User count.
Expiration date.
M A N A G I N G L I C E N S E S
23
Serial number.
6. A reserve key automatically becomes active when the current license key expires.
CONFIGURING NOTIFICATION OF LICENSE EXPIRATION
To configure notifications about license expiration, perform the following steps:
1. Select in the Administration Console tree the node corresponding to the necessary server.
2. Click the General settings button.
3. Select the Licenses tab in the General settings window that will open.
4. Enter the necessary number of days in the Notify about license expiration N days before field.
5. Click OK to save the changes and close the window.
24
APPLICATION INTERFACE
IN THIS SECTION
Main application window ................................................................................................................................................. 24
Application configuration windows .................................................................................................................................. 25
The application administration console is a standard Microsoft Windows MMC snap-in (see section "Main application
window" on page 24).
Kaspersky Anti-Virus runtime settings are defined in special configuration windows (see section "Application
configuration windows" on page 25).
MAIN APPLICATION WINDOW
Main application window is an MMC snap-in (see the figure below). To open the application window, click the
Administration Console desktop shortcut.
Figure 3. Main application window
A P P L I C A T I O N I N T E R F A C E
25
The window consists of two parts: the console tree and the details pane.
The Console tree is a hierarchic structure in the left part of the MMC window. The console tree contains the nodes
associated with the main features of the application. You can hide or display the console tree.
A node – is any item of the console tree holding inside child objects. Double-clicking the plus sign (+) of a node with the
mouse can open that node and display its content, and double-clicking the minus sign (-) hides the node contents.
The details pane is the right part of the snap-in console. It displays the items or information about the current item
selected in the console tree. The details pane is always visible irrespective of the settings.
You can configure the snap-in appearance by configuring it to hide or display certain window areas.
To configure the snap-in console appearance, perform the following steps:
1. Open Administration Console.
2. In the View menu select the Configure item.
3. Use the displayed Customize View dialog box to show or hide the necessary items checking or unchecking
their corresponding boxes.
To view more detailed information about the interface, perform the following steps:
1. Open Administration Console.
2. Select the Help item from the drop-down menu.
APPLICATION CONFIGURATION WINDOWS
Main settings of Kaspersky Anti-Virus are specified in the configuration windows. To access these windows, select in the
console tree the node corresponding to a certain server and the details pane will display the buttons opening the
following configuration windows (see the figure below):
General settings – the settings for the application activity logs (see section "Diagnostics" on page 61)
and license parameters (see section "Managing licenses" on page 21).
Anti-virus scan – the settings used to update Kaspersky Anti-Virus databases and the anti-virus engine
performance settings (see section "Anti-virus scan" on page 37).
HTTP traffic scan settings – editing of the replacement templates for blocked objects, configuration of the
settings used to scan HTTP traffic:
Maximum time left until the transfer of data to the client starts.
Data not sent to the client before scan completes.
The speed at which an unscanned object will be transferred to the client.
FTP traffic scan settings – maximum timeout before startup of data transfer to the client and share of data
preserved from being sent to the client until scan is complete.
SMTP traffic scan settings – editing of the replacement templates for blocked objects and message subject.
A D M I N I S T R A T O R ' S G U I D E
26
POP3 traffic scan settings – editing of the replacement templates for blocked objects and message subjects.
Figure 4. Application settings window
Loading...